1

No credentials are available in the security package (Azure DevOps)

If you try to connect to Azure DevOps (TFS) using integrated authentication, in some cases you can get an error in logs - "System.ComponentModel.Win32Exception (0x8009030E): No credentials are available in the security package"

This can happen if a user is a "Protected Users" group member, and integrated Windows authentication is disabled for this user. See Microsoft's KB for more details.

Workarounds (use one of them):

  • Add your credentials to the Windows credential manager. Open Windows Control Panel -> Credential Manager. Go to "Windows Credentials" tab, and add the credentials that you use to connect to Azure DevOps server. User Azure DevOps hostname as network address, e.g. "tfs.mycorp.com". Then Use "auto-detect settings" in CatLight to connect to Azure DevOps.
  • If appropriate, you can remove the current user account from "Protected Users" group in Active Directory
  • Use Azure DevOps personal access tokens instead of integrated Windows authentication in CatLight. In AzureDevOps connection settings in CatLight, you can use your email as user name, and personal access token as a password. To get a personal access token, go to Azure DevOps, click on your user picture in top right -> Security -> Personal access tokens -> New Token.
    • In the organization dropdown, select "All accessible organizations"
    • Either provide a "full access" scope, or more granular access that should include:
      • Build - Read and execute
      • Code - Read, Status (for getting pull requests)
      • Graph - Read
      • Identity - Read
      • Project and Team - Read
      • Release - Read
      • Test management - Read
      • User Profile - Read
      • Work Items - Read and Write
    • You can set long expiration time to avoid repeating this process frequently (e.g. 1 year)