While attempting to connect to VisualSVN Server with a Subversion client, a user may receive the following error message:
The error message in Subversion client is accompanied by the following error event in VisualSVN Server log:
In most cases you may experience the issue if both the following conditions are met:
- VisualSVN HTTP Service is configured to run under a dedicated user account.
- Integrated Windows Authentication is enabled.
The problem occurs when user authenticates against VisualSVN Server over the Negotiate (SPNEGO) authentication protocol and VisualSVN HTTP Service account doesn't have correctly configured Service Principal Name (SPN). You are required to configure SPN manually if you run VisualSVN HTTP Service under a dedicated user account. For further details about SPNs please consider the Service Principal Names Microsoft TechNet article.
You do not have to configure SPN manually if you run VisualSVN HTTP Service under the built-in Network Service user account (it is a default settings). Network Service account acts as the computer on the network and uses the SPN value that is pre-configured for each computer joined to the domain.
Since you run VisualSVN HTTP Service under a dedicated user account, you have to add SPN manually to Active Directory:
- Logon to a Domain Controller as a domain administrator or as a user with specific delegated permissions required to modify SPNs. For additional information on permissions required to modify SPNs please read the Setspn Command-Line Reference on Microsoft TechNet.
- Start elevated command prompt and enter the following command:
setspn -a http/hostname.contoso.com CONTOSO\username
Please note that you have to modify the command according to your configuration. For additional information on setspn command please refer to the Setspn Command-Line Reference on Microsoft TechNet.
These steps will add SPN for the dedicated user account and you could successfully authenticate to VisualSVN Server over Negotiate.