Cruise Control .NET v1.1 401 Dashboard 401 error

This past week we upgraded our CCNet server from v1.0 to v1.1 and encountered a few issues.  The first number of issues that popped up were most definitely caused by the networking departments insistence that they push the new version down to the build box.  They of course got it wrong, we uninstalled their attempt and installed v1.1 ourselves.

After successfully connecting to the server using the CCTray tool, we began to test the ability to click through and see the Dashboard.  This worked fine, but anytime that we attempted to drill down into one of our projects we were greeted with a HTTP 401 error.  After an afternoon of digging and some tweaking, one of my team members figured out the problem.

We’re running CCNet on a build “server” that is essentially a desktop (not even glorified) with Windows XP as it’s operating system.  Tracing the issue led us through the logs where we found these gems:

17:18:31 GET /<Rejected-By-UrlScan> 401

[01-18-2007 - 10:24:28] Client at URL contains ‘.’ in the path. Request will be rejected.  Site Instance=’1’, Raw URL=’/ccnet/server/local/project/My Project/build/log20070118095626.xml/ViewBuildReport.aspx’

My coworker researched some more and found that the url that CCNet was using had the following format.  Note that just before the end there is the name of the log file, complete with the .xml extension.


This was what was causing the problems.  The solution to eliminating this was to find the following file:


Open that file and edit the shit out of it.  Well, no don’t.  Just change the bolded line below from a 0 (zero) to a 1 (one) and all will work for you again.



UseAllowVerbs=1                ; if 1, use [AllowVerbs] section, else use [DenyVerbs] section

UseAllowExtensions=0           ; if 1, use [AllowExtensions] section, else use [DenyExtensions] section

NormalizeUrlBeforeScan=1       ; if 1, canonicalize URL before processing

VerifyNormalization=1          ; if 1, canonicalize URL twice and reject request if a change occurs

AllowHighBitCharacters=0       ; if 1, allow high bit (ie. UTF8 or MBCS) characters in URL

AllowDotInPath=1               ; if 1, allow dots that are not file extensions

RemoveServerHeader=0           ; if 1, remove “Server” header from response

EnableLogging=1                ; if 1, log UrlScan activity

PerProcessLogging=0            ; if 1, the UrlScan.log filename will contain a PID (ie. UrlScan.123.log)

AllowLateScanning=0            ; if 1, then UrlScan will load as a low priority filter.

PerDayLogging=1                ; if 1, UrlScan will produce a new log each day with activity in the form UrlScan.010101.log

RejectResponseUrl=             ; UrlScan will send rejected requests to the URL specified here. Default is /<Rejected-by-UrlScan>

UseFastPathReject=0            ; If 1, then UrlScan will not use the RejectResponseUrl or allow IIS to log the request