You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
SourceTree does not appear to properly keep track of authentication failures, and will retry indefinitely, which will eventually cause the user's account to be locked out. (This is especially insidious when the account in question is a domain account, because it can prevent the user from e.g. connecting to a ticketing system to request assistance with the lockout. Or logging into the workstation where SourceTree is running in order to terminate it.)
This problem has been noted elsewhere (but read on; I have new information):
https://community.atlassian.com/t5/Sourcetree-questions/User-account-getting-locked/qaq-p/1502118
https://community.atlassian.com/t5/Sourcetree-questions/Account-Lockouts/qaq-p/1062928
Looking at the Process Log (Process Viewer in the Tools menu) shows two curious things:
1. Repeated `git fetch` invocations with Caller Context = "GetFetchProcesses".
These all have the same output:
fatal: Cannot prompt because user interactivity has been disabled.
fatal: Authentication failed for 'https://our-local-bitbucket-server/scm/plat/repo.git'
This suggests that GetFetchProcesses -- or whatever invokes it -- is failing to track that the authentication request failed, and suppressing automatic fetches afterwards. This is exacerbated by the following problem:
2. I see `git fetch` invocations for _dozens_ of projects that I don't even have open!
SourceTree seems to be automatically issuing fetch calls for repositories that have been used in the past, even they are not currently open.
This means that if stale credentials are stored for _any_ repository that SourceTree knows about, SourceTree will eventually trigger a lockout on that account.