Visual Studio 2019 + Bundled Git - SChannel encryption provider fails where standalone Git installation succeeds

Background

Our organisation distributes internal certificates by using a group policy on our domain controller. For our git installations, this means that we will need to use the 'Windows Secure Channel' library for HTTPS connections, rather than OpenSSL.

The Problem

Attempting to connect to a remote Git repository using the VS2019 Enterprise bundled Git with schannel fails with the error:

schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline

This error appears both when I use the VS2019 UI to attempt to sync with the repo, and when I run it via command line. (The path to the executable I'm using is C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe)

If I run the git executable bundled with VS2017 however, I can successfully sync with the repo (executable path: C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe). HOWEVER, if I open VS2017 and attempt to use the UI I get the same schannel error as above!

Summary

Performing a standalone installation of git and setting it up with Windows Secure Channel successfully connects to the remote repository.

The VS2019 bundled git does not work whether using the IDE UI, or through the command line.

The VS2017 bundled git works in the command line, but not through the IDE UI.

Config files

My global .gitconfig looks like this:

[user]
    name = xxx
    email = xxx@xxx.com
[http]
    sslBackend = schannel

The VS2019 .gitconfig looks like this:

[core]
    symlinks = false
    autocrlf = true
[color]
    diff = auto
    status = auto
    branch = auto
    interactive = true
[pack]
    packSizeLimit = 2g
[help]
    format = html
[diff "astextplain"]
    textconv = astextplain
[rebase]
    autosquash = true
[filter "lfs"]
    clean = git-lfs clean -- %f
    smudge = git-lfs smudge -- %f
    process = git-lfs filter-process
    required = true
[include]
    ; include Git for Windows' system config in order
    ; to inherit settings like `core.autocrlf`
    path = C:/Program Files (x86)/Git/etc/gitconfig
    path = C:/Program Files/Git/etc/gitconfig

The VS2017 .gitconfig looks like this (exactly the same as VS2019):

[core]
    symlinks = false
    autocrlf = true
[color]
    diff = auto
    status = auto
    branch = auto
    interactive = true
[pack]
    packSizeLimit = 2g
[help]
    format = html
[diff "astextplain"]
    textconv = astextplain
[rebase]
    autosquash = true
[filter "lfs"]
    clean = git-lfs clean -- %f
    smudge = git-lfs smudge -- %f
    process = git-lfs filter-process
    required = true
[include]
    ; include Git for Windows' system config in order
    ; to inherit settings like `core.autocrlf`
    path = C:/Program Files (x86)/Git/etc/gitconfig
    path = C:/Program Files/Git/etc/gitconfig

You may try the following steps:

1. Delete folder (you can back up this folder in case you need to restore it): C:\Program Files (x86)\Microsoft Visual Studio\2019\xxx\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git

2. Make sure that there is no version of Git installed on your system. Uninstall them in Control Panel / Uninstall a program once you have Git .

3. Download the latest version of Git and install it.

4. Run this command in your Git shell to disable the revocation check:

   $ git config --global http.schannelCheckRevoke false

   Note:

   From this link:

   We do not recommend setting this config value for normal Git usage. This is intended to be an "escape hatch" for situations where the network administrator has restricted the normal usage of SChannel APIs on Windows that Git is trying to use.