403 error post upgrade

I had octopus running under the previous install and then (since we’re not using it yet) I thought I’d upgrade to the most recent (july 7or 8) release.
Now it throws a 403 error when I try to access the portal via server manager>browse website *:port#.

I verified that windows authentication is enabled, all other authentication is disabled, restarted the server, recycled the app pools and nothing seems to help. I ran the configuration tool, the server is running, and I uninstalled and reinstalled everything. (not necessarily in that order). I didn’t see anything in the knowledge base or discussions about 403 errors. I’m a bit of a IIS neophyte so this is probably some dumb thing. Appreciate any help.

Hi Gretchen,

Can you check in IIS that the application pool is configured to use .NET 4.0? You can do this using the IIS Manager, expand the server, click Application Pools, and look for the Octopus Portal pool. It should have v4.0 in the .NET Framework column.

You may also need to run this from an elevated command prompt:

%WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

Paul

I had done that but I did it again. The portal is using .NET framework v4.0.30319 with integrated Managed pipeline mode. Recycled the server, the app pools for the octopus portal and for the whole iis thingy.

Gretchen Jones
Build & Deployment Engineer

Ascend Learning
11161 Overbrook Road | Leawood, Kansas 66211
d 913-661-6151| m 913-223-9425| www.ascendlearning.com

Hi Gretchen,

In the IIS Manager, can you click the server, and then double click “ISAPI and CGI Restrictions” and check that both of the ASP.NET 4.0 extensions are enabled?

If that doesn’t work, could you send me a screenshot of the features that are enabled for the IIS role in Server Manager? It’s possible that a required feature might be missing.

You can attach the screenshot to this page or email it to paul@paulstovell.com if that is more convenient.

Paul

I had done that too. Basically gone through the install again and made sure everything was set the same. I think it is but I could be blind.

[cid:image001.png@01CD5F53.E2E9A660]

[cid:image002.png@01CD5F53.E2E9A660]

Gretchen Jones

Build & Deployment Engineer

Ascend Learning

11161 Overbrook Road | Leawood, Kansas 66211

d 913-661-6151| m 913-223-9425| www.ascendlearning.com

Thanks Gretchen, you are correct, it looks good.

Is it possible that another site is configured to listen on the same port? For example, is the Default Web Site still running in IIS?

Paul

I set it to 8080 to make sure. Let me try changing the port. I disabled the default web site which was running on port 80.

I did notice that on the browse web site it is displaying *:8080(http) But on the default website it is displaying the actual ip of the server. Do I need to do something about tweaking the connection?

[cid:image001.png@01CD5F59.E0EBCBD0]

Gretchen Jones

Build & Deployment Engineer

Ascend Learning

11161 Overbrook Road | Leawood, Kansas 66211

d 913-661-6151| m 913-223-9425| www.ascendlearning.com

Hi Gretchen,

Would we be able to do a remote debugging session over Skype to work this out, say in about 3 hours from now?

Also, does the server have more than one IP address?

From a command line, what do you see if you run

netsh http show iplisten

And are there any errors in the event log related to the 403 error?

Paul

Sent from my Windows Phone


From: gretchen.jones
Sent: 11/07/2012 17:40
To: Paul Stovell
Subject: Re: 403 error post upgrade [Problems]

C:\Windows\system32>NETSh http show iplisten

IP addresses present in the IP listen list:

Yes multiple IP’s (we also run atlassian bamboo on this box which is under tomcat or whatever the Atlassian roll tomcat into bamboo server is).

Also (because I could see this one coming)
C:\Windows\system32>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.20.4.206
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 10.20.4.211
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.20.4.1

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

It’s not a firewall issue because I am behind the firewall too and it was working before, nothing with the firewall has changed, and then we can still get to bamboo and are running builds on it, accessing the results from other machines in the network. Just in case, I checked the firewall. 1. It is not on, 2. I added Octopus anyway on port 8080 and added the octopus server (interactive) as a program allowed through.

Neither of those had an effect.

I’m game for a skype session.

I need to be out of here about 4:30 CDT today but am otherwise available.

Gretchen Jones
Build & Deployment Engineer

Ascend Learning
11161 Overbrook Road | Leawood, Kansas 66211
d 913-661-6151| m 913-223-9425| www.ascendlearning.com

Ok, my Skype is paulstovell.

Sent from my Windows Phone


From: gretchen.jones
Sent: 11/07/2012 18:32
To: Paul Stovell
Subject: Re: 403 error post upgrade [Problems]

Mine is gretjns

Gretchen Jones
Build & Deployment Engineer

Ascend Learning
11161 Overbrook Road | Leawood, Kansas 66211
d 913-661-6151| m 913-223-9425| www.ascendlearning.com

One of the things I noticed the installer does, is when it updates the site it resets the binding from a specific IP address to a wildcard (*) for the octopus site. If you have multiple IPs you most likely had the site set to a single IP pre-upgrade and that got cleared out. If you have a dns entry i.e. deploy.yourdomain.com that your using, ping it to figure out which IP you should set the site to and edit the binding from a wildcard to the IP you need.

The server dude when he installed IIS told me: IIS is now running and listening on 10.20.4.211

So I went into edit bindings on the octopus portal site and added the FQDN and the port I had previously configured (8080).

Now I just get Bad Request - invalid hostname when I try to access the url.

(by the server name:8080) If I try it without the port (:8080) I just get a “connection was reset” message).
If I reset the website to point to the other ip I get the 403 error again.

Gretchen Jones
Build & Deployment Engineer

Ascend Learning
11161 Overbrook Road | Leawood, Kansas 66211
d 913-661-6151| m 913-223-9425| www.ascendlearning.com

So you’re close but missing one thing, edit the binding, leave the port number, remove anything in the Host Name box and select 10.20.4.211 from the IP Address dropdown box. This should get it running.

That and then Paul gave me a hand. I’m up and running now. We also installed a newer version of OctopusDeploy that handles the pathnames a bit more elegantly. I’m doing the happy dance. Thank you for all your help everyone.

Gretchen Jones
Build & Deployment Engineer

Ascend Learning
11161 Overbrook Road | Leawood, Kansas 66211
d 913-661-6151| m 913-223-9425| www.ascendlearning.com