Azure Devops will not communicate to clone of octopus server

Our network team is moving all of our on-prem servers to cloud based servers. They are doing this incrementally and they attempted to move our on-prem Octopus server to an Azure based server by cloning the server and changing DNS entries so that the Azure based Octopus clone appears to the local and external servers exactly as before. (just has a different IP addpress). Locally the server and the web clients work fine and I can re-release projects using the Octopus web client. However when we try to run a pipeline from Azure DevOps, Azure complains: “System.Exception: Unable to connect to the Octopus Deploy server. —> System.Net.Http.HttpRequestException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond” If we flip back to using our original Octopus server (all we do is change DNS entries ) it works fine. The Azure based Octopus clone is a true clone with tthe exception of its IP address. They (our network team) have moved over a dozen other servers to Azure using this clone process with no problems. I am thinking that I need to connect to the new Azure based Octopus server and generate a new API key , be we have in excess of 40 projects to associate this with in Azure and without knowing if this will work or not is risky. Does anyone have an opinion?

Hi @Norman,

Thank you for contacting Octopus Support. I’m sorry that you are having ADO trouble after moving your Octopus Server.

As a troubleshooting step, would it be possible to configure ADO to use the Octopus Server’s IP address rather than the DNS address? If this is a true clone, a new API key shouldn’t be necessary.

Also, have you checked the Octopus Server logs to see if there were any errors that lined up with the errors seen in ADO?

Let me know at your earliest convenience.

Regards,
Donny

When I composed the post about this message I realized that the firewall software might be blocking traffic from ADO. So I contacted the “expert” on our network team and asked him to look for any “rules” associated with the on-prem Octopus server’s IP address. His did not find a firewall “rule” per se, but he did find a NAT setting that was translating the external IP address to the specific internal IP address. This meant, like you are suggesting in your reply that the external DNS entry for our Octopus server was coming in with a public IP address and HTTP traffic was redirected to an Internal private IP address associated with the on-prem Octopus server which no longer existed. When we switched back, it “magically” started working again. But having the Octopus VM in the Azure cloud must be more complicated than it appears to me, because instead of adding a new NAT translation for the new Azure Hosted server’s private Ip address, he wants me to set up a new “Service Connection” in ADO and select “Azure Resource Manager” as the service connection type. He thinks that we can use that new service connection ( one for each ADO project) to connect all of our ADO projects to the Octopus server. I do not think this is possible because there is nothing in the properties for these “Azure Resource Manager” service connections to set the API key to securely connect to the Octopus Server instance. I may be wrong, but have asked him to set up the NAT first. I am not sure if I am making any headway. I am thinking of switching to your hosted project, but need to analyze the additional cost if any (of switching) as this would eliminate the maintenance requirements of the VM in Azure. Any help (suggestions) would be appreciated.

image001.png

Hi @Norman,

Thank you for getting back to me. I’m glad to hear you were able to figure out the culprit.

We have a great blog post about migrating to Octopus Cloud: Octopus 2021 Q2: Migrate to the cloud with Octopus Deploy - Octopus Deploy

You may also create a free cloud instance as a proof-of-concept and import projects.

For reference, here is our documentation on configuring the Octopus extension for ADO:

If you have any additional questions or if we can assist with anything else, please let us know.

Regards,
Donny

Donny I had not received your reply and was directed to move on this asap so I sent an email to support@octopus.com asking about what I need to do to switch to your cloud services.

This is what I sent.

I had posted question earlier today on the Octopus Forum about a problem we were having trying to move our on-prem Octopus server to a Azure based Virtual Machine. I received a helpful reply from Donny Bell and I have replied back to Donny with more information. When composing my original post to the forum I realized that I may be having a firewall problem. I received help from our network team and they found a NAT rule that was translating the public IP address for our octopus server into an internal IP address and this had not been updated when they moved the on-prem Octopus server to a Azure. Easy fix I thought. I also suggested in my reply to Donny: “ I am thinking of switching to your hosted project, but need to analyze the additional cost if any (of switching) as this would eliminate the maintenance requirements of the VM in Azure. Any help (suggestions) would be appreciated.”

I was subsequently called into a “Senior Level” meeting to explain what was going on and why we could not make the move to put this server into Azure. Part of this explanation I brought up the alternative of using your Hosted Octopus service instead of our own server.

It turns out that our Octopus server was NOT located in our DMZ. Potentially a Big Security Hole that none of us were aware of. So we immediately shut down all external access to the on-prem Octopus server. The current configuration of the server is not compatible with the DMZ when it is “moved” to Azure. Therefore cloning the server is useless. Access to the database server, user permissions, etc. are to different for a clone to be feasible. Now we can not deploy from Azure Dev Ops until this is resolved.

The Director of ID acted swiftly and “directed” me to figure out how to get everything into your hosted Octopus service.

We recently renewed our license and he is hoping we can apply some of that cost to the Hosted service.

So now we are in a rush to figure out how to make this happen with the least impact on our resources ( our time and extra cost ).

I need someone to contact me as soon as possible.

Gilsbar

36502-19354-83423-18493

2.0

2018-04-07

Subscription

2022-04-27

Thanks,

Norman Quates

Developer

Information Technology

Not sure if you can answer the questions on applying the cost of our current license to the hosed based service, but I am sure you can help with other questions the team has concerning secure access to the tentacles on premises and other questions like, if we will need to migrate one project at a time. Etc. Not sure but I believe we have 37+ active projects. I am available for Team calls, or Zoom or Phone if necessary.

Not sure where you are located but my day has ended and I will be out until tomorrow morning @9:30 Central Daylight time. US.

image001.png