I had to move my old OctopusDeploy server to a new machine. I backed up the most current setup, got the API key, did a fresh install on the new server and tried a restore as listed in the documentation (http://docs.octopusdeploy.com/display/OD/Backup+and+restore).

I tried restoring on the new machine from the backup file over the network and I also copied the back up file local, but both times I got the following error. I tried deleting the first 4 characters from the API key (“API-”). I also tried pasting the API key into notepad and then copy and pasting that into the back up UI just in case when I copied it from the webpage I had accidentally gotten some extra characters, but all of those attempts generated the following error.

Help please.

Thanks.

A fatal exception occurred
System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at Octopus.Server.Commands.RestoreCommand.DecodeKey() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Commands\RestoreCommand.cs:line 99
at Octopus.Server.Commands.RestoreCommand.Start() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Commands\RestoreCommand.cs:line 63
at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36

Error: The previous command returned a non-zero exit code of: 100
Error: The command that failed was: “C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe” restore --instance=“OctopusServer” --file=“C:\Users\John.Spinosa\Desktop\20140324-163016.octobak” --master-key=“API-2RCKSYTNZC0Y1Z0DUGXZZUZORS”

Hi John,

You need to get the Master Encryption Key from the Octopus Manager app on the original server, not your API key.

Hope this helps,
Nick

Thanks! Got a good back up and restore, but cannot logon. Users and all configurations should be transferred, right?

I had it set to use Active Directory, and wasn’t able to logon. Then I switched it and set a known password, and still couldn’t logon. I also stopped and started the service after the restore.

Is this the information that will be transferred with the backup and restore?

Thanks,

John

Hi John,

Yes, user records should be transferred as part of the backup/restore.

Is the new Octopus server part of the same AD domain as the old server? Could you try these steps to allow yourself to log in?

Paul

It is not part of the same AD domain. I thought setting it to password
rather than AD authentication would fix this.

I read the article at the link you sent, but there is no reset password
link. I have not been able to logon to the restored instance with any
username/password combination.

Hi John,

How did you change Octopus to use username/password authentication? If you haven’t already done so, you can do it using:

Octopus.Server.exe configure --webAuthenticationMode UsernamePassword

The page I linked to has this section:

Resetting administrator passwords

Users can be made administrators, and new administrator accounts created using the command line on the Octopus Server machine.

To reset the password of an administrator, or to make a user into an administrator, open an administrative command prompt on the Octopus Server and run the following commands.
For Username/Password authentication

Octopus.Server.exe service --stop
Octopus.Server.exe admin --username=YOURUSERNAME --password=YOURPASSWORD
Octopus.Server.exe service --start

Replace YOURUSERNAME with the simple login name of the administrator account, and provide the new password.

This will tell Octopus to create/update your user account and set a password.

Paul

Following those commands allowed me to create an admin logon. Using that
logon, I then reset all the other passwords to a default password, but I
could not logon with any of those users. Even for existing users, it
wouldn’t modify their account, but would instead create a duplicate account

It seems the backup and restore doesn’t work correctly for users and also
that admin users cannot use the UI to change the passwords of other users.

It also keeps recreating the guest account.

Hi John,

The issue isn’t with backup/restore, but with switching authentication modes.

When Bob Smith logs in using AD, his AD account is probably something like:

ACME\bob.smith

But some companies have more than one domain. So we can’t just create a username called bob.smith, because it would be confused with another user, CONTOSO\bob.smith.

When using username/password authentication, however, we can use bob.smith because we can assume they are unique.

Your database is full of users that are linked to AD accounts, with names like ACME\bob.smith. Now that you’ve switched to username/password authentication, they try to sign in as bob.smith but can’t.

You’ll need to delete the old users, and then re-invite or create them again in order for them to be able to log in. Changing authentication methods isn’t that common so unfortunately we don’t have an automated way to change this.

Paul

It turns out the old and new machines are on the same Active Directory
domain.

It seems I’m basically having to re-setup everything even though I did a
complete backup and restore. The restored instance doesn’t recognize the
tentacles I was using before and now I can’t add environments only edit
existing environments. I deleted old environments in an attempt to
recreate them, but it’s still using the old thumbprints, so I can’t get a
handshake going.

Is this how most backups and restores to a new machine are supposed to work?

Thanks,

John

Hi John,

If the machines are on the same domain, and you wish to continue using AD authentication, then it shouldn’t have been switched to username/password based authentication.

Can you please:

1. Make sure you still have your original .octobak file
2. On the new server, open Octopus Manager, and delete the instance (there’s a link at the bottom)
3. Delete the C:\Octopus folder or wherever you installed Octopus to
4. Run through the setup wizard again, this time selecting AD authentication
5. Restore from your backup

Backup and restores do work, but if you change authentication options during a restore then yes, you may encounter problems with authentication.

Paul

I worked through to step 4, but got this error while installing:

Saving instance: OctopusServer
Home directory set to: C:\Octopus
Storage mode set to: Embedded
Allow checking for upgrades: True
Include usage statistics: True
Web authentication mode: Domain
Web force SSL: False
Web listen prefixes: http://localhost:80/
Storage listen port set to: 10931
Creating or modifying administrator 'john.spinosa’
You can browse the RavenDB server at: http://localhost:10931/
Creating guest user
Adding guest user to the Everyone team

A fatal exception occurred
System.IO.FileNotFoundException: Could not load file or assembly
’Octopus.Shared.XmlSerializers’ or one of its dependencies. The system
cannot find the file specified.
File name: 'Octopus.Shared.XmlSerializers’
at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName,
String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint,
StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean
throwOnFileNotFound, Boolean forIntrospection, Boolean
suppressSecurityChecks)
at
System.Reflection.RuntimeAssembly.LoadWithPartialNameInternal(AssemblyName
an, Evidence securityEvidence, StackCrawlMark& stackMark)
at
System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADsPathname.Retrieve(Int32
lnFormatType)
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
at
System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName()
at
System.DirectoryServices.AccountManagement.ADStoreCtx.GetAsPrincipal(Object
storeObject, Object discriminant)
at
System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type
principalType, String urnScheme, String urnValue, DateTime referenceDate,
Boolean useSidHistory)
at
System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type
principalType, String urnScheme, String urnValue, DateTime referenceDate)
at
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext
context, Type principalType, Nullable1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetOrCreateUser(String username, Boolean& wasCreated) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 90 at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetOrCreateUser(String username) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 79 at Octopus.Server.Commands.AdminCommand.Start() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Commands\AdminCommand.cs:line 77 at Octopus.Shared.Startup.ConsoleHost.Run(Action1 start, Action
shutdown) in
c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared\Startup\ConsoleHost.cs:line
36

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value
[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind
failure logging.
To turn this feature off, remove the registry value
[HKLM\Software\Microsoft\Fusion!EnableLog].

===============================================================================
Active Directory integration failed because of a bug in this Windows
version.

Windows 7 and Windows Server 2008 R2 cause the .NET directory services
provider to throw random exceptions. The error detected here is commonly
associated with that bug. Please refer to this Microsoft Support article
with links to a hotfix: http://g.octopushq.com/ADHotfix
See: http://g.octopushq.com/WhyADSetupFails

Error: The previous command returned a non-zero exit code of: 100
Error: The command that failed was: “C:\Program Files\Octopus
Deploy\Octopus\Octopus.Server.exe” admin --instance=“OctopusServer”
–username=“john.spinosa” --wait="5000"
Deleted instance: OctopusServer

The original installation that I want to restore from was Windows 7
Professional to Windows Server 2008 R2. Why does it install on Win7 and
not on 2008R2?

Hi John,

Did you investigate the hotfix linked from the error message?

===============================================================================
Active Directory integration failed because of a bug in this Windows 
version. 
------------------------------------------------------------------------------- 
Windows 7 and Windows Server 2008 R2 cause the .NET directory services 
provider to throw random exceptions. The error detected here is commonly 
associated with that bug. Please refer to this Microsoft Support article 
with links to a hotfix: http://g.octopushq.com/ADHotfix 
See: http://g.octopushq.com/WhyADSetupFails 
===============================================================================

Let me know if the hotfix misses the mark, but we see this pretty often on this OS.

Cheers,
Nick

IT support will need to install this update to the Active Directory tonite,
so I will update how this goes later.

Unfortunately any changes to Active Directory affects our corporate remote
access so installation of that patch will have to wait for an undetermined
later date. The folks who would do that update will be taking on the
remainder of the OctopusDeploy project since my last day is Friday. I’ll
leave them with the files, all our email threads, and a description of
where I was in the process.

Thanks for all your help.

John

OK, I got the patch installed on the new machine after all and was able to
complete all 5 steps including the restore from the old machine and was
able to login with my old admin account using Active Directory validation.
It worked great.

HOWEVER

1. My account’s admin permissions were removed, but I used the command
   from above to upgrade my old account to admin.
2. When I used those commands to restore my admin permissions, I am now
   left with a duplicate account that I cannot delete.

Thanks,

John

Hi John - good to hear the ball’s rolling. The two admin accounts will likely have different full usernames, can you please look in each (via Configuration > Users > (user)) and let me know what you see as the Username value?

When you visit the profile of your logged in account you’ll also see the current account’s full username, so confirming that and making sure you’re deleting the right account might help.

When you try to delete the duplicate, what error does Octopus present?

Best regards,
Nick