Is it possible to have system clocks out-of-sync between tentacle and octopus servers?

jprusaczyk · 21 March 2014 11:54

Hi,

On test environment we need to change system date to test the application.

This breaks the communication between Octopus server and the tentacle on that machine:

MessageSecurityException: The security timestamp is invalid because its creation time (‘2014-03-21T11:25:22.363Z’) is in the future. Current time is ‘2013-10-01T01:47:51.525Z’ and allowed clock skew is ‘00:05:00’.

Is there a way to ignore this mismatch, so that I can deploy to the machine that has time-travelled?

Best regards,
Janusz

Paul_Stovell · 24 March 2014 05:42

Hi,

Is this running Octopus 1.6? If so it’s not possible; messages are timestamped and signed; without the clocks being relatively in sync there’s no guarantee against a replay attack or someone using an expired certificate.

Octopus 2.0 might work however, I haven’t tried it.

Paul

jprusaczyk · 31 March 2014 14:56

Hi,

Sorry for replying with delay.

Yes, we are on version 1.6.1.1718

We have created a workaround (running upgrade from another machine over the network). Inconvenient, but in our particular case we can live with that.

Best regards,
Janusz

Kamil · 22 July 2014 06:50

It there any way to change maxClockSkew for Octopus server using configuration file?

Paul_Stovell · 23 July 2014 23:23

Hi Kamil,

Thanks for the reply, unfortunately there’s no way to modify this.

Paul