Issue with certificate when installing polling tentacle

Hi!

I’m installing polling tentacles on 21 servers. 3 out of the 21 had issues installing the tentacle at the new-certificate step.

This is the error (or as an image: http://screencast.com/t/ge1MogdCjMs):
Saving instance: Tentacle

A fatal exception occurred
System.IO.FileNotFoundException: Could not load file or assembly ‘Octopus.Shared.XmlSerializers’ or one of its dependencies. The system cannot find the file specified.
File name: 'Octopus.Shared.XmlSerializers’
at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
at System.Reflection.RuntimeAssembly.LoadWithPartialNameInternal(AssemblyName an, Evidence securityEvidence, StackCrawlMark& stackMark)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at Octopus.Shared.Security.CertificateGenerator.Generate(String fullName, Boolean exportable) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared\Security\CertificateGenerator.cs:line 27
at Octopus.Shared.Configuration.TentacleConfiguration.GenerateNewCertificate() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared\Configuration\TentacleConfiguration.cs:line 158
at Octopus.Tentacle.Commands.NewCertificateCommand.Start() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Tentacle\Commands\NewCertificateCommand.cs:line 35
at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].


Error: The previous command returned a non-zero exit code of: 100
Error: The command that failed was: “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” new-certificate --instance=“Tentacle” --if-blank
Deleted instance: Tentacle

I tried executing all the commands, from “Show script”, but the new-certificate is failing: http://screencast.com/t/XfD80fQXz. I ran powershell as admin.

I’ve tried searching for this issue in your forum and google but can’t find something that seems to be the same issue.

Do you know how to solve this? If you need anything more from me, just ask.

Hi - thanks for the report. This is often seen on Win2K8R2 or Win7 machines because of bugs like this one:

http://support.microsoft.com/kb/2683913/en-us

If this doesn’t apply, or doesn’t help, please let me know the details of the OS and .NET Framework version that’s on the problem machines.

Best regards,
Nick

The hotfix did not help unfortunately.

These are the system details:
Windows Server 2008 R2 Standard, Service Pack 1
64-bit

.Net Framework 4.5 is installed on the machine and we have 3.5.1 .Net features enabled.

Från: Nicholas Blumhardt [mailto:tender2+d281fec9947d4fd39ec1e5ca099acf749bee84cc5@tenderapp.com]
Skickat: den 30 april 2014 06:08
Till: Andreas Nellmon
Ämne: Re: Issue with certificate when installing polling tentacle [Problems #19094]

Hi Andreas,

Looking for past occurrences of this it looks like it is probably related to needing the Windows User Profile loaded when installing the Tentacle.

We did some work to support this a while back, the solution (copied from https://github.com/OctopusDeploy/Issues/issues/353) is to create and export certificates interactively, and to import them on the target machines.

To create a certificate on a workstation machine run:

Tentacle.exe new-certificate --export-file="cert.txt"

To import the certificate on the Tentacle machine, run:

Tentacle.exe import-certificate --from-file="cert.txt"

(The target Tentacle should probably not be running when this is done.)

The exported certificate format is a simple clear-text base-64 file; this should be protected/treated as sensitive configuration.

Hope this helps,
Nick

The export file command is only available in 2.4 right? Since this is on our prod server’s we are reluctant to use the pre-release of 2.4 right now. Are you planning to release 2.4 on Monday perhaps? :slight_smile:

PS C:\Program Files\Octopus Deploy\Tentacle> .\Tentacle.exe new-certificate --export-file="cert.txt"
Octopus Deploy: Tentacle version 2.3.6.1385


A fatal exception occurred
System.ArgumentException: Unrecognized command line arguments: --export-file=cert.txt
at Octopus.Shared.Startup.AbstractCommand.UnrecognizedArguments(IList1 arguments) in c:\TeamCity\buildAgent\work\111 6bd9da9e239fd\source\Octopus.Shared\Startup\AbstractCommand.cs:line 18 at Octopus.Shared.Startup.AbstractCommand.Octopus.Shared.Startup.ICommand.Start(String[] commandLineArguments, IComma ndRuntime commandRuntime, OptionSet commonOptions) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared \Startup\AbstractCommand.cs:line 42 at Octopus.Shared.Startup.ConsoleHost.Run(Action1 start, Action shutdown) in c:\TeamCity\buildAgent\work\1116bd9da9e
239fd\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36

Thanks
Andreas Nellmon

Hi Andreas,

Would it be possible to install the 2.4.2 Tentacle on a developer machine to create and export the certificate, and then uninstall it? Once you have the certificate you should be able to import it.

Unfortunately it might be a week or two before 2.4 is marked as a “Stable” release.

Paul

Hi!

I did install a 2.4.2 tentacle on my machine and successfully exported a certificate. But how can I import it on the target tentacles? I tried the following command:

PS C:\Program Files\Octopus Deploy\Tentacle> .\Tentacle.exe import-certificate --from-file="C:\cert.text"
Octopus Deploy: Tentacle version 2.3.6.1385


A fatal exception occurred
System.ArgumentException: Unrecognized command line arguments: --from-file=C:\cert.text
at Octopus.Shared.Startup.AbstractCommand.UnrecognizedArguments(IList1 arguments) in c:\TeamCity\buildAgent\work\111 6bd9da9e239fd\source\Octopus.Shared\Startup\AbstractCommand.cs:line 18 at Octopus.Shared.Startup.AbstractCommand.Octopus.Shared.Startup.ICommand.Start(String[] commandLineArguments, IComma ndRuntime commandRuntime, OptionSet commonOptions) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared \Startup\AbstractCommand.cs:line 42 at Octopus.Shared.Startup.ConsoleHost.Run(Action1 start, Action shutdown) in c:\TeamCity\buildAgent\work\1116bd9da9e
239fd\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36

But it’s also in 2.4 I guess? Running help on import-certificate I got this:
PS C:\Program Files\Octopus Deploy\Tentacle> .\Tentacle.exe help import-certificate
Octopus Deploy: Tentacle version 2.3.6.1385

Usage: Tentacle import-certificate []

Where [] is any of:

  --instance=VALUE       Name of the instance to use
  --from-registry        Import the Octopus Tentacle 1.x certificate from
                           the Windows registry

Or one of the common options:

  --console              Don't attempt to run as a service, even if the
                           user is non-interactive
  --nologo               Don't print title or version information

Is it possible to use from-registry somehow? If so, how would I go about doing that?

Thanks
Andreas Nellmon

Hi Andreas,

I’m very sorry for misleading you, I thought that import-certificate was available in 2.3.6, but that isn’t the case. You’d need the 2.4.2 Tentacle to be able to import it too. Unless you’re able to use the pre-release Tentacle, the only workaround at the moment would be to install Tentacle manually unfortunately :frowning:

Sorry for that once again. Hopefully a stable 2.4 release won’t be far away.

Paul

We went with the pre-release for the three servers having issues and it worked fine to import the certificates. Thanks for all your help!

Andreas