Hi, I’ve installed a new 3.0 instance and migrated from our 2.6 instance, following your instructions. The process has gone smoothly, until I started migrating Tentacles using Hydra. I did a “canary” run with a couple of listening tentacles, which went swimmingly. However, I then tried a second trial with a polling tentacle and have run into a blocking issue:
2015-08-29 21:04:19.6314 8 INFO https://ourserver.com/ 8 Opening a new connection
2015-08-29 21:04:19.7584 8 INFO https://ourserver.com/ 8 Performing SSL (TLS 1.0) handshake
2015-08-29 21:04:20.0514 8 INFO https://ourserver.com/ 8 The server presented an unexpected security certificate. We expected the server to present a certificate with the thumbprint 'XXXXXXXXXXXXXXXX'. Instead, it presented a certificate with a thumbprint of 'YYYYYYYYYYYYYYYY'. This usually happens when the client has been configured to expect the server to have the wrong certificate, or when the certificate on the server has been regenerated and the client has not been updated. It may also happen if someone is performing a man-in-the-middle attack on the remote machine, or if a proxy server is intercepting requests. Please check the certificate used on the server, and verify that the client has been configured correctly.
System.Security.Authentication.AuthenticationException: The server presented an unexpected security certificate. We expected the server to present a certificate with the thumbprint 'XXXXXXXXXXXXXXXX'. Instead, it presented a certificate with a thumbprint of 'YYYYYYYYYYYYYYYY'. This usually happens when the client has been configured to expect the server to have the wrong certificate, or when the certificate on the server has been regenerated and the client has not been updated. It may also happen if someone is performing a man-in-the-middle attack on the remote machine, or if a proxy server is intercepting requests. Please check the certificate used on the server, and verify that the client has been configured correctly.
at Halibut.Transport.ClientCertificateValidator.Validate(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors) in y:\work\7ab39c94136bc5c6\source\Halibut\Transport\ClientCertificateValidator.cs:line 26
at System.Net.Security.SecureChannel.VerifyRemoteCertificate(RemoteCertValidationCallback remoteCertValidationCallback)
at System.Net.Security.SslState.CompleteHandshake()
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at Halibut.Transport.SecureClient.EstablishNewConnection() in y:\work\7ab39c94136bc5c6\source\Halibut\Transport\SecureClient.cs:line 118
at Halibut.Transport.SecureClient.AcquireConnection() in y:\work\7ab39c94136bc5c6\source\Halibut\Transport\SecureClient.cs:line 100
at Halibut.Transport.SecureClient.ExecuteTransaction(Action`1 protocolHandler) in y:\work\7ab39c94136bc5c6\source\Halibut\Transport\SecureClient.cs:line 52
The tentacle has been successfully upgraded, but it’s unable to connect to the server as it’s retrieving the SSL certificate presented by our front-end server (our instance sits behind an IIS server running ARR) and complaining the thumbprint isn’t what it expects.
I’m not sure why this doesn’t appear to affect our listening tentacles, but we have a number of other polling tentacles across various clients needing to be updated, so I’m hoping there’s an easy way to resolve this.
Regards,
Gary
Edit: Reposted at http://community.octopusdeploy.com/t/post-upgrade-problems-with-polling-tentacles/481/1