Thumbprint on Server seems to be incorrect

Legacy Uncategorised
1

I had some issues with my server and had to uninstall and re-install. However, the server thumbprint remained the same value. I didn’t think anything of it until I performed a health check on my first server and received the following error:

Pipefish.PipefishException: The request failed: Unauthorized
The Octopus Server authenticated using a certificate with thumbprint CB44B1A743C2825E3E8F68DBEECAC63E3385F727, which is not in the list of certificates trusted by this Tentacle.

If I re-install the Tentacle with the server thumbprint “CB44B1A743C2825E3E8F68DBEECAC63E3385F727” everything works. But “CB44B1A743C2825E3E8F68DBEECAC63E3385F727” is not what is displayed in the Server UI as the server thumbprint.

See the attached screenshot.

Thanks,
Dean

12-27-2013_3-03-50_PM.png
12-27-2013_3-03-50_PM.png768×370 14.6 KB

2

Thank you for the report. We’ve recently fixed some caching bugs in this area; can you please let me know which Octopus server version you are using?

Regards
Nick

3

Octopus.server.exe is 2.0.5.933

4

Thanks for the extra info- I don’t think this is the issue I looked at previously.

To help narrow this down can you please let me know:

  • When you reinstalled the server, did you create a brand new database?
  • If you force a full refresh in the web browser on the “Discover Machine” page, does the correct certificate get shown?
  • Does the correct certificate get shown after restarting the Octopus Server service?

Thanks again.

5

Hey Nick - i just saw the same on a polling tentacle, generates event id’s every 10 secs on the tentacle.

to stop it, i had to remove the 2nd server certificate from C:\Octopus\Tentacle\tentacle.config

in tentacle manager, under the comms, mine said the tentacle polls to 2 certs. After deleting from config, it now says the correct server hash and event id’s have stopped.

I think the weird thing when installing is, the tentacle installs to C:\program files\ for i assume is the tools…and then the config is at c:\octopus ?

should it all be in the same directory maybe to prevent reinstall issues ?

havent logged this yet on git…

6

Thanks for the heads-up John- sounds like it might be expected behaviour (Tentacle connected to two servers, one missing, will raise errors when polling). But filling up the log isn’t great, we might be able to tone that down a bit… RE the install layout, this is as-planned right now. Cheers!

7

cool cool about eventvwr…

Are you planning to expose on the tentacle manager canvas to allow a user to set the server cert if somehow this reoccurs ?
Since it is a discover polling tentacle, what is the procedure to rerun the discover ? or do you have to remove then reinstall ?
maybe just allow to delete a server cert from manager so a user doesn’t have to dive into a config file ?

8

Yes, I created a brand new database.
A full refresh of the browser does not correct the issue.
And restarting the service does not correct the issue.

9

Thanks, this is certainly a puzzling one.

If you go to Configuration > Certificates, is the thumbprint shown the one you’re expecting?

With a new database generated, the only source of the old thumbprint should be the browser cache and the local machine’s certificate store. I’ve added an extra check to the next Octopus version that should protect us from any problems with the latter.

To get your installation back to “normal” you should be able to use:

Octopus.Server.exe service --stop

Octopus.Server.exe regenerate-certificate --octopus-tentacle

Octopus.Server.exe service --start

You’ll subsequently need to reinstall Tentacles, but trusting the new thumbprint, but I’d guess this is preferable to maintaining the current out-of-sync state.

Hope this helps, thanks for all the info.

Nick

10

No, the old certificate is shown on the Configuration > Certificates page. And that one doesn’t work when you use it during a Tentacle install.

However, I followed your instructions to get it back to “normal” and that fixed my problem.

Thanks,
Dean