Unknown identity type HTTP/1.1


(bruno.rubin) #1

Hey team,

I’m trying to setup a polling tentacle that communicates with an Octopus Server that sits behind an AWS Application Load Balancer.

The tentacle is able to authenticate and even register itself in the Octopus server but as soon as the wizard finishes and the service starts, it throws the following error:

Halibut.Transport.Protocol.ProtocolException: Unable to process remote identity; unknown identity type: 'HTTP/1.1'

The wizard finishes successfully (it is possible to see the new tentacle registered in the Octopus Server) but from this point, the Tentacle is not able to reach the Octopus server. Analyzing the OctopusTentacle.log it shows multiple errors like the following one:

2018-11-11 22:27:54.0271   3820      7  INFO  ==== RunAgentCommand ====
2018-11-11 22:27:54.0271   3820      7  INFO  CommandLine: C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe run --instance=testest
2018-11-11 22:27:54.0280   1952      1  INFO  Waiting for service to start. Current status: StartPending
2018-11-11 22:27:54.2927   3820      7  INFO  Agent will trust Octopus Servers with the thumbprint: 0BA5F64B2xxxxxxxxxxxxxxxxxxxxx
2018-11-11 22:27:54.3152   3820      7  INFO  Agent will poll Octopus Server at https://octopus.domain.com:10943/ for subscription poll://e5ner8lvf5zlydzm43zd/ expecting thumbprint 0BA5F64B2xxxxxxxxxxxxxxxxxxxxx
2018-11-11 22:27:54.3239   3820      7  INFO  Agent configured to use the system proxy, but no system proxy is configured for https://octopus.domain.com:10943/
2018-11-11 22:27:54.3239   3820      7  INFO  Agent will not listen on any TCP ports
2018-11-11 22:27:54.3239   3820      7  INFO  The Windows Service has started
2018-11-11 22:27:54.3513   1952      1  INFO  Waiting for service to start. Current status: Running
2018-11-11 22:27:54.3796   3820      8  INFO  https://octopus.domain.com:10943/    8  Opening a new connection
2018-11-11 22:27:54.3933   3820      8  INFO  https://octopus.domain.com:10943/    8  Performing TLS handshake
2018-11-11 22:27:54.4109   3820      8  INFO  https://octopus.domain.com:10943/    8  Secure connection established. Server at [::ffff:10.100.0.29]:10943 identified by thumbprint: 0BA5F64B2xxxxxxxxxxxxxxxxxxxxx, using protocol Tls12
2018-11-11 22:27:54.4245   3820      8  INFO  https://octopus.domain.com:10943/    8  Unexpected exception executing transaction.
Halibut.Transport.Protocol.ProtocolException: Unable to process remote identity; unknown identity type: 'HTTP/1.1'
   at Halibut.Transport.Protocol.MessageExchangeStream.ParseIdentityType(String identityType) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeStream.cs:line 225
   at Halibut.Transport.Protocol.MessageExchangeStream.ReadRemoteIdentity() in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeStream.cs:line 168
   at Halibut.Transport.Protocol.MessageExchangeStream.ExpectServerIdentity() in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeStream.cs:line 231
   at Halibut.Transport.Protocol.MessageExchangeProtocol.ExchangeAsSubscriber(Uri subscriptionId, Func`2 incomingRequestProcessor, Int32 maxAttempts) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeProtocol.cs:line 75
   at Halibut.Transport.SecureClient.ExecuteTransaction(Action`1 protocolHandler) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\SecureClient.cs:line 65
2018-11-11 22:27:54.6521   1952      1  INFO  Service started
2018-11-11 22:27:55.4395   3820      8  INFO  https://octopus.domain.com:10943/    8  Exception in the polling loop, sleeping for 5 seconds. This may be cause by a network error and usually rectifies itself. Disregard this message unless you are having communication problems.
Halibut.HalibutClientException: An error occurred when sending a request to 'https://octopus.domain.com:10943/', after the request began: Unable to process remote identity; unknown identity type: 'HTTP/1.1' ---> Halibut.Transport.Protocol.ProtocolException: Unable to process remote identity; unknown identity type: 'HTTP/1.1'
   at Halibut.Transport.Protocol.MessageExchangeStream.ParseIdentityType(String identityType) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeStream.cs:line 225
   at Halibut.Transport.Protocol.MessageExchangeStream.ReadRemoteIdentity() in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeStream.cs:line 168
   at Halibut.Transport.Protocol.MessageExchangeStream.ExpectServerIdentity() in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeStream.cs:line 231
   at Halibut.Transport.Protocol.MessageExchangeProtocol.ExchangeAsSubscriber(Uri subscriptionId, Func`2 incomingRequestProcessor, Int32 maxAttempts) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeProtocol.cs:line 75
   at Halibut.Transport.SecureClient.ExecuteTransaction(Action`1 protocolHandler) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\SecureClient.cs:line 65
   --- End of inner exception stack trace ---
   at Halibut.Transport.SecureClient.HandleError(Exception lastError, Boolean retryAllowed) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\SecureClient.cs:line 207
   at Halibut.Transport.PollingClient.ExecutePollingLoop(Object ignored) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\PollingClient.cs:line 47

From the Tentacle box I’m able to reach the Octopus server on port 10943 (https://octopus.domain.com:10943) and also the login page.

Is there any way that I can increase the logging level on the Tentacle to debug the connectivity and identify the root cause?

Thanks in advance.
Bruno.


(Kenneth Bates) #3

Hi Bruno,

Thanks for getting in touch! You can certainly change the logging level on the Tentacle by updating the minlevel attribute in your tentacle.exe.nlog file (this is located in C:\Program Files\Octopus Deploy\Tentacle in standard installations) to Trace (set to Info by default). This process is also outlined in the following doc page. :slight_smile:

I hope this helps! Don’t hesitate to reach out if you have any further questions or concerns moving forward.

Best regards,

Kenny


(bruno.rubin) #4

Hey Kenny,

thanks for that. Unfortunately increasing the log level to TRACE didn’t make much difference in the amount of information the logs were showing.

Would you be able to help with the error we’re getting from the Tentacle?

Thanks.
Bruno.


(Kenneth Bates) #5

Hi Bruno,

Thanks for following up, and I’m sorry to hear the trace logging didn’t help with troubleshooting this error. Looking a little closer at it, I suspect the issue could be due to another service using port 10943. Could that be the possible cause for you?

I hope this helps! Let me know how you go or if you have any further questions.

Best regards,

Kenny


(bruno.rubin) #6

Hey Kenneth,

sorry for the delay in replying back to you.

There’s no other service running on the server. The Octopus server is listening to 80 and 10943 - and the ALB is allowing 80, 443 and 10943. Also, I’m able to reach 10943 using both ALB address and the server’s IP address.
The issue only happens after registering a new tentacle.

Thanks,
Bruno.