I had some issues with my server and had to uninstall and re-install. However, the server thumbprint remained the same value. I didn’t think anything of it until I performed a health check on my first server and received the following error:
Pipefish.PipefishException: The request failed: Unauthorized
The Octopus Server authenticated using a certificate with thumbprint CB44B1A743C2825E3E8F68DBEECAC63E3385F727, which is not in the list of certificates trusted by this Tentacle.
If I re-install the Tentacle with the server thumbprint “CB44B1A743C2825E3E8F68DBEECAC63E3385F727” everything works. But “CB44B1A743C2825E3E8F68DBEECAC63E3385F727” is not what is displayed in the Server UI as the server thumbprint.
Hey Nick - i just saw the same on a polling tentacle, generates event id’s every 10 secs on the tentacle.
to stop it, i had to remove the 2nd server certificate from C:\Octopus\Tentacle\tentacle.config
in tentacle manager, under the comms, mine said the tentacle polls to 2 certs. After deleting from config, it now says the correct server hash and event id’s have stopped.
I think the weird thing when installing is, the tentacle installs to C:\program files\ for i assume is the tools…and then the config is at c:\octopus ?
should it all be in the same directory maybe to prevent reinstall issues ?
Thanks for the heads-up John- sounds like it might be expected behaviour (Tentacle connected to two servers, one missing, will raise errors when polling). But filling up the log isn’t great, we might be able to tone that down a bit… RE the install layout, this is as-planned right now. Cheers!
Are you planning to expose on the tentacle manager canvas to allow a user to set the server cert if somehow this reoccurs ?
Since it is a discover polling tentacle, what is the procedure to rerun the discover ? or do you have to remove then reinstall ?
maybe just allow to delete a server cert from manager so a user doesn’t have to dive into a config file ?
If you go to Configuration > Certificates, is the thumbprint shown the one you’re expecting?
With a new database generated, the only source of the old thumbprint should be the browser cache and the local machine’s certificate store. I’ve added an extra check to the next Octopus version that should protect us from any problems with the latter.
To get your installation back to “normal” you should be able to use:
You’ll subsequently need to reinstall Tentacles, but trusting the new thumbprint, but I’d guess this is preferable to maintaining the current out-of-sync state.