Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Component/s: core, remoting
    • Labels:
      None
    • Environment:
      jenkins v 2.176.1 on RHEL 7.2
      Windows Server 2016 as slave node
    • Similar Issues:

      Description

      We have been having issues with windows node connectivity to master node, it complains about public key not in the list of trusted keys. Are we missing anything here? thanks for your help.

       

      Nov 15, 2019 2:01:01 PM sun.net.www.protocol.http.HttpURLConnection plainConnect0Nov 15, 2019 2:01:01 PM sun.net.www.protocol.http.HttpURLConnection plainConnect0FINEST: ProxySelector Request for http://devecpvm006819:32751/computer/WindowsNode_devecpvm010100/slave-agent.jnlp?encrypt=trueNov 15, 2019 2:01:01 PM sun.net.www.protocol.http.HttpURLConnection plainConnect0FINEST: Proxy used: DIRECTNov 15, 2019 2:01:01 PM sun.net.www.protocol.http.HttpURLConnection writeRequestsFINE: sun.net.www.MessageHeader@4ccabbaa5 pairs: {GET /computer/WindowsNode_devecpvm010100/slave-agent.jnlp?encrypt=true HTTP/1.1: null}

      {User-Agent: Java/1.8.0_201}

      {Host: devecpvm006819:32751}

      {Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}

      {Connection: keep-alive}Nov 15, 2019 2:01:01 PM sun.net.www.http.HttpClient logFinestFINEST: KeepAlive stream used: http://devecpvm006819:32751/computer/WindowsNode_devecpvm010100/slave-agent.jnlp?encrypt=trueNov 15, 2019 2:01:01 PM sun.net.www.protocol.http.HttpURLConnection getInputStream0FINE: sun.net.www.MessageHeader@4bf558aa6 pairs: {null: HTTP/1.1 200 OK}

      {Date: Fri, 15 Nov 2019 14:01:01 GMT}

      {X-Content-Type-Options: nosniff}

      {Content-Type: application/octet-stream}

      {Content-Length: 823}

      {Server: Jetty(9.4.z-SNAPSHOT)}

      Nov 15, 2019 2:01:01 PM hudson.remoting.jnlp.Main createEngineINFO: Setting up agent: WindowsNode_devecpvm010100Nov 15, 2019 2:01:01 PM hudson.remoting.jnlp.Main$CuiListener <init>INFO: Jenkins agent is running in headless mode.Nov 15, 2019 2:01:01 PM hudson.remoting.Engine startEngineINFO: Using Remoting version: 3.29Nov 15, 2019 2:01:01 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDirINFO: Using d:\jenkins-dr\remoting as a remoting work directoryNov 15, 2019 2:01:01 PM org.jenkinsci.remoting.engine.WorkDirManager setupLoggingCONFIG: Logging susystem has been already initializedNov 15, 2019 2:01:01 PM hudson.remoting.Engine startEngineFINE: Using standard File System JAR Cache. Root Directory is d:\jenkins-dr\remoting\jarCacheNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.IOHub createFINE: Staring an additional Selector wakeup thread. See JENKINS-47965 for more infoNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.IOHub processScheduledTasksFINEST: 0 scheduled tasks to processNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.IOHub$IOHubSelectorWatcher runFINEST: Windows IOHub Watcher for IOHub#1: Selector[keys:0, gen:0] / pool-1-thread-2: StartedNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Locating server among http://devecpvm006819:32751/Nov 15, 2019 2:01:02 PM sun.net.www.protocol.http.HttpURLConnection plainConnect0FINEST: ProxySelector Request for http://devecpvm006819:32751/tcpSlaveAgentListener/Nov 15, 2019 2:01:02 PM sun.net.www.protocol.http.HttpURLConnection plainConnect0FINEST: Proxy used: DIRECTNov 15, 2019 2:01:02 PM sun.net.www.protocol.http.HttpURLConnection writeRequestsFINE: sun.net.www.MessageHeader@47d36c435 pairs: {GET /tcpSlaveAgentListener/ HTTP/1.1: null}

      {User-Agent: Java/1.8.0_201}

      {Host: devecpvm006819:32751}

      {Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}

      {Connection: keep-alive}Nov 15, 2019 2:01:02 PM sun.net.www.http.HttpClient logFinestFINEST: KeepAlive stream used: http://devecpvm006819:32751/tcpSlaveAgentListener/Nov 15, 2019 2:01:02 PM sun.net.www.protocol.http.HttpURLConnection getInputStream0FINE: sun.net.www.MessageHeader@54ed48bd11 pairs: {null: HTTP/1.1 200 OK}

      {Date: Fri, 15 Nov 2019 14:01:02 GMT}

      {X-Content-Type-Options: nosniff}

      {Content-Type: text/plain;charset=utf-8}

      {X-Hudson-JNLP-Port: 31000}

      {X-Jenkins-JNLP-Port: 31000}

      {X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHOqn4TCBJVV1WUP7DtSX1Ho6eu0Ddd0DoaQeypiygardwf594L1uPh5lo47iwQqq1346MDfgKVifQtp8dig7/DdRClaHftCp5FsbAVnEncdjyjEW9ZeujF6qNcIPzZ9T6dTfShYXXjkoKHLRDTleqm9rd/ma8/NBWwT+aP/shm9gp5DTxx0Uljt4P6SfpCoj5Yoti7Qhq7VCeZ3lQc0BxhUvfoM0x3DCXReX4qHb2pdielR+TCzKVuXAfgFsaoJFhc5kM0ZVDwnCrZMvwI0Hqgts3vUHkzSPiDyDyr+yjnbYDDwD2UBlVaY47IEaDwcjL/HUkqFG0o5vnbGF1F09wIDAQAB}

      {X-Jenkins-Agent-Protocols: JNLP4-connect, Ping}

      {X-Remoting-Minimum-Version: 3.4}

      {Content-Length: 12}

      {Server: Jetty(9.4.z-SNAPSHOT)}Nov 15, 2019 2:01:02 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolveINFO: Remoting server accepts the following protocols: [JNLP4-connect, Ping]Nov 15, 2019 2:01:02 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolveFINE: TCP Agent Listener Port availability check passedNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Agent discovery successful  Agent address: devecpvm006819  Agent port:    31000  Identity:      a6:f6:ad:d1:34:41:4b:ad:d8:f0:89:cd:bd:d4:50:6fNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: HandshakingNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Connecting to devecpvm006819:31000Nov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Trying protocol: JNLP4-connectNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.ProtocolStack initFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] InitializingNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.ProtocolStack initFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] StartingNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.NetworkLayer startFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] StartingNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.NetworkLayer startFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] StartedNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.FilterLayer completedFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] CompletedNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.FilterLayer completedFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] CompletedNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.impl.AckFilterLayer completeFINE: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] Acknowledgement exchange completedNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.impl.ConnectionHeadersFilterLayer doSendFINE: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] Headers sentNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer onRecvSEVERE: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:392) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:117) at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:668) at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:136) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$2200(BIONetworkLayer.java:48) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:283) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) at java.lang.Thread.run(Unknown Source)Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:382) ... 9 moreCaused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=862abb5cca658dff26dc8eb01eda6182) is not in the list of trusted keys at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:217) at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:263) at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:148) ... 17 more
      Nov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.FilterLayer abortFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] Abortedjavax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:392) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:117) at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:668) at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:136) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$2200(BIONetworkLayer.java:48) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:283) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) at java.lang.Thread.run(Unknown Source)Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:382) ... 9 moreCaused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=862abb5cca658dff26dc8eb01eda6182) is not in the list of trusted keys at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:217) at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:263) at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:148) ... 17 more
      Nov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.FilterLayer onRecvClosedFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] RECV ClosedNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.FilterLayer onRecvClosedFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] RECV ClosedNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.ApplicationLayer onRecvClosedFINE: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] RECV ClosedNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.ApplicationLayer doCloseWriteFINE: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] Closing SENDNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.FilterLayer doCloseSendFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] Closing SENDNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.FilterLayer doCloseSendFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] Closing SENDNov 15, 2019 2:01:02 PM org.jenkinsci.remoting.protocol.ProtocolStack initFINEST: [JNLP4-connect connection to devecpvm006819/11.17.197.135:31000] StartedNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Protocol JNLP4-connect encountered an unexpected exceptionjava.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at org.jenkinsci.remoting.util.SettableFuture.get(SettableFuture.java:223) at hudson.remoting.Engine.innerRun(Engine.java:614) at hudson.remoting.Engine.run(Engine.java:474)Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:392) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:117) at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:668) at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:136) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$2200(BIONetworkLayer.java:48) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:283) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) at java.lang.Thread.run(Unknown Source)Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:382) ... 9 moreCaused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=862abb5cca658dff26dc8eb01eda6182) is not in the list of trusted keys at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:217) at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:263) at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:148) ... 17 more
      Nov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Connecting to devecpvm006819:31000Nov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Server reports protocol JNLP4-plaintext not supported, skippingNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Server reports protocol JNLP3-connect not supported, skippingNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Server reports protocol JNLP2-connect not supported, skippingNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener statusINFO: Server reports protocol JNLP-connect not supported, skippingNov 15, 2019 2:01:02 PM hudson.remoting.jnlp.Main$CuiListener errorSEVERE: The server rejected the connection: None of the protocols were acceptedjava.lang.Exception: The server rejected the connection: None of the protocols were accepted at hudson.remoting.Engine.onConnectionRejected(Engine.java:682) at hudson.remoting.Engine.innerRun(Engine.java:639) at hudson.remoting.Engine.run(Engine.java:474)

        Attachments

          Activity

          Hide
          jthompson Jeff Thompson added a comment -

          Ram krish, did you figure out your problem here? If it's a configuration issue others may encounter it might help if you could describe the situation and resolution in case others run into it.

           

          Show
          jthompson Jeff Thompson added a comment - Ram krish , did you figure out your problem here? If it's a configuration issue others may encounter it might help if you could describe the situation and resolution in case others run into it.  
          Hide
          raamkres Ram krish added a comment -

          We had Jenkins v2.176.1 running on Kubernetes (RHEL v7.3), this instance had static windows node as slave agents, the above error was seen when configuring new windows agent. 

          On analysis we found out that a Kubernetes Service on TCP port for agents was required for it to work correctly, once we deployed the service, the connection worked.

          Show
          raamkres Ram krish added a comment - We had Jenkins v2.176.1 running on Kubernetes (RHEL v7.3), this instance had static windows node as slave agents, the above error was seen when configuring new windows agent.  On analysis we found out that a Kubernetes Service on TCP port for agents was required for it to work correctly, once we deployed the service, the connection worked.
          Hide
          jthompson Jeff Thompson added a comment -

          Thanks for sharing.

          Show
          jthompson Jeff Thompson added a comment - Thanks for sharing.

            People

            • Assignee:
              jthompson Jeff Thompson
              Reporter:
              raamkres Ram krish
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: