[JENKINS-43210] Windows Agent can't connect to Master through JNLP

Type: Bug
Resolution: Unresolved
Priority: Blocker
Component/s: core, remoting
Labels:
- slave
- windows
Environment:
Jenkins Core 2.32.2.7 running on RHEL 6.8 with JDK 8u121
Windows Slaves Plugin 1.3.1
Windows Server 2012 with latest patches and JDK 8u121
Apache Reverse Proxy with "nocanon" option set

Similar Issues:
Powered by SuggestiMate

Show

When executing

java -Xmx1g -jar slave.jar -jnlpUrl http://dfvvt01seuops.somebank.somenet/jenkins-iteb/computer/DFVIASTWHUDSON2/slave-agent.jnlp

I get

Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main createEngine
INFORMATION: Setting up slave: DFVIASTWHUDSON2
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener <init>
INFORMATION: Jenkins agent is running in headless mode.
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Locating server among http://dfvvt01seuops.somebank.somenet/jenkins-iteb/
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Agent discovery successful
{{ Agent address: dfvvt01seuops.somebank.somenet}}
{{ Agent port: 50000}}
{{ Identity: 13:74:a6:18:f1:96:9c:cb:69:57:26:b1:a2:17:f2:c9}}
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Handshaking
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Connecting to dfvvt01seuops.somebank.somenet:50000
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Trying protocol: JNLP4-connect
Mõr 30, 2017 9:29:36 AM org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer onRecv
SCHWERWIEGEND: [JNLP4-connect connection to dfvvt01seuops.somebank.somenet/10.241.209.26:50000]
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
{{ at sun.security.ssl.Handshaker.checkThrown(Unknown Source)}}
{{ at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)}}
{{ at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)}}
{{ at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source)}}
{{ at javax.net.ssl.SSLEngine.wrap(Unknown Source)}}
{{ at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:392)}}
{{ at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:117)}}
{{ at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:669)}}
{{ at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:136)}}
{{ at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$2200(BIONetworkLayer.java:48)}}
{{ at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:283)}}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)}}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)}}
{{ at hudson.remoting.Engine$1$1.run(Engine.java:94)}}
{{ at java.lang.Thread.run(Unknown Source)}}
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
{{ at sun.security.ssl.Alerts.getSSLException(Unknown Source)}}
{{ at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)}}
{{ at sun.security.ssl.Handshaker.fatalSE(Unknown Source)}}
{{ at sun.security.ssl.Handshaker.fatalSE(Unknown Source)}}
{{ at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)}}
{{ at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)}}
{{ at sun.security.ssl.Handshaker.processLoop(Unknown Source)}}
{{ at sun.security.ssl.Handshaker$1.run(Unknown Source)}}
{{ at sun.security.ssl.Handshaker$1.run(Unknown Source)}}
{{ at java.security.AccessController.doPrivileged(Native Method)}}
{{ at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)}}
{{ at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:382)}}
{{ ... 9 more}}
Caused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=74df086770b5c378864b03273a8576ae) is
{{ not in the list of trusted keys}}
{{ at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:216)}}
{{ at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:263)}}
{{ at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:148)}}
{{ ... 17 more}}Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Protocol JNLP4-connect encountered an unexpected exception
java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
{{ at org.jenkinsci.remoting.util.SettableFuture.get(SettableFuture.java:223)}}
{{ at hudson.remoting.Engine.innerRun(Engine.java:385)}}
{{ at hudson.remoting.Engine.run(Engine.java:287)}}
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
{{ at sun.security.ssl.Handshaker.checkThrown(Unknown Source)}}
{{ at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)}}
{{ at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)}}
{{ at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source)}}
{{ at javax.net.ssl.SSLEngine.wrap(Unknown Source)}}
{{ at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:392)}}
{{ at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:117)}}
{{ at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:669)}}
{{ at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:136)}}
{{ at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$2200(BIONetworkLayer.java:48)}}
{{ at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:283)}}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)}}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)}}
{{ at hudson.remoting.Engine$1$1.run(Engine.java:94)}}
{{ at java.lang.Thread.run(Unknown Source)}}
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
{{ at sun.security.ssl.Alerts.getSSLException(Unknown Source)}}
{{ at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)}}
{{ at sun.security.ssl.Handshaker.fatalSE(Unknown Source)}}
{{ at sun.security.ssl.Handshaker.fatalSE(Unknown Source)}}
{{ at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)}}
{{ at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)}}
{{ at sun.security.ssl.Handshaker.processLoop(Unknown Source)}}
{{ at sun.security.ssl.Handshaker$1.run(Unknown Source)}}
{{ at sun.security.ssl.Handshaker$1.run(Unknown Source)}}
{{ at java.security.AccessController.doPrivileged(Native Method)}}
{{ at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)}}
{{ at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:382)}}
{{ ... 9 more}}
Caused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=74df086770b5c378864b03273a8576ae) is
{{ not in the list of trusted keys}}
{{ at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:216)}}
{{ at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:263)}}
{{ at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:148)}}
{{ ... 17 more}}Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Connecting to dfvvt01seuops.somebank.somenet:50000
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Server reports protocol JNLP4-plaintext not supported, skipping
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Trying protocol: JNLP3-connect
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Protocol JNLP3-connect encountered an unexpected exception
java.util.concurrent.ExecutionException: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: JNLP3-connect: Incorrect challenge response from master
{{ at java.util.concurrent.FutureTask.report(Unknown Source)}}
{{ at java.util.concurrent.FutureTask.get(Unknown Source)}}
{{ at hudson.remoting.Engine.innerRun(Engine.java:385)}}
{{ at hudson.remoting.Engine.run(Engine.java:287)}}
Caused by: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: JNLP3-connect: Incorrect challenge response from master
{{ at org.jenkinsci.remoting.engine.JnlpProtocol3Handler.sendHandshake(JnlpProtocol3Handler.java:213)}}
{{ at org.jenkinsci.remoting.engine.JnlpProtocol3Handler.sendHandshake(JnlpProtocol3Handler.java:123)}}
{{ at org.jenkinsci.remoting.engine.LegacyJnlpProtocolHandler$2.call(LegacyJnlpProtocolHandler.java:162)}}
{{ at org.jenkinsci.remoting.engine.LegacyJnlpProtocolHandler$2.call(LegacyJnlpProtocolHandler.java:158)}}
{{ at java.util.concurrent.FutureTask.run(Unknown Source)}}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)}}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)}}
{{ at hudson.remoting.Engine$1$1.run(Engine.java:94)}}
{{ at java.lang.Thread.run(Unknown Source)}}Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Connecting to dfvvt01seuops.somebank.somenet:50000
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Trying protocol: JNLP2-connect
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Protocol JNLP2-connect encountered an unexpected exception
java.util.concurrent.ExecutionException: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: Server didn't accept the handshake:
{{ at java.util.concurrent.FutureTask.report(Unknown Source)}}
{{ at java.util.concurrent.FutureTask.get(Unknown Source)}}
{{ at hudson.remoting.Engine.innerRun(Engine.java:385)}}
{{ at hudson.remoting.Engine.run(Engine.java:287)}}
Caused by: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: Server didn't accept the handshake:
{{ at org.jenkinsci.remoting.engine.JnlpProtocol2Handler.sendHandshake(JnlpProtocol2Handler.java:134)}}
{{ at org.jenkinsci.remoting.engine.LegacyJnlpProtocolHandler$2.call(LegacyJnlpProtocolHandler.java:162)}}
{{ at org.jenkinsci.remoting.engine.LegacyJnlpProtocolHandler$2.call(LegacyJnlpProtocolHandler.java:158)}}
{{ at java.util.concurrent.FutureTask.run(Unknown Source)}}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)}}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)}}
{{ at hudson.remoting.Engine$1$1.run(Engine.java:94)}}
{{ at java.lang.Thread.run(Unknown Source)}}Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Connecting to dfvvt01seuops.somebank.somenet:50000
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Trying protocol: JNLP-connect
Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener status
INFORMATION: Protocol JNLP-connect encountered an unexpected exception
java.util.concurrent.ExecutionException: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: Server didn't accept the handshake:
{{ at java.util.concurrent.FutureTask.report(Unknown Source)}}
{{ at java.util.concurrent.FutureTask.get(Unknown Source)}}
{{ at hudson.remoting.Engine.innerRun(Engine.java:385)}}
{{ at hudson.remoting.Engine.run(Engine.java:287)}}
Caused by: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: Server didn't accept the handshake:
{{ at org.jenkinsci.remoting.engine.JnlpProtocol1Handler.sendHandshake(JnlpProtocol1Handler.java:121)}}
{{ at org.jenkinsci.remoting.engine.LegacyJnlpProtocolHandler$2.call(LegacyJnlpProtocolHandler.java:162)}}
{{ at org.jenkinsci.remoting.engine.LegacyJnlpProtocolHandler$2.call(LegacyJnlpProtocolHandler.java:158)}}
{{ at java.util.concurrent.FutureTask.run(Unknown Source)}}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)}}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)}}
{{ at hudson.remoting.Engine$1$1.run(Engine.java:94)}}
{{ at java.lang.Thread.run(Unknown Source)}}Mõr 30, 2017 9:29:36 AM hudson.remoting.jnlp.Main$CuiListener error
SCHWERWIEGEND: The server rejected the connection: None of the protocols were accepted
java.lang.Exception: The server rejected the connection: None of the protocols were accepted
{{ at hudson.remoting.Engine.onConnectionRejected(Engine.java:484)}}
{{ at hudson.remoting.Engine.innerRun(Engine.java:448)}}
{{ at hudson.remoting.Engine.run(Engine.java:287)}}

I don't care for the JNLP3 and JNLP4 issues right now (because I don't need encryption at the moment), but I would expect at least JNLP2 to work. Looks like ~~JENKINS-39232~~ is not fixed after all.

Related: ~~JENKINS-39232~~, ~~JENKINS-40668~~

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

jenkins-43210-issue.txt
9 kB
2018-12-05 14:39
image-2018-09-19-12-09-33-563.png
42 kB
2018-09-19 10:09

bcygan created issue - 2017-03-30 07:45

Oleg Nenashev made changes - 2017-03-31 08:24

Assignee

Original: Kohsuke Kawaguchi [ kohsuke ]

New: Oleg Nenashev [ oleg_nenashev ]

Oleg Nenashev made changes - 2017-03-31 08:24

Component/s

New: remoting [ 15489 ]

Oleg Nenashev made changes - 2017-04-03 13:17

Assignee

Original: Oleg Nenashev [ oleg_nenashev ]

New: bcygan [ bcygan ]

bcygan made changes - 2017-04-10 11:07

Environment

Original: Jenkins Core 2.32.2.7 running on RHEL 6.8 with JDK 8u121
Windows Slaves Plugin 1.3.1
Windows Server 2012 with latest patches and JDK 8u121

New: Jenkins Core 2.32.2.7 running on RHEL 6.8 with JDK 8u121
Windows Slaves Plugin 1.3.1
Windows Server 2012 with latest patches and JDK 8u121
Apache Reverse Proxy with "nocanon" option set

Oleg Nenashev made changes - 2017-07-20 09:59

Resolution		New: Won't Fix [ 2 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Matthias Baldi made changes - 2018-09-19 10:09

Attachment

New: image-2018-09-19-12-09-33-563.png [ 44529 ]

Matthias Baldi made changes - 2018-10-03 11:53

Resolution	Original: Won't Fix [ 2 ]
Status	Original: Resolved [ 5 ]	New: Reopened [ 4 ]

Stéphane Rzetelny made changes - 2018-12-05 14:39

Attachment

New: jenkins-43210-issue.txt [ 45368 ]

Bismaya Mohapatra made changes - 2019-10-30 11:07

Comment

[ We are also getting the same issue Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=74df086770b5c3788....)

We are using Inbound TCP Agent Protocol/4 (TLS encryption).

Any solution for this ? We tried with Protocol/3 and other options, but it is not working. ]

Niels Kristian Jensen made changes - 2019-10-30 12:26

Component/s

New: claim-plugin [ 15531 ]

Assignee:: bcygan

Reporter:: bcygan

Votes:: 3 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2017-03-30 07:45

Updated:: 2020-10-31 18:29

Jenkins

Details

Description

Attachments

Attachments

Activity

People

Dates