Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71621

Windows Agent can not connect using Launch agent by connecting it to the controller method

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Minor Minor
    • core

      On Jenkins host I give the following set up for the agent:

       

      On my agent I first I download the agent.jar provided by my Jenkins server.
      Then I execute the command:

       

      java -jar agent.jar -jnlpUrl https://jenkins-chr.dev.po.precitecgroup.com/computer/foobar/jenkins-agent.jnlp -secret 2897bf216353c118d5bb0a96331c7e635584ec2628c68f551efdfe1e48c8df5b -workDir "c:\jenkins" -noCertificateCheck 

      Which was given by Jenkins, except the -noCertificateCheck 

      For which I get the following error log:

      Skipping HTTPS certificate checks altogether. Note that this is not secure at all.
      Juli 11, 2023 12:40:29 NACHM. org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDir
      INFO: Using c:\jenkins\remoting as a remoting work directory
      Juli 11, 2023 12:40:29 NACHM. org.jenkinsci.remoting.engine.WorkDirManager setupLogging
      INFO: Both error and output logs will be printed to c:\jenkins\remoting
      Juli 11, 2023 12:40:29 NACHM. hudson.remoting.jnlp.Main createEngine
      INFO: Setting up agent: foobar
      Juli 11, 2023 12:40:29 NACHM. hudson.remoting.jnlp.Main createEngine
      WARNING: Certificate validation for HTTPs endpoints is disabled
      Juli 11, 2023 12:40:29 NACHM. hudson.remoting.Engine startEngine
      INFO: Using Remoting version: 3107.v665000b_51092
      Juli 11, 2023 12:40:29 NACHM. org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDir
      INFO: Using c:\jenkins\remoting as a remoting work directory
      Juli 11, 2023 12:40:29 NACHM. hudson.remoting.jnlp.Main$CuiListener status
      INFO: Locating server among [https://jenkins-chr.dev.po.precitecgroup.com/]
      Juli 11, 2023 12:40:29 NACHM. org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver openURLConnection
      WARNING: HTTPs certificate check is disabled for the endpoint.
      Juli 11, 2023 12:40:29 NACHM. org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolve
      INFO: Remoting server accepts the following protocols: [JNLP4-connect, Ping]
      Juli 11, 2023 12:40:29 NACHM. hudson.remoting.jnlp.Main$CuiListener status
      INFO: Agent discovery successful
        Agent address: jenkins-chr.dev.po.precitecgroup.com
        Agent port:    37670
        Identity:      71:1e:58:06:17:b6:06:f7:ce:94:1f:c1:e9:8e:7d:e0
      Juli 11, 2023 12:40:29 NACHM. hudson.remoting.jnlp.Main$CuiListener status
      INFO: Handshaking
      Juli 11, 2023 12:40:29 NACHM. hudson.remoting.jnlp.Main$CuiListener status
      INFO: Connecting to jenkins-chr.dev.po.precitecgroup.com:37670
      Juli 11, 2023 12:40:29 NACHM. hudson.remoting.jnlp.Main$CuiListener status
      INFO: Trying protocol: JNLP4-connect
      Juli 11, 2023 12:40:29 NACHM. org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader run
      INFO: Waiting for ProtocolStack to start.
      Juli 11, 2023 12:40:40 NACHM. hudson.remoting.jnlp.Main$CuiListener status
      INFO: Protocol JNLP4-connect encountered an unexpected exception
      java.util.concurrent.ExecutionException: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: Connection closed before acknowledgement sent
              at org.jenkinsci.remoting.util.SettableFuture.get(SettableFuture.java:223)
              at hudson.remoting.Engine.innerRun(Engine.java:809)
              at hudson.remoting.Engine.run(Engine.java:543)
      Caused by: org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException: Connection closed before acknowledgement sent
              at org.jenkinsci.remoting.protocol.impl.AckFilterLayer.onRecvClosed(AckFilterLayer.java:280)
              at org.jenkinsci.remoting.protocol.FilterLayer.abort(FilterLayer.java:165)
              at org.jenkinsci.remoting.protocol.impl.AckFilterLayer.lambda$start$0(AckFilterLayer.java:177)
              at org.jenkinsci.remoting.protocol.IOHub$DelayedRunnable.run(IOHub.java:958)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
              at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:125)
              at java.base/java.lang.Thread.run(Thread.java:829)
      Juli 11, 2023 12:40:40 NACHM. hudson.remoting.jnlp.Main$CuiListener status
      INFO: reconnect rejected, sleeping 10s:
      java.lang.Exception: The server rejected the connection: None of the protocols were accepted
              at hudson.remoting.Engine.onConnectionRejected(Engine.java:888)
              at hudson.remoting.Engine.innerRun(Engine.java:835)
              at hudson.remoting.Engine.run(Engine.java:543) 

      If I recall correctly this still worked with Jenkins: 2.401.1

       

      update:

      Jenkins was installed with apt.

      Jenkins is accessed directly without a reverse proxy.

      The following is the Jenkins config file:

      NAME=jenkins
      JAVA_ARGS="-Djava.awt.headless=true -Dhudson.slaves.WorkspaceList=_ -Xmx2G"
      PIDFILE=/var/run/$NAME/$NAME.pid
      JENKINS_USER=$NAME
      JENKINS_GROUP=$NAME
      JENKINS_WAR=/usr/share/$NAME/$NAME.war
      JENKINS_HOME=/var/lib/$NAME
      RUN_STANDALONE=true
      JENKINS_LOG=/var/log/$NAME/$NAME.log
      JENKINS_ENABLE_ACCESS_LOG="no"
      MAXOPENFILES=8192
      HTTP_PORT=8080
      PREFIX=/$NAME
      JENKINS_PORT="-1"
      JENKINS_HTTPS_PORT="8443"
      JENKINS_HTTPS_KEYSTORE="/etc/jenkins/jenkins.jks"
      JENKINS_HTTPS_KEYSTORE_PASSWORD="*******"
      JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"
      JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpsPort=$JENKINS_HTTPS_PORT --httpsKeyStore=$JENKINS_HTTPS_KEYSTORE --httpsKeyStorePassword=$JENKINS_HTTPS_KEYSTORE_PASSWORD --httpsRedirectHttp"
       

      The Jenkins server log when a connection is tried is the following:

      Jul 11, 2023 7:59:42 PM INFO hudson.TcpSlaveAgentListener$ConnectionHandler runAccepted JNLP4-connect connection #12429 from /192.168.60.91:54867
      Jul 11, 2023 8:00:02 PM INFO hudson.TcpSlaveAgentListener$ConnectionHandler runConnection #12430 from /192.168.60.91:54869 failed: null 

       

      After I enabled websocket connection on the server it now works. I had to import the self signed certificate to the java keystore. As the -noCertificateCheck option can not be used with websocket.

       

      So to sum it up: The normal connection does not work, but the websocket connection does.

          [JENKINS-71621] Windows Agent can not connect using Launch agent by connecting it to the controller method

          Mark Waite added a comment -

          I can't duplicate the issue that as described. I have Windows agents connected to my Jenkins 2.401.2 controller as inbound agents (one running AMD64 Windows 10 and one running ARM64 Windows). You'll need to provide much more information before others are likely to provide any help. See "How to report an issue" for the additional types of information needed.

          If that information is not provided, the issue will be closed as "Cannot reproduce".

          Mark Waite added a comment - I can't duplicate the issue that as described. I have Windows agents connected to my Jenkins 2.401.2 controller as inbound agents (one running AMD64 Windows 10 and one running ARM64 Windows). You'll need to provide much more information before others are likely to provide any help. See "How to report an issue" for the additional types of information needed. If that information is not provided, the issue will be closed as "Cannot reproduce".

          Markus Winter added a comment -

          Do you have a firewall that blocks traffic on port 37670? Did you change the tcp listener port from fixed to random maybe?

           

           

          Markus Winter added a comment - Do you have a firewall that blocks traffic on port 37670? Did you change the tcp listener port from fixed to random maybe?    

          Mate Rigo added a comment -

          There is no firewall active on the server. 

          The  settings for the agent listener seem to be the default.

          Mate Rigo added a comment - There is no firewall active on the server.  The  settings for the agent listener seem to be the default.

          Mate Rigo added a comment -

          I tried to reproduce the issue again. Now it is magically gone.
          The issue can be closed as I can't reproduce it myself.

          Thanks for all your time and consideration.

           

          Cheers!

          Mate Rigo added a comment - I tried to reproduce the issue again. Now it is magically gone. The issue can be closed as I can't reproduce it myself. Thanks for all your time and consideration.   Cheers!

            Unassigned Unassigned
            materigoprecitec Mate Rigo
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: