Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
The server requires an encryption mode that is not supported by this client.
-
Hi ,
I am currently using 5.8.2 inedo agent to talk to Azure windows servers 2016.
I am getting below error while trying to establish connection with the server via inedo agent.Inedo.Agents.AgentConnectionException: The server requires an encryption mode that is not supported by this client.
at Inedo.Agents.ServerConnection.<SendHandshakeAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Inedo.Agents.InedoAgentClientBase.<ConnectAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Inedo.BuildMaster.Windows.ServiceApplication.AgentUpdater.<CheckAgentAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Inedo.BuildMaster.Windows.ServiceApplication.AgentUpdater.<CheckServerAsync>d__10.MoveNext()Product: BuildMaster
Version: 5.8.2
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
HI Jingesh,
What encryption type are you using on the agent? SSL or AES?
Thanks,
Jason
-
Hello,
I have the same problem. I use Otter+ProGet and InedoAgent on remote machine. The disk is not encrypted and I'm using AES.
-
If you're getting the same error, then it implies an AES key mismatch.
The server and client must share the same key; the agent's key is specified in a configuration file, and the BuildMaster/Otter key are specified in the server properties (Servers page).
-
Is there any other possibility? I've reinstalled Inedo Agent and copied the key that is provided at the end of the installation to the server properties page of Otter and still getting that.
-
I looked into this further; an AES key mismatch is different error.
So far as we can tell, this error only happens if BM/OT is configured to use "no encryption", but the agent server is configured to use AES. Can you go to Admin > Export Infrastructure and see if the expected AES keys are being exported in teh JSON?
-
Yes, I have "encryptionType": "aes" and "encryptionKey" is the same as in server settings.
-
Hello;
So, in this case, it sounds like the Agent is not configured.
There is only one place in our codebase where that message is thrown, and it's in this case:
else if (mode != AgentEncryptionMode.None) { throw new AgentConnectionException(AgentConnectionError.BadHandshake, "The server requires an encryption mode that is not supported by this client."); }
The only way for
mode
to be set toNone
is if the AGent is configured with no encryption. So, I recommend to edit the configuration file or to delete the agent, configuration file, and reinstall using that AES key.
-
This is my InedoAgent configuration file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="Otter.RootPath" value="C:\ProgramData\InedoAgent\Otter" />
<add key="BuildMaster.RootPath" value="C:\ProgramData\InedoAgent\BuildMaster" />
<add key="Hedgehog.RootPath" value="C:\ProgramData\InedoAgent\Hedgehog" />
<add key="Port" value="46336" />
<add key="ServiceName" value="INEDOAGENTSVC" />
<add key="Encryption" value="aes" />
<add key="EncryptionKey" value="hunter2" (*) />
</appSettings>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
</configuration>This is the configuration of that server in Otter:
{ "active": true, "environments": [], "roles": [ "Role1" (*) ], "serverType": "windows", "hostName": "1.1.1.1" (*), "port": 46336, "encryptionType": "aes", "encryptionKey": "hunter2" (*), "drift": "reportOnly", "name": "Name1" (*), "variables": { "vServerConfigured": "true" } (*) },
(I've replaced or deleted some personal information and marked it with (*), but I've checked that the passwords match.)
I'm sorry for being a pain in the ass with this case, but these configurations still result in the error message above. Your code snippet shows that the error message is thrown when Agent is configured with encryption other thanNone
, which matches my configuration, but what was the condition thatelse
is part of and which leads here? Can you please look into it again?
-
Nice password ;)
Did you try restarting the agent service? (
inedo.agent.exe
)?I looked again (feel free to request access as well), and compared this against the messaging protocol that we use. The error is happening during the handshake.
Now I'm starting to think that Otter isn't actually connecting to the Inedo Agent... but that other thing is sending back a different response? Normally the other thing would just disconnect, but I guess maybe not? Anyways Wireshark should tell you...
Here's the full handshake, where you can see that Otter assumes the first byte received is a valid encryption mode (0,1,2).
internal async Task SendHandshakeAsync(AgentEndpoint endpoint) { if (this.disposed) throw new ObjectDisposedException(nameof(ServerConnection)); var buffer = new MemoryStream(); var writer = new BinaryWriter(buffer); writer.Write(ProtocolGuid.ToByteArray()); writer.Write(AgentProtocolVerisons.Agent1); writer.Write(AgentProtocolVerisons.Agent2); try { var initialIV = new byte[16]; using (var cts = new CancellationTokenSource(30 * 1000)) { await this.Stream.WriteAsync(buffer.GetBuffer(), 0, (int)buffer.Length, cts.Token).ConfigureAwait(false); await this.Stream.FlushAsync(cts.Token).ConfigureAwait(false); var mode = (AgentEncryptionMode)this.Stream.ReadByte(); if (mode == AgentEncryptionMode.Ssl) { var stream = new SslStream(this.Stream, false); try { await stream.AuthenticateAsClientAsync(endpoint.HostName).ConfigureAwait(false); } catch (Exception ex) { throw new AgentConnectionException(AgentConnectionError.BadCertificate, ex.Message, ex); } this.Stream = stream; } else if (mode == AgentEncryptionMode.Aes) { if (endpoint.EncryptionKey == null) throw new AgentConnectionException(AgentConnectionError.BadEncryptionKey, "The server requires an encryption key, but a key has not been configured."); int count = await this.Stream.ReadBlockAsync(initialIV, 0, 16).ConfigureAwait(false); if (count != 16) throw new AgentConnectionException(AgentConnectionError.BadHandshake); this.messageFormatter = new MessageFormatter.AesMessageFormatter(endpoint.EncryptionKey, initialIV); } else if (mode != AgentEncryptionMode.None) { throw new AgentConnectionException(AgentConnectionError.BadHandshake, "The server requires an encryption mode that is not supported by this client."); }