Unable to connect to TFS server 2017 from Jenkins

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Unable to connect to TFS server 2017 from Jenkins

CC-2
Hi,

We have been facing an issue connecting to TFS  from Jenkins after we upgraded to TFS 2017. The new TFS server has https installed. When we try to connect to TFS from Jenkins using https://wiki.jenkins.io/display/JENKINS/Team+Foundation+Server+Plugin it fails ( connection resets)

We tried to debug the issue using Wireshark and it seems like SNI information is missing when Jenkins makes a request to TFS server and hence server is rejecting the connection.

Could you please help me in identifying how can Jenkins send SNI information? When I looked online few people faced similar issue with regards to maven-release-plugin ( eg.https://issues.jenkins-ci.org/browse/JENKINS-38738) . 
We are not using maven-release-plugin for this job though.

Could it be possible that TFS plugin has a bug?

Do I have to upgrade Jenkins to https so that it will send SNI (Server Name Indication) information ?

Thanks

CC

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/81d3f016-174c-4755-844c-3f8e83bcebf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Unable to connect to TFS server 2017 from Jenkins

Andreas Lunderhage
I had the exact same problem.

My problem was that there was no default certificate set on the TFS host in case no SNI name was sent in the TLS handshake. Adding the same cert to "All Unassigned" IP-addresses for port 443 as for the hostname of the cert for the port binding solved the problem.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/69074215-45a0-4bec-926a-570618ac921e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Unable to connect to TFS server 2017 from Jenkins

CC-2
Thank you so much for your reply.

Could you please elaborate more on how did you add cert to "All Unassigned" IP-addresses?

On Tuesday, November 28, 2017 at 8:02:49 AM UTC-6, Andreas Lunderhage wrote:
I had the exact same problem.

My problem was that there was no default certificate set on the TFS host in case no SNI name was sent in the TLS handshake. Adding the same cert to "All Unassigned" IP-addresses for port 443 as for the hostname of the cert for the port binding solved the problem.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/bcedfe65-7d41-4174-a1ca-8c7b097ac66c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Unable to connect to TFS server 2017 from Jenkins

CC-2
I checked and we do have "All Unassigned" setting for port 443. However, we do have Require Server Name Indication checkbox checked. Our IT department is hesitant to remove that check.

so is this is bug in TFS plugin? I am trying to understand the issue so that I can convince IT department.

Thank you! 

On Tuesday, November 28, 2017 at 4:13:33 PM UTC-6, CC wrote:
Thank you so much for your reply.

Could you please elaborate more on how did you add cert to "All Unassigned" IP-addresses?

On Tuesday, November 28, 2017 at 8:02:49 AM UTC-6, Andreas Lunderhage wrote:
I had the exact same problem.

My problem was that there was no default certificate set on the TFS host in case no SNI name was sent in the TLS handshake. Adding the same cert to "All Unassigned" IP-addresses for port 443 as for the hostname of the cert for the port binding solved the problem.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/01fdfd81-8f01-47e9-a6f2-de90034b20ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.