OK. I need some more help and to let a small rant loose. I've tried all the suggestions mentioned here[1] and here[2] and I cannot get Jenkins to control the slaves via something other than JNLP. When I try to run as a service I get:
Connecting to winslave.mygreatcompany.com ERROR: Access is denied. See http://wiki.jenkins-ci.org/display/JENKINS/Windows+slaves+fail+to+start+via+DCOM for more information about how to resolve this. org.jinterop.dcom.common.JIException<http://stacktrace.jenkins-ci.org/search?query=org.jinterop.dcom.common.JIException>: Message not found for errorCode: 0x00000005 at org.jinterop.dcom.core.JIComServer.init(JIComServer.java:542)<http://stacktrace.jenkins-ci.org/search/?query=org.jinterop.dcom.core.JIComServer.init&entity=method> at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:458)<http://stacktrace.jenkins-ci.org/search/?query=org.jinterop.dcom.core.JIComServer.initialise&entity=method> at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:427)<http://stacktrace.jenkins-ci.org/search/?query=org.jinterop.dcom.core.JIComServer.%3Cinit%3E&entity=method> at org.jvnet.hudson.wmi.WMI.connect(WMI.java:59)<http://stacktrace.jenkins-ci.org/search/?query=org.jvnet.hudson.wmi.WMI.connect&entity=method> at hudson.os.windows.ManagedWindowsServiceLauncher.launch(ManagedWindowsServiceLauncher.java:227)<http://stacktrace.jenkins-ci.org/search/?query=hudson.os.windows.ManagedWindowsServiceLauncher.launch&entity=method> at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:200)<http://stacktrace.jenkins-ci.org/search/?query=hudson.slaves.SlaveComputer$1.call&entity=method> at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: rpc.FaultException: Received fault. (unknown) at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:142) at rpc.Stub.call(Stub.java:112) at org.jinterop.dcom.core.JIComServer.init(JIComServer.java:538) ... 10 more It alternates between this one (which is the wiki entry), or if I completely shut the firewall off, I get some error code that says that the RPC service isn't available. All of my slaves are Windows Server 2008 R2 (x86) virtual machines. Has anyone gotten Jenkins to control this type of machine as a service? I have a fair number of slaves that I need to keep going, and the "workaround" of logging on and copying down the JNLP code from the Jenkins site for each and every one really is not practical for our setup, as things need to reboot from time to time (more often than I'd like but that's a discussion for Microsoft and VMWare). Now for my rant... What we had set up with JNLP as a windows service worked really well. It made new boxes easy to configure and we've had very few problems with it. I'm going to switch our Macs to SSH, which I've been meaning to do anyway. While I appreciate the need and effort to address security concerns, there's got to be an option missing, whether that be restore the old functionality as an option (which we would be fine with us since we're quite nicely situated behind a firewall), or a way to connect that doesn't require that the token be different each and every time. I would really like to know if I should file an issue, or how I should proceed. [1] https://wiki.jenkins-ci.org/display/JENKINS/Windows+slaves+fail+to+start+via+DCOM [2] https://issues.jenkins-ci.org/browse/JENKINS-4859 Thanks! Allen A From: [email protected] [mailto:[email protected]] On Behalf Of Fisher, Allen Sent: Thursday, February 14, 2013 1:57 PM To: [email protected] Subject: RE: Issues after moving to 1.501 With Slave Nodes Thanks for the help Stephen and Les. I really appreciate it. I'm going to try and see if I can work around the Windows 2008 problems with controlling slaves as a service [1]. It just so happens I have a fresh machine here that I can play with. [1] https://issues.jenkins-ci.org/browse/JENKINS-4859 A From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Stephen Connolly Sent: Wednesday, February 13, 2013 8:12 AM To: [email protected]<mailto:[email protected]> Subject: Re: Issues after moving to 1.501 With Slave Nodes LTS is supposed to include critical security fixes too... otherwise it's just a version that stays around for a while. https://groups.google.com/forum/?fromgroups=#!topic/jenkinsci-advisories/P32IpTQNT5o https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 "Slaves that are started via Java Web Start will fail to reconnect if the *.jnlp file is locally stored. This is because the authentication tokens change. An administrator would have to login to the UI, retrieve the *.jnlp file and overwrite what's already on the slave. A slave that was launched via Java Web Start and then turned into a service through its menu falls into this category." My understanding of this issue, and until now I have stayed off contributing to the security advisory list as I don't want that to be seen as too CloudBees heavy (there's already KK & Jesse on the list and perhaps Ryan and Nicolas too), is that there was no other way to fix the issue at hand. Perhaps the changelog (http://jenkins-ci.org/changelog-stable) could have given a link to the Security Advisory, or at least mentioned that there were manual steps to be taken... that would be a good issue to put before the biweekly jenkins project meetings (at a time when I am cooking dinner, hence why I am never on them) -Stephen On 13 February 2013 13:39, Les Mikesell <[email protected]<mailto:[email protected]>> wrote: So, does that mean surprising changes should go undocumented and even backed into revs where they are more surprising? Or did I just miss the part in the release notes that said previously-working systems would break? On Wed, Feb 13, 2013 at 2:57 AM, Stephen Connolly <[email protected]<mailto:[email protected]>> wrote: > IIRC this was fallout from fixing a critical security issue > > > On 12 February 2013 16:21, Les Mikesell > <[email protected]<mailto:[email protected]>> wrote: >> >> On Tue, Feb 12, 2013 at 9:37 AM, Fisher, Allen >> <[email protected]<mailto:[email protected]>> >> wrote: >> > I did notice something interesting. If I launch via the website, the >> > slaves >> > will connect, until I install the service. After that, they don't >> > connect. >> >> If it works when you are authenticated in the browser before >> launching, but not as a service it is because the system changed to >> require slaves to authenticate via jnlp but it seems to be mostly >> broken. I changed mine to start via ssh (linux) and 'let jenkins >> control this windows slave" on the windows systems where that worked. >> Not sure what to do about the windows 2008 systems where none of that >> works. >> >> If you are on a private firewalled LAN, you might be OK with allowing >> anonymous read and slave connect in your main authorization matrix to >> restore the old behavior. >> >> By the way - was this change documented somewhere for the LTS 1.480.2 >> release?. I had seen the problem mentioned for 1.49x versions but >> wasn't expecting it in 1.480.2. - and I thought the point of the LTS >> line was to avoid surprises. >> >> -- >> Les Mikesell >> [email protected]<mailto:[email protected]> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to >> [email protected]<mailto:jenkinsci-users%[email protected]>. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > [email protected]<mailto:jenkinsci-users%[email protected]>. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:jenkinsci-users%[email protected]>. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
