When there is a problem starting up the CCM Service, you would expect that any and all error messages are captured in the ccm-service.log file, however, they aren't. If you run the chocolatey-central-management directly from the command line, using:
./chocolatey-central-management.exe /console
You can see the actual error message for what is happening.
Steps To Reproduce
We will force the CCM Service into an error condition using a badly configured certificate, to show the errors not being reported into the log file
Get access to a machine that has an installation of 0.6.1 of CCM
Delete the certificate that has been created in the Trusted People store
Shut down the CCM Service
Run the following script to generate a new, badly configured, certificate
Run the CCM Service correctly and check the log to see only the single line entry shown below
Stop the CCM Service
Run the CCM Service from the console, using
./chocolatey-central-management.exe /console
1. See that more output is shown
### Output Log
In the logs you will see the following:
2021-08-13 05:44:28,966 4 [INFO ] - Creating binding with receive timeout = 60, send timeout = 60, maximum message receive size = 2147483647, and url = 'https://ccmserver:24020/ChocolateyManagementService'. 2021-08-13 05:44:29,363 4 [FATAL] - Microsoft.AspNetCore.Server.Kestrel (0): Unable to start Kestrel. 2021-08-13 05:44:29,372 4 [INFO ] - ChocolateyServiceManagementTask is now ready with the ChocolateyManagementService service.
But when you run the service directly in the console, you will get the following:
Creating binding with receive timeout = 60, send timeout = 60, maximum message receive size = 2147483647, and url = 'htt ps://ccmserver:24020/ChocolateyManagementService'. Microsoft.AspNetCore.Server.Kestrel (0): Unable to start Kestrel. crit: Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.InvalidOperationException: Certificate DEDAD67C1FC4C775950F2B6F317246F4A855BF28 cannot be used as an SSL server c ertificate. It has an Extended Key Usage extension but the usages do not include Server Authentication (OID 1.3.6.1.5.5. 7.3.1).
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.EnsureCertificateIsAllowedForServerAu th(X509Certificate2 certificate)
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware..ctor(ConnectionDelegate next, HttpsC onnectionAdapterOptions options, ILoggerFactory loggerFactory)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.<>cDisplayClass12_0.b0(ConnectionDelegate next) at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.Build()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>cDisplayClass21_0`1.<gOnBind|0>d.MoveNext () --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressB indContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.EndpointsStrategy.BindAsync(AddressBindContext con text)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, Kestr elServerOptions serverOptions, ILogger logger, Func2 createBinding) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication1 application, Cancel lationToken cancellationToken) ChocolateyServiceManagementTask is now ready with the ChocolateyManagementService service. ```
Which provides direct information about exactly what the problem is.
Workarounds
There are no known workarounds for this.
Proposed Solution
We need to modify the logging configuration for the Kestrel instance within the CCM Service, to ensure that all pertinent logs are directed to the log file, as well as to the console.
NOTE: No manual tests are required for this change, as this is something that doesn't need a specific test, as it will be monitored as a normal course of using/debugging the service
┆Issue is synchronized with this Gitlab issue by Unito
┆Milestone: 0.6.2
Description
When there is a problem starting up the CCM Service, you would expect that any and all error messages are captured in the ccm-service.log file, however, they aren't. If you run the chocolatey-central-management directly from the command line, using:
You can see the actual error message for what is happening.
Steps To Reproduce
We will force the CCM Service into an error condition using a badly configured certificate, to show the errors not being reported into the log file
./chocolatey-central-management.exe /console
2021-08-13 05:44:28,966 4 [INFO ] - Creating binding with receive timeout = 60, send timeout = 60, maximum message receive size = 2147483647, and url = 'https://ccmserver:24020/ChocolateyManagementService'. 2021-08-13 05:44:29,363 4 [FATAL] - Microsoft.AspNetCore.Server.Kestrel (0): Unable to start Kestrel. 2021-08-13 05:44:29,372 4 [INFO ] - ChocolateyServiceManagementTask is now ready with the ChocolateyManagementService service.
Creating binding with receive timeout = 60, send timeout = 60, maximum message receive size = 2147483647, and url = 'htt ps://ccmserver:24020/ChocolateyManagementService'. Microsoft.AspNetCore.Server.Kestrel (0): Unable to start Kestrel. crit: Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.InvalidOperationException: Certificate DEDAD67C1FC4C775950F2B6F317246F4A855BF28 cannot be used as an SSL server c ertificate. It has an Extended Key Usage extension but the usages do not include Server Authentication (OID 1.3.6.1.5.5. 7.3.1). at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.EnsureCertificateIsAllowedForServerAu th(X509Certificate2 certificate) at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware..ctor(ConnectionDelegate next, HttpsC onnectionAdapterOptions options, ILoggerFactory loggerFactory) at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.<>cDisplayClass12_0.b0(ConnectionDelegate next) at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.Build()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>cDisplayClass21_0`1.<g OnBind|0>d.MoveNext () --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressB indContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.EndpointsStrategy.BindAsync(AddressBindContext con text)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, Kestr elServerOptions serverOptions, ILogger logger, Func
2 createBinding) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication
1 application, Cancel lationToken cancellationToken) ChocolateyServiceManagementTask is now ready with the ChocolateyManagementService service. ```Which provides direct information about exactly what the problem is.
Workarounds
There are no known workarounds for this.
Proposed Solution
We need to modify the logging configuration for the Kestrel instance within the CCM Service, to ensure that all pertinent logs are directed to the log file, as well as to the console.
Related Issues and Tickets
Zendesk Ticket
Done Checklist
NOTE: No manual tests are required for this change, as this is something that doesn't need a specific test, as it will be monitored as a normal course of using/debugging the service
┆Issue is synchronized with this Gitlab issue by Unito ┆Milestone: 0.6.2