Troubleshooting Failed Integration Installations

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Integrations or add ons in Hipchat are different than other Atlassian products such as Confluence and Jira. There isn't an .obr file for the integration that you could download locally and install on the Hipchat Server.


Problem

Unable to install an add-on/integration on Hipchat Server.. The following variation of errors may be seen in the Hipchat Server Web UI (depending on the integration/add on being installed):

Unable to install integration 
The add-on rejected the installation: 500 Internal Server Error
Unable to install integration 
The add-on rejected the installation: 400 Bad Request
Operation timed out after 5001 milliseconds with 0 bytes received
Bad Request
The browser (or proxy) sent a request that this server could not understand.


Cause

Integration(s)/add-on(s) installation can possibly fail due to:

  • No outbound 443 TCP to marketplace.atlassian.com and marketplace-cdn.atlassian.com for Add-Ons discovery
  • No inbound 443 TCP web from Internet for third party integrations
  • Trusted SSL certificate signed by a trusted CA is not installed in the server (the default self signed certificate is not trusted for HTTPS). Integration/add on installation (even behind the firewall) require a proper SSL certificate in the server. 
  • Trusted SSL certificate is missing the required intermediate certificates to connect the Root CA to the primary certificate installed.
  • TLS 1.1 & 1.2 on the Jira/Confluence/Bitbucket Server is disabled and you're running Hipchat Server v2.0.7+ which has TLS 1.0 deprecated (see Hipchat Server Release Notes).
  • DNS record that points to your HipChat FQDN doesn't exist in public DNS (as some integration servers need to be able to talk back to the HipChat Server).

Diagnosis

Depending on the type of integration / addon that you are trying to install or configure on Hipchat Server, please refer to the following sections respectively for diagnosis:

Atlassian (as mentioned in Integrate with Atlassian products page)Non-Atlassian
  • Jira
  • Confluence
  • Bitbucket Cloud
  • Bitbucket Server
  • Bamboo

Each product comes with their own atlassian-<product>.log that we can refer for diagnose purposes. This will be the additional reference that we use besides the steps listed in the Non-Atlassian section.

  • Generating HAR files and Analyzing Web Requests is helpful to view the requests made from Hipchat Server to the server hosting the integration
  • Reproduce the issue after enabling tail for all the logs in HCS and review /tmp/all.log for more details:


    sudo dont-blame-hipchat -c "find /var/log -name '*.log' -type f | xargs tail -f -n0" > /tmp/all.log

These errors can be found on Hipchat Server in the /var/log/hipchat/coral.log

2015-05-06T15:10:55.855076+00:00 hipchat coral-5: [HTTP11ClientProtocol(TLSMemoryBIOProtocol),client] ERROR:root:Unable to install add-on hc-alias 
2015-05-06T15:10:55.855604+00:00 hipchat coral-5: [/addon#REQ0F7989] WARN: The add-on hc-alias rejected the installation: 500 Internal Server Error 
2015-05-06T15:10:56.094800+00:00 hipchat coral-2: [/marketplace/external#REQ4BB644] WARN: Unable to retrieve capabilities at https://marketplace.atlassian.com/download/plugins/hc-alias/version/1 for 
hc-alias 
015-05-04T07:24:36.664345+00:00 comms coral-0: [HTTP11ClientProtocol (TLSMemoryBIOProtocol),client] UnexpectedResponseError: Error response 400 from POST: Bad Request
2015-05-04T07:24:36.664500+00:00 comms coral-0: [/addon#REQ6BD7EB] WARN: The add-on ac-koa-hipchat-sassy rejected the installation: 400 Bad Request
2015-05-04T07:24:36.664850+00:00 comms coral-0: [/addon#REQ6BD7EB] WARN: Validation error installing add-on: The add-on rejected the installation: 400 Bad Request


Resolution

  • Ensure the Hipchat Server has outbound and inbound 443 TCP configured as per the System Requirements page. For outbound connectivity of 443 TCP, you can run telnet for basic connectivity test to confirm if Hipchat Server can reach to the following addresses from the terminal / SSH console:

    • marketplace.atlassian.com

      echo | telnet marketplace.atlassian.com 443

    • marketplace-cdn.atlassian.com

      echo | telnet marketplace-cdn.atlassian.com 443

      A successful connection may look like this, for example:


      admin@hipchat:~$ echo | telnet marketplace.atlassian.com 443
Trying 34.239.16.84...
Connected to marketplace-athreos.us-east-1.prod.public.atl-paas.net.
Escape character is '^]'.
Connection closed by foreign host.
      admin@hipchat:~$ echo | telnet marketplace-cdn.atlassian.com 443
Trying 52.85.131.242...
Connected to d2cyn7uk743sr9.cloudfront.net.
Escape character is '^]'.
Connection closed by foreign host.


  • Administrators can also SSH into the server and curl the capabilities descriptors to check for issues, or at least see more information about the error. 

    • For example, the output of "curl https://sassy.hipch.at/addon/capabilities" from a successful run is below:

      admin@hipchat:~$ curl https://sassy.hipch.at/addon/capabilities
{"capabilities":{"hipchatApiConsumer":{"scopes":["send_notification","view_group"]},"installable":{"allowGlobal":true,"allowRoom":true,"callbackUrl":"https://sassy.hipch.at/addon/installable"},"webhook":[{"event":"room_message","pattern":"(?i)^r?\\/[\\w:!\\?\\-]+","url":"https://sassy.hipch.at/addon/webhook?name=597649c1cda1801c119bcb63a9083114e86317d7","name":"597649c1cda1801c119bcb63a9083114e86317d7"}]},"key":"ac-koa-hipchat-sassy","name":"Sassy","description":"Sassy adds commands to search the internet for certain types of content.","version":"1.0.0","vendor":{"name":"Atlassian Labs","url":"http://www.atlassian.com"},"links":{"self":"https://sassy.hipch.at/addon/capabilities","homepage":"https://sassy.hipch.at/"}}



  • Many integrations have 2-way communication,  which means Hipchat Server must be reachable from the integration server and vice-versa. Security restrictions in many large organisations won't allow this, hence the options are:
    • Run the integration server internally - Currently this is not possible.
    • Make the Hipchat server addressable using ngrok, for example. 
  • Ensure the Hipchat Server has a trusted SSL certificate installed. 

    • This can be verified using the following command via the Hipchat Server command line: 

      echo | openssl s_client -showcerts -connect $(hostname):443 -CApath /etc/ssl/ && echo | openssl s_client -connect $(hostname):443 2>/dev/null | openssl x509 -noout -dates -text


      (info) By default, we expect to see Verify return code: 0 (ok) message. If you see any other messages, please refer to the Hipchat Server SSL Installation and Troubleshooting Guide for the explanation of the error code

    • Use tools like SSL Checker, and Symantec SSL Checker to verify the SSL certificate.

    • Use GeoCerts™ SSL Checker to check if there are missing intermediate certificates between the root and primary certificates installed in Hipchat Server. Some CA's (like Entrust) require multiple intermediate certificates. If there are missing intermediates, download and install them into the same .pem file that houses the primary and private keys. Import that .pem into Hipchat Server, reboot the instance and attempt the install of the integration again.



Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.