SSL Connection in watcher using Teams

Kirtash · September 28, 2020, 6:18am

Good morning,

I'm using watcher to send messages using the application "TEAMS" connected by a webhook, but when if I execute the action run perfectly, but when it is fire I have the next message:


"actions": [
      {
        "id": "MS_Teams",
        "type": "webhook",
        "status": "failure",
        "error": {
          "root_cause": [
            {
              "type": "s_s_l_exception",
              "reason": "Connection reset"
            }
          ],
          "type": "s_s_l_exception",
          "reason": "Connection reset",
          "caused_by": {
            "type": "socket_exception",
            "reason": "Connection reset"
          },
          "suppressed": [
            {
              "type": "socket_exception",
              "reason": "Broken pipe"
            }
          ]
        }
      }
    ]

Thanks!!

spinscale · September 28, 2020, 8:18am

Have you imported SSL certs to make this work? If so, did you do this on all nodes?

Also, are all nodes allowed to connect to the teams endpoint? Or is there maybe a firewall stopping this.

Keep in mind that testing a watch via kibana or via the execute watch API might mean, that it is executed somewhere else, as if running in the background.

Hope that helps as a debugging start.

Kirtash · September 28, 2020, 1:11pm

Hi @spinscale,

First of all thanks for the answer I don't know where I can configure it... When I make the next instruction to get the differents certificates (GET _ssl/certificates) I get 2 PEMs + 1 internal certificate, but the node's certificate changes when I repeat the query....

    "path" : "node.crt",
    "format" : "PEM",
    "alias" : null,
    "subject_dn" : "CN=instance-0000000000.node.XXXX.cluster.local",
    "serial_number" : "YYYY",
    "has_private_key" : true,
    "expiry" : "2021-08-26T13:17:36.000Z"

-------

    "path" : "node.crt",
    "format" : "PEM",
    "alias" : null,
    "subject_dn" : "CN=instance-0000000004.node.XXXXX.cluster.local",
    "serial_number" : "YYYY",
    "has_private_key" : true,
    "expiry" : "2021-09-28T04:06:56.000Z"

Thanks!

spinscale · September 28, 2020, 1:22pm

Hm, that might indicate, that you have a different setup on each of your nodes. Maybe go with curl on the commandline run this against each of your nodes and compare the output.

Kirtash · September 28, 2020, 2:13pm

These nodes are in elastic cloud, is possible get this information?

gkahn · November 20, 2020, 1:43pm

We are having the same problems. Elastic cloud, watcher actions with webhook to teams. Sometimes it works, sometimes we get the broken pipe exception. Elastic (platinum) support so far failed to provide a feasible solution for this problem. Did you manage to get it to work somehow?

korben · July 8, 2021, 8:48am

Our team had the same problem. Had to create a workaround by executing the watchers through a script. I'm still not 100% sure but I think the problem is with Teams. They sometimes fail to properly parse the webhook URL so I ended up manually prepending the schema whenever a MissingSchema exception was raised.

qianhong_wu · August 16, 2022, 9:51am

I also having the same problems. I guess that