Connectivity issue - Camunda Cloud using C# and ASP .NET Core 3

Hello,

Working on POC for Camunda cloud with .net core, following url - GitHub - jwulf/cc-gsg-csharp: Getting Started with Camunda Cloud and the C# Client for same , able to setup Camunda components on local & able to connect using Cloudstarter application to Camunda zeebe on local, while connecting with comunda cloud , getting below error.

Something we are missing here ? OR its becuase of some firewall issue, please advice on this.

Grpc.Core.RpcException: Status(StatusCode="Unavailable", Detail="failed to connect to all addresses", DebugException="Grpc.Core.Internal.CoreErrorDetailException: {"created":"@1654598347.455000000","description":"Failed to pick subchannel","file":"..\..\..\src\core\ext\filters\client_channel\client_channel.cc","file_line":3135,"referenced_errors":[{"created":"@1654598347.455000000","description":"failed to connect to all addresses","file":"..\..\..\src\core\lib\transport\error_utils.cc","file_line":163,"grpc_status":14}]}")
   at Zeebe.Client.Impl.Commands.TopologyRequestCommand.Send(Nullable`1 timeout, CancellationToken token)
   at Cloudstarter.Controllers.ZeebeController.Get() in C:\Workspace\camunda\cc-gsg-csharp-master\cc-gsg-csharp-master\Controllers\ZeebeController.cs:line 34
   at lambda_method(Closure , Object )
   at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Could you please post the code that is causing this exception? It’s much easier to figure out what’s wrong if we have the code that is not working along with the exception.

Thanks!
dg

Thanks for your response,

Getting this error while we try tor browse https://localhost:5001/status(PFA screenshot), this url internally call Zeebeservice Status() method

 public Task<ITopology> Status()
        {
            try
            {
                return _client.TopologyRequest().Send();
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
                throw;
            }
        }

getting same error even If we directly call StartWorkflowInstance instance method

public async Task<String> StartWorkflowInstance(string bpmProcessId)
        {
            _logger.LogInformation("Creating workflow instance...");
            TimeSpan timeout = TimeSpan.FromSeconds(30);
            try
            {
                var instance = await _client.NewCreateProcessInstanceCommand()
                    .BpmnProcessId(bpmProcessId)
                    .LatestVersion()
                    .Variables("{\"name\": \"Everyone...\"}")
                    .WithResult()
                    .Send(timeout);
                var jsonParams = new JSONParameters { ShowReadOnlyProperties = true };
                return JSON.ToJSON(instance, jsonParams);
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
                throw;
            }
        }

using same code what we have at GitHub - jwulf/cc-gsg-csharp: Getting Started with Camunda Cloud and the C# Client

Thanks for posting the code, as it does help.

What I’m not seeing, which could be part of the problem, is how you are configuring the client.

var client = CamundaCloudClientBuilder.Builder()
      .FromEnv()
      .UseLoggerFactory(new NLogLoggerFactory())
      .Build();

That is, admittedly, a client builder for the Camunda Platform 8 (Cloud) but it that part doesn’t succeed, then the TopologyRequest() will fail, and all subsequent attempts to do pretty much anything will likewise fail.

I think the first step is to make sure that you are getting a properly configured client that can fully connect.

Best Regards,
dg

Hello,

Thanks for response,

Below i have provided how we configure client, we create cleint on three different camunda cloud account & getting same error for all.

One more thing to highlight here is, same solution working fine when we try from outside organization network, facing issue only when we try to run this within organization network, do you see any specific network/firewall/environment setting we might need to check for this ?(as per network team there is no issue with ceritificate and zeebe address & token url are not blocked)

    _client =
                    ZeebeClient.Builder()
                        .UseGatewayAddress(zeebeUrl)
                        .UseTransportEncryption()
                        .UseAccessTokenSupplier(
                            CamundaCloudTokenProvider.Builder()
                                .UseAuthServer(authServer)
                                .UseClientId(clientId)
                                .UseClientSecret(clientSecret)
                        .UseAudience(audience)
                                .Build())
                        .Build();

Thanks,
Nirav.

Hi @nirav, as David pointed out, to connect to Camunda SaaS, you should use the CamundaCloudBuilder. See here: GitHub - camunda-community-hub/zeebe-client-csharp: Contains an Zeebe C# client implementation.

Josh

thanks @jwulf,

tried changes as per given url, still same issue.

 var _client =
                    CamundaCloudClientBuilder.Builder()
                        .UseClientId(clientId)
                        .UseClientSecret(clientSecret)
                        .UseContactPoint(zeebeUrl)
                        .UseLoggerFactory(new NLogLoggerFactory())
                        .Build();

(tried adding .UseAuthServer(authServer) as well that also doesnt work)

Let me know if you see anything else i can check for…OR as i have mentioned above, its working fine with outside organization network, facing issue only when we try to run this within organization network, do you see any specific network/firewall/environment setting we might need to check for this ?(as per network team there is no issue with ceritificate and zeebe address & token url are not blocked)

Since you stated that you can connect from outside the company network, but not inside it, I suspect that this is a firewall issue.

Zeebe uses gRPC to communicate. You may need to check with your company network security engineers to see if they have a firewall rule that is keeping you from connecting.

dg

This was also experienced by others for example here Unable to find compatible protocol - Camunda 8 (SAAS) - #3 by Zelldon

Greets
Chris

Thanks @davidgs , @Zelldon will check on this with our network team, will get back to you in case needed further assistance.

2 Likes

@Zelldon, @davidgs - do you think this can be resolved by secure connection using ssl certificates? if yes can you please guide us how we can get ssl certificate to connect to camunda and also the code snippet for .Net core 3 ?

Hi @Vipul ,

If this is indeed a firewall issue then no, it cannot be resolved by using TLS. First you have to get through the firewall, them you can use TLS. :slight_smile:

Best Regards,
dg

Thank you @davidgs for clarification

Best regards,
Vipul

Hello @davidgs,

In our environment we are using proxy for HTTP and HTTPS traffic inspection
We have checked with relevant team and all the traffic coming to proxy must be authenticated, Please let us know how to configure proxy setting with our code along with how to pass credentials securely.

Thanks,
Vipul Keskar

Hi @Vipul,

I wish I could help with this, but I would not have the proper knowledge to know how to authenticate with your proxy. This would be something that your networking team should be able to clarify with you. Connecting and communicating with the SaaS Zeebe broker is done via gRPC/http2 . If you can get your Networking team to send you logs of the communication/connection failures through your proxy that would help in debugging why your connections are being blocked.

Best Regards,
dg

Thank you @davidgs, we are working with our network team. Will connect with you here if we need more help.

Best Regards,
Vipul Keskar

2 Likes

Hello @davidgs,

Team has whitelisted camunda.io in our work environment but after that we are getting below different errors while running localhost and zbctl command, look like it is related to certificate issue. Is my understanding correct?

Thank you!

Best Regards,
Vipul Keskar