Reputation: 696
GCP load balancer shows "Invalid Fingerprint"
I'm using a GCP Load Balancer that is currently functioning correctly, however when I view it in Cloud Console, it shows an "Invalid Fingerprint" status. More importantly, when I try to edit it--like, for example, by adding a new backend service--it fails with "Invalid Fingerprint." I'm under the impression this is some sort of SSL failure, but I have no idea what it means more than that or how to fix it.
tl;dr: GCP Load Balancer edits fail with "Invalid Fingerprint"
Upvotes: 4
Views: 2876
Answers (1)
Reputation: 88
To add a little more context to this type of error status:
This issue happened around May 2016 for all kinds of load balancers in GCP and the cause was how the hash value for the fingerprint was calculated. This specific issue was solved by a roll-out a few days later.
Around 2017 the issue reappeared but for kubernetes, where the Google Kubernetes Engine(GKE) was updating the fingerprint every minute and when someone modifies the load balancer with the GUI, it causes multiple updates to trigger that does not finish by the time GKE sends a new update causing the invalid fingerprint error.
Most of this information I provided is linked on this Issue Tracker that I invite you to check and 'star' for updates
Troubleshooting possibilities:
a) Using the command line to add or remove backend tend to be faster and less likely produce the "Invalid Fingerprint".
E.g.
$ gcloud compute backend-services create BACKEND_SERVICE_NAME
$ gcloud compute backend-services delete BACKEND_SERVICE_NAME
For all the flags, please reference: gcloud compute backend-services
b) When the issue is related to a GKE Ingress Load Balancer, in some cases, the way it was structured by the YAML file does not get updated (there is a small chance of happening when a new roll-out is deployed).
Recreating it should solve the issue, please refer to the Ingress Kubernetes Page to know all about it.
c) Possibly it is not directly related to the SSL failure since for these a more specific error will appear, like: RSA key error: n does not equal p q RSA key error: d e not congruent to 1 RSA key error: dmp1 not congruent to d RSA key error: dmq1 not congruent to d RSA key error: iqmp not inverse of q
Curiosity: The error message "Invalid Fingerprint" was originally designed to be the error message when 'conditions were not met' but now is specific for the fingerprint hash calculation.
--- This answer was improved based on the comments of original Poster, thank you. ---
Upvotes: 2
Related Questions
- GCP Load Balancer - Host and path rules not working
- GCP - No tags for Global Load Balancer
- GCP Google Cloud - Cannot create Load Balancer
- Load balancer giving failed_to_pick_backend with internet network endpoint group
- GCP Load balancer Frontend configuration not showing first load balancer in dropdown
- Cannot edit GCP load balancer
- Server behind GCP Load Balancer occalionally gets 502 Server Error, “failed_to_connect_to_backend”
- GCP GKE load balancer connectio refused
- GCP Https Load Balancer SSL Certificate
- GCP-LoadBalancer Changes keep Reverting