Data protection error when using encrypted variables

I get the following error when using encrypted (marked as sensitive) variables to deploy a new project to a Windows 2003 server:

The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread’s user context, which may be the case when the thread is impersonating.
System.Security.Cryptography.CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread’s user context, which may be the case when the thread is impersonating.
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.EncodeValue(String value, Boolean isSensitive) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 131
at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteVariableAssignment(TextWriter writer, String key, Variable variable) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 117
at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteLocalVariables(IEnumerable`1 variables, TextWriter writer) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 111
at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.PrepareBootstrapFile(IProxyConfiguration proxyConfiguration, String scriptFilePath, String workingDirectory, VariableDictionary variables) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 43
at Octopus.Tentacle.Procedures.Implementations.Scripts.PowerShellScriptProcedure.Start(IProcedureHost host, ProcedureState state) in y:\work\refs\heads\master\source\Octopus.Tentacle\Procedures\Implementations\Scripts\PowerShellScriptProcedure.cs:line 49
at Octopus.Tentacle.Orchestration.Procedures.ProcedureCallOrchestrator.Receive(CallProcedureCommand message) in y:\work\refs\heads\master\source\Octopus.Tentacle\Orchestration\Procedures\ProcedureCallOrchestrator.cs:line 70
at Pipefish.Actor.OnReceivingTyped[TBody](Message message) in y:\work\3cbe05672d69a231\source\Pipefish\Actor.cs:line 113
Tentacle version

The error does not occur if I uncheck the sensitive check box for the variables.

Hi James,

Thanks for getting in touch! A couple of things here, we think that the user does not have the correct permissions as we use a cryptography library that is invoked when sensitive variables are used.
And also just to check are you using SP2 on the Windows Server?
You can change the user that Tentacle runs as using the following process:

If you could give that a try and see if it resolves the issue.

Let me know how you go.

Yes we are using SP2 and we already have the tentacle running under a domain account which has local admin rights on the server.

Hi James,

Thanks for the info. Has the domain account logged into the server? We have found that when a user is created and the install is scripted, that the user needs to log in once to the server to complete the profile correctly to then be able to access these functions. Technically Tentacle should not have even been able to install as that user without access to these functions.


Yes, it has.

We are still having this problem, any suggestions?

Hi James,

It’s hard to see what the cause for this might be via these forums, perhaps we could do a Skype/GoToMeeting call to try and get to the bottom of it? You can pick a time that suits you here:


Scheduled for this Friday.

FYI, this problem only occurs on our Windows 2003 servers, the 2008 servers work fine.