Hi there,
I have been trying to install a octopus listening tentacle on server 2012 R2 machine, but on the register-with step I keep on getting the above error. Here is the error:

Error: Unable to connect to the Octopus Deploy server. See the inner exception for details.

Full error details are available in the log files.
At: C:\Users\Ojas\AppData\Local\Octopus\Logs

Unable to connect to the Octopus Deploy server. See the inner exception for details.
System.Exception: Unable to connect to the Octopus Deploy server. See the inner exception for details. —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TL
S secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
— End of inner exception stack trace —
at System.Net.HttpWebRequest.GetResponse()
at Octopus.Client.OctopusClient.DispatchRequest[TResponseResource](OctopusRequest request, Boolean readResponse) in Y:\work\refs\tags\3.2.24\source\Octopus.Client\OctopusClient.cs:line 479
at Octopus.Client.OctopusClient.Get[TResource](String path, Object pathParameters) in Y:\work\refs\tags\3.2.24\source\Octopus.Client\OctopusClient.cs:line 85
at Octopus.Client.OctopusClient.EstablishSession() in Y:\work\refs\tags\3.2.24\source\Octopus.Client\OctopusClient.cs:line 313
— End of inner exception stack trace —
at Octopus.Client.OctopusClient.EstablishSession() in Y:\work\refs\tags\3.2.24\source\Octopus.Client\OctopusClient.cs:line 336
at System.Lazy1.CreateValue() at System.Lazy1.LazyInitValue()
at Octopus.Client.OctopusClient.get_RootDocument() in Y:\work\refs\tags\3.2.24\source\Octopus.Client\OctopusClient.cs:line 45
at Octopus.Client.OctopusRepository.CertificateRepository.GetOctopusCertificate() in Y:\work\refs\tags\3.2.24\source\Octopus.Client\OctopusRepository.cs:line 684
at Octopus.Tentacle.Commands.RegisterMachineCommand.Start() in Y:\work\refs\tags\3.2.24\source\Octopus.Tentacle\Commands\RegisterMachineCommand.cs:line 82
at Octopus.Shared.Startup.AbstractCommand.Octopus.Shared.Startup.ICommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions) in Y:\work\refs\tags\3.2.24\source\Octopus.Shared\Sta
rtup\AbstractCommand.cs:line 57
at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in Y:\work\refs\tags\3.2.24\source\Octopus.Shared\Startup\ConsoleHost.cs:line 72
at Octopus.Shared.Startup.OctopusProgram.Run() in Y:\work\refs\tags\3.2.24\source\Octopus.Shared\Startup\OctopusProgram.cs:line 87

Also, here is my deployment script., pretty much similar to the script on octopus’ website:

$cred1=Get-Credential –Message “Type the name ($user) and password of an account with administrator access.”

$sessionoption = New-PSSessionOption -SkipCACheck -SkipCNCheck
$session = New-PSSession -ComputerName ‘172.17.1.61’ -Credential $cred1 -Port 5986 -UseSSL -SessionOption $sessionoption -Verbose

Invoke-Command -Session $session -ScriptBlock {
Invoke-WebRequest -OutFile c:\Temp\Octopus-Tentacle.msi https://download.octopusdeploy.com/octopus/Octopus.Tentacle.3.2.24-x64.msi

msiexec /i c:\Temp\Octopus-Tentacle.msi /quiet

write-output "Sleeping for 10 seconds…"
Start-Sleep -Seconds 10

$tentaclelocation = “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe”

&$tentaclelocation create-instance --instance “Tentacle” --config “C:\Octopus\Tentacle.config” --console
&$tentaclelocation new-certificate --instance “Tentacle” --if-blank --console
&$tentaclelocation configure --instance “Tentacle” --reset-trust --console
&$tentaclelocation configure --instance “Tentacle” --home “C:\Octopus” --app “C:\Octopus\Applications” --port “10933” --console
&$tentaclelocation configure --instance “Tentacle” --trust “—SERVER-THUMBPRINT—” --console
New-NetFirewallRule -DisplayName “Octopus Deploy Tentacle” -Direction Inbound -Localport 10933 -RemoteAddress LocalSubnet -Action Allow -Protocol TCP
#“netsh” advfirewall firewall add rule “name=Octopus Deploy Tentacle” dir=in action=allow protocol=TCP localport=10933
&$tentaclelocation register-with --instance “Tentacle” --server “https://my-octopus/” --apiKey="—APIKEY—" --role “WEB,CONSOLE” --environment “PROD” --comms-style TentaclePassive --console
&$tentaclelocation service --instance “Tentacle” --install --start --console

}

Hi,
​
Thanks for the question.
​
My first guess would be the SSL certificate on your Octopus Server is invalid. To make sure it is not certificate related: are you able to browse to your Octopus Server over https from the machine your are trying to install Tentacle on without any errors?
​
And to rule out a problem with the script: are you able to manually install Tentacle on that machine through the Tentacle Manager?
​
Cheers,
Shane

Hi Shane,

I was able to successfully install the tentacle when I unchecked “redirect to https”. We are using the default ssl certificate that gets generated when we installed octopus server. I can try issuing the certificate from our in-house CA, can you please send me instructions to get a certificate signing request from octopus server?

Thanks,
Ojas Panwar
IT Support Engineer
10 E 40th St, 5th Fl | New York, NY 10016
t: 646.786.8001tel:646.786.0879 | e: opanwar@onewire.commailto:opanwar@onewire.com
[cid:image001.png@01D16FAF.C46E06C0]http://www.onewire.com/
Are you a job seeker? Find your next finance jobhttps://www.onewire.com/
Are you an employer? Hear client success storieshttps://www.onewire.com/Public/ViewVideoTestimonials
[cid:image002.gif@01D16FAF.C46E06C0]http://www.linkedin.com/groups/Financial-Careers-Connections-Powered-OneWirecom-1798153?sharedKey=1B8885657088&groupID=1798153&report.success=BagHA1DnwOHOszj0amwlz1OzNgk7Fxv2DGCO-ROY70WjXSv2YIls1RkqRg_M5Pvh_sAkbZLAU0W74hneHtgBRyC[cid:image003.gif@01D16FAF.C46E06C0]https://www.facebook.com/pages/OneWire/48518805895[cid:image004.gif@01D16FAF.C46E06C0]https://twitter.com/OneWiretweets[cid:image005.gif@01D16FAF.C46E06C0]https://plus.google.com/b/102924510709128043225/102924510709128043225/posts[cid:image006.gif@01D16FAF.C46E06C0]https://www.youtube.com/channel/UC2vnsh98cE-BsZ0BFX8-e-w[cid:image007.gif@01D16FAF.C46E06C0]http://onewire.com/

Hi Ojas,

I’m glad you were able to install the Tentacle with https disabled. To create a certificate request from the Octopus Server I think you will need to use the Certificate snap-in. You can find instructions from Microsoft here:

https://technet.microsoft.com/en-au/library/cc730929.aspx

Once you have the certificate you can import into Octopus Server using the instructions here:

http://docs.octopusdeploy.com/display/OD/Expose+the+Octopus+web+portal+over+HTTPS

Please let me know if there is anything else I can assist with.

Cheers,
Shane