Hi. I’m having trouble installing Octopus Tentacle v. 2.6.3.886-x64. The MSI installation succeeds, however when I’m running the Tentacle Setup Wiard I’m getting the following error:

`Saving instance: Tentacle

Error: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. (Exception from HRESULT: 0x80090345)

Full error details are available in the log files.
See: http://g.octopushq.com/LogFiles
Error: The previous command returned a non-zero exit code of: 100
Error: The command that failed was: “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” new-certificate --instance “Tentacle” --if-blank
Deleted instance: Tentacle`

This is the script that runs (this is a listening tentacle):

"C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe" create-instance --instance "Tentacle" --config "C:\Octopus\Tentacle\Tentacle.config" "C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe" new-certificate --instance "Tentacle" --if-blank "C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe" new-squid --instance "Tentacle" "C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe" configure --instance "Tentacle" --reset-trust "C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe" configure --instance "Tentacle" --home "C:\Octopus" --app "C:\Octopus\Applications" --port "10933" "C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe" configure --instance "Tentacle" --trust "02B536F6B2DC0FC49AB8EF4C57F2BEBC1FE603C7" "netsh" advfirewall firewall add rule "name=Octopus Deploy Tentacle" dir=in action=allow protocol=TCP localport=10933 "C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe" service --instance "Tentacle" --install --start

This is the information I’m getting out of the logs:

2015-03-03 15:12:10.6054 1 DEBUG Octopus version: 2.6.3 / 67a556bc/refs/heads/master 2015-03-03 15:12:10.9864 1 DEBUG Generating and installing a new cetificate... 2015-03-03 15:12:13.1342 1 FATAL System.Runtime.InteropServices.COMException (0x80090345): The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. (Exception from HRESULT: 0x80090345) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at Octopus.Shared.Security.CertificateGenerator.Generate(String fullName, Boolean exportable) in y:\work\refs\heads\master\source\Octopus.Shared\Security\CertificateGenerator.cs:line 27 at Octopus.Shared.Configuration.TentacleConfiguration.GenerateNewCertificate() in y:\work\refs\heads\master\source\Octopus.Shared\Configuration\TentacleConfiguration.cs:line 158 at Octopus.Tentacle.Commands.NewCertificateCommand.Start() in y:\work\refs\heads\master\source\Octopus.Tentacle\Commands\NewCertificateCommand.cs:line 59 at Octopus.Shared.Startup.AbstractCommand.Octopus.Shared.Startup.ICommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions) in y:\work\refs\heads\master\source\Octopus.Shared\Startup\AbstractCommand.cs:line 55 at Octopus.Shared.Startup.ConsoleHost.Run(Action1 start, Action shutdown) in y:\work\refs\heads\master\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36`

It seems like something with generating or installing the certificate fails. Anyone know what to do?

We’re running on Windows Server 2012 R2 Standard.

// Anders

Hi Anders,

Thanks for getting in touch! This looks like it’s coming down to the user you are running it under. Are you running it under admin or elevated to admin? Does the user have the correct permissions? You also cannot run the installation with a temporary user as this will have problems with certificate generation.

Vanessa

Hi Vanessa,

I’ve been given Administrator privileges on the server I’m installing the tentacle on. I still get the same error. This should be sufficient permissions, but maybe something is still missing.

I tried to uninstall the tentacle and reinstall it with my new previleges, but it didn’t work. I still got the same error.

I also tried to run "C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe" new-certificate --instance "Tentacle" --if-blank manually in powershell, but this didn’t work either. Got the following error:

`At line:1 char:57

• “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” new-certificate --instan …

•                                                     ~~~~~~~~~~~~~~~
  

Unexpected token ‘new-certificate’ in expression or statement.
+ CategoryInfo : ParserError: ( [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken`

I have attached some screenshots to show you my privileges.

Tentacle_1.png1685×667 42.6 KB

Tentacle_2.png1245×474 72.8 KB

Hi again.

This was solved today by having the system administrator executing the scripts. The installation worked! I don’t know what permissions were missing, but Vanessa was right!
I will reply here if I find out what privileges were missing.

Thanks for the help, Vanessa!

Hi Anders,

I am glad this was resolved as I didn’t have any other ideas of what it could be. Unfortunately it can be very environmental with permissions, so it also means it’s hard to give specific guidance apart from ‘add more’.

Vanessa

Hi again.

We’re now struggling with the same error (kind of). This is the stack trace:

'The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.

System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.

at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.EncodeValue(String value, Boolean isSensitive) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 139
at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteVariableAssignment(TextWriter writer, String key, Variable variable) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 126
at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteLocalVariables(IEnumerable`1 variables, TextWriter writer) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 101
at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.PrepareBootstrapFile(IProxyConfiguration proxyConfiguration, String scriptFilePath, String workingDirectory, VariableDictionary variables) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 44
at Octopus.Tentacle.Procedures.Implementations.Scripts.PowerShellScriptProcedure.Start(IProcedureHost host, ProcedureState state) in y:\work\refs\heads\master\source\Octopus.Tentacle\Procedures\Implementations\Scripts\PowerShellScriptProcedure.cs:line 49
at Octopus.Tentacle.Orchestration.Procedures.ProcedureCallOrchestrator.Receive(CallProcedureCommand message) in y:\work\refs\heads\master\source\Octopus.Tentacle\Orchestration\Procedures\ProcedureCallOrchestrator.cs:line 70
at Pipefish.Actor.OnReceivingTyped[TBody](Message message) in y:\work\3cbe05672d69a231\source\Pipefish\Actor.cs:line 113
Tentacle version 2.6.3.886’

This error happens when we’re running a custom PowerShell script on the different servers. However, it works on 1 of 3 machines. The script is as folliwing:

'# Load IIS module:
Import-Module WebAdministration

Get AppPool Name

$appPoolName = $OctopusParameters[‘AppPoolName’]

Stop App Pool if not already stopped

try
{
if ((Get-WebAppPoolState($appPoolName)).Value -ne “Stopped”)
{
Write-Output “Stopping IIS Application Pool: $appPoolName…”
Stop-WebAppPool $appPoolName
Write-Output “Successfully stopped IIS App Pool: $appPoolName!”
}
}
catch [System.Management.Automation.ItemNotFoundException]
{
# Application Pool didn’t exist. Assume this is OK and let Octopus continue the deployment process.
Write-Output “Couldn’t stop the Application Pool $appPoolName because it didn’t exist!”
}’

I’ve attached the error message as a picture.

Incoming error dump:

’ | Failed: Step 1: IIS AppPool - Stop
13:39:38 Info | Executing step: IIS AppPool - Stop
13:39:40 Fatal | The step failed
|
| Failed: XXX 2
13:39:38 Verbose | Starting Running step “IIS AppPool - Stop” on “XXX 2”
13:39:38 Info | Running “IIS AppPool - Stop” on “XXX 2”
13:39:40 Verbose | Guided Failure is not in use for this deployment; failing.
|
| Failed: Tentacle script execution
13:39:39 Verbose | Failed receiving Octopus.Tentacle.Orchestration.Procedures.CallProcedureCommand
| The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
| System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
| at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
| at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.EncodeValue(String value, Boolean isSensitive) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 139
| at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteVariableAssignment(TextWriter writer, String key, Variable variable) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 126
| at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteLocalVariables(IEnumerable1 variables, TextWriter writer) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 101 | at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.PrepareBootstrapFile(IProxyConfiguration proxyConfiguration, String scriptFilePath, String workingDirectory, VariableDictionary variables) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 44 | at Octopus.Tentacle.Procedures.Implementations.Scripts.PowerShellScriptProcedure.Start(IProcedureHost host, ProcedureState state) in y:\work\refs\heads\master\source\Octopus.Tentacle\Procedures\Implementations\Scripts\PowerShellScriptProcedure.cs:line 49 | at Octopus.Tentacle.Orchestration.Procedures.ProcedureCallOrchestrator.Receive(CallProcedureCommand message) in y:\work\refs\heads\master\source\Octopus.Tentacle\Orchestration\Procedures\ProcedureCallOrchestrator.cs:line 70 | at Pipefish.Actor.OnReceivingTyped[TBody](Message message) in y:\work\3cbe05672d69a231\source\Pipefish\Actor.cs:line 113 | Tentacle version 2.6.3.886 13:39:39 Fatal | The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. | System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. | at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope) | at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.EncodeValue(String value, Boolean isSensitive) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 139 | at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteVariableAssignment(TextWriter writer, String key, Variable variable) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 126 | at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteLocalVariables(IEnumerable1 variables, TextWriter writer) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 101
| at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.PrepareBootstrapFile(IProxyConfiguration proxyConfiguration, String scriptFilePath, String workingDirectory, VariableDictionary variables) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 44
| at Octopus.Tentacle.Procedures.Implementations.Scripts.PowerShellScriptProcedure.Start(IProcedureHost host, ProcedureState state) in y:\work\refs\heads\master\source\Octopus.Tentacle\Procedures\Implementations\Scripts\PowerShellScriptProcedure.cs:line 49
| at Octopus.Tentacle.Orchestration.Procedures.ProcedureCallOrchestrator.Receive(CallProcedureCommand message) in y:\work\refs\heads\master\source\Octopus.Tentacle\Orchestration\Procedures\ProcedureCallOrchestrator.cs:line 70
| at Pipefish.Actor.OnReceivingTyped[TBody](Message message) in y:\work\3cbe05672d69a231\source\Pipefish\Actor.cs:line 113
| Tentacle version 2.6.3.886
|
| Success: XXX 3
13:39:38 Verbose | Starting Running step “IIS AppPool - Stop” on “XXX 3”
13:39:38 Info | Running “IIS AppPool - Stop” on “XXX 3”
|
| Success: Running PowerShell script: C:\Users\svc.skoleweb\AppData\Local\Tentacle\Temp\d2e596f3-ec3f-4b58-bf14-8ff9e8176ae6.ps1
13:39:35 Info | ==============================================
| PowerShell exit code: 0
| ==============================================
13:39:38 Info | Tentacle script execution
|
| Failed: XXX 1
13:39:38 Verbose | Starting Running step “IIS AppPool - Stop” on “XXX 1”
13:39:38 Info | Running “IIS AppPool - Stop” on “XXX 1”
|
| Failed: Failed receiving Octopus.Tentacle.Orchestration.Procedures.CallProcedureCommand
13:39:37 Verbose | Failed receiving Octopus.Tentacle.Orchestration.Procedures.CallProcedureCommand
| The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
| System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
| at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
| at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.EncodeValue(String value, Boolean isSensitive) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 139
| at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteVariableAssignment(TextWriter writer, String key, Variable variable) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 126
| at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteLocalVariables(IEnumerable1 variables, TextWriter writer) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 101 | at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.PrepareBootstrapFile(IProxyConfiguration proxyConfiguration, String scriptFilePath, String workingDirectory, VariableDictionary variables) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 44 | at Octopus.Tentacle.Procedures.Implementations.Scripts.PowerShellScriptProcedure.Start(IProcedureHost host, ProcedureState state) in y:\work\refs\heads\master\source\Octopus.Tentacle\Procedures\Implementations\Scripts\PowerShellScriptProcedure.cs:line 49 | at Octopus.Tentacle.Orchestration.Procedures.ProcedureCallOrchestrator.Receive(CallProcedureCommand message) in y:\work\refs\heads\master\source\Octopus.Tentacle\Orchestration\Procedures\ProcedureCallOrchestrator.cs:line 70 | at Pipefish.Actor.OnReceivingTyped[TBody](Message message) in y:\work\3cbe05672d69a231\source\Pipefish\Actor.cs:line 113 | Tentacle version 2.6.3.886 13:39:37 Fatal | The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. | System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. | at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope) | at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.EncodeValue(String value, Boolean isSensitive) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 139 | at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteVariableAssignment(TextWriter writer, String key, Variable variable) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 126 | at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.WriteLocalVariables(IEnumerable1 variables, TextWriter writer) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 101
| at Octopus.Tentacle.Integration.Scripting.PowerShell.FileBasedPowerShellRunner.PrepareBootstrapFile(IProxyConfiguration proxyConfiguration, String scriptFilePath, String workingDirectory, VariableDictionary variables) in y:\work\refs\heads\master\source\Octopus.Tentacle\Integration\Scripting\PowerShell\FileBasedPowerShellRunner.cs:line 44
| at Octopus.Tentacle.Procedures.Implementations.Scripts.PowerShellScriptProcedure.Start(IProcedureHost host, ProcedureState state) in y:\work\refs\heads\master\source\Octopus.Tentacle\Procedures\Implementations\Scripts\PowerShellScriptProcedure.cs:line 49
| at Octopus.Tentacle.Orchestration.Procedures.ProcedureCallOrchestrator.Receive(CallProcedureCommand message) in y:\work\refs\heads\master\source\Octopus.Tentacle\Orchestration\Procedures\ProcedureCallOrchestrator.cs:line 70
| at Pipefish.Actor.OnReceivingTyped[TBody](Message message) in y:\work\3cbe05672d69a231\source\Pipefish\Actor.cs:line 113
| Tentacle version 2.6.3.886
13:39:38 Info | Tentacle script execution’

OD.png1142×1269 169 KB

It seems like the script is not running at all at 2 of the 3 servers.

Hi Anders,

What operating system are you running on the 3 servers? it appears that the user Tentacle is running under is not trusted for delegation.
I can give more information once I know the OS.

Vanessa

Hi Vanessa!

The three servers are running Windows Server 2012 R2. Me and the system administrator have tried some of the delegation properties, but it would be nice if you could give us detailed information of what needs to be done.

Thanks,
Anders

We are still struggling with this issue. Could you provide us with what to do, Vanessa?

Hi Anders,

Google started to get very specific when 2012 R2 was involved and it is hard to tell if any of the solutions I found will be the same or help you.
It did appear there are Microsoft patches, or permissions issues.

So What user is Tentacle set to run as, is it different for the 2 servers that aren’t working and their permissions. it appears to be related to the cryptography being used for sensitive variables and the tentacle user does not have access to the files it needs.
So this is where you will need to start your troubleshooting.

Vanessa

Alright.

The user is the same for all 3 servers. The tentacles are running as a custom service account we’ve created. It has local admin on all the servers.

Can you provide me with which files the tentacle need access to? Then I will know what folders / files to look for.

.a

Hi Anders,

It’s not a file but a security encryption library that needs to run.
Here are a few articles on Google I found:

Vanessa

I had this as well on different servers. After a few hours of digging I discovered that they could not reach the domain controllers. Check your DNS settings and ensure they can reach the AD. After fixing this this error disappeared.

Hi Eric,

Thanks for the tip!

Vanessa