NullReferenceException running tentacle.exe register-with

I have Chef successfully installing the Octopus tentacle onto a new machine, but I now can’t get that instance to register itself with our Octopus server. The instance can see the Octopus server fine, and the tentacle.exe is installed and working, but when I manually run the tentacle steps from our Chef script, here’s what happens:

C:\Program Files (x86)\Octopus Tentacle\Agent>tentacle.exe uninstall
Uninstalling the service: Octopus Tentacle
Uninstall complete

C:\Program Files (x86)\Octopus Tentacle\Agent>tentacle.exe configure --appdir="C:\Applications" --port=10933 --trust=74A16F16CE5B9BD18BF30E914EEEA5C7B9F93696
Setting application directory to: C:\Applications
Ensuring directory exists...
Setting port number to: 10933
Adding 1 trusted Octopus servers
Configuration successful

C:\Program Files (x86)\Octopus Tentacle\Agent>tentacle.exe install
Installing the service: Octopus Tentacle
Service installed and started successfully

C:\Program Files (x86)\Octopus Tentacle\Agent>tentacle.exe register-with --server=http://octopus/ --environment=ChefNodes --apiKey=TL5ILK7GGHXBBG5IIZL8CCFJPOM --name=SPOTVMS-8MHGMME --publicHostname=SPOTVMS-8MHGMME
System.NullReferenceException: Object reference not set to an instance of an object.
   at Octopus.Tentacle.Commands.RegisterMachineCommand.Execute() in c:\w\e6923628be6eaf72\source\Octopus.Tentacle\Commands\RegisterMachineCommand.cs:line 72
   at Octopus.Shared.Startup.CommandProcessor.Process(String[] args) in c:\w\e6923628be6eaf72\source\Octopus.Shared\Startup\CommandProcessor.cs:line 40

C:\Program Files (x86)\Octopus Tentacle\Agent>

Omitting the --name and --publicHostname parameters makes no difference.

Any ideas?



OK, some more information.

The Chef init script is running the above steps, but the Octopus tentacle doesn’t register with the server.

After running these steps, the Octopus Tentacle service will not start - I get

C:\Program Files (x86)\Octopus Tentacle\Agent>net start "Octopus Tentacle"
The Octopus Tentacle service is starting.
The Octopus Tentacle service could not be started.

A system error has occurred.

System error 1067 has occurred.

The process terminated unexpectedly.

If I manually re-run the steps above, I get the NullReferenceException documented above.

HOWEVER, if I run the Octopus Tentacle GUI and start the service using the GUI, it works. The service comes up, everything appears stable, and I can manually run the tentacle.exe register-with command.

What is the GUI doing differently to a normal command line ‘net start’ ?

Yet more details that might help.

Immediately following the Chef bootstrap process, there’s five errors in the Windows event log (attached). The Octopus service appears to be installed and started, but if I stop and restart it I get the error above.

octopus.evtx (68 KB)

Hi Dylan - i encountered same issue & after breaking my head around different issues found out in my case the problem was with the way i was running the msiexec arguments in my powershell wrapper. The culprit turned out to be /l option for logging creates some sort of contention trying to log & run the msi extract process. Removing that operation cleanly installed & i was able to successfully run the register-with option. Let me know if this helps your cause.

Twitter : @aravindaR

Dylan - i should have been more specific in that it was the installation of the tentacle via msiexec with the /l option that was culprit.


Can you also run:

tentacle.exe new-certificate

I think the null reference error is being thrown due to no certificate
being available to listen on.


Paul Stovell
Octopus Deploy
W: | T: @octopusdeploy

OK, having added more detailed logging to the Chef installer process, here’s what’s actually happening.

We’re not passing /l to the msiexec installer - but thanks for the suggestion.

We are running tentacle.exe new-certificate, and this is the line that’s failing - and, I suspect, the cause of all the subsequent problems.

The installation recipe (which installs Octopus via a chunk of Powershell wrapped in a Ruby script) is attached (octopus.rb), but the bit that actually installs and configures the tentacle is running the following lines:

$wc = New-Object System.Net.WebClient
$wc.DownloadFile("#{source_path_tanticle}", "#{install_path_tanticle}")
Start-Process -FilePath msiexec -ArgumentList /i, "#{install_path_tanticle}", /quiet -Wait  | out-file -filepath C:\\Octopus.log -append
netsh advfirewall firewall add rule name="Octopus" dir=in action=allow protocol=TCP localport=#{tanticle_port}  | out-file -filepath C:\\Octopus.log -append

cd "C:\\Program Files (x86)\\Octopus Tentacle\\Agent"
.\\tentacle.exe configure --appdir="C:\\Applications" --port=#{tanticle_port} --trust="#{octopus_server_Thumbprint}" | out-file -filepath C:\\Octopus.log -append
.\\tentacle.exe new-certificate | out-file -filepath C:\\Octopus.log -append
.\\tentacle.exe register-with --server=$octopusServer --publicHostname=$publicDnsName --environment=$environment --role=web --apikey=$octopusServerApiKey | out-file -filepath C:\\Octopus.log -append

It appears the installer line that creates the new certificate is failing with an UnauthorizedAccessException (complete log file attached)

Generating and installing a new cetificate...
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
   at Octopus.Shared.Security.CertificateGenerator.Generate(String fullName, Boolean exportable) in c:\w\e6923628be6eaf72\source\Octopus.Shared\Security\CertificateGenerator.cs:line 25
   at Octopus.Tentacle.Commands.NewCertificateCommand.Execute() in c:\w\e6923628be6eaf72\source\Octopus.Tentacle\Commands\NewCertificateCommand.cs:line 31
   at Octopus.Shared.Startup.CommandProcessor.Process(String[] args) in c:\w\e6923628be6eaf72\source\Octopus.Shared\Startup\CommandProcessor.cs:line 40

The Chef client process is running as Administrator - verified by capturing $env:username into the octopus.log file (line 12) - so what’s causing the UnauthorizedAccessException?

EDIT: Just to confirm, I can run tentacle.exe new-certificate from the console, logged in as Administrator, without any problems.

octopus.rb (4 KB)

octopus.log (1 KB)

Still stuck. One theory is that I’m hitting some sort of DCOM/WinRM security edge case because I’m running different OSes on the client and server (Win7 x64 vs Win2012) - but given the invocation chain here is cmd.exe -> Ruby -> WinRM -> Ruby -> Powershell I’m a little lost as to how I would remedy, or even verify, such a problem…

I’ve asked the question on StackOverflow as well - let’s see if anyone’s prepared to swap the answer for some pretend internet points:

Hi Dylan,

I replied to your StackOverflow post - my guess is that even though WinRM is running Tentacle as an admin, a profile isn’t loaded and so the certificate can’t be generated.


The issue that happened to us was that our remote computers security policy was not trusted for delegation. Upon enabling that for the right group that your accout is running the tentacle command it works like a charm…see…

We’re going to try and fix this in 2.0 by avoiding using the profile. You can view the issue here: