Octopus 2.4.5 Tentacles Setup Problem

John · 19 June 2014 18:31

I’m trying to setup version 2.4.5 on a server which already has version 1.6 installed. Version 1.6 is running on port 10933 (which is working) and I setup version 2.4.5 on port 10934. After the setup, I can see both port listening (once once), but I’m unable to make a connection even when browsing on the local host https://localhost:10934. This is what I see in the octopus logs

Over HTTPS:

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
   --- End of inner exception stack trace ---
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
   at Pipefish.Transport.SecureTcp.Server.SecureTcpServer.ExecuteRequest(TcpClient client) in c:\TeamCity\buildAgent\work\cf0b1f41263b24b9\source\Pipefis

Over HTTP:

2014-06-19 11:25:36.4268  ERROR  Unhandled error when processing request from client
System.IO.IOException: The handshake failed due to an unexpected packet format.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
   at Pipefish.Transport.SecureTcp.Server.SecureTcpServer.ExecuteRequest(TcpClient client) in c:\TeamCity\buildAgent\work\cf0b1f41263b24b9\source\Pipefish.Transport.SecureTcp\Server\SecureTcpServer.cs:line 109

I also see an error for stating there is no SQUID configured:

“CommunicationStyle”:0,“Address”:null,“Squid”:null}, but no SQUID is configured for it; skipping.

Any idea what my problem is? When doing a netstat, I see ports 10933 and port 10934 listening, and connections trying to connect to those ports in a TIME_WAIT status.

Vanessa_Love · 20 June 2014 03:43

Hi John,

Thanks for getting in touch!

I have a couple of questions to see if we can get to the bottom of this issue.
What OS is the tentacle installed on? Where is the tentacle server located?
If you could also try using a different browser than the one you used below to see if the error still persists.

Thanks!

Vanessa

john_9040 · 23 June 2014 12:04

Thanks for responding…

The OS used is windows 2003 server. The tentacle server is located on the same subnet as the client server. I’ve used different browsers, but the same problem is occurring.

jeramie_jones · 23 June 2014 12:25

Hey John
I am having the same issue. Seems like it is happening on ALL of my windows 2003 servers. So it will be interesting to see what is found for this issue…

Nicholas_Blumhardt · 25 June 2014 05:59

Thanks for the extra information. Is the server 2003, or 2003 SP2? Octopus Tentacles are only supported on SP2+, so it is possible we’ve not discovered some incompatibility with 2003 as originally shipped.

Failing that as a source of ideas, do the machines enforce the use of FIPS-compliant encryption algorithms only? This may also surface this kind of error.

Another source to investigate might be whether any SSL variant (i.e. SSL2) is disabled on either machine.

Other things to check probably include the system clock, as clock drift can occasionally interfere at this point.

Let me know if these ring any bells!

Best regards,
Nick

john_9040 · 25 June 2014 12:37

Thanks, this is on Win 2003 Sp2. I just figured it out. After enabling the security protocol for TLS 1.0, it worked.

Thanks for the help!