Thanks for getting in touch! I’m sorry to hear you are seeing a probem registering new Tentacles against your Octopus Server. We have some documentation on Troubleshooting Tentacles communication here that is often very helpful in getting to the bottom of these issues.
Based on the TCP Port (10933), it sounds like you are using Listening Tentacles as opposed to Polling Tentacles. In this scenario, the Octopus Server will make out-bound requests to each of your tentacles on the port 10933 (by default).
Your existing rules sound correct where you have already set the rule:
<Octpous Server host>
<Tentacles IP Range>
Source Port: * (any)
Destination Port: 10933
I believe this is all that is required here and you should not need to open any additional ports. You may need to set the firewall on the individual servers (for example the Windows Firewall)
The communication between your Octopus Server would appear to be coming from a random TCP Port, but the destination port would be 10933.
The best way to troubleshoot would be to login to the Octopus Server and navigate to one of your Tentacle IP addresses for example: https://10.0.0.1:10933 (if that was your Tentacle’s IP address) you should see the page stating that your tentacle is healthy.
Similarly, you should be able to login to the Tentacle server directly and navigate to: https://localhost:10933, if you don’t see the page this may not be a firewall issue and your Octopus Tentacle may not be started in Windows.
The error you’re seeing when installing the Tentacle looks like it might be related to permissions assigned to the account running Octopus Tentacle. You could try using the Local System account to start the service as a way to troubleshoot if this fixes the problem. However, we have some documentation on Running Tentacle under a Specific Account so you can lock down your environment for better security.
I hope this has been helpful!