First let me state that I have read through many articles here and still am unable to come to a solution.
I am attempting to setup my first tentacle and am having issues. The server is Windows Server 2012. I cannot access the tentacle at https://localhost:10933/ or at http://localhost:10933/. Attempting to connect under https I get the following error:
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Halibut.Transport.SecureListener.<ExecuteRequest>d__23.MoveNext() in C:\buildAgent\work\fe2b45bbd4978f75\source\Halibut\Transport\SecureListener.cs:line 198
2019-07-20 23:59:13.5167 1872 6 ERROR listen://[::]:10933/ 6 Unhandled error when handling request from client: [::1]:49310
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Halibut.Transport.SecureListener.<ExecuteRequest>d__23.MoveNext() in C:\buildAgent\work\fe2b45bbd4978f75\source\Halibut\Transport\SecureListener.cs:line 198
I have checked my TLS configuration and I have TLS 1.1 and 1.2 enabled as well as the ciphers Triple DES 168, AES 128/128 and AES 256/256. Since this is unable to load locally, this should not be related to TLS at all, but that is what most of the support articles suggest so I included the details.
There are quite a few reasons why you might have issues connecting to a tentacle locally. First of all, it looks like youâre seeing this exception in the Octopus Portal itself, with a listening tentacle installed on the same server, while attempting to register the tentacle, is that correct?
The error message looks a lot like the kind of message youâd see if a firewall (or third-party security software) has intercepted the connection and dropped it, or if the LSA LocalLoopback check has locked down the connection attempt, or if youâre hitting a misconfigured tentacle.
to see whatâs listening on 10933, and check the tentacle log to see if there are any interesting errors in there. Then lastly, could you try connecting in a browser from the local machine, and a remote machine, using the IP address/hostname of the box?
You should be presented with an âuntrusted certificateâ error in the browser, which you can opt to go past and you should see an âOctopus Tentacle configured successfullyâ message.
OK, it was the reference to localhost in the original message that led me to believe you were trying to register locally. Just a bit of confusion there.
What I would expect to see in a browser, if your Tentacle is correctly configured, is a âProblem with this siteâs security certificateâ error (because our certificate is not in the browserâs trusted root list), not âPage cannot be displayedâ.
Is that message coming from Internet Explorer on Server 2012? I can replicate that scenario if I go into âInternet Optionsâ and disable the browserâs TLS support, even though IISCrypto claims itâs enabled.
Lastly, did you try the connection locally with the hostname instead of localhost, or from another machine?
Bingo, now we are cooking! This was indeed the problem and I am able to load the page locally now. I am also able to load from another machine by replacing localhost with the hostname of the machine.
So now Iâm having a problem is accessing the page publicly, but that must be something on my side. Hardware firewall appears to be wide open and the windows firewall is disabled so Iâm not sure what to look into next. Any suggestions would be greatly appreciated.
As for accessing it publicly, well, I suspect thatâs going to be very specific to your network setup. For example, I occasionally have trouble on my home setup with matching up forwarded ports, which is why I generally use Polling Tentacles (for my home lab) with Octopus Cloud these days. Makes networking much simpler.
It is very often DNS resolution or Firewall at fault, for what itâs worth.