Polling servers unable to register with tentacle.exe when pollings server and port are non standard

Ok so hear me out on this one.

I am using octo deploy in a multi-tenanted environment. In order for our release team to test sometimes they want to deploy something to their local laptops. This, in and of itself, is pretty simple. However the issue lies in how our network is configured.

This used to work just fine when Octo was installed on our local network because there were not issues with ports or firewall restrictions, however since we migrated our octo instance to AWS this issue popped up. Because the majority of our deployment targets are resources in AWS it has not been an issue there, only when deploying to someone’s local machine within our home network. This is because our network team blocks egress from our local machines to non-standard ports. So 10943 is blocked, and there is no way to unblock it. (they straight up refused).

SO… I created a loadbalancer proxy in aws and set port 443 and the passthrough works.

In theory all of this should work together, and I am confident I did get this to work at least one time, however when I attempt to register the tentacle, it still wants to use the original port and server url even though they have been updated in the Tentacle.config file. Here is the powershells cript I am using. Perhaps you can see where I am going wrong.

## Update these values
$apiKey = "API_KEY"
$tentacleName = "MACHINE_NAME" ## aka John Doe's Laptop

#requires -version 4.0
#requires -RunAsAdministrator

## no need to change below
$octoThumbprint = "THUMB_PRINT"
$octoServerUri = "https://octopus"
$octoPollingUri = "octo-polling"
$configFile = "C:\Octopus\Tentacle.config" 

$tentacleInstanceName = "Tentacle"

function Remove-ListenerConfig {

    ## get the xml config info and extract the listener info
    [XML]$config = Get-Content $configFile
    $xPath = "/octopus-settings/set[@key='Tentacle.Communication.TrustedOctopusServers']"
    $value = Select-Xml -Xml $config -XPath $xPath | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty InnerXml

    ## the value is a json string so remove any servers with "CommunicationStyle":1
    $jsonValue = $value | ConvertFrom-Json

    $updatedValue = $jsonValue | Where-Object { $_.CommunicationStyle -ne 1 } | Select-Object $_

    $newStringValue = $($updatedValue | ConvertTo-Json -Compress | Out-String).Trim()

    ## update content and write back to file
    $config.'octopus-settings'.SelectSingleNode("set[@key=""Tentacle.Communication.TrustedOctopusServers""]").InnerXml = "[${newStringValue}]"


cd "C:\Program Files\Octopus Deploy\Tentacle"

## create the tentacle instance
.\Tentacle.exe create-instance `
    --instance $tentacleInstanceName `
    --config $configFile

## create the tentacle certificate (if needed)
.\Tentacle.exe new-certificate `
    --instance $tentacleInstanceName `

## resets the trust relationships (tentacles and servers require trust relationships)
.\Tentacle.exe configure `
    --instance $tentacleInstanceName `

## setups up polling instance
.\Tentacle.exe configure `
    --instance $tentacleInstanceName `
    --home "C:\Octopus" `
    --app "C:\Octopus\Applications" `
    --trust $octoThumbprint 

.\Tentacle.exe server-comms `
    --instance $tentacleInstanceName `
    --config $configFile `
    --style "TentacleActive" `
    --host $octoPollingUri `
    --thumbprint $octoThumbprint `
    --port "443"

## at this point, the tentacle config is a little whack, 
## it has settings for both polling and listening tentacles
## need to remove the listening tentacle

## registers tentacle with main octo server
## this breaks because it wants to still try to register and check the original server and port
## that will fail every time due to network issues.
.\Tentacle.exe register-with `
    --instance $tentacleInstanceName `
    --server $octoServerUri `
    --name $tentacleName `
    --apiKey $apiKey `
    --comms-style "TentacleActive"`
    --tenant "TENANT_NAME" `
    --environment "local" `
    --role "app-server" `
    --role "db-server" `

## installs and then starts the windows server
.\Tentacle.exe service `
    --instance $tentacleInstanceName `
    --install `

And for the most part will run but will error out (eventually) with this error.

Output Log
Configuration file at C:\Octopus\Tentacle.config already exists.
Setting home directory to: C:\Octopus
Saving instance: Tentacle
A certificate already exists, no changes will be applied.
Removing all trusted Octopus Servers…
These changes require a restart of the Tentacle.
Adding 1 trusted Octopus Servers
Home directory set to: C:\Octopus
Application directory set to: C:\Octopus\Applications
These changes require a restart of the Tentacle.
Updated server communications configuration
These changes require a restart of the Tentacle.
Checking connectivity on the server communications port 10943…
Checking that server communications are open failed with message Unable to connect to the remote server. Retrying (1/5) in 00:00:00.7500000.
System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of ti
me, or established connection failed because connected host has failed to respond 10.x.x.x.x:10943
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
— End of inner exception stack trace —
at System.Net.HttpWebRequest.GetResponse()
at Octopus.Tentacle.Communications.OctopusServerChecker.<>c__DisplayClass2_0.b__1()
at Octopus.Tentacle.Communications.OctopusServerChecker.Retry(String actionDescription, Action action, Int32 retryCount, TimeSpan initialDelay, Double backOffFactor)

Thanks in advance!

– Kenneth

Hi Kenneth,

Thanks for getting in touch with us, and sorry to see you’re encountering issues trying to register a Tentacle.

Given your use case, I was wondering if it would be possible to configure a polling tentacle for use over WebSockets instead of raw TCP sockets. If you haven’t seen it yet, we have some great documentation on how to set this up here:

Does that seem like it may help in your situation? Let me know if not, and we can look into other options.


This certainly “Feels” like the correct solution. let me give it a try and I’ll let you know how it works.


Kenneth Garza

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.