Tentacle fails healthcheck

Octopus server version 2018.10.0
Tentacle 6.0.377

I have a new Tentacle install on a new Windows 2016 host. After I enroll the instance and it’s failing the healthchecks with the following error.

Things I’ve tried

  • From the Octopus server I can ping the target.
  • Other existing instances on the same network are working.
  • I turned off windows firewall, didn’t help.
  • I can telnet to the instance over port 10933.

Error Message

Connection initialization failed while connecting to  https://XXX.XX.X.XXX:10933/ Halibut.Transport.Protocol.ConnectionInitializationFailedException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
   at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at System.IO.StreamReader.ReadBuffer()
   at System.IO.StreamReader.ReadLine()
   at Halibut.Transport.Protocol.MessageExchangeStream.ReadRemoteIdentity() in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeStream.cs:line 168
   at Halibut.Transport.Protocol.MessageExchangeStream.ExpectServerIdentity() in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeStream.cs:line 231
   at Halibut.Transport.Protocol.MessageExchangeProtocol.PrepareExchangeAsClient() in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeProtocol.cs:line 56
   --- End of inner exception stack trace ---
   at Halibut.Transport.Protocol.MessageExchangeProtocol.PrepareExchangeAsClient() in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeProtocol.cs:line 66
   at Halibut.Transport.Protocol.MessageExchangeProtocol.ExchangeAsClient(RequestMessage request) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\Protocol\MessageExchangeProtocol.cs:line 35
   at Halibut.HalibutRuntime.<>c__DisplayClass28_0.<SendOutgoingHttpsRequest>b__0(MessageExchangeProtocol protocol) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\HalibutRuntime.cs:line 149
   at Halibut.Transport.SecureClient.ExecuteTransaction(Action`1 protocolHandler) in Z:\buildAgent\workDir\fe2b45bbd4978f75\source\Halibut\Transport\SecureClient.cs:line 65

Hi @tthi!

Thanks for reaching out, and sorry to hear that you’re having issues with your tentacle connection. We generally see this stemming from a couple of potential problems:

  1. Your listening tentacle isn’t configured to trust the thumbprint of the server (maybe just a typo here when configuring the listening agent).
  2. If you’ve been using Octopus for a long time, i.e. your initial installation of Octopus was before version 3.14, it’s possible your tentacle communication certificate is encrypted with SHA1, which many modern operating systems will reject as “insecure”.

The first place I would start with your investigation here would be your tentacle logs. These can be found, by default, in C:\Octopus\Logs on the target machine, and are named Octopus.Tentacle.*.txt - this should hopefully shed some light on why the connection is being terminated.

Feel free to paste any relevant errors from this log file up, and we can work on getting to the bottom of this with you!

Look forward to hearing from you soon!

That was exactly it. The thumbprint didn’t match. I was confused since the logs didn’t really indicate that. The local logs didn’t really indicate what the issue was either.

Item 1 should probably be the first thing to check in my future troubleshooting.

1 Like