Tentacle installation fails if there is no firewall

I get the following errors when I install the tentacle:

The following command was not found: advfirewall firewall add rule "name=Octopus Deploy Tentacle" dir=in action=allow protocol=TCP localport=10933.
Error: The previous command returned a non-zero exit code of: 1
Error: The command that failed was: "netsh" advfirewall firewall add rule "name=Octopus Deploy Tentacle" dir=in action=allow protocol=TCP localport=10933
Deleted instance: Tentacle

The installation is on a Windows Embedded 7 machine. The tentacle is only installed on the development and test machines, not on production machines. The dev and test machines are in a company network that is protected behind a firewall and therefore don’t need to have their own.

Unlike this question http://help.octopusdeploy.com/discussions/problems/20635-unable-to-install-tentacle-when-windows-firewall-is-disabled, the firewall is not disabled; there is no firewall installed.

Hi Torsten,

Thanks for getting in touch! Can you please on the ‘listening Tentacle’ tab of the Tentacle setup wizard uncheck ‘Add Windows Firewall Exception’ and it will skip that step in the installation of the Tentacle.

Hope this helps!

Hi Vanessa

I never noticed that Checkbox was even there. It did help with the installation. Thank you!
But I have another problem.
When I start Tentacle.exe in interactive mode, I get the following message:
Configured to listen to server {“Thumbprint”:”SomeLettersAndNumbers”, ”CommunicationStyle”:0, “Address”:null, “Squid”: null}, but no SQUID is configured for it; skipping.

When I look in the Tentacle.config under c:\Octopus\Tentacle
there is an entry for the squid called Octopus.Communications.Squid with a value.
I don’t understand why it is not recognizing it. Maybe the tentacle is looking in the wrong place.

Kind Regards

Hi Torsten,

Thanks for the reply. Can you grab the tentacle logs from c:\Octopus\Logs - and we might be able to see why a Squid wasn’t generated.


Hi Vanessa

Here is the only log file that was in c:\Octopus\Logs.
There are errors due to the fact that I ran both the tentacle service and the tentacle.exe at the same time. But I usually have to run only tentacle.exe and not the service, since I have to start programs that run with user interaction.


OctopusTentacle.txt (15 KB)

Hi Torsten,

It looks like everything is fine actually, it can’t find the Octopus Server’s SQUID and hostname, which I will assume is due to the other issue you are having in the other ticket.
Lets get that resolved and add the Tentacle in the Octopus Server, and this should resolve itself after when it can connect properly.


Hi Vanessa

It’s me again.
I still can’t connect to the Tentacle.
I followed your Troubleshoot Lising Tentacleshttp://docs.octopusdeploy.com/display/OD/Troubleshoot+Listening+Tentacles page.
This is what I found:
In the Raw Task Log I find the following Entries regarding the Tentacle machine:
| Failed: Check machine: RND at
11:43:40 Verbose | Starting Check machine: RND at
11:43:40 Info | Sending handshake request to RND at
11:43:40 Verbose | Sending handshake request to
11:44:01 Verbose | Failed receiving Octopus.Server.Communications.Handshaking.PassiveTentacleHandshakeRequest
| A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
| System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
| at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
| at Pipefish.Transport.SecureTcp.Client.SecureTcpClient.Send(SecureTcpRequest request) in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\Client\SecureTcpClient.cs:line 39
| at Octopus.Server.Communications.Handshaking.PassiveTentacleHandshaker.Receive(PassiveTentacleHandshakeRequest message) in y:\work\refs\heads\master\source\Octopus.Server\Communications\Handshaking\PassiveTentacleHandshaker.cs:line 56
| at Pipefish.Actor.OnReceivingTyped[TBody](Message message) in y:\work\3cbe05672d69a231\source\Pipefish\Actor.cs:line 113
| Octopus.Server version
The same message shows up on the Connectivity Tab on the Environment page.

On die Configuration / Diagnostic page, it reads:
Failed to discover SQUID for RND
Error 2014-10-23 11:57:22
Error in PassiveTentacleHandshaker-Cd0-AWa3tvssQg@SQ-WETSRVTFS01-4EF25D5B while receiving e92a5e00-5a9a-11e4-9e02-005056bc449f
Error 2014-10-23 11:57:22

The tentacle is in listening mode, the port is 10933 and the thumbprint of the server is correct.
The tentacles thumbprint matches that in the Machine settings.
The Octopus Web Portal is running.
I am not using the Octopus Tentacle as a Service but as an Exe, which is running.
https://localhost:10933 in the browser shows “Octopus Tentacle configured successfully”
Connecting from the Octopus Server to the Tentacle with the Browser fails.
Connecting from my Developer PC to the Tentacle with the Browser fails.
Ping from the Tentacle to the Octopus Server succeeds.
Ping from the Octopus Server to the Tentacle fails.
Ping from my Developer PC to the Tentacle fails.
It looked to me like a Firewall is blocking the communication.
The system where the tentacle runs is a Windows Embedded 7 machine.
The windows is stripped down. It does not have a start menu. Everything has to be done from a powershell command window or a Windows Explorer.
So I did a net start “Windows Firewall”
And got the answer:
The requested service has already been started.

So I did a net stop “Windows Firewall”
The Windows Firewall service is stopping.
The Windows Firewall service was stopped successfully.

But still the system was not reachable with ping or with Octopus Server.
It was puzzling for me to find the Windows Firewall Service was running. The Tentacle installation was failing because it did not find a firewall – you helped me with that.

It turns out the firewall is already active in the core. In the configuration Utility for Windows 7 Embedded there were some Firewall rules still turned on. We turned them off and applied the changed configuration with SysPrep. Now the system is reachable with Ping AND with Octopus Deploy.

I first wanted to send it for you to get help. Now the case is closed and I am sending it to you as a documentation of a solved problem.
But I don’t think you come across many cases of people trying to use Octopus Deploy to install something on a Windows Embedded System. But you never know…

Have a great day

Hi Torsten,

You are awesome :slight_smile:
Thanks for providing this information for someone who stumbles into the forums with this exact problem.