Tentacle not able to connect from DMZ environment

We have few servers in DMZ environment. We have installed Octopus Tentacle on these servers, it is working fine on all the servers except 2 of them.

Getting below error on the two servers. Not able to connect using browser on the server itself. I tried https://localhost:10933 on the server but couldn’t connect.

Client failed authentication
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. —> System.ComponentModel.Win32Exception: The token supplied to the function is invalid
— End of inner exception stack trace —
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at Pipefish.Transport.SecureTcp.Server.SecureTcpServer.ExecuteRequest(TcpClient client) in c:\TeamCity\buildAgent\work\cf0b1f41263b24b9\source\Pipefish.Transport.SecureTcp\Server\SecureTcpServer.cs:line 109

Hi Vikar,

Thanks for getting in touch! Is there anything different about the two servers that aren’t responding such as:

  1. did they get installed under a different user than the others
  2. do they have a different operating system
  3. were they all installed with the same version of tentacle

The only other time we have seen this error is related to permissions on the Local System user that Tentacle runs as, and changing that user has managed to ‘fix’ the permissions issues.
Does any of that sound like it could be reasonable and that these servers have different setups/permissions than the others?

Info on how to change which user tentacle runs under: http://docs.octopusdeploy.com/display/OD/Run+Tentacle+under+a+specific+user+for+use+in+PowerShell

Please let me know what you find.

Hi Vanessa,
Thanks for your response, yes the setup is different between these servers. Servers where I am getting this issue is on Windows 2003 whereas it is working fine on windows 2008 servers.

Hi Vikar,

Sorry for the delay in a response. Can you confirm that SP2 is installed on that server?


Hi Vanessa,

No problem, yes, SP2 is installed.


Vikar Ghory

Hi Vikar,

I am sorry to say that it is something on the local Win 2003 servers that is causing this.
Either a local group policy, a previous SSL etc.
Have you tried using a different user (or two) on the tentacle to see if you can get around it with a more privileged user?