We are having trouble installing the Tentacle agent (polling) on a client’s new server and would appreciate some help. There seems to be a connection and trust issue between the machines and I don’t know if our Octopus Server setup is contributing. NB: the Octopus server is working for all other clients and has been for years. They have old servers still connecting to our Octopus Server.
We have domains for our company for *.com and *.com.au. The *.com.au is our main site and we 301 redirect (via web.config) any *.com requests to the same path/query on the *.com.au.
Our Octopus server is hosted on the *.com with a custom port number (44388).
So, requests to example.com 301 redirect to example.com.au but requests for example.com:44388 go to our Octopus server. The web interface loads at this address and is running fine.
While trying to install the Tentacle agent we get different errors depending on the address we use for the Octopus Server URL (using API Authentication):
https://example.com:10943 gives an error “Could not establish trust relationship for the SSL/TLS secure channel.”
https://example.com gives an error “A connection attempt failed because the connected party did not properly respond after a period of time” but the IP address in the stack trace is for example.com.au not example.com (I guess the 301 catches the request)
https://xxx.xxx.xxx.xxx with the Octopus Server IP address gives “Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.” because maybe the TLS certificate is for example.com?
So… what should the Octopus Server URL be in this scenario )so I can work out if the problem is with my Octopus Server or their new server).
Thank you for contacting Octopus Support. I’m sorry to hear you are having trouble getting this polling tentacle set up and connected to your Octopus Server.
Given that the error messaging isn’t consistent, it makes pinpointing a single issue a bit tricky. If you haven’t already, you may find it helpful to run through our Tentacle Troubleshooting documentation.
Also, be mindful of the following:
Watch out for proxy servers or SSL offloading…
Octopus and Tentacle use TCP to communicate, with special handling to enable web browsers to connect for diagnostic purposes. Full HTTP is not supported, so network services like SSL offloading are not supported, and proxies are not supported in earlier versions of Octopus Deploy. Make sure there’s a direct connection between the Octopus Server and Tentacle, without an HTTP proxy or a network appliance performing SSL offloading in between.
Additionally, you may want to double-check the Schannel and TLS configuration between Octopus Server and the machine you are trying to install the Polling Tentacle on.
Hopefully a bit more troubleshooting, using the guides as a reference, will help you find the root cause and allow you to successfully install your Polling Tentacle. If you have any additional questions, please let us know.
Thanks Donny. We have already worked through all the troubleshooting documentation. We have used IISCrypto to confirm TLS and algorithm matches between the machines. We have confirmed with the client that there is no proxy or TLS offloading between the machines.
I would appreciate some clarification as to the correct value to use for the Octopus Server URL to use during Tentacle set up. As mentioned previously, our Octopus server runs off a custom port number on a domain that 301s requests to the base domain (I.e. without a port specified).
The different error messages are generated by using different Octopus Server URLs so that suggests this might be where our problem lies.
During installation/registration of a Polling Tentacle, the target machine will need access to the Octopus Server API, typically via port 443 (or 44388 in your case) as well as port 10943 for Tentacle communication after the “check-in” during registration. If all traffic is being routed to 44388, this may be the issue. The Polling Tentacle needs to access the Polling port for the Octopus Server as this will not work over the API port.
Are you able to share a screenshot of your browser when visiting the following URL from the machine you are trying to install tentacle on?: https://YOUR_OCTOPUS.URL:10943
