Unable to Install Polling Tentacle

We just changed our server’s configuration on the network, and listening tentacles are no longer an option. I am in the process of changing all our tentacles to polling tentacles. While changing 3 machines at once, two of them failed, while the third succeeded. The error is below:

Creating empty configuration file: C:\Octopus\Tentacle\Tentacle.config
Saving instance: Tentacle
A new certificate has been generated and installed. Thumbprint:
THUMB
Generating a new SQUID for the Tentacle…
The new SQUID of this Tentacle is: SQUID
Removing all trusted Octopus servers…
Home directory set to: C:\Octopus
Application directory set to: C:\Octopus\Applications
Services listen port: 10933
Adding certificate to store
Checking connectivity on the server communications port 10943…

A fatal exception occurred
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. —> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. —> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
— End of inner exception stack trace —
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
— End of inner exception stack trace —
at System.Net.HttpWebRequest.GetResponse()
at Octopus.Tentacle.Commands.RegisterMachineCommand.CheckServerCommunicationsPortIsOpen(Uri serverAddress) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Tentacle\Commands\RegisterMachineCommand.cs:line 157
at Octopus.Tentacle.Commands.RegisterMachineCommand.Start() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Tentacle\Commands\RegisterMachineCommand.cs:line 86
at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36

Error: The previous command returned a non-zero exit code of: 100
Error: The command that failed was: “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” register-with --instance=“Tentacle” --server=“http://IP:8787” --environment=“QA” --name=“NAME” --username=“USERNAME” --password="********" --comms-style=“TentacleActive” --force --role=“client” --role="interface"
Deleted instance: Tentacle

The below is from the Octopus Server:

ERROR Invalid request
System.Net.ProtocolViolationException: Request syntax was invalid

At this point, we’re dead in the water, as some of our machines can’t register the tentacle, despite the script to register being identical. Is there anything I can do about this?

As some additional info:

Only 2 of our 15 machines have this happening. They are all running the same version of the tentacle. As such, I can only assume it’s a network issue. That being said, as a polling tentacle, there shouldn’t be much in the way of configuration necessary on the tentacle-side.

Is there any way to debug this? At the moment, “Request syntax was invalid” isn’t overly helpful.

Hi Chris,

The error you are getting seems to be down to port 10943 not being open on the Octopus server. This port needs to be open for Tentacle to connect and poll the Octopus server.

If you go to your Tentacle, and browse to https://your-octopus:10943, what do you see?

Paul

I’m able to access the web server (obviously not the page, as one doesn’t exist) on all of our other machines. These two machines, however, aren’t even able to get a 404, they just can’t seem to access it.

ng_logo_emailsignature_2b14e7dbd (4 KB)

I can also use openssl s_client to connect to the Octopus server port 10943, and it gives the same output from all machines. Clearly the port is open, since some machines can connect, but for some reason I can’t navigate to https://IP:10943 on those two machines.

I’ve narrowed it down to either an issue with SSL between those machines (but not with others) or a certificate issue. When I navigate to https://IP:10943, even from successful machines, I notice the certificate is under ‘Octopus Portal’ but is no longer valid. The cert path also doesn’t show any intermediate certs required.

Any thoughts on those two?

Sorry for the repeated posts, just brainstorming. Are there any other requirements for Polling tentacles in regards to SSL?

Also, is there a way to view or update the cert for the Octopus server on port 10943?

Hi Chris - is it possible there’s a clock issue involved? E.g. differnent times/dates on the two problem machines?

Octopus uses the server certificate on that port - if you visit Confguration/Certificates in the UI, you can update it. You’ll need to re-register all of the other connected machines when you do this however, so it may not be the simplest path.

The cert should appear as untrusted, since it is self-signed, but it should definitely be valid; can you view the cert in Chrome or Firefox, and post the details here? (There shouldn’t be any security issue doing that, since only the public key half is provided to clients, but feel free to redact as needed.)

So, after messing around with this all weekend, I discovered the machine couldn’t access any sites over SSL. I followed a few guides on registering internet explorer dlls, removing some certificates, and resetting all ie settings. After all that, I got it to register.

I’ll write up a full detailed account of everything I’ve found these past few days, in case anyone else has any issues with polling tentacles.

Thank you very much for being patient with my rambling, worried posts.

  • Chris Camburn

ng_logo_emailsignature_2b14e7dbd (4 KB)

Great! Glad to hear it is sorted out.