Has anyone else encountered the message below? Thi...
# fleet
Has anyone else encountered the message below? This comes up when i execute
on a host. I can query the host from Fleet just fine but i find it odd that i get this message.
Copy code
W0805 11:47:50.721536  1194 tls_enroll.cpp:101] Failed enrollment request to <https://servername> (Cannot parse JSON: Invalid value. Offset: 0) retrying...
Hi, @Joe ! Can you share the full url shown there? You can totally edit the domain, but I'd like to see the endpoint it's trying to hit.
Or is it just showing the domain?
And are you using Orbit to enroll your hosts, or vanilla osquery?
It just showing the domain name and we're using vanilla osquery
It sounds like there's an issue with the osquery flags. It's interesting that it's communicating with Fleet in general... it could be that the flags changed after the initial enrollment. Do you have anything set for
Should be
Copy code
This is the current flags we have configured
Copy code
--tls_hostname=<%= @servername %>
Interesting, i get this when i specify the flagfile
Copy code
[user@server ~]$ osqueryi --flagfile=/etc/osquery/osquery.flags --verbose --tls_dump

  "error": "enroll failed: no matching secret found",
  "node_invalid": true
You beat me to the
Copy code
--verbose --tls_dump
If you compare the
to the one displayed in Fleet, does it look good?
Yeah, it matches
Copy paste some funny character or white space?
I'll double check
I believe i may have found the issue. I ran it as root with the flagfile and enroll secret and i was able to execute
. Looking at the permission, the enroll_secret file had a 400 permission so i wasn't able to read it under my account
Nice find!