Title
#general
j

Jerome

11/08/2019, 2:14 PM
hello, I'm testing osquery and I've setup an osquery server with Kolide Fleet. I'm trying to make osquery agent works on Windows 10 but I can't figure out what is going wrong. I have no issue with Linux nor MacOs agent but using the exact same configurations and certificate file on Windows I have the error :
Cannot read TLS server certificate(s):
. The permissions seems good and I test several possibilities. Do you know what's wrong ?
2:16 PM
It has been installed with the msi package available on official website
2:16 PM
I'm using the latest version 4.0.2
2:35 PM
(thx @alessandrogario to forward my message, I didn't have the idea to see if there was a dedicated channel)
a

alessandrogario

11/08/2019, 2:38 PM
I'm not familiar with Kolide Fleet, but the MSI should ship a cert bundle
2:39 PM
maybe you can try to look for it (should be inside the installation folder)
2:40 PM
then pass its path with
--tls_server_certs=/path/to/certs.pem
s

seph

11/08/2019, 2:48 PM
Is your fleet install using public certs or self signed certs?
j

Jerome

11/08/2019, 2:49 PM
currently I have a self signed cert and i'm using the parameter
tls_server_certs
to link to the cert file
3:04 PM
hum, it seems there are a permissions issue. When I run
PS C:\Program Files\osquery\osqueryd> .\osqueryd.exe --tls_hostname=<http://kolide.xxx.com:8080|kolide.xxx.com:8080>
I have the error
Cannot activate filesystem logger plugin: Could not create file: \Program Files\osquery\log\osqueryd.results.log
I miss a step ? Because this is a fresh install from official msi package and I changed nothing
s

seph

11/08/2019, 3:35 PM
Is that an administrator powershell?
j

Jerome

11/08/2019, 3:47 PM
yes and I just figure it out that I had to put double antislash to set the paths! I deleted
osqueryd.results.log
file and the file have been created successfully with proper rights when I start
osqueryd
. I've then move the files
kolide_self.crt
(the self-signed cert) and
enroll_secret
in that
log
folder and the error not showing up anymore ! 🙂 Therefore my initial issue was indeed a permissions problem. Now I cannot enroll because of
Request error: certificate verify failed
. I will double check if all is good regarding that cert content
3:58 PM
bingo! that was the encoding format that was wrong. I set it to Windows (CF LF) with Notepad++
4:00 PM
Therefore to resume:- Permissions are very important and needs to be set precisely - Path must be set with double antislash - Encoding format must be set properly
4:00 PM
thank you for the help ! 🙂
o

Ojas

01/25/2022, 11:52 AM
Hey @Jerome I am facing this same issue and i am not able to resolve it. Can you help me out
j

Jerome

01/25/2022, 12:14 PM
Well, my issue was old. All has been said here. Check permissions and files encoding otherwise open an issue or ask for help in the channel