https://github.com/osquery/osquery logo
Join Slack
Powered by
hello, I'm testing osquery and I've setup an osque...
# general
j
hello, I'm testing osquery and I've setup an osquery server with Kolide Fleet. I'm trying to make osquery agent works on Windows 10 but I can't figure out what is going wrong. I have no issue with Linux nor MacOs agent but using the exact same configurations and certificate file on Windows I have the error : 
Cannot read TLS server certificate(s):
. The permissions seems good and I test several possibilities. Do you know what's wrong ?
It has been installed with the msi package available on official website
I'm using the latest version 4.0.2
(thx @alessandrogario to forward my message, I didn't have the idea to see if there was a dedicated channel)
👍 1
a
I'm not familiar with Kolide Fleet, but the MSI should ship a cert bundle
maybe you can try to look for it (should be inside the installation folder)
then pass its path with 
--tls_server_certs=/path/to/certs.pem
s
Is your fleet install using public certs or self signed certs?
j
currently I have a self signed cert and i'm using the parameter 
tls_server_certs
to link to the cert file
hum, it seems there are a permissions issue. When I run 
PS C:\Program Files\osquery\osqueryd> .\osqueryd.exe --tls_hostname=<http://kolide.xxx.com:8080|kolide.xxx.com:8080>
I have the error 
Cannot activate filesystem logger plugin: Could not create file: \Program Files\osquery\log\osqueryd.results.log
I miss a step ? Because this is a fresh install from official msi package and I changed nothing
s
Is that an administrator powershell?
j
yes and I just figure it out that I had to put double antislash to set the paths! I deleted 
osqueryd.results.log
file and the file have been created successfully with proper rights when I start 
osqueryd
. I've then move the files 
kolide_self.crt
(the self-signed cert) and 
enroll_secret
in that 
log
folder and the error not showing up anymore ! 🙂 Therefore my initial issue was indeed a permissions problem. Now I cannot enroll because of 
Request error: certificate verify failed
. I will double check if all is good regarding that cert content
bingo! that was the encoding format that was wrong. I set it to Windows (CF LF) with Notepad++
Therefore to resume: - Permissions are very important and needs to be set precisely - Path must be set with double antislash - Encoding format must be set properly
thank you for the help ! 🙂
o
Hey @Jerome I am facing this same issue and i am not able to resolve it. Can you help me out
j
Well, my issue was old. All has been said here. Check permissions and files encoding otherwise open an issue or ask for help in the channel
4 Views
Open in Slack
PreviousNext
Powered by