https://github.com/osquery/osquery logo
Powered by
Title
j

Jerome

11/08/2019, 2:14 PM
hello, I'm testing osquery and I've setup an osquery server with Kolide Fleet. I'm trying to make osquery agent works on Windows 10 but I can't figure out what is going wrong. I have no issue with Linux nor MacOs agent but using the exact same configurations and certificate file on Windows I have the error : 
Cannot read TLS server certificate(s):
. The permissions seems good and I test several possibilities. Do you know what's wrong ?
It has been installed with the msi package available on official website
I'm using the latest version 4.0.2
(thx @alessandrogario to forward my message, I didn't have the idea to see if there was a dedicated channel)
👍 1
a

alessandrogario

11/08/2019, 2:38 PM
I'm not familiar with Kolide Fleet, but the MSI should ship a cert bundle
maybe you can try to look for it (should be inside the installation folder)
then pass its path with 
--tls_server_certs=/path/to/certs.pem
s

seph

11/08/2019, 2:48 PM
Is your fleet install using public certs or self signed certs?
j

Jerome

11/08/2019, 2:49 PM
currently I have a self signed cert and i'm using the parameter 
tls_server_certs
to link to the cert file
hum, it seems there are a permissions issue. When I run 
PS C:\Program Files\osquery\osqueryd> .\osqueryd.exe --tls_hostname=<http://kolide.xxx.com:8080|kolide.xxx.com:8080>
I have the error 
Cannot activate filesystem logger plugin: Could not create file: \Program Files\osquery\log\osqueryd.results.log
I miss a step ? Because this is a fresh install from official msi package and I changed nothing
s

seph

11/08/2019, 3:35 PM
Is that an administrator powershell?
j

Jerome

11/08/2019, 3:47 PM
yes and I just figure it out that I had to put double antislash to set the paths! I deleted 
osqueryd.results.log
file and the file have been created successfully with proper rights when I start 
osqueryd
. I've then move the files 
kolide_self.crt
(the self-signed cert) and 
enroll_secret
in that 
log
folder and the error not showing up anymore ! 🙂 Therefore my initial issue was indeed a permissions problem. Now I cannot enroll because of 
Request error: certificate verify failed
. I will double check if all is good regarding that cert content
bingo! that was the encoding format that was wrong. I set it to Windows (CF LF) with Notepad++
Therefore to resume: - Permissions are very important and needs to be set precisely - Path must be set with double antislash - Encoding format must be set properly
thank you for the help ! 🙂
o

Ojas

01/25/2022, 11:52 AM
Hey @Jerome I am facing this same issue and i am not able to resolve it. Can you help me out
j

Jerome

01/25/2022, 12:14 PM
Well, my issue was old. All has been said here. Check permissions and files encoding otherwise open an issue or ask for help in the channel
4 Views
#generalJoin Slack
Powered by