Hi everyone, I've enrolled a host with fleet/orbit successfully. However, fleet doesn't succeed in fetching all vitals. The host in question is one of many Ubuntu systems I've enrolled in fleet. When running orbit in debug mode, I see a number of queries and their results. Even queries from fleet server are executed, e.g. Label queries. I ran most queries manually under "orbit shell" to understand if a query might hang but all queries worked fine. There are no errors in the log on the agent side. From fleet server perspective, the host has status Online. fleet is up to date about host's memory, processor type, operating system and osquery version. Other details such as disk available, software inventory and users stay empty. I'm also not able to run queries from within fleet UI. I do not see any errors in fleet server log, even when run in debug mode. There is no firewall in between host and fleet server. I also checked SSL certificates and API access from host perspective. It's all fine. I'm a little bit lost, as I have no idea what else to check or how to investigate this issue further. Any help / shared experience appreciated. Thanks.

Hello @tokcum . What version of Fleet are you on?

Latest, greatest: I'm on 4.13.1. When I first enrolled this host it was in a wrong DNS domain. I changed the DNS domain later. Might this be an issue? Does fleet check DNS with forward / reverse lookups?

When you say DNS domain, do you mean the you passed to the

fleet-url

argument for adding a host?

I mean that the host was in DNS domain y.z during enrollment. This misconfiguration was changed to DNS domain x.z later. However, this did not change the behaviour towards fleet. This misconfiguration was the only thing obviously different from all the other Linux hosts I enrolled.

Got you

Maybe its not worth the effort to investigate further. I just thought someone might have experienced a similar issue.

No problem at all @tokcum. Could you confirm if you’ve done the combo of these two troubleshooting steps? 1. Click the refetch button 2. Delete and add the problematic host

@User Thanks for your support. Yes, when clicking refetch, after some time, a timeout is signaled via the UI. I also deleted the host and enrolled it from scratch. This didn't change anything. Meanwhile we reinstalled the host from scratch. Enrollment worked. So, there is or was something wrong on the host side. This is definitely not a fleet / osquery issue. Bottom line: fleet works great! 👍

Oh yeah good to know this is resolved for you 🙂