Hi there, I am trying to setup a demo security onion solution as a proof concept for my workplace and have managed to connect a machine running RHEL without any issues but when running the MSI launcher on a Windows Server 2016 instance it just doesn't seem to add it to the fleet at all? Has anyone else ran into issues trying to add a 2016 Windows Server machine to the fleet using just the launcher provided by SO?

@defensivedepth builds SO and may know more

Okay thanks @zwass!

@RyanMcG check under the Application eventlog on the Windows Server - restart the Kolide Launcher service and you should see logs there.

Firstly, thanks for helping @defensivedepth, and according to the logs the launcher configuration completed successfully but I did notice a pile of NULL values, which I can only assume aren't supposed to be there?

@RyanMcG are you seeing logs that state that it successfully connected? Once connected, you should see logs about scheduled queries running every so often, etc

It doesn't look like the actual connection was successful, I have attached a couple of log snippets below. Yesterday I thought i'd test out a Windows 10 Pro OS Instance just to see if the launcher was essentially all i needed to setup the connection and it worked as expected which leads me to think there might be some support issues with the specific release of Windows Server 2016 that I was using to test?

Yes that is very possible. What version of SO are you on?

sorry for the late reply, i'm using version - 2.3.52

Can you regenerate the osquery packages and then try to reinstall? Run the following on the manager:

sudo salt-call state.apply fleet.event_gen-packages

ran that command on the manager, then reinstalled the new osquery packages but still nothing unfortunately