Orbit launcher I ve a fleet server running with custom certi

Question

Orbit launcher I ve a fleet server running with custom certificate signed by an untrusted ca I have to concatenate the server certificate that I can download from fleet gui with the ca in order to connect my hosts to my fleet server instance It works even with kolide launcher but it doesn t with orbit at least on windows hosts is it a bug or am I doing something wrong Additional info below

Bacarus · Answer

orbit connects to fleet server running without any certificates on mac os hosts Installer packages are all built on mac os

Bacarus · Answer

command `go run cmd package type msi fleet url=fleet 18080 enroll secret=MY SECRET fleet certificate=fleet pem flagfile=flagfile txt`

Bacarus · Answer

the certificate has fleet as CN in fact it works on osqueryd or kolide launcher only if I use fleet as hostname

zwass · Answer

Can you open up the Windows `Services` program and get the arguments that Orbit is being started with Copy that into an admin powershell and you should be able to see the log output Hopefully there s something helpful in there You can also add the ` debug` flag

Bacarus · Answer

I ve a different issue on mac os orbit launcher fleet level=info ts=2021 05 25T09 03 32 742718Z component=service method=EnrollAgent ip addr=127 0 0 1 61228 x for ip addr= host identifier=MBP16 2019 M local err= save enroll failed getting the host to return missing destination name refetch requested in kolide Host took=30 969668ms orbit logs 2021 05 25 11 03 31 WARNING proto file pb proto is already registered A future release will panic on registration conflicts See 2021 05 25T11 03 31+02 00 INF run osqueryd cmd= var lib orbit bin osqueryd macos stable osqueryd pidfile= var lib orbit osquery pid database path= var lib orbit osquery db extensions socket= var lib orbit osquery em enroll secret env=ENROLL SECRET tls hostname=fleet 18080 enroll tls endpoint= api v1 osquery enroll config plugin=tls config tls endpoint= api v1 osquery config config refresh=60 disable distributed=false distributed plugin=tls distributed tls max attempts=10 distributed tls read endpoint= api v1 osquery distributed read distributed tls write endpoint= api v1 osquery distributed write logger plugin=tls logger tls endpoint= api v1 osquery log disable carver=false carver start endpoint= api v1 osquery carve begin carver continue endpoint= api v1 osquery carve block carver block size=2000000 tls server certs= var lib orbit fleet pem force W0525 11 03 32 744055 360156672 tls enroll cpp 77 Failed enrollment request to No node key returned from TLS enroll plugin retrying W0525 11 03 33 778246 360156672 tls enroll cpp 77 Failed enrollment request to No node key returned from TLS enroll plugin retrying

Bacarus · Answer

Windows orbit cmdline C Program Files Orbit bin orbit orbit exe root dir C Program Files Orbit log file C Program Files Orbit orbit log txt fleet url fleet 18080 enroll secret path C Program Files Orbit secret txt update url windows orbit logs 2021 05 25T09 50 18+02 00 DBG found expected target locally channel=stable path= C Program Files Orbit bin osqueryd windows stable osqueryd exe target=osqueryd 2021 05 25T09 50 18+02 00 INF Failed to retrieve system cert pool Cannot validate Fleet server connection error= crypto x509 system root pool is not available on Windows 2021 05 25T09 50 18+02 00 INF run osqueryd cmd= C Program Files Orbit bin osqueryd windows stable osqueryd exe pidfile=C Program Files Orbit osquery pid database path=C Program Files Orbit osquery db extensions socket=C Program Files Orbit osquery em enroll secret env=ENROLL SECRET tls hostname=fleet 18080 enroll tls endpoint= api v1 osquery enroll config plugin=tls config tls endpoint= api v1 osquery config config refresh=60 disable distributed=false distributed plugin=tls distributed tls max attempts=10 distributed tls read endpoint= api v1 osquery distributed read distributed tls write endpoint= api v1 osquery distributed write logger plugin=tls logger tls endpoint= api v1 osquery log disable carver=false carver start endpoint= api v1 osquery carve begin carver continue endpoint= api v1 osquery carve block carver block size=2000000 force verbose tls dump I0525 09 50 18 623387 11456 init cpp 342 osquery initialized version=4 8 0 I0525 09 50 18 645426 11456 system cpp 342 Found stale process for osqueryd 37572 I0525 09 50 18 645426 11456 system cpp 374 Writing osqueryd pid 19948 to C Program Files Orbit osquery pid I0525 09 50 18 647424 11456 extensions cpp 453 Could not autoload extensions Cannot open file for reading Program Files osquery extensions load I0525 09 50 18 647424 11456 dispatcher cpp 78 Adding new service WatcherRunner 00000190FD707CF0 to thread 31520 00000190FD73DEB0 in process 19948 I0525 09 50 18 656422 31520 watcher cpp 593 osqueryd watcher 19948 executing worker 21808 I0525 09 50 18 672039 12384 init cpp 339 osquery worker initialized watcher=19948 I0525 09 50 18 674044 12384 dispatcher cpp 78 Adding new service WatcherWatcherRunner 000001E899BEC850 to thread 16404 000001E899C69600 in process 21808 I0525 09 50 18 675025 12384 rocksdb cpp 132 Opening RocksDB handle C Program Files Orbit osquery db E0525 09 50 18 729002 12384 init cpp 555 An error occurred during extension manager startup Named pipe path is invalid I0525 09 50 18 729002 12384 tls enroll cpp 70 TLSEnrollPlugin requesting a node enroll key from I0525 09 50 19 797472 12384 tls cpp 255 TLS HTTPS POST request to URI enroll secret MY SECRET W0525 09 50 19 932312 12384 tls enroll cpp 77 Failed enrollment request to Request error certificate verify failed retrying

zwass · Answer

Your macOS issue looks like it s due to needing to run database migrations since your upgrade of Fleet