my osquery agent from linux is working fine with kolide howe osquery #kolide

my osquery agent from linux is working fine with ...

joe_antony1

05/01/2020, 6:48 AM

my osquery agent from linux is working fine with kolide however when trying to integrate with Windows osquery with kolide then getting the following err http: TLS handshake error from 10.10.10.1:66566 local error: tls: bad record MAC can someone help please

zwass

05/01/2020, 4:08 PM

10.10.10.1:66566

the expected server address?

zwass

05/01/2020, 4:09 PM

https://github.com/kolide/fleet/blob/master/docs/infrastructure/faq.md#why-arent-my-osquery-agents-connecting-to-fleet

joe_antony1

05/01/2020, 5:52 PM

10.10.10.1 is the windows server where the osquery agent is installed.

joe_antony1

05/01/2020, 5:53 PM

kolide is running on 10.10.10.127:8080

zwass

05/01/2020, 5:57 PM

It looks like osquery is trying to connect to 10.10.10.1

Shantanu

07/03/2020, 11:07 PM

Did you figure this out? I am getting the same error

Daniel Wyleczuk-Stern

10/12/2020, 4:14 PM

Have there been any answers to this? I've searched the fleet github as well as this Slack channel and it doesn't seem like there's an answer

Daniel Wyleczuk-Stern

10/12/2020, 4:27 PM

Ayyyy I got it. This is probably happening for other people with test deployments. Don't blindly accept the defaults when generating a CSR with openssl. In my below example, I set the FQDN to my internal IP and it started working.

Copy code

root@ip-172-29-81-203:~# !18
openssl req -newkey rsa:4096             -x509             -sha256             -days 3650             -nodes             -out example.crt             -keyout example.key
Generating a RSA private key
............................................................................................................++++
..................++++
writing new private key to 'example.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:SF
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:172.24.17.4

zwass

10/12/2020, 4:43 PM

Yes, the FQDN must match. Usually I would expect to see a "certificate verify failed" error, but it's good to know that this error message can also come up.

Daniel Wyleczuk-Stern

10/12/2020, 4:59 PM

👍 I pinged you on github too on a closed issue with my recommendation for what to add to the readme

zwass

10/12/2020, 6:37 PM

Want to PR it? Otherwise I am happy to add it myself. Thank you.

Daniel Wyleczuk-Stern

10/13/2020, 1:21 PM

PR submitted

6 Views

Open in Slack

Previous Next