Title
#kolide
d

David

06/09/2020, 11:38 PM
Newbie here trying to get my first Windows node connected to Fleet and failing. Based on some research here and on the web I am using this command to start osqueryd: osqueryd.exe --flagfile "C:\ProgramData\osquery\osquery.flags" --verbose --tls_dump The interesting part of the error messages appears to be: Thrift: Tue Jun 9 16:34:47 2020 Client connected. Thrift: Tue Jun 9 16:34:47 2020 TPipe ::GetOverlappedResult errored GLE=errno = 109 Thrift: Tue Jun 9 16:34:47 2020 Client connected. Thrift: Tue Jun 9 16:34:47 2020 TConnectedClient died: TPipe: GetOverlappedResult failed Thrift: Tue Jun 9 16:34:47 2020 TPipe ::GetOverlappedResult errored GLE=errno = 109 Thrift: Tue Jun 9 16:34:47 2020 TConnectedClient died: TPipe: GetOverlappedResult failed I0609 16:34:48.744349 3384 tls.cpp:253] TLS/HTTPS POST request to URI: https://myserver.mydomain.com/osquery/enroll Failed enrollment request to https://myserver.mydomain.com/osquery/enroll (Request error: certificate verify failed) retrying.. I removed the line in my flag file for --tls_server_certs= since my browser trusts the certificate on the Fleet server. Any thoughts on where to go from here?
d

David

06/10/2020, 12:57 AM
Thanks @zwass Curl didn't like the certificate either, so I downloaded the *.domain.com wildcard cert from the Fleet server via Edge browser and added a path to it in my flags file "--tls_server_certs=C:\ProgramData\osquery\mydomain.crt" and at least now there is a new error: "Request error: load_verify_file: no certificate or crl found"
1:14 AM
If I download the wildcard certificate as a .pem file using Firefox the error is different too: Failed enrollment request to https://myserver.mydomain.com/api/v1/osquery/enroll (Request error: certificate verify failed Does osquery accept wildcard certificates?