Hi Friends: Have some issues with new Kolide fleet server. Present Fleet version 2.6.0 Osquery Version: 4.3.0 Problem is below command works perfectly fine on Ubuntu host to join Kolide fleet server, but same command is not working on Windows host.

sudo /usr/bin/osqueryd   --enroll_secret_path=/var/osquery/enroll_secret   --tls_server_certs=/var/osquery/kolide.pem   --tls_hostname=<http://kolide-test.abc.com|kolide-test.abc.com>  --host_identifier=hostname   --enroll_tls_endpoint=/api/v1/osquery/enroll   --config_plugin=tls   --config_tls_endpoint=/api/v1/osquery/config   --config_refresh=10   --disable_distributed=false   --distributed_plugin=tls   --distributed_interval=3   --distributed_tls_max_attempts=3   --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read   --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write   --logger_plugin=tls   --logger_tls_endpoint=/api/v1/osquery/log   --logger_tls_period=10

Windows commands.

PS C:\Program Files\osquery> .\manage-osqueryd.ps1 -install --enroll_secret_path=C:\Program Files\osquery\secret.txt --tls_hostname=<http://kolide-test.abc.com|kolide-test.abc.com> --tls_server_certs=\Program Files\osquery\certs\kolide.pem --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=10 --disable_distributed=false --distributed_plugin=tls --distributed_interval=3 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --logger_tls_period=10

Can some help on this.

Probably because of space between Program Files in _enroll_secret_path=C:\Program Files\osquery\secret.txt_

Even I tried with

'\Program Files\osquery\secret.txt'

its not working. No idea what was missing here.

I’ve make it work by putting all flags into flagfile and starting ps1 script with --flagfile. Also I noticed that you missed drive letter in tls_server_certs flag

Oh thanks. Will check that right now.

@ravindrags24 Try to change tls_server_certs to *.crt, usually Windows doesn’t understand PEM certs

Ok thanks for that.

Also, usually it is useful to look into Kolide logs, not only osquery logs

@Alexandr Ivanov - I have changed *.pem to *.crt file. and still same issues. And surprising that I couldn't able to find any logs on server too. I think its still not connecting to server and getting errors in local windows machine itself. Any idea about this error.

W0425 13:52:06.597894  2140 tls_enroll.cpp:76] Failed enrollment request to <https://abc.com/api/v1/osquery/enroll> (No node key returned from TLS enroll plugin) retrying...

How ever its wildcard certificate working from Ubuntu host and getting error in Windows.