Title
#kolide
j

jackjack

02/04/2020, 9:03 PM
{"component":"service","err":"invalid enroll secret","ip_addr":"10.96.12.239:64947","method":"EnrollAgent","took":"403.333µs","ts":"2020-02-04T21:00:05.977721805Z"}
{"component":"service","err":"authentication error: missing node key","ip_addr":"10.96.12.239:64947","method":"AuthenticateHost","took":"4.18µs","ts":"2020-02-04T21:00:06.261929944Z"}
{"component":"http","err":"authentication error: missing node key","ts":"2020-02-04T21:00:06.261985496Z"}
f

fbone

02/04/2020, 9:09 PM
I have exact enroll error as you, and my secret is correct. Hopefully someone can help us out
zwass

zwass

02/04/2020, 9:10 PM
Use
--verbose --tls_dump
on osqueryd to see what it is sending.
j

jackjack

02/04/2020, 9:15 PM
I don’t see the
secret
part though Zach....
9:17 PM
I0204 16:14:02.681643 19404 interface.cpp:268] Extension manager service starting: \\.\pipe\osquery.em
I0204 16:14:02.681643  8968 tls_enroll.cpp:67] TLSEnrollPlugin requesting a node enroll key from:
https://SSSSS
I0204 16:14:02.681643  8968 system.cpp:289] Using host identifier: 4C4C4544-0047-391XXXXXXXX
I0204 16:14:03.753511  8968 tls.cpp:253] TLS/HTTPS POST request to URI:
https://XXXXX
{"enroll_secret":"","host_identifier":"4C4C4544-0047-3910-8058-B5C04F305332","platform_type":"2","host_details":{"os_version":{"build":"16299","codename":"Windows 10 Enterprise","install_date":"20181119162927.000000-300","major":"10","minor":"0","name":"Microsoft Windows 10 Enterprise","platform":"windows","platform_like":"windows","version":"10.0.16299"},"osquery_info":{"build_distro":"10","build_platform":"windows","config_hash":"","config_valid":"0","extensions":"active","instance_id":"cf1e4fa2-0d7c-46eb-ba33-ea69f2e7d621","pid":"13992","start_time":"1580850842","uuid":"4C4C4544-0047-3910-8058-B5C04F305332","version":"4.0.1","watcher":"6224"},"platform_info":{"date":"2018-07-18","revision":"2.11","vendor":"Dell Inc.","version":"2.11.0"},"system_info":{"computer_name":"NYLIN","cpu_brand":"Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","cpu_logical_cores":"8","cpu_microcode":"0","cpu_physical_cores":"4","cpu_subtype":"-1","cpu_type":"x86_64","hardware_model":"Precision Tower 3620","hardware_serial":"5G9X0S2","hardware_vendor":"Dell Inc.","hardware_version":"-1","hostname":"XXXXXcom","local_hostname":"NYLIN","physical_memory":"34246193152","uuid":"4C4C4544-0047-3910-8058-B5C04F305332"}}}
{
"error": "invalid enroll secret", "node_invalid": true
}
W0204 16:14:04.176013 8968 tls_enroll.cpp:74] Failed enrollment request to https://XXXXX:8080/api/v1/osquery/enroll (No node key returned from TLS enroll plugin) retrying...```
f

fbone

02/04/2020, 9:29 PM
the enroll secret shows {"enroll_secret":"","host_identifier" empty like on mine, we have to figure out why its not reading the secret from the file
zwass

zwass

02/04/2020, 9:36 PM
Yep, probably your file path is incorrect or the permissions are wrong.
f

fbone

02/04/2020, 9:48 PM
So i added the secret to the Environment Variable and up dated the flags file to read from Env Variable and works like a charm now Enrolled perfectly
9:48 PM
9:49 PM
9:49 PM
Now the enroll secret shows up in the tls dump
9:49 PM
9:50 PM
Hopefully that will help and work for you as well jackjack
j

jackjack

02/04/2020, 10:59 PM
Yah unfortunately still not working... lol will try reboot