``` component service err invalid enroll secret ip addr 10 9 osquery #kolide

```{"component":"service","err":"invalid enroll se...

jackjack

02/04/2020, 9:03 PM

Copy code

{"component":"service","err":"invalid enroll secret","ip_addr":"10.96.12.239:64947","method":"EnrollAgent","took":"403.333µs","ts":"2020-02-04T21:00:05.977721805Z"}
{"component":"service","err":"authentication error: missing node key","ip_addr":"10.96.12.239:64947","method":"AuthenticateHost","took":"4.18µs","ts":"2020-02-04T21:00:06.261929944Z"}
{"component":"http","err":"authentication error: missing node key","ts":"2020-02-04T21:00:06.261985496Z"}

fbone

02/04/2020, 9:09 PM

I have exact enroll error as you, and my secret is correct. Hopefully someone can help us out

zwass

02/04/2020, 9:10 PM

Use

--verbose --tls_dump

on osqueryd to see what it is sending.

jackjack

02/04/2020, 9:15 PM

I don’t see the

secret

part though Zach....

jackjack

02/04/2020, 9:17 PM

Copy code

I0204 16:14:02.681643 19404 interface.cpp:268] Extension manager service starting: \\.\pipe\osquery.em
I0204 16:14:02.681643  8968 tls_enroll.cpp:67] TLSEnrollPlugin requesting a node enroll key from:

https://SSSSS

Copy code

I0204 16:14:02.681643  8968 system.cpp:289] Using host identifier: 4C4C4544-0047-391XXXXXXXX
I0204 16:14:03.753511  8968 tls.cpp:253] TLS/HTTPS POST request to URI:

https://XXXXX

Copy code

{"enroll_secret":"","host_identifier":"4C4C4544-0047-3910-8058-B5C04F305332","platform_type":"2","host_details":{"os_version":{"build":"16299","codename":"Windows 10 Enterprise","install_date":"20181119162927.000000-300","major":"10","minor":"0","name":"Microsoft Windows 10 Enterprise","platform":"windows","platform_like":"windows","version":"10.0.16299"},"osquery_info":{"build_distro":"10","build_platform":"windows","config_hash":"","config_valid":"0","extensions":"active","instance_id":"cf1e4fa2-0d7c-46eb-ba33-ea69f2e7d621","pid":"13992","start_time":"1580850842","uuid":"4C4C4544-0047-3910-8058-B5C04F305332","version":"4.0.1","watcher":"6224"},"platform_info":{"date":"2018-07-18","revision":"2.11","vendor":"Dell Inc.","version":"2.11.0"},"system_info":{"computer_name":"NYLIN","cpu_brand":"Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","cpu_logical_cores":"8","cpu_microcode":"0","cpu_physical_cores":"4","cpu_subtype":"-1","cpu_type":"x86_64","hardware_model":"Precision Tower 3620","hardware_serial":"5G9X0S2","hardware_vendor":"Dell Inc.","hardware_version":"-1","hostname":"XXXXXcom","local_hostname":"NYLIN","physical_memory":"34246193152","uuid":"4C4C4544-0047-3910-8058-B5C04F305332"}}}
{

"error": "invalid enroll secret", "node_invalid": true

W0204 161404.176013 8968 tls_enroll.cpp:74] Failed enrollment request to https://XXXXX:8080/api/v1/osquery/enroll (No node key returned from TLS enroll plugin) retrying...```

fbone

02/04/2020, 9:29 PM

the enroll secret shows {"enroll_secret":"","host_identifier" empty like on mine, we have to figure out why its not reading the secret from the file

zwass

02/04/2020, 9:36 PM

Yep, probably your file path is incorrect or the permissions are wrong.

fbone

02/04/2020, 9:48 PM

So i added the secret to the Environment Variable and up dated the flags file to read from Env Variable and works like a charm now Enrolled perfectly

fbone

02/04/2020, 9:48 PM

fbone

02/04/2020, 9:49 PM

fbone

02/04/2020, 9:49 PM

Now the enroll secret shows up in the tls dump

fbone

02/04/2020, 9:49 PM

fbone

02/04/2020, 9:50 PM

Hopefully that will help and work for you as well jackjack

jackjack

02/04/2020, 10:59 PM

Yah unfortunately still not working... lol will try reboot

2 Views

Open in Slack

Previous Next