https://github.com/osquery/osquery logo
Title
s

Skarl

08/20/2019, 5:59 PM
Hello, new to the slack here - apologies if this has been answered before. I'm working through getting windows endpoints connected to fleet. So far I have got a kolide server and have connected a macos system to fleet however am running across issues when attempting to connect a windows box to the kolide server. Steps I've taken thus far - 1. Install the OSquery MSI 2. Update the .flags file to the configuration that has worked for the macos 3. Ran osqueryi.exe --flagfile=./osquery.flags 4. getting a no node key returned from TLS enroll plugin error
z

zwass

08/20/2019, 6:00 PM
Usually this means it's not sending the correct enroll secret.
It can help to add
--verbose --tls_dump
and see what it is sending.
s

Skarl

08/20/2019, 6:02 PM
ah thanks, does the enroll_secret need to be in a certain file format? Here is my flags file. I'll try this now as well
z

zwass

08/20/2019, 6:02 PM
Do those need to be backslashes?
s

Skarl

08/20/2019, 6:03 PM
I believe the syntax to be correct, otherwise I would get a cert validation error from the pem file
1
Will check that as well though
z

zwass

08/20/2019, 6:04 PM
Seeing what osquery sends in the HTTP request will help.
s

Skarl

08/20/2019, 6:05 PM
{
  "error": "invalid enroll secret",
  "node_invalid": true
}
let me try the enroll secret var and see if that works instead
z

zwass

08/20/2019, 6:08 PM
That looks like the response, but we need to see the request.
s

Skarl

08/20/2019, 6:11 PM
z

zwass

08/20/2019, 6:12 PM
enroll secret is empty
s

Skarl

08/20/2019, 6:14 PM
I changed the enroll_secret file var to the value and still getting the same error.
z

zwass

08/20/2019, 6:17 PM
is the env var set? The way you censor the value there makes me think you are putting the enroll secret in that flag, not the name of the env var containing the enroll secret.
s

Skarl

08/20/2019, 6:18 PM
Ah, yeah I am putting the enroll secret in the flag.
Let me try that, thanks for the suggestion
Ah sweet, it works. Thanks zwass! 🙇
🍻 1