Howdy, folks. Anyone around who could help me out ...
# kolide
Howdy, folks. Anyone around who could help me out with enrolling a windows endpoint with fleet?
I might be able to help out. What issues are you running into?
@Tim I'm trying to enroll my Windows machine with the tls plugin, however I'm getting an error message
Here's my command: .\osqueryd.exe --enroll_secret_env=Tnr/xxxxxxxxx --enroll_tls_endpoint=x.x.x.x:8080 --tls_server_certs=C:\ProgramData\osquery\certs\x.x.x.x_8080.pem --verbose --host_identifier=HOST-27 --config_tls_refresh=10 --disable_distributed=false --distributed_plugin=tls --distributed_interval=3 --distributed_tls_max_attempts=3
Here's what I'm seeing: I0607 084228.572372 2504 tls.cpp:240] TLS/HTTPS POST request to URI: https://x.x.x.x:8080
W0607 084229.052740 2504 tls_enroll.cpp:67] Failed enrollment request to https://x.x.x.x:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying...
IS your server running ok? IS there a different host with that identifier? Maybe try it without specifying a host identifier.
oh and for the error, are you parsing json anywhere on the host for this?
actually you're missing a few flags
Copy code
.\osqueryd.exe --enroll_secret_env=Tnr/Tl0zB2vySH9x1DEIcA4kS0cXw5yI --tls_hostname=x.x.x.x:8080 --tls_server_certs=C:\ProgramData\osquery\certs\x.x.x.x_8080.pem --verbose --host_identifier=HOST-27 --config_tls_refresh=10 --disable_distributed=false --distributed_plugin=tls --distributed_interval=3 --distributed_tls_max_attempts=3 --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config
Command with the new flags
Failed enrollment request to (No node key returned from TLS enroll plugin) retrying...
^ New error message
I haven't used the enroll_secret_env flag, I use the enroll_secret_path one but your secret might be getting passed wrong. Try adding
Copy code
Copy code
flags for troubleshooting
Copy code
  "error": "invalid enroll secret",
  "node_invalid": true
I'll try doing enroll_secret_path
try copying just your enroll secret, placing it in a file, then adding the
Copy code
Working!!! Awesome, thank you so much
Another question though, this will only work when I run it it command line, right?
Np, and that depends. If you put a flagfile with all this in it in the default path for the service flagfile then it will work whenever the osqueryd service starts. Or you could alter the default osqueryd service and point it to wherever you want for a flagfile.
So I got osquery to connect to fleet with a flagfile I created and specified when running osqueryi.exe --flagfile=<FLAGFILE>
Unsure as to how to point it at the flag file when running it as a windows service though
Nevermind! I read your last message a bit closer and understood
Thanks so much for your help!
👍 1