Channels
#kolide
Title
z
zwass
02/22/2018, 7:25 PM
Can you provide the server response to the enrollment request like you did for https://osquery.slack.com/archives/C1XCLA5DZ/p1519324487000723?
n
Newbee
02/22/2018, 9:28 PMI0222 162343.138703 4476 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll
I0222 162343.138703 4544 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 162343.138703 4544 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 162343.138703 5656 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 162343.138703 5656 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 162343.810552 4416 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll
I0222 162343.810552 2784 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 162343.810552 2784 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 162343.810552 5916 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 162343.810552 5916 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 162343.841809 2652 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll
I0222 162343.841809 5588 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 162343.841809 5588 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 162343.841809 2240 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 162343.841809 2240 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 162345.185578 4476 tls.cpp:198] TLS/HTTPS POST request to URI: https://x.x.x.x:8080/api/v1/osquery
/enroll
{"enroll_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxx","host_identifier":"9DC61442-B7FD-B9B6-1BB5-320C5EA0D064","platform_t
ype":"2","host_details":
}}}
{
"node_key": "RtRfZCDgLdkpW8kC1bAbr/7dth2rWmK8"
}
I0222 162345.232504 4476 tls.cpp:198] TLS/HTTPS POST request to URI:
}}}
{
"node_key": "RtRfZCDgLdkpW8kC1bAbr/7dth2rWmK8"
}
I0222 162345.232504 4476 tls.cpp:198] TLS/HTTPS POST request to URI:
{"node_key":"RtRfZCDgLdkpW8kC1bAbr\/7dth2rWmK8"}
{
"queries": {}
}
{
"node_key": "ZsnK6vcW7sHaXFiAELqWECOaQa2oFwyf"
}
I0222 162345.935539 2652 tls.cpp:198] TLS/HTTPS POST request to URI: https://x.x.x.x:8080/api/v1/osquery
/config
{"node_key":"ZsnK6vcW7sHaXFiAELqWECOaQa2oFwyf"}
{
"error": "authentication error: invalid node key: O/k3jqhlx2XX6xb3FEyeM/ePDk3B3Zg1",
"node_invalid": true
}
z
zwass
02/22/2018, 11:35 PM
Did these logs all occur sequentially in a single run of
osquerydosquerydn
Newbee
02/23/2018, 1:25 PMLet me log everything to a file and send it to you
Very wierd, I changed --host_identifier in my flag file to hostname from uuid and it worked?
z
zwass
02/23/2018, 5:31 PM
Possibly there is some bug in osquery? If you can repro this please file an issue.