[RESOLVED] Devices disconnected since update 2.5

[morvan-n]

Debian server 12
wapt version 2.5.2.15207

Good morning,

Following the update to version 2.5, all my workstations are in disconnected status in the console.

I tried the procedure described in the other post without success.

Code: Select all

net stop waptservice
suppression des fichiers C:\Program Files (x86)\wapt\log\waptservicestate et C:\Program Files (x86)\wapt\log\waptservicestate.html
net start waptservice

The commands wapt-get update and wapt-get upgrade work from a client.

I enabled certificate authentication when upgrading to version 2.5 and generated a new agent to update my clients.

Here is the error message I get in the waptserveur.log file:

Code: Select all

connection refused for uuid xxx, sid xxx: SocketIO connection not authorized, invalid token: No authorization token, instance

Thank you for your help
Nicolas

[Crous Strasbourg]

Hello,

I had the same problem.

WORKAROUND:
During the PostConf on the server, you can choose not to check the certificate and check: "
Don't check HTTPS client certificate (legacy)".

Then the client machines will appear in your console. However, you'll encounter another bug: the machines will remain CONNECTED despite the refresh.
You'll then need to reset the connection by performing a "Reset of established WebSocket connections" in the console on the host in question.

SOLUTION:
This solution was suggested to me by Tranquil It. Nevertheless, I found a solution to the initial problem: I was on Debian 11 and I upgraded to 12. This solved the problem.

Have a good day,
Matthieu

[morvan-n]

Hello,

thank you for your feedback. Indeed, by checking "Don't check HTTPS client certificate (legacy)," I can see my connected devices again in the console, but resetting the WebSocket doesn't do anything, and all my devices are still connected...

Ultimately, there's no perfect solution at the moment.

Sincerely,
Nicolas

[bkolovljanovic]

Hello Nicolas,

These problems are resolved in version 2.5.3

[morvan-n]

Hello,

Yes, everything is working correctly again with version 2.5.3.

Nicolas

[kvnwsr]

Hello,

we have the same problem.
We installed version 2.5.3, but the issue persists.

The server is AlmaLinux release 8.9 (Midnight Oncilla).

No workaround has worked for us.

Thank you for your help,
Kevin

[dcardon]

Hi Kevin,

do you have a reverse proxy in front of your WAPT server, a filtering firewall/WAF, or anything else?

Is the connection HTTPS? Is certificate validation enabled on the client?

In version 2.5.3, we removed the "Don't check HTTPS client certificate (legacy)" option, which disables SSL authentication at the Nginx level (which then delegates it to Python scripts). This option actually causes more problems than it solves.

Regards,

Denis

[kvnwsr]

Hello Denis,

Thank you for your reply.

We don't have a reverse proxy.
I tried disabling the firewall, but it didn't change anything.

The connection is established via HTTPS, and certificate validation is not enabled on the clients.
Our configuration worked fine in version 2.4.

Can I revert to version 2.4, given that some clients have already upgraded to 2.5.3?

[Christophe]

Hello,
I have exactly the same problem as Kevin after upgrading to version 2.5.3.
For your information, I'm on a Windows server.
We also don't have a reverse proxy, and the firewall is disabled on the client.

For now, I've reverted to version 2.4 (snapshot).
I made a full copy of our server and a client to test version 2.5.3 on an isolated network. But I can't figure out where the problem is coming from.

[Christophe]

My mistake, I hadn't realized that my clients also needed to be on version 2.5 to be available on the server again.

The problem should therefore be resolved for my domain-joined PCs using the agent installation GPO, but how do I install the 2.5 client for my non-domain PCs?