[RESOLVED] Client deployment error (Kerberos auto-enrollment)

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
TomTom
Messages: 79
Registration: May 25, 2018 - 3:43 p.m.

July 8, 2024 - 11:12

Hello everyone,

Since this week, I have noticed a problem when deploying the wapt agent on my new client workstations (via OS deployment and/or GPO).
Indeed, the agent installs correctly but does not register with the server. Here is the output when running `wapt-get update`:

Code: Select all

Using config file: C:\Program Files (x86)\wapt\wapt-get.ini
Update package list from https://fr-for-wapt1.fr.hydac.int/wapt, https://fr-for-wapt1.fr.hydac.int/wapt-host
2024-07-08 11:02:15,368 CRITICAL Error merging Packages from wapt into db: None : None
Total packages : 0
Added packages :

Removed packages :

Discarded packages count : 1
Pending operations :
  install:
  upgrade:
  additional:
  remove:
  immediate_installs:
Repositories URL :
  wapt
  wapt-host
If I launch the

Code: Select all

wapt-get register
And when I enter the credentials, everything is OK. So, is there a Kerberos problem?

The general configuration has not been modified, except for the test of updating the WAPT server to Debian 12. I reverted to my previous snapshot because I had some errors.
Is it possible that this manipulation could have "broken" something?

Thank you in advance for your feedback.
Thomas
Last edited by TomTom on 09 Jul 2024 - 13:41, edited 1 time.
WAPT version: 2.6.0.17392 (Enterprise Edition)
Server OS: Debian 12 "Bookworm"
Administration/package creation machine OS: Windows 11 24h2
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

July 8, 2024 - 2:52 PM

The easiest way to test the Kerberos register is to use psexe to try it out:

https://www.wapt.fr/fr/doc/wapt-securit ... em-account
High
TomTom
Messages: 79
Registration: May 25, 2018 - 3:43 p.m.

July 9, 2024 - 8:31 AM

Thanks Simon for the help.

So, when launching the registry with system authority, here's the output:

Code: Select all

FATAL ERROR : ImportError: GSSAPIProxy requires the Python gssapi library: No module named 'gssapi'
WAPT version: 2.6.0.17392 (Enterprise Edition)
Server OS: Debian 12 "Bookworm"
Administration/package creation machine OS: Windows 11 24h2
High
TomTom
Messages: 79
Registration: May 25, 2018 - 3:43 p.m.

July 9, 2024 - 1:37 PM

I'm replying to myself; in the meantime, the error has been resolved. The WAPT server's registration in the Active Directory domain had failed.
Re-registering the machine fixed the problem.
The post can now be marked as resolved.

Thanks again, Simon, for the clarification.
WAPT version: 2.6.0.17392 (Enterprise Edition)
Server OS: Debian 12 "Bookworm"
Administration/package creation machine OS: Windows 11 24h2
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 9, 2024 - 2:19 PM

Hello Thomas,

To complete the topic, I will add that the error message below has nothing to do with the absence of the Python gssapi module (gssapi is only used under Linux, under Windows it is SSPI that is used), but the python requests-kerberos library tends to bug strangely when there is something wrong and if it cannot retrieve a service ticket from the Windows layer.

Code: Select all

FATAL ERROR : ImportError: GSSAPIProxy requires the Python gssapi library: No module named 'gssapi'

For your information, Simon has started preparing some scripts to facilitate debugging the Kerberos and LDAP components on the server, in order to test and validate the most common problems. This could have helped diagnose the issue :-)

Sincerely,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Locked

Return to "WAPT Server"


  • To go further with WAPT