Hello.
I have a small WAPT Discovery installation (for about 20 workstations), currently at version 2.4.0.14143. I'm trying to upgrade to 2.6.0.17177 (I'm deploying the new server on a new machine). There are no particular problems with the server side (which I'm running as a Docker container on the Nomad orchestrator; I could share my Nomad job if anyone's interested).
Everything is also OK on my administration workstation, where I manually installed the console and agent using WAPTSetup. My workstation connects correctly to the server and appears online. I've built a new waptupgrade package to push version 2.6 to my workstations.
The problem is: all these workstations, still on version 2.4, can't connect to the server because they aren't yet authenticating with a certificate. All the URLs they're calling (/wapt/Packages, /wapt-host/XXXXX.wapt, /update_host, /get_websocket_auth_token) return a 401 error (except for /ping, which works). So, I don't understand how they're supposed to retrieve the latest version of the agent from the repository. I don't have a Group Policy Object (GPO) in place (I performed a manual initial installation on each machine, and the waptupgrade package has handled updates since then). I'm also not using Kerberos authentication.
The documentation isn't very clear on this point. It simply states that the update will occur within 2 hours and that, in the meantime, the agents appear disconnected. But how is this update supposed to happen if the agents don't have access to the server to retrieve it?
[RESOLVED] Agent update from 2.4 to 2.6
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
If I manually update the agent on one of the machines (either by running waptagent.exe or waptdeploy.exe), then everything works. The agent updates correctly and appears online in the console. It's really just the agent update step, via the waptupgrade package, that I'm having trouble understanding how it's supposed to work (and which, for me, doesn't seem to work)
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi Dani,
the workstations should be able to authenticate to the server using their certificates. It's just that the WebSocket connection isn't working until the workstation has been upgraded. So, normally, the workstation should authenticate, retrieve the upgrade package, and install it (using a force install) within two hours. From that point on, the WebSocket connection should be working.
Before the migration, was your server/repo configured for HTTPS or HTTP? And after the migration? For certificate authentication to work correctly on Nginx, the connection must be HTTPS (using a recognized or self-signed certificate).
Regards,
Denis
the workstations should be able to authenticate to the server using their certificates. It's just that the WebSocket connection isn't working until the workstation has been upgraded. So, normally, the workstation should authenticate, retrieve the upgrade package, and install it (using a force install) within two hours. From that point on, the WebSocket connection should be working.
Before the migration, was your server/repo configured for HTTPS or HTTP? And after the migration? For certificate authentication to work correctly on Nginx, the connection must be HTTPS (using a recognized or self-signed certificate).
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
It worked fine with HTTPS in version 2.4, and also in 2.6. But after well over two hours, the packages still hadn't upgraded. I ended up setting up a GPO with waptdeploy and manually updating the few non-domain machines. I don't know exactly why it didn't work (it's possible it's due to my configuration; I'm deviating slightly from the official documentation to run it on the Nomad orchestrator)
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi Daniel,
thanks for the feedback. There's probably something in your container setup that's affecting the behavior. But GPOs are also a good option.
I'm marking this topic as resolved.
See you soon,
Denis
thanks for the feedback. There's probably something in your container setup that's affecting the behavior. But GPOs are also a good option.
I'm marking this topic as resolved.
See you soon,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
