Hello,
WAPT is in production (version 1.3.5) and suddenly almost all the machines have become UNREACHABLE from the administration console.
Symptoms:
* Unable to launch the update of available packages on the machine (ERROR The WAPT service is unreachable)
* Telnet on port 8088 of the machine does not work
* Access to http://127.0.0.1:8088/status works fine
* Updating the software inventory from the client works fine
* "Connect via VNC" works fine.
After updating to v1.3.8 and then verifying that name resolution was working correctly from both the server and the client machine running the console, I realized that the problem stemmed from the Windows firewall's inbound traffic rule.
Each computer has a "waptservice 8088" rule whose remote IP address is that of the WAPT server.
By allowing "Any IP address" or simply specifying the subnet mask after the IP address, it works again.
My question is: when is this rule created and how do I modify it for all computers (is it done from the console, by configuring the server and creating a new agent...)?
Thank you in advance for your answers.
Unreachable machines
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
The rule is created during installation. However, if the rule already exists, it will not be replaced.sidney_v wrote: My question is: when is this rule created and how do I modify it for all computers (is this done from the console, by configuring the server and creating a new agent...)?
Thank you in advance for your answers.
But this kind of problem will be solved in the next version of WAPT because we're switching to using WebSockets, which will resolve quite a few issues
In your case, have you tried the "scan listening IPs" button?
-
sidney_v
Thanks for the reply, I'll wait then...
To avoid this problem on future deployments, do you have any idea where to modify the firewall settings that create this rule (allowing port 8088) to add the subnet mask?
Also, what is the approximate release date of this WebSocket-based version of WAPT?
Thanks in advance.
To avoid this problem on future deployments, do you have any idea where to modify the firewall settings that create this rule (allowing port 8088) to add the subnet mask?
Also, what is the approximate release date of this WebSocket-based version of WAPT?
Thanks in advance.
