[RESOLVED] WADS: wapt agent not registering

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
rlegrand
Messages: 10
Registration: June 30, 2026 - 3:37 PM

July 3, 2026 - 09:14

sfonteneau wrote: July 2, 2026 - 4:44 PM Isn't 192.168.1.11 listed in /etc/hosts? (bad configuration)

Kinit is trying to connect to 192.168.1.11...
Hello, I modified the hosts file to show the correct IP address

I restarted the commands on the Linux server:

Code: Select all

root@SRV-WAPT:/etc# kdestroy
root@SRV-WAPT:/etc# kinit <user>
Password for <user>@<domaine>: 
root@SRV-WAPT:/etc# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <user>@<domaine>

Valid starting       Expires              Service principal
07/03/2026 08:53:28  07/03/2026 18:53:28  krbtgt/<domaine>@<domaine>
        renew until 07/04/2026 08:53:22
root@SRV-WAPT:/etc# curl -v --negotiate -u : https://<domaine>/api/v3/add_host_kerberos -k
* Host srv-wapt.<domaine>:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.1.10
*   Trying 192.168.1.10:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / RSASSA-PSS
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=srv-wapt.<domaine> 20240805-1439
*  start date: Aug  5 12:39:30 2024 GMT
*  expire date: Aug  3 12:39:30 2034 GMT
*  issuer: CN=srv-wapt.<domaine>
*  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to srv-wapt.<domaine> (192.168.1.10) port 443
* using HTTP/1.x
* gss_init_sec_context() failed: Server not found in Kerberos database. 
* Server auth using Negotiate with user ''
> GET /api/v3/add_host_kerberos HTTP/1.1
> Host: srv-wapt.<domaine>.fr
> User-Agent: curl/8.14.1
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Fri, 03 Jul 2026 06:53:26 GMT
< Content-Type: text/html
< Content-Length: 172
< Connection: keep-alive
* gss_init_sec_context() failed: Server not found in Kerberos database. 
< WWW-Authenticate: Negotiate
< Strict-Transport-Security: max-age=63072000
< 
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host srv-<domaine> left intact
Thank you for your help.
User avatar
sfonteneau
WAPT Expert
Messages: 2339
Registered: July 10, 2014 - 11:52 PM
Contact :

July 3, 2026 - 09:32

Good morning

Code: Select all

gss_init_sec_context() failed: Server not found in Kerberos database
Can you verify that the machine account in your wapt server still exists?

If so, what is the value of the ServicePrincipalName attribute?
rlegrand
Messages: 10
Registration: June 30, 2026 - 3:37 PM

July 3, 2026 - 10:26

sfonteneau wrote: July 3, 2026 - 9:32 AM Good morning

Code: Select all

gss_init_sec_context() failed: Server not found in Kerberos database
Can you verify that the machine account in your wapt server still exists?

If so, what is the value of the ServicePrincipalName attribute?
Could you tell me the steps to do this?
User avatar
sfonteneau
WAPT Expert
Messages: 2339
Registered: July 10, 2014 - 11:52 PM
Contact :

July 3, 2026 - 10:28

Apologies for the error in my previous message:

I'll correct it:

Can you verify that the machine account in your Active Directory server still exists?

If so, what is the value of the ServicePrincipalName attribute?
rlegrand
Messages: 10
Registration: June 30, 2026 - 3:37 PM

July 3, 2026 - 10:48

sfonteneau wrote: July 3, 2026 - 10:28 Sorry, error in my previous message:

I'll correct it:

Can you verify that the machine account in your Active Directory server still exists?

If so, what is the value of the ServicePrincipalName attribute?
I have a wapt administrator account on our Active Directory but I don't see a machine account.
User avatar
sfonteneau
WAPT Expert
Messages: 2339
Registered: July 10, 2014 - 11:52 PM
Contact :

July 3, 2026 - 11:01

The problem is this... apparently you are using Kerberos but you don't have a WAPT machine account in your Active Directory.

Do you have a /etc/nginx/http-krb5.keytab file on your WAPT server?
rlegrand
Messages: 10
Registration: June 30, 2026 - 3:37 PM

July 3, 2026 - 11:40

sfonteneau wrote: Jul 3, 2026 - 11:01 The problem is there... apparently you are on Kerberos but you don't have a WAPT machine account in your Active Directory.

Do you have a /etc/nginx/http-krb5.keytab file on your WAPT server?
I haven't installed the WAPT server, so I'm just experimenting and discovering how it works :D

The deployments and registration of the workstation on the WAPT server were working fine until now. That's why I'm investigating what might have changed on our end that's causing it to stop working.

I do have a /etc/nginx/http-krb5.keytab file on the wapt server
User avatar
sfonteneau
WAPT Expert
Messages: 2339
Registered: July 10, 2014 - 11:52 PM
Contact :

July 3, 2026 - 11:53

If you have a keytab file, it means there was a wapt account in Active Directory at some point.

You can delete the keytab and run postconf to force its re-creation (be careful not to delete the machine account afterward :) ).
rlegrand
Messages: 10
Registration: June 30, 2026 - 3:37 PM

July 3, 2026 - 1:58 PM

sfonteneau wrote: July 3, 2026 - 11:53 AM If you have a keytab file, then there was a wapt account in Active Directory at some point.

You can delete the keytab and run a postconf command to force its re-creation ((be careful not to delete the machine account afterwards :) )).
Problem solved, I followed your instructions and the machine account was created.

Thank you so much for your help and support!

Good day.
Locked