agent deployment problem

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
cyrillLB
Messages: 5
Registration: Sep 20, 2017 - 08:52

September 21, 2017 - 12:02

Good morning,

I'm having trouble deploying the agent. When I install the agent manually, everything goes smoothly.
However, as soon as I want to deploy the agent on the workstations, waptagent installs, vc2008 installs but the service installation fails.
I tried several methods:
  • using wapdeploy: waptdeploy.exe --hash=0c050e4a6d2caf3bf569d8c3564396881b4336656a7bc602d74f83398048c1e1 --minversion=1.3.13.0 --wait=15 --tasks=autorunTray,installService,installredist2008,autoUpgradePolicy --waptsetupurl=http://wapt/wapt/waptagent.exe
  • by directly deploying waptagent:
    waptagent /VERYSILENT
  • by deploying waptagent with a response file:
    waptagent /VERYSILENT /LOG="c:\waptagent_install.log" /LOADINF="wapt.inf"
Do you have any idea?
High
cyrillLB
Messages: 5
Registration: Sep 20, 2017 - 08:52

September 27, 2017 - 4:04 PM

Person ?
High
User avatar
agauvrit
WAPT Expert
Messages: 238
Registration: Nov 17, 2016 - 10:25
Location: Nantes
Contact :
Contact agauvrit

September 28, 2017 - 11:56

Hello,

What variables are missing to diagnose

the OS of the workstations?
Antivirus installed?
AppLocker?
SRP?

Nssm.exe had issues with Windows10 Creators Update, but beyond that, we haven't received any reports of problems in this regard.
High
cyrillLB
Messages: 5
Registration: Sep 20, 2017 - 08:52

September 29, 2017 - 11:38

OS: Windows 7 Pro;
Antivirus: Symantec SEP 12.1.6
; AppLocker: Disabled
; SRP: No
High
User avatar
agauvrit
WAPT Expert
Messages: 238
Registration: Nov 17, 2016 - 10:25
Location: Nantes
Contact :
Contact agauvrit

September 29, 2017 - 4:24 PM

Try to see if Symantec might be silently blocking the creation of the service.

We had a similar problem at a client with AVG where the network path was not trusted by the local agent; add this path in the central administration console of your antivirus.
High
ndamelincourt
Messages: 2
Registration: Oct 01, 2017 - 11:12 p.m.

October 1, 2017 - 11:50 PM

Good evening,
For your information, the latest version of Kaspersky 10.2.5.3201 (mr3) blocks waptdeploy.exe and even removes it from Netlogon. evil:
High
User avatar
vcardon
WAPT Expert
Messages: 278
Registration: Oct 06, 2017 - 10:55 p.m.
Location: Nantes, France

October 6, 2017 - 11:46 PM

Hello Cyril, ndamelincourt, Alexandre,

Today we see antivirus software more as a complement to the basic SRP security offered in Windows.

SRPs are "Software Restriction Policies," and they work on the same principle as Linux: only software marked "OK" by the administrator can be run by the user, even if it's located in their home directory. So goodbye to cryptolockers, ransomware, and similar threats.

WAPT is an excellent tool for implementing SRPs, and some users even go so far as to completely remove antivirus software from their 600-machine network once they've gained confidence in SRPs.

On your network, there's a high risk that your antivirus software will continue to mark "your WAPT" as "unknown" because your WAPT is customized for your network and generated from your personalization data. Therefore, antivirus programs that rely on signature recognition won't recognize your customized agent. There are methods outside the scope of WAPT to resolve this issue.

Vincent
Vincent CARDON
Tranquil IT
High
Niaha
Messages: 5
Registration: December 13, 2017 - 11:09

December 13, 2017 - 11:23

I resolved the issues related to Windows SmartScreen acceptance, etc., by adding the product certificate during agent creation.

I added it to a GPO as an Authorities Certificate and Trusted Publisher.

Since then, there have been no more "Warning: This software may not be a trusted source" errors.

Regards,
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

December 13, 2017 - 1:25 PM

For Waptagent, that's indeed the correct method.

However, Waptdeploy is signed with our commercial key...
High
Niaha
Messages: 5
Registration: December 13, 2017 - 11:09

December 13, 2017 - 2:02 PM

The script didn't cause me any problems; doing it via GPO already avoids a lot of hassle.
Having set up certificates for PS, VBScript, etc., it's a very useful workaround (a small addition to the wiki would be welcome ;) )!!!
High
Locked

Return to "WAPT Server"


  • To go further with WAPT