Deploy Wapt via GPO

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
Flo2k17
Messages: 5
Registration: August 3, 2017 - 2:59 PM

August 21, 2017 - 09:35

Good morning,

Sorry for not getting back to you sooner (two weeks of vacation, you know). :P).

Thank you agauvrit, your solution seems to work!
Create an Organizational Unit (OU) and move the WAPT deployment test workstations into it.
This OU contains only computer accounts, no users (which are usually in CN=Computers), and apply the Group Policy Object (GPO) to these computers.
The test machine successfully installs the agent via GPO at startup (it takes 1 or 2 minutes). The solution was indeed to apply the GPO only to an OU containing THAT computers (You must delete or move everything else, user accounts etc...).
Thanks again, all that's left is to put it into production!
High
Arsgunner
Messages: 21
Registration: Oct 06, 2017 - 4:04 p.m.

March 21, 2018 - 4:21 PM

Good morning,

I'm installing version 1.5.1.21 and I'm stuck deploying the agent via GPO. Even after trying all the solutions given above, I keep getting the following error:

Code: Select all

An unhandled exception occurred at $0043B822:
EHTTPException: Unable to download: http://127.0.0.1:8088/update.json?notify_server=1&notify_user=0 HTTP Status: 0
  $0043B822
  $00401EA0
  $00404924
Can you help me?
Thank you in advance
High
User avatar
agauvrit
WAPT Expert
Messages: 238
Registration: Nov 17, 2016 - 10:25
Location: Nantes
Contact :
Contact agauvrit

March 21, 2018 - 4:27 PM

Good morning,

A similar error occurred in this post on the WAPT mailing list: https://lists.tranquil.it/pipermail/wap...02296.html

Is an antivirus program installed on the computers?

By explicitly specifying the address of the waptagent.exe file to download in the arguments: https://www.wapt.fr/fr/doc/Configuratio ... waptdeploy

Code: Select all

 --waptsetupurl="http://srvwapt.mydomain.lan/wapt/waptagent.exe" --wait=10
High
Arsgunner
Messages: 21
Registration: Oct 06, 2017 - 4:04 p.m.

March 21, 2018 - 4:34 PM

Yes, there is antivirus software on the computers. I'll try disabling it.

However, I've already tried specifying the URL in the options, without success.

Thank you.
High
Arsgunner
Messages: 21
Registration: Oct 06, 2017 - 4:04 p.m.

March 21, 2018 - 5:08 PM

Okay, when I try to launch the Waptagent locally, it seems there's an upstream certificate issue. I'll repeat the procedure and see if that resolves my problem.
High
Arsgunner
Messages: 21
Registration: Oct 06, 2017 - 4:04 p.m.

March 22, 2018 - 10:55

Good morning,

So I restarted my installation from scratch because I previously had an error at the certificate test stage after installing the console.

Code: Select all

wapt-get enable-check-certificate
This problem is now resolved.

However, if I try to install via GPO, I always get the following errors:

Code: Select all

An unhandled exception occurred at $0043B822:
EHTTPException: Unable to download: http://127.0.0.1:8088/update.json?notify_server=1&notify_user=0 HTTP Status: 0
  $0043B822
  $00401EA0
  $00404924
And if I run waptagent.exe, I get the following warning:
Attachments
WaptAgentErreur.png
WaptAgentErreur.png (24.64 KB) Viewed 9776 times
High
User avatar
agauvrit
WAPT Expert
Messages: 238
Registration: Nov 17, 2016 - 10:25
Location: Nantes
Contact :
Contact agauvrit

March 22, 2018 - 11:06

There is a misunderstanding between the server's HTTPS SSL/TLS certificate and the public certificate distributed to workstations for packet verification:

  • certificate SSL/TLS issued by the web server ensures the security of the transaction between the agent and the server. If this certificate is invalid and you have checked the "Verify the server's HTTPS certificate" box or run the "wapt-get enable-check-certificate" command with a certificate not recognized by your browser/system, it is normal that it will not work.
  • The certificate distributed by the agent installer and which derives from your certificate authority is used to verify the authenticity of packages stored in your WAPT repository.
High
Arsgunner
Messages: 21
Registration: Oct 06, 2017 - 4:04 p.m.

March 22, 2018 - 11:44

The SSL/TLS certificate issued by the web server ensures the security of the transaction between the agent and the server. If this certificate is invalid and you have checked the "Verify the server's HTTPS certificate" box or run the "wapt-get enable-check-certificate" command with a certificate not recognized by your browser/system, it is normal that it will not work.
Yesterday I had a problem at that level, so I preferred to solve it before starting to do my tests on the agent deployment again.
The certificate distributed by the agent installer and which derives from your certificate authority is used to verify the authenticity of packages stored in your WAPT repository.
I obviously still have a problem in that area.

I installed the console on a server in a directory d:\wapt
In the documentation for creating the WAPT agent installer, the "Certificate bundle path to verify the server's HTTPS certificate" appears to be populated with the following path: ...\wapt\lib\site-packages\certifi\cacert.pem
But if I select it in my case, it tells me that it's not good.
However, if I point to ...\wapt\ssl\server, then I can get through.
Is this where I'm making a mistake?
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

March 22, 2018 - 12:52

In my opinion, it's a bug.

A behavior we didn't anticipate:

https://github.com/tranquilit/WAPT/blob ... p.iss#L453

We assume the WAPT source is installed either in c:\wapt or c:\program files (x86)\wapt or c:\program files\wapt\.

It's a bit ugly, but we'll do better; we'll push a fix. ;-)

Simon
High
Arsgunner
Messages: 21
Registration: Oct 06, 2017 - 4:04 p.m.

March 23, 2018 - 11:24

Hello,

thank you for your reply.
Could you please tell me how to modify my .iss file to suit my current configuration? This would allow me to make progress, at least on my test PC.

Thank you.
High
Locked

Return to "WAPT Server"


  • To go further with WAPT