Hello,
I'm deploying the WAPT agent using waptdeploy, with both a logon script and a GPO.
It works perfectly for most PCs, but for about ten (out of approximately 80) it fails to install.
I should clarify that the GPO is indeed a computer GPO (therefore with admin rights) and that the logon script uses an AutoIt script which also grants it local administrator rights (this worked perfectly with WAPT 1.3 and therefore here for the vast majority with WAPT 1.5).
Here's the error: (I've replaced my domain with xxxx)
-----------------------------------------------------------------------------------------------
WAPT required version: force
Wapt agent path: C:\Windows\TEMP\waptagent.exe
Wget new waptagent from https://wapt2.xxxx.local/wapt/waptagent.exe
Trying to reach https://wapt2.xxxx.local/wapt/waptagent.exe...
Reachable, downloading...
Done.
Cleanup...
An unhandled exception occurred at $00416608:
EFOpenError: Unable to open file "C:\Windows\TEMP\waptagent.exe"
$00416608
$004164B0
$00440216
$004047C9
-----------------------------------------------------------------------------------------------
The logon script (as admin)
\\Server\NETLOGON\waptdeploy.exe --hash=my_hash --minversion=1.5.1.23 --wait=15 --waptsetupurl=https://wapt2.xxxx.local/wapt/waptagent.exe
-----------------------------------------------------------------------------------------------
After quite a bit of research, I noticed that if I enter the address as http and not as https for wapturl, it works.
And this corresponds to the error: Unable to open file "C:\Windows\TEMP\waptagent.exe".
Waptdeploy apparently couldn't download Waptagent from the Wapt server via HTTPS.
I suspect a certificate is missing on some PCs, but I haven't deployed any specific certificates. Should I do this (via GPO?) and if so, which certificate and where? And why does it work on most PCs but not some?
This problem is very disruptive, and I'd rather not stay with HTTP because it might not work in a future version of Wapt (and I'm not sure it will work on all PCs via HTTP; I'm testing...).
Thanks.
Problem with HTTPS? PC not recognized
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
dcardon
- WAPT Expert
- Messages: 1931
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello jojo57,
Sincerely,
Denis
The download process doesn't seem to be causing any problems according to the logs. Did you check if your antivirus software deleted the file before it was executed?jojo57 wrote: ↑July 5, 2018 - 2:17 PM Hello,
I'm deploying the WAPT agent with waptdeploy, using both a logon script and a GPO.
It works perfectly for most PCs, but for about ten (out of approximately 80) it fails to install.
I want to clarify that the GPO is indeed a computer GPO (therefore with admin rights) and that the logon goes through an AutoIt script which also grants it local administrator rights (this worked perfectly with WAPT 1.3 and therefore here for the vast majority with WAPT 1.5).
Here's the error: (I replaced my domain with xxxx)
-----------------------------------------------------------------------------------------------
WAPT required version: force
Wapt agent path: C:\Windows\TEMP\waptagent.exe
Wget new waptagent from https://wapt2.xxxx.local/wapt/waptagent.exe
Trying to reach https://wapt2.xxxx.local/wapt/waptagent.exe...
Reachable, downloading...
Done.
Cleanup...
An unhandled exception occurred at $00416608:
EFOpenError: Unable to open file "C:\Windows\TEMP\waptagent.exe"
$00416608
$004164B0
$00440216
$004047C9
-----------------------------------------------------------------------------------------------
The logon script (as admin)
\\Server\NETLOGON\waptdeploy.exe --hash=my_hash --minversion=1.5.1.23 --wait=15 --waptsetupurl=https://wapt2.xxxx.local/wapt/waptagent.exe
-----------------------------------------------------------------------------------------------
After quite a bit of research, I noticed that if I enter the address as http and not as https for wapturl, it works.
And this corresponds to the error: Unable to open file "C:\Windows\TEMP\waptagent.exe".
Waptdeploy apparently couldn't download Waptagent from the Wapt server via HTTPS.
I suspect a certificate is missing on some PCs, but I haven't deployed any specific certificates. Should I do this (via GPO?) and if so, which certificate and where? And why does it work on most PCs but not some?
This problem is very disruptive, and I'd rather not stay with HTTP because it might not work in a future version of Wapt (and I'm not sure it will work on all PCs via HTTP; I'm testing...).
Thanks.
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Hello,
Yes, I checked and the antivirus didn't delete anything. Besides, if it had, I think it would have also deleted the file downloaded via HTTP. And we have the same antivirus (corporate, with an agent) on all the workstations, so why some and not others? I suppose it's a certificate problem, but I don't see where.
However, I migrated from WAPT 1.3 to WAPT 1.5 (I installed a completely new server in WAPT 1.5, with a new prefix), and that might be the cause. In WAPT 1.3, the WAPT folder was directly under C:, and now it's in Program Files (x86). That might also be a clue. Since I switched to HTTP (2 days ago), 12 PCs have correctly registered in the WAPT console. But I'd prefer to fix this problem because I might still have some PCs that aren't registering (or won't register with a future version?).
Yes, I checked and the antivirus didn't delete anything. Besides, if it had, I think it would have also deleted the file downloaded via HTTP. And we have the same antivirus (corporate, with an agent) on all the workstations, so why some and not others? I suppose it's a certificate problem, but I don't see where.
However, I migrated from WAPT 1.3 to WAPT 1.5 (I installed a completely new server in WAPT 1.5, with a new prefix), and that might be the cause. In WAPT 1.3, the WAPT folder was directly under C:, and now it's in Program Files (x86). That might also be a clue. Since I switched to HTTP (2 days ago), 12 PCs have correctly registered in the WAPT console. But I'd prefer to fix this problem because I might still have some PCs that aren't registering (or won't register with a future version?).
I just tested it on my machine with
`wapt-get enable-check-certificate`
and the response is this:
Server certificate: C:\wapt\ssl\server\wapt2.xxxx.local.crt
FATAL ERROR: Exception: Common name of certificate (wapt2.xxxx.local) does not
match server hostname (wapt2.xxxx.local), aborting.
However, my console works fine and the PCs connect.
BUT, as I mentioned earlier, some PCs have Wapt installed in c:\wapt (since version 1.3) and others (more recent) in c:\program files(x86\wapt). Any connection?
Personally, I had to stay in c:\wapt because otherwise package compilation failed.
In short, my certificate seems valid, yet there's a problem.
I can't reinstall everything on all the PCs, though.
Thanks
`wapt-get enable-check-certificate`
and the response is this:
Server certificate: C:\wapt\ssl\server\wapt2.xxxx.local.crt
FATAL ERROR: Exception: Common name of certificate (wapt2.xxxx.local) does not
match server hostname (wapt2.xxxx.local), aborting.
However, my console works fine and the PCs connect.
BUT, as I mentioned earlier, some PCs have Wapt installed in c:\wapt (since version 1.3) and others (more recent) in c:\program files(x86\wapt). Any connection?
Personally, I had to stay in c:\wapt because otherwise package compilation failed.
In short, my certificate seems valid, yet there's a problem.
I can't reinstall everything on all the PCs, though.
Thanks
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
It seems to me that waptdeploy uses the Windows API for downloading.
If the wapt server is configured with a self-signed certificate, Windows should recognize it.
Otherwise, you need to add "--waptsetupurl=http://wapt2.xxxx.local/wapt/waptagent.exe"
to specify that you want to download it via HTTP.
PS: There's no risk in downloading via HTTP because waptdeploy requires a hash.
Another point: it seems that by default, waptdeploy downloads via HTTP unless a wapt server is already installed. In that case, wapt will use the URL from wapt-get.ini, which is an HTTPS URL.
Generally, it's preferable to add --waptsetupurl=
If the wapt server is configured with a self-signed certificate, Windows should recognize it.
Otherwise, you need to add "--waptsetupurl=http://wapt2.xxxx.local/wapt/waptagent.exe"
to specify that you want to download it via HTTP.
PS: There's no risk in downloading via HTTP because waptdeploy requires a hash.
Another point: it seems that by default, waptdeploy downloads via HTTP unless a wapt server is already installed. In that case, wapt will use the URL from wapt-get.ini, which is an HTTPS URL.
Generally, it's preferable to add --waptsetupurl=
