Page 3 of 4
Re: Deploying Wapt via GPO
Published: August 21, 2017 - 09:35
by Flo2k17
Good morning,
Sorry for not getting back to you sooner (two weeks of vacation, you know).
).
Thank you agauvrit, your solution seems to work!
Create an Organizational Unit (OU) and move the WAPT deployment test workstations into it.
This OU contains only computer accounts, no users (which are usually in CN=Computers), and apply the Group Policy Object (GPO) to these computers.
The test machine successfully installs the agent via GPO at startup (it takes 1 or 2 minutes). The solution was indeed to apply the GPO only to an OU containing
THAT computers (You must delete or move everything else, user accounts etc...).
Thanks again, all that's left is to put it into production!
Re: Deploying Wapt via GPO
Published: March 21, 2018 - 4:21 PM
by Arsgunner
Good morning,
I'm installing version 1.5.1.21 and I'm stuck deploying the agent via GPO. Even after trying all the solutions given above, I keep getting the following error:
Code: Select all
An unhandled exception occurred at $0043B822:
EHTTPException: Unable to download: http://127.0.0.1:8088/update.json?notify_server=1¬ify_user=0 HTTP Status: 0
$0043B822
$00401EA0
$00404924
Can you help me?
Thank you in advance
Re: Deploying Wapt via GPO
Published: March 21, 2018 - 4:27 PM
by agauvrit
Good morning,
A similar error occurred in this post on the WAPT mailing list:
https://lists.tranquil.it/pipermail/wap...02296.html
Is an antivirus program installed on the computers?
By explicitly specifying the address of the waptagent.exe file to download in the arguments:
https://www.wapt.fr/fr/doc/Configuratio ... waptdeploy
Code: Select all
--waptsetupurl="http://srvwapt.mydomain.lan/wapt/waptagent.exe" --wait=10
Re: Deploying Wapt via GPO
Published: March 21, 2018 - 4:34 PM
by Arsgunner
Yes, there is antivirus software on the computers. I'll try disabling it.
However, I've already tried specifying the URL in the options, without success.
Thank you.
Re: Deploying Wapt via GPO
Published: March 21, 2018 - 5:08 PM
by Arsgunner
Okay, when I try to launch the Waptagent locally, it seems there's an upstream certificate issue. I'll repeat the procedure and see if that resolves my problem.
Re: Deploying Wapt via GPO
Published: March 22, 2018 - 10:55 AM
by Arsgunner
Good morning,
So I restarted my installation from scratch because I previously had an error at the certificate test stage after installing the console.
This problem is now resolved.
However, if I try to install via GPO, I always get the following errors:
Code: Select all
An unhandled exception occurred at $0043B822:
EHTTPException: Unable to download: http://127.0.0.1:8088/update.json?notify_server=1¬ify_user=0 HTTP Status: 0
$0043B822
$00401EA0
$00404924
And if I run waptagent.exe, I get the following warning:
Re: Deploying Wapt via GPO
Published: March 22, 2018 - 11:06 AM
by agauvrit
There is a misunderstanding between the server's HTTPS SSL/TLS certificate and the public certificate distributed to workstations for packet verification:
- certificate SSL/TLS issued by the web server ensures the security of the transaction between the agent and the server. If this certificate is invalid and you have checked the "Verify the server's HTTPS certificate" box or run the "wapt-get enable-check-certificate" command with a certificate not recognized by your browser/system, it is normal that it will not work.
- The certificate distributed by the agent installer and which derives from your certificate authority is used to verify the authenticity of packages stored in your WAPT repository.
Re: Deploying Wapt via GPO
Published: March 22, 2018 - 11:44
by Arsgunner
The SSL/TLS certificate issued by the web server ensures the security of the transaction between the agent and the server. If this certificate is invalid and you have checked the "Verify the server's HTTPS certificate" box or run the "wapt-get enable-check-certificate" command with a certificate not recognized by your browser/system, it is normal that it will not work.
Yesterday I had a problem at that level, so I preferred to solve it before starting to do my tests on the agent deployment again.
The certificate distributed by the agent installer and which derives from your certificate authority is used to verify the authenticity of packages stored in your WAPT repository.
I obviously still have a problem in that area.
I installed the console on a server in a directory d:\wapt
In the documentation for creating the WAPT agent installer, the "Certificate bundle path to verify the server's HTTPS certificate" appears to be populated with the following path: ...\wapt\lib\site-packages\certifi\cacert.pem
But if I select it in my case, it tells me that it's not good.
However, if I point to ...\wapt\ssl\server, then I can get through.
Is this where I'm making a mistake?
Re: Deploying Wapt via GPO
Published: March 22, 2018 - 12:52
by sfonteneau
In my opinion, it's a bug.
A behavior we didn't anticipate:
https://github.com/tranquilit/WAPT/blob ... p.iss#L453
We assume the WAPT
source is installed either in c:\wapt or c:\program files (x86)\wapt or c:\program files\wapt\.
It's a bit ugly, but we'll do better; we'll push a fix.
Simon
Re: Deploying Wapt via GPO
Published: March 23, 2018 - 11:24
by Arsgunner
Hello,
thank you for your reply.
Could you please tell me how to modify my .iss file to suit my current configuration? This would allow me to make progress, at least on my test PC.
Thank you.