Tranquil IT Forum

Published: **September 22, 2020 - 5:55 PM**

Good morning,

I am creating this post because despite my searches on the forum, I cannot find a solution to my problem.
I have a WAPT server which is used for several domains with trust between them.
However, I am encountering problems with customer registration.
I use Kerberos authentication for registration.

Server Configuration:

Code: Select all

[options]
waptwua_folder = /var/www/html/waptwua
server_uuid = f3b48752-1059-11ea-a519-005056b71f58
clients_signing_key = /opt/wapt/conf/ca-wapt1.domaine1.local.pem
clients_signing_certificate = /opt/wapt/conf/ca-wapt1.domaine1.local.crt
wapt_password = $pbkdf2-sha256$29000$2nvvfe.dk7K21vo/Z8z53w$DtkM/JsLTv7wx2MGRdapPIkCzkk46j3Bsu8Prv1NxvM
use_kerberos = True
allow_unauthenticated_connect = False
secret_key = UFoo6Qq2mLVIRwHnSZ0Wj2OoBBDhmvbApQH8jvHFtNltV8QzepPdXqfzanHOBywd
http_proxy = 
wapt_admin_group_dn = CN=G_WAPT_Admin,OU=Groupes,DC=domaine1,DC=local
ldap_auth_server = AD1.domaine1.local
ldap_auth_base_dn = DC=domaine1,DC=local
ldap_auth_ssl_enabled = False

Client configuration:

Code: Select all

[global]
waptupdate_task_period=120
wapt_server=https://wapt1.domaine1.local
repo_url=https://wapt1.domaine1.local/wapt
use_hostpackages=1
send_usage_report=1
use_kerberos=1
check_certificates_validity=0
verify_cert=C:\wapt\ssl\server\wapt1.domaine1.local.crt
dnsdomain=
max_gpo_script_wait=180
pre_shutdown_timeout=180
hiberboot_enabled=0
use_fqdn_as_uuid=1
use_ad_groups=1
waptaudit_task_period=120m
[wapt-templates]
repo_url=https://store.wapt.fr/wapt
verify_cert=1
[waptwua]
enabled=false
install_at_shutdown=false

In the server logs:

Code: Select all

Sep 22 17:44:38 wapt1 python: 2020-09-22 17:44:38,700 CRITICAL Get_websocket_auth_token failed EWaptAuthenticationFailure(u'Unknown host UUID clientXX.domaine2.local. Please register first.',)

Attempting manual registration via wapt-get register:

Code: Select all

Registering host against server: https://wapt1.domaine1.local
        System Power Controls
FATAL ERROR : HTTPError: 403 Client Error: Forbidden for url: https://wapt1.domaine1.local/add_host_kerberos
wapt-get exited on clientXX.domaine2.local with error code 3.

I checked the nginx server configuration and it is correct.
I don't see where the problem is coming from.

- Installed WAPT version 1.7.4
- CentOS 7.7 server operating system

Thank you in advance for your help.
Sincerely,

Published: **September 22, 2020 - 7:40 PM**

Are you experiencing the same problem with version 1.8.2?

Regards.

Published: **September 22, 2020 - 8:15 PM**

It's a server installed with an enterprise version license that has expired and won't be renewed for the time being (we're in the middle of renewing/replacing our workstations, and the number of workstations in WAPT is higher than the actual number).
Therefore, I no longer have access to the repository to update it.

Published: **September 22, 2020 - 8:57 PM**

If you switched to the community plan because the number of PCs exceeded your number of purchased licenses, call the office; the adjustment will likely be minimal to get you back on track.

If you were on a trial plan, it's working as expected, and you'll need to seek answers from the community.

Published: **September 23, 2020 - 10:05 AM**

I think I've identified my problem.
My Active Directory on my first domain isn't delegating Kerberos tickets to my second domain.
This stems from a Microsoft update that disabled this by default.

Is there a way to switch from the Enterprise repository to the Community repository to perform the update without having to reinstall the server?

Tranquil IT Forum

Problem registering client machines

Problem registering client machines

Re: Problem registering client machines

Re: Problem registering client machines

Re: Problem registering client machines

Re: Problem registering client machines