Tranquil IT Forum

Hello,

We have been your customers for one year, and I have been using your product for five years. I wanted to update our platform, adhering to all the prerequisites, but I encountered significant problems.

I observed a change in the product's behavior in versions 2.3 and 2.4.

In fact, I tried updating our server, and it caused a major disruption across the entire network. Consequently, I set up a new server on Debian 12, and I am experiencing the same issue.
I will explain my problem to you.

We have a WAPT server (with two network cards) on two separate networks (PEDA and ADMIN) because we have two domains.

Previously, on the PEDA and ADMIN networks, when I installed the agent (we assigned the WAPT server's IP address to the corresponding network), it automatically registered the machine (peda or admin) with the server via HTTPS.
Since the update to version 2.3 or 2.4, only the PEDA machines register via HTTPS. The machine doesn't appear in the ADMIN console unless I use HTTP.

Could you please help me understand the difference since version 2.2?

I look forward to your reply.

Sincerely,

Hello,

what is your registration method? (Kerberos - without authentication)?

Is the WAPT server web interface accessible from both networks?

What is the output of the `wapt-get register` command on the workstations?

Simon

Hello,

First of all, thank you for your quick response. I'm replying late because we have a significant time difference.

My registration mode is "without authentication," chosen in the post-configuration
: -----------------------------------------------------------------------------------------------------------------------------
"WaptAgent Authentication type?

-------------------------------------------------------------------------------------------------------------------------------------
(*) 1 Allow unauthenticated registration, same behavior as wapt 1.3"


The web interface is accessible via both network IPs.

From the PEDA network on a workstation, the command "wapt-get register" gives the following result:
C:\Windows\System32>wapt-get register
Using config file: C:\Program Files (x86)\wapt\wapt-get.ini
Registering host against server: https://10.0.11.234
Host correctly registered against server https://10.0.11.234.

From the ADMIN network on a workstation, the command "wapt-get register" gives the following result:
C:\Windows\System32 >wapt-get register
Using config file: C:\Program Files (x86)\wapt\wapt-get.ini
Registering host against server: https://10.0.18.106
FATAL ERROR: EWaptExXception: Unable to register: waptserver https://10.0.18.106 not available

Seeing a problem, I performed a ping to demonstrate that the workstation has access to the server.

C:\Windows\System32>ping 10.0.18.106
Sending a Ping request to
10.0.18.106 with 32 bytes of data:
Reply from 10.0.18.106: bytes=32 time
Reply from 10.0.18. 106: bytes=32 time
Reply from 10.0.18.106: bytes=32 time=1 ms TTL=64
Reply from 10.0.18.106: bytes=32 time=3 ms TTL=64
Ping statistics for 10.0.18.106:
Packets: sent = 4, received = 4, lost = 0 (0% loss),
Approximate round-trip times in milliseconds:
Minimum = 0ms, Maximum = 3ms, Average = 0ms

Regards,

Hello again,

After investigating, I found the problem:

When I install the agent on a machine on the ADMIN network, I configure the IP address manually. Here is the "wapt-get.ini" file after installation:
[global]
repo_url=https://10.0.18.106/wapt
send_usage_report=1
use_hostpackages=1
wapt_server=https://10.0.18.106
max_gpo_script_wait=180
pre_shutdown_timeout=180
hiberboot_enabled=0

Notice that the "verify_cert" parameter is missing. Once I add it, everything works correctly.
By default, the parameter is set correctly.

Do you have an explanation for this issue?

Best regards,

lfimd wrote: ↑Nov 7, 2023 - 05:19 When I install the agent on a machine on the ADMIN network, I configure the IP manually.

Why configure it manually? I don't understand.
Normally, we leave what is suggested since that is what was included in the agent generation.

Because my agent is generated using the PEDA network. Therefore, if I want to change networks, I must manually change the IP address to switch to the ADMIN network

. Regards,

So verify_cert will disappear if the IP address is entered manually?

Yes, exactly. I don't have this problem in version 2.2.

I'm running a test and will get back to you to confirm the bug in version 2.4.

Hello,

were you able to observe the problem? Do you have a solution to fix it?

Regards,