Hello,
I'm currently testing WAPT Discovery.
I've configured Kerberos authentication and deployed the agent via GPO on an on-premises Active Directory (Windows PC).
The agent deploys correctly and is accessible on the machine via the address 127.0.0.1:8088.
While browsing the forum, I tried using the command: `wapt-get register -l debug` as an administrator on the Windows console
. Among other things, I get this response:
WARNING: Kerberos can not be enabled, "register" must be launched under system account to use Kerberos machine account auth. Use --service switch or "psexec -s wapt-get register". Registering host against server: https://wapt.mydomain.local.
Then it waits for an account to register:
Please get login for add_host:
when I connect to http://127.0.0.1:8088/register.json?notify_user=1. The PC appears correctly on the console.
Perhaps I missed a step during the Kerberos setup, but I followed the wiki meticulously.
Can you help me?
Sincerely
[RESOLVED] Agents not automatically returning to the console #Kerberos
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
Emmanuel64
- Messages: 46
- Registration: February 23, 2024 - 09:37
WAPT Enterprise
Version 2.6.1.17576
Version 2.6.1.17576
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Emmanuel,
the Kerberos register uses the machine account, so it must be run as the SYSTEM account (as indicated in the error message).
When the service starts, it will register, so if everything is configured correctly, the machine will appear in the console. You can verify in the "Registration Method" column that it is indeed set to Kerberos.
Regards,
Denis
the Kerberos register uses the machine account, so it must be run as the SYSTEM account (as indicated in the error message).
When the service starts, it will register, so if everything is configured correctly, the machine will appear in the console. You can verify in the "Registration Method" column that it is indeed set to Kerberos.
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
-
Emmanuel64
- Messages: 46
- Registration: February 23, 2024 - 09:37
Hello,
thank you for your quick reply.
Indeed, on another computer, after restarting it, it reappeared in the console.
A small piece of information that seems logical, but which must have been my mistake: as stated in the documentation, the default CN is CN=Computers. If I understand correctly, the CN to save is the one where the computers are located (for me, they are in a different OU).
Have a good day.
thank you for your quick reply.
Indeed, on another computer, after restarting it, it reappeared in the console.
A small piece of information that seems logical, but which must have been my mistake: as stated in the documentation, the default CN is CN=Computers. If I understand correctly, the CN to save is the one where the computers are located (for me, they are in a different OU).
Have a good day.
WAPT Enterprise
Version 2.6.1.17576
Version 2.6.1.17576
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi Emmanuel,
the OU isn't calculated by the server but is retrieved by the agent (as inventory data). The agent retrieves the OU through the GPO engine (which itself needs to retrieve the correct OU to know which GPOs to apply). If the correct OU isn't retrieved (after the next inventory), it means there's a GPO issue on the machine, or a problem with the data retrieval.
Please open a new topic for a new issue.
Denis
the OU isn't calculated by the server but is retrieved by the agent (as inventory data). The agent retrieves the OU through the GPO engine (which itself needs to retrieve the correct OU to know which GPOs to apply). If the correct OU isn't retrieved (after the next inventory), it means there's a GPO issue on the machine, or a problem with the data retrieval.
Please open a new topic for a new issue.
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
