Page 1 of 2
[SOLVED] SELF-SERVICE: An operation have Failed
Published: September 25, 2024 - 3:08 PM
by skoizer
Good morning,
We migrated from wapt 2.2 to 2.5.5
The agents on Windows have also migrated.
We have switched to HTTPS with server certificate verification (agent configuration below)
if a user or admin tries to install a package using self-service
We have a window with this error message
Code: Select all
Avertissement
"An operation has failed do you want to force the installation/removed
Operation:Installation de Toto-naps2 (tâche #60)
my agent's conference
Code: Select all
[global]
use_hostpackages=1
repo_url=https://srvwapt.local.lan/wapt
wapt_server=https://srvwapt.local.lan
verify_cert=C:\Program Files (x86)\wapt\ssl\server\srvwapt.local.lan.crt
use_repo_rules=1
use_ad_groups=1
allow_remote_reboot=1
allow_remote_shutdown=1
waptservice_admin_filter=True
limit_bandwidth=500
use_kerberos=1
max_gpo_script_wait=180
pre_shutdown_timeout=180
hiberboot_enabled=0
include_dmi_inventory=1
include_wmi_inventory=1
maturities=PROD,PREPROD,DEV
Re: [SELF-SERVICE] An operation have Failed
Published: September 25, 2024 - 3:38 PM
by skoizer
in the logs
Code: Select all
C:\Program Files (x86)\wapt\log\waptservice.log
Code: Select all
Erreur lors de l'installation de ['toto-naps2']: erreurs dans les paquets [[('https://srvwapt.toto.lan/wapt/toto-naps2_7.5.1-1_x64_windows_PROD_747ca02d392427964812ed7c806d0817.wapt', 'Could not find a suitable TLS CA certificate bundle, invalid path: C:\\Program Files (x86)\\wapt\\ssl\\server\\srvwapt.local.lan.crt'), None], [PackageRequest(package='toto-naps2',architectures=['x64'],locales=['fr'],maturities=['PROD', 'PREPROD', 'DEV'],tags=['windows-10', 'win-10', 'w-10', 'windows10', 'win10', 'w10', 'windows', 'win', 'w'],min_os_version=Version('10.0.22631'),max_os_version=Version('10.0.22631')), PackageEntry('toto-naps2','7.5.1-1' architecture='x64',maturity='PROD',target_os='windows'), 'Traceback (most recent call last):\n File "C:\\Program Files (x86)\\wapt\\common.py", line 5347, in install\n raise EWaptDownloadError(\'Package file %s not downloaded properly.\' % p.filename)\nwaptpackage.EWaptDownloadError: Package file toto-naps2_7.5.1-1_x64_windows_PROD_747ca02d392427964812ed7c806d0817.wapt not downloaded properly.\n']]
Re: [SELF-SERVICE] An operation have Failed
Published: September 25, 2024 - 3:58 PM
by sfonteneau
Good morning
The HTTPS connection check is not working
The following file has apparently been deleted?
Code: Select all
C:\Program Files (x86)\wapt\ssl\server\srvwapt.local.lan.crt
Re: [SELF-SERVICE] An operation have Failed
Published: September 25, 2024 - 4:42 PM
by skoizer
No, the certificate does exist on the PCs at "C:\Program Files (x86)\wapt\ssl\server'
Re: [SELF-SERVICE] An operation have Failed
Published: September 25, 2024 - 5:23 PM
by sfonteneau
Strange, you can type this command on the machine?
Code: Select all
type "C:\Program Files (x86)\wapt\\ssl\server\srvwapt.local.lan.crt"
To be certain
The Wapt service clearly indicates:
Code: Select all
Could not find a suitable TLS CA certificate bundle, invalid path: C:\\Program Files (x86)\\wapt\\ssl\\server\\srvwapt.local.lan.crt'
Re: [SELF-SERVICE] An operation have Failed
Published: September 25, 2024 - 5:40 PM
by skoizer
if I try this
type "C:\Program Files (x86)\wapt\ssl\server\srvwapt.local.lan.crt"
I can see the file data displayed correctly.
in the logs
C:\Program Files (x86)\wapt\log\waptservice.log
2024-09-25 17:37:40,928 [wapttasks SocketIOClient 8764] INFO Creating socketio client:
https://srvwapt.local.lan:443 client auth cert: ('C:\\Program Files (x86)\wapt\private\4c4c4544-0058-3810-8032-b2c04f523434.crt', 'C:\Program Files (x86)\wapt\private\4c4c4544-0058-3810-8032-b2c04f523434.pem') proxies: None verify_cert: C:\Program Files (x86)\wapt\ssl\server\srvwapt.local.lan.crt
2024-09-25 17:37:40,928 [wapttasks SocketIOClient 8764] INFO Connecting Socketio to
https://srvwapt.local.lan:443
2024-09-25 17:37:40,943 [waptws SocketIOClient 8764] WARNING Exception ConnectionError('Connection error'), waiting 60s before retrying
Re: [SELF-SERVICE] An operation have Failed
Published: September 25, 2024 - 5:41 PM
by skoizer
I just noticed a problem if I connect to the server via the web interface
https://srvwapt.local.lan
I forgot the P in wapt...
I have an error on the self-signed certificate of the WAPT web server; it has two common names
Common name: srvwapt.local.lan
Common name: srvwat.local.lan
The one copied onto the PCs has the same error
DNS name=srvwapt.local.lan
IP address=xxx73
DNS name=srvwat.local.lan
This is the self-signed nginx certificate from when we created the WAPT server
I found the information about the nginx configuration here: /etc/nginx/sites-enabled/wapt.conf
The certificate and key are located here: /opt/wapt/waptserver/ssl/
I don't understand why I have a different certificate in the WAPT server configuration file
found here: /opt/wapt/conf/waptserver.ini
Code: Select all
clients_signing_key = /opt/wapt/conf/ca-s09wapt-srv.local.lan.fr.pem
clients_signing_certificate = /opt/wapt/conf/ca-s09wapt-srv.local.lan.crt
clients_signing_crl = /var/www/ssl/ca-s09wapt-srv.local.lan.crl
clients_signing_crl_url = http://s09wapt-srv.local.lan/wapt/ssl/ca-s09wapt-srv.local.lan.fr.crl
Re: [SELF-SERVICE] An operation have Failed
Published: September 25, 2024 - 6:35 PM
by skoizer
Short
I signed the certificates with my supervisor and uploaded them to nginx
Restart nginx and it works, I can see the correct certificate on the HTTPS
I retrieved cert.pem and put it here "C:\Program Files (x86)\wapt\ssl\server\srvwapt.local.lan.crt"
same with verify_cert=1
I keep getting errors on the wapt client "C:\Program Files (x86)\wapt\log"
2024-09-25 18:32:49,201 [waptws SocketIOClient 23868] WARNING Exception ConnectionError('Connection error'), waiting 60s before retrying
2024-09-25 18:33:18,261 [waptcore WaptTaskManager 10532] WARNING Unable to update server status : 400 Client Error: Bad Request for url:
https://srvwapt.local.lan/update_host
2024-09-25 18:33:18,261 [wapttasks WaptTaskManager 10532] WARNING Host on the server is not known or not known under this FQDN name (known as None). Trying to register the computer...
2024-09-25 18:33:19,708 [wapttasks WaptTaskManager 10532] WARNING Unable to update server status: GSSAPIProxy requires the Python gssapi library: No module named 'gssapi'
2024-09-25 18:33:19,709 [wapttasks WaptTaskManager 10532] INFO Unable to update server status: No response
2024-09-25 18:33:49,217 [wapttasks SocketIOClient 23868] INFO Socketio connection params have changed. Socketio needs reconnect
2024-09-25 18:33:49,217 [wapttasks SocketIOClient 23868] INFO Creating socketio client:
https://srvwapt.local.lan:443 client auth cert: ('C:\\Program Files (x86)\wapt\private\4c4c4544-0058-3810-8032-b2c04f523434.crt', 'C:\Program Files (x86)\wapt\private\4c4c4544-0058-3810-8032-b2c04f523434.pem') proxies: None verify_cert: C:\Program Files (x86)\wapt\ssl\server\srvwapt.local.lan.crt
2024-09-25 18:33:49,218 [wapttasks SocketIOClient 23868] INFO Connecting Socketio to
https://srvwapt.local.lan:443
2024-09-25 18:33:49,235 [waptws SocketIOClient 23868] WARNING Exception ConnectionError('Connection error'), waiting 60s before retrying
log nginx for a PC
10.9.3.3 CN=4c4c4544-0058-3810-8032-b2c04f523434 FAILED: self signed certificate - [25/Sep/2024:19:51:48 +0200] "GET /licences.json HTTP/1.1" 400 208 "-" "wapt/2.5.5"
10.9.3.3 - NONE - [25/Sep/2024:19:51:48 +0200] "GET /licences.json HTTP/1.1" 401 17 "-" "wapt/2.5.5"
10.9.3.3 - NONE - [25/Sep/2024:19:51:48 +0200] "GET /licences.json HTTP/1.1" 401 17 "-" "wapt/2.5.5"
Enterprise license type 1500
Re: [SELF-SERVICE] An operation have Failed
Published: September 25, 2024 - 8:52 PM
by sfonteneau
I see from your presentation that you have
In your case, the Kerberos configuration does not appear to be functional
You can follow:
https://www.wapt.fr/fr/doc-2.3/wapt-sec ... e-kerberos
Re: [SELF-SERVICE] An operation have Failed
Published: September 26, 2024 - 09:45
by skoizer
Good morning,
Thanks for your reply.
Yes, I have enabled Kerberos
But since we use a DNS alias for everything and the server is registered with a different name, it doesn't work.
I removed the Kerberos option
/opt/wapt/conf/waptserver.ini
[options]
secret_key = AEi2u6TD7XTGwlyDdrjkCwYtvCGk6zJ3ER4gjfyZ6rZoMxdJQtRvXgUMEwLlvibT
server_uuid = 29600a76-e04e-11ed-b4e3-005056bcfc82
wapt_huey_db = /opt/wapt/db/waptservertasks.sqlite
wapt_password = $pbkdf2-sha256$29000$3rv3HgNgTMmZM8bYO2eM8Q$sZoG5FmdqcXxhKIM6i.GBVAR7neQisG9JvIPLuiY0Ao
waptwua_folder = /var/www/waptwua
allow_unauthenticated_registration = True
allow_unauthenticated_connect = True
clients_signing_key = /opt/wapt/conf/ca-s09wapt-srv.local.lan.pem
clients_signing_certificate = /opt/wapt/conf/ca-s09wapt-srv.local.lan.crt
wapt_admin_group = WAPT_ADMIN
ldap_auth_server = mondc.local.lan.fr
ldap_auth_base_dn = DC=local,DC=lan
ldap_auth_ssl_enabled = False
token_secret_key = uSFS1mfW8l8wzJghdpMiKusI4qXVKhGUDuD6V9qkKvgr8DJqCW7CB1Vsyq3wkO7J
use_kerberos = False
clients_signing_crl = /var/www/ssl/ca-s09wapt-srv.local.lan.crl
clients_signing_crl_url =
http://srvwapt.local.lan/wapt/ssl/ca-s0 ... al.lan.crl
ssl_additional_crls = /var/www/ssl
wads_enable = False
waptwua_enable = False
systemctl restart wapt*
I always make mistakes
10.9.3.16 CN=4c4c4544-0058-3810-8032-b2c04f523434 FAILED:self signed certificate - [26/Sep/2024:09:44:35 +0200] "GET /wapt-host/4c4c4544-0058-3810-8032-b2c04f523434.wapt HTTP/1.1" 400 208 "-" "wapt/2.5.5"
10.9.3.16 CN=4c4c4544-0058-3810-8032-b2c04f523434 FAILED:self signed certificate - [26/Sep/2024:09:44:36 +0200] "GET /licences.json HTTP/1.1" 400 208 "-" "wapt/2.5.5"
10.9.3.16 - NONE - [26/Sep/2024:09:44:36 +0200] "GET /licences.json HTTP/1.1" 401 17 "-" "wapt/2.5.5"
10.9.3.16 - NONE - [26/Sep/2024:09:44:36 +0200] "GET /licences.json HTTP/1.1" 401 17 "-" "wapt/2.5.5"
On the console, I see the PC 10.9.3.16 connected
but it's duplicated in this one... which isn't good
UUID 4C4C4544-0058-3810-8032-B2C04F523434
UUID of the new PC: 4c4c4544-0058-3810-8032-b2c04f523434