Tranquil IT Forum

Hello.

I have a small WAPT Discovery installation (for about 20 workstations), currently at version 2.4.0.14143. I'm trying to upgrade to 2.6.0.17177 (I'm deploying the new server on a new machine). There are no particular problems with the server side (which I'm running as a Docker container on the Nomad orchestrator; I could share my Nomad job if anyone's interested).

Everything is also OK on my administration workstation, where I manually installed the console and agent using WAPTSetup. My workstation connects correctly to the server and appears online. I've built a new waptupgrade package to push version 2.6 to my workstations.

The problem is: all these workstations, still on version 2.4, can't connect to the server because they aren't yet authenticating with a certificate. All the URLs they're calling (/wapt/Packages, /wapt-host/XXXXX.wapt, /update_host, /get_websocket_auth_token) return a 401 error (except for /ping, which works). So, I don't understand how they're supposed to retrieve the latest version of the agent from the repository. I don't have a Group Policy Object (GPO) in place (I performed a manual initial installation on each machine, and the waptupgrade package has handled updates since then). I'm also not using Kerberos authentication.

The documentation isn't very clear on this point. It simply states that the update will occur within 2 hours and that, in the meantime, the agents appear disconnected. But how is this update supposed to happen if the agents don't have access to the server to retrieve it?

If I manually update the agent on one of the machines (either by running waptagent.exe or waptdeploy.exe), then everything works. The agent updates correctly and appears online in the console. It's really just the agent update step, via the waptupgrade package, that I'm having trouble understanding how it's supposed to work (and which, for me, doesn't seem to work)

Hi Dani,

the workstations should be able to authenticate to the server using their certificates. It's just that the WebSocket connection isn't working until the workstation has been upgraded. So, normally, the workstation should authenticate, retrieve the upgrade package, and install it (using a force install) within two hours. From that point on, the WebSocket connection should be working.

Before the migration, was your server/repo configured for HTTPS or HTTP? And after the migration? For certificate authentication to work correctly on Nginx, the connection must be HTTPS (using a recognized or self-signed certificate).

Regards,

Denis

It worked fine with HTTPS in version 2.4, and also in 2.6. But after well over two hours, the packages still hadn't upgraded. I ended up setting up a GPO with waptdeploy and manually updating the few non-domain machines. I don't know exactly why it didn't work (it's possible it's due to my configuration; I'm deviating slightly from the official documentation to run it on the Nomad orchestrator)

Hi Daniel,

thanks for the feedback. There's probably something in your container setup that's affecting the behavior. But GPOs are also a good option.

I'm marking this topic as resolved.

See you soon,

Denis