Tranquil IT Forum

Good morning,

We are currently testing version 1.5 Community of WAPT, but before the final release we would like some feedback from beta testers.

This BETA version targets installations "fresh"/from zero, You must not test this version on an existing WAPT server, nor on a production network.

Indeed, in the case of a migration from 1.3 to 1.5, there are many steps to take:

• outbuildings to install
• generating a code-signing certificate
• password protection for the private key
• re-signing of existing packages
• MongoDB database migration
• Apache to Nginx migration
• modified agent-server operating mode (WebSockets)

Documentation currently being drafted: https://www.wapt.fr/fr/doc-1.5/

Supported testing platform: Debian Stretch x64

Test platform (Debian) installation procedure:
When running the postconfiguration (/opt/wapt/waptserver/scripts/postconf.py), choose the default options.

The console/agent installation procedure remains the same as in previous versions (certificate generation/agent creation).

The WAPT Server Windows and CentOS BETA versions will arrive at the end of the week (wish us luck!)

Good luck with the tests and give us your feedback!

Alexander

An apt-get update is missing after adding the repository

Hi,
I installed the server and the wapt console.
But as soon as I try to launch it, I get this error:
"A reference was returned by the server,"

and in the waptservice.log I have:
Error in socket io connection ConnectionError(unexpected status code (401 Unauthorized)).

Have I missed something?

Hello Guigeek

For the console access problem, check with the folder owner

If necessary, rerun the post-configuration script Alexander

Regarding the "a reference was returned by the server" error,

I believe the ValidateAdminCodeSignatures component of Windows is the culprit:

https://technet.microsoft.com/en-us/lib ... vateSigned.


As Microsoft explains:

The User Account Control: Only elevate executables that are signed and validated policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.


In my opinion, your Windows system is unable to verify that the signature of "waptconsole.exe" is correct.

Does your machine have internet access?

A quick workaround that sometimes works is to right-click on waptconsole.exe --> Properties --> Compatibility --> "Run this program as an administrator".

Hello,

is Apache still supported or is nginx now required?

Nginx required, yes

"No" is the correct answer.

Now, to add some nuance/explanation:

WAPT 1.5 now uses WebSockets to send actions to client machines (in version 1.3, the WAPT agent keeps port 8088 open to allow the server to make callbacks).

Apache has a wstunnel module for reverse proxying WebSocket connections [2], however, its threading/processing model is less well-suited compared to nginx for maintaining many persistent connections [3].

For a bit of background, the initial development of WebSockets under WAPT was done with an Apache server, but we encountered long-pooling fallback issues in certain scenarios, which significantly increased the server load when there were many simultaneous connections (the goal is to support at least several thousand workstations, and therefore WebSocket connections, per WAPT server instance).

Basically, if you want to use Apache (or IIS), there's no reason you shouldn't be able to, but it's not that simple; there are still many details to consider, and it won't necessarily work as well as you'd like.

Denis

[1] https://en.wikipedia.org/wiki/WebSocket
[2] https://httpd.apache.org/docs/2.4/mod/m ... unnel.html
[3] https://www.nginx.com/blog/nginx-vs-apache-our-view/

Thank you for the explanation!

Hello,

could we have some updates on the implementation of the CentOS repository for this beta?

Thank you.