Windows Osquery Enrollment #87
Description
Attempting to enroll windows devices in Zentral. I used the Linux script as a basis. I create the tls.server.crt file based on this file and I also built a txt file with the enrollment secret in it. I then created the following osquery.flags file:
--tls_hostname=zentral-server.DOMAIN.com
--tls_server_certs=C:\ProgramData\osquery\tls_server_certs.crt
--enroll_secret_path=C:\ProgramData\osquery\enroll_secret.key
--enroll_tls_endpoint=/osquery/enroll
--host_identifier=hostname
--config_plugin=tls
--config_tls_endpoint=/osquery/config
--config_tls_refresh=120
--config_tls_max_attempts=3
--config_accelerated_refresh=60
--enroll_tls_endpoint=/enroll
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=60
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/osquery/distributed/read
--distributed_tls_write_endpoint=/osquery/distributed/write
--logger_plugin=tls
--logger_tls_endpoint=/osquery/log
--logger_tls_period=60
--disable_audit=false
--audit_allow_config=true
--audit_persist=true
--disable_carver=true
--config_refresh=60
--buffered_log_max=500000
I then ran this to test enrollment: C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile C:\ProgramData\osquery\osquery.flags --verbose and i get following:
TLSEnrollPlugin requesting a node enroll key from: https://zentral-server.DOMAIN.com/enroll I0807 16:55:25.554425 6512 tls.cpp:240] TLS/HTTPS POST request to URI: https://zentral-server.DOMAIN.com/enroll W0807 16:55:26.101603 6512 tls_enroll.cpp:67] Failed enrollment request to https://zentral-server.DOMAIN.com/enroll (Cannot parse JSON: Invalid value. Offset: 0) retrying... I0807 16:55:28.179082 6512 tls.cpp:240] TLS/HTTPS POST request to URI: https://zentral-server.DOMAIN.com/enroll W0807 16:55:28.194224 6512 tls_enroll.cpp:67] Failed enrollment request to https://zentral-server.DOMAIN.com/enroll (Cannot parse JSON: Invalid value. Offset: 0) retrying...
Not sure if I am missing something or if this is something on the server i need to edit?