unable to deploy products from server to client
-
- Beiträge: 650
- Registriert: 21 Feb 2012, 12:03
- Wohnort: Mainz
Re: unable to deploy products from server to client
>>will I have issue knowing my server is not connected to domain , while my clients are connected?
Sorry, you adressed ngbr with this question, but as a rude guy that I am, I dare to answer.
If we're talking about a Windows domain, the answer is no. (Our production OPSI servers have never seen a Windows domain, and talk quite happily with their clients which are part of a domain.)
If we're talking about a DNS domain things get different. It might work. But chances are that you will see strange effects. Or short: a working DNS system is essential.
Any funny things in the event logs of your client during installation of the OPSI client?
In c:\opsi.org\log you should find opsi-client-agent.log. Any obvious errors?
(I have to admit that I didn't do an install with service_setup.cmd recently. Normally the agent gets installed during a bare metal installation or by pushing it from the OPSI server to an existing client. Will give it a try tomorrow (german time) and see what happens here.)
Sorry, you adressed ngbr with this question, but as a rude guy that I am, I dare to answer.
If we're talking about a Windows domain, the answer is no. (Our production OPSI servers have never seen a Windows domain, and talk quite happily with their clients which are part of a domain.)
If we're talking about a DNS domain things get different. It might work. But chances are that you will see strange effects. Or short: a working DNS system is essential.
Any funny things in the event logs of your client during installation of the OPSI client?
In c:\opsi.org\log you should find opsi-client-agent.log. Any obvious errors?
(I have to admit that I didn't do an install with service_setup.cmd recently. Normally the agent gets installed during a bare metal installation or by pushing it from the OPSI server to an existing client. Will give it a try tomorrow (german time) and see what happens here.)
Re: unable to deploy products from server to client
Hi,
@"uncle_scrooge" - thanks for answering - we're happy about passionate guys like you !
btw - we recently created some stickers saying 'opsifiziert' (i.e. 'opsified') ; if you ever pass the uib headquarter in Mz feel free to pick up some !
@"Zer0Dat1"
in general, opsi can work without DNS even, if you really want. Needs some tweking, but thats possible.
setting up the server itself, you need to make sure it knows itself with a fully qualified host+domainname.
the default when starting to deploy clients (no matter which way), will set up the client to connect to the IP of the server (if you address the client with fqdn for deployment, needs resolving of course). clients will connect to what they know as Host-Parameter 'clientconfig.configserver.url' - which is the Server's IP by default.
as the clients are initiating the connection in normal operation mode, no address of the client is needed at the server side. Only when pushing an event (e.g. on_demand), the server will initiate a connection (see http://download.uib.de/opsi4.0/doc/html ... ion-config , look for "4.4. Configure how the opsi-server" ) - either resolving the hostname first, or using the known ip address.
Lastly, there could be a potential issue regarding 'depotRemoteUrl' - I described this recently in viewtopic.php?f=8&t=9090 .
so - if configured according to your environment - no issues !
furthermore, uncle_scrooge is correct saying that no AD is needed at all..
@"uncle_scrooge" - thanks for answering - we're happy about passionate guys like you !
btw - we recently created some stickers saying 'opsifiziert' (i.e. 'opsified') ; if you ever pass the uib headquarter in Mz feel free to pick up some !
@"Zer0Dat1"
in general, opsi can work without DNS even, if you really want. Needs some tweking, but thats possible.
setting up the server itself, you need to make sure it knows itself with a fully qualified host+domainname.
the default when starting to deploy clients (no matter which way), will set up the client to connect to the IP of the server (if you address the client with fqdn for deployment, needs resolving of course). clients will connect to what they know as Host-Parameter 'clientconfig.configserver.url' - which is the Server's IP by default.
as the clients are initiating the connection in normal operation mode, no address of the client is needed at the server side. Only when pushing an event (e.g. on_demand), the server will initiate a connection (see http://download.uib.de/opsi4.0/doc/html ... ion-config , look for "4.4. Configure how the opsi-server" ) - either resolving the hostname first, or using the known ip address.
Lastly, there could be a potential issue regarding 'depotRemoteUrl' - I described this recently in viewtopic.php?f=8&t=9090 .
so - if configured according to your environment - no issues !
furthermore, uncle_scrooge is correct saying that no AD is needed at all..
---
hoping to help
if your problem was solved, pls mark this thread as 'SOLVED'. thank you .
-- no PN support --
Andre
hoping to help
if your problem was solved, pls mark this thread as 'SOLVED'. thank you .
-- no PN support --
Andre
Re: unable to deploy products from server to client
Hi,
@uncle_scrooge\@ngbr , Below are the errors I noticed on opsi-client-agent log after the installation.
] [Apr 16 20:44:44:976] HTTP Header: Content-Encoding: deflate\r\nContent-Type: application/json\r\nContent-Length: 52\r\nHost: 192.168.4.31:4447\r\nAccept-Encoding: deflate, identity\r\nUser-Agent: opsi-script 4.11.6.6\r\nAuthorization: Basic YWRtaW51c2VyOm5lYzExbmVj\r\nCookie: OPSISID=PWWpKVCcQyMPtuRGy9PW7iYhvQR7KCp1\r\n
[6] [Apr 16 20:44:45:060] JSON Bench for getDepotId "params":["testvm-win.<dnsdomain>"],"id":1} Start: 20:44:44:976 Time: 00:00:00:084
[8] [Apr 16 20:44:45:060] JSON Call: {"method":"getDepotId","params":["testvm-win.<dnsdomain>"],"id":1} Time: 00:00:00:084
[3] [Apr 16 20:44:45:264] Error: retrieveJSONObject --- opsi service problem ----> {"message":"Bad object id: 'testvm-win.<dnsdomain>'","class":"ValueError"}
[3] [Apr 16 20:44:45:264] Received (first 512): {"id": 1, "result": null, "error": {"message": "Bad object id: 'testvm-win.<dnsdomain>'", "class": "ValueError"}}
[8] [Apr 16 20:44:45:265] Sessionid OPSISID=PWWpKVCcQyMPtuRGy9PW7iYhvQR7KCp1
[6] [Apr 16 20:44:45:265] JSON service request https://192.168.4.31:4447/rpc/rpc getProductProperties_hash
@uncle_scrooge\@ngbr , Below are the errors I noticed on opsi-client-agent log after the installation.
] [Apr 16 20:44:44:976] HTTP Header: Content-Encoding: deflate\r\nContent-Type: application/json\r\nContent-Length: 52\r\nHost: 192.168.4.31:4447\r\nAccept-Encoding: deflate, identity\r\nUser-Agent: opsi-script 4.11.6.6\r\nAuthorization: Basic YWRtaW51c2VyOm5lYzExbmVj\r\nCookie: OPSISID=PWWpKVCcQyMPtuRGy9PW7iYhvQR7KCp1\r\n
[6] [Apr 16 20:44:45:060] JSON Bench for getDepotId "params":["testvm-win.<dnsdomain>"],"id":1} Start: 20:44:44:976 Time: 00:00:00:084
[8] [Apr 16 20:44:45:060] JSON Call: {"method":"getDepotId","params":["testvm-win.<dnsdomain>"],"id":1} Time: 00:00:00:084
[3] [Apr 16 20:44:45:264] Error: retrieveJSONObject --- opsi service problem ----> {"message":"Bad object id: 'testvm-win.<dnsdomain>'","class":"ValueError"}
[3] [Apr 16 20:44:45:264] Received (first 512): {"id": 1, "result": null, "error": {"message": "Bad object id: 'testvm-win.<dnsdomain>'", "class": "ValueError"}}
[8] [Apr 16 20:44:45:265] Sessionid OPSISID=PWWpKVCcQyMPtuRGy9PW7iYhvQR7KCp1
[6] [Apr 16 20:44:45:265] JSON service request https://192.168.4.31:4447/rpc/rpc getProductProperties_hash
Re: unable to deploy products from server to client
Hi,
I notice also that url is not set on below opsicliend.conf file , should it be taking the configserverurl which I inputted during the client agent setup via setup_service.cmd?
######## From C:\Program Files (x86)\opsi.org\opsi-client-agent\opsiclientd #####################
[config_service]
# Service url.
# http(s)://<opsi config server address>:<port>/rpc
url=<configserverurl>/rpc
I notice also that url is not set on below opsicliend.conf file , should it be taking the configserverurl which I inputted during the client agent setup via setup_service.cmd?
######## From C:\Program Files (x86)\opsi.org\opsi-client-agent\opsiclientd #####################
[config_service]
# Service url.
# http(s)://<opsi config server address>:<port>/rpc
url=<configserverurl>/rpc
-
- Beiträge: 650
- Registriert: 21 Feb 2012, 12:03
- Wohnort: Mainz
Re: unable to deploy products from server to client
Have the same error once in the log when I install the agent the way you do.
(Would be helpful to have the complete log. If you don't want (or are not allowed) to post it publicly, you may send it to asperagus2000 AT yahoo DOT de. If you trust me.....)
>>JSON service request https://192.168.4.31:4447/rpc/rpc getProductProperties_hash
Assuming that the address points to your OPSI server there is one /rpc to much. No idea where it comes from.
And yes, the [config_service] should look like this:
[config_service]
# Service url.
# http(s)://<opsi config server address>:<port>/rpc
url = https://<OPSI server IP address>:4447/rpc
And, there is still the question why your OPSI client doesn't listen on port 4441.
You mentioned locked down clients. Means what exactly? Disabled this and that by hand according to best practices? Special software? Antivrus with some kind of access protection?
And a shot into the dark: Do your clients run with asian locales? (Language, keyboard, local settings).
Thanks.
(Would be helpful to have the complete log. If you don't want (or are not allowed) to post it publicly, you may send it to asperagus2000 AT yahoo DOT de. If you trust me.....)
>>JSON service request https://192.168.4.31:4447/rpc/rpc getProductProperties_hash
Assuming that the address points to your OPSI server there is one /rpc to much. No idea where it comes from.
And yes, the [config_service] should look like this:
[config_service]
# Service url.
# http(s)://<opsi config server address>:<port>/rpc
url = https://<OPSI server IP address>:4447/rpc
And, there is still the question why your OPSI client doesn't listen on port 4441.
You mentioned locked down clients. Means what exactly? Disabled this and that by hand according to best practices? Special software? Antivrus with some kind of access protection?
And a shot into the dark: Do your clients run with asian locales? (Language, keyboard, local settings).
Thanks.
- n.wenselowski
- Ex-uib-Team
- Beiträge: 3194
- Registriert: 04 Apr 2013, 12:15
Re: unable to deploy products from server to client
Hi,
are there really things with pointed parantheses like <dnsdomain> and <OPSI server IP address> in your config or did you replace them?
Kind regards
Niko
are there really things with pointed parantheses like <dnsdomain> and <OPSI server IP address> in your config or did you replace them?
There seems to be an issue with the domain part and this could be the culprit.Zer0dat1 hat geschrieben: [3] [Apr 16 20:44:45:264] Error: retrieveJSONObject --- opsi service problem ----> {"message":"Bad object id: 'testvm-win.<dnsdomain>'","class":"ValueError"}
[3] [Apr 16 20:44:45:264] Received (first 512): {"id": 1, "result": null, "error": {"message": "Bad object id: 'testvm-win.<dnsdomain>'", "class": "ValueError"}}
Kind regards
Niko
Code: Alles auswählen
import OPSI
-
- Beiträge: 650
- Registriert: 21 Feb 2012, 12:03
- Wohnort: Mainz
Re: unable to deploy products from server to client
As mentioned above I get the same errors when installing by service_setup.cmd. But the agent runs fine after that.
Maybe the script is trying to retrieve information about the client before it is fully created. Didn't dig deeper into the script.
Main issue here is that his client machine doesn't listen on port 4441/TCP.
He talked about somewhat hardened machines. But questions on that matter are still unanswered.
(We have an AV soultion in place which is able to deny creation of TCP sockets. Maybe something similar is running. Checkpoint would be a candidate for doing funny but nasty things.)
Maybe the script is trying to retrieve information about the client before it is fully created. Didn't dig deeper into the script.
Main issue here is that his client machine doesn't listen on port 4441/TCP.
He talked about somewhat hardened machines. But questions on that matter are still unanswered.
(We have an AV soultion in place which is able to deny creation of TCP sockets. Maybe something similar is running. Checkpoint would be a candidate for doing funny but nasty things.)
- n.wenselowski
- Ex-uib-Team
- Beiträge: 3194
- Registriert: 04 Apr 2013, 12:15
Re: unable to deploy products from server to client
Hi,
With that in mind I can only recommend to try on a client without any of these restrictions and than enable them one after another to find out what exactly is responsible for blocking.
Kind regards
Niko
That snakeoil stuff often get's in our way.uncle_scrooge hat geschrieben:Main issue here is that his client machine doesn't listen on port 4441/TCP.
He talked about somewhat hardened machines. But questions on that matter are still unanswered.
(We have an AV soultion in place which is able to deny creation of TCP sockets. Maybe something similar is running. Checkpoint would be a candidate for doing funny but nasty things.)
With that in mind I can only recommend to try on a client without any of these restrictions and than enable them one after another to find out what exactly is responsible for blocking.
Kind regards
Niko
Code: Alles auswählen
import OPSI