unable to deploy products from server to client

uncle_scrooge
Beiträge: 650
Registriert: 21 Feb 2012, 12:03
Wohnort: Mainz

Re: unable to deploy products from server to client

Beitrag von uncle_scrooge »

>>will I have issue knowing my server is not connected to domain , while my clients are connected?
Sorry, you adressed ngbr with this question, but as a rude guy that I am, I dare to answer.
If we're talking about a Windows domain, the answer is no. (Our production OPSI servers have never seen a Windows domain, and talk quite happily with their clients which are part of a domain.)
If we're talking about a DNS domain things get different. It might work. But chances are that you will see strange effects. Or short: a working DNS system is essential.

Any funny things in the event logs of your client during installation of the OPSI client?
In c:\opsi.org\log you should find opsi-client-agent.log. Any obvious errors?
(I have to admit that I didn't do an install with service_setup.cmd recently. Normally the agent gets installed during a bare metal installation or by pushing it from the OPSI server to an existing client. Will give it a try tomorrow (german time) and see what happens here.)
Benutzeravatar
ngbr
Ex-uib-Team
Beiträge: 130
Registriert: 27 Sep 2010, 11:41

Re: unable to deploy products from server to client

Beitrag von ngbr »

Hi,

@"uncle_scrooge" - thanks for answering - we're happy about passionate guys like you ! :)
btw - we recently created some stickers saying 'opsifiziert' (i.e. 'opsified') ; if you ever pass the uib headquarter in Mz feel free to pick up some ! :)

@"Zer0Dat1"

in general, opsi can work without DNS even, if you really want. Needs some tweking, but thats possible.
setting up the server itself, you need to make sure it knows itself with a fully qualified host+domainname.
the default when starting to deploy clients (no matter which way), will set up the client to connect to the IP of the server (if you address the client with fqdn for deployment, needs resolving of course). clients will connect to what they know as Host-Parameter 'clientconfig.configserver.url' - which is the Server's IP by default.
as the clients are initiating the connection in normal operation mode, no address of the client is needed at the server side. Only when pushing an event (e.g. on_demand), the server will initiate a connection (see http://download.uib.de/opsi4.0/doc/html ... ion-config , look for "4.4. Configure how the opsi-server" ) - either resolving the hostname first, or using the known ip address.
Lastly, there could be a potential issue regarding 'depotRemoteUrl' - I described this recently in viewtopic.php?f=8&t=9090 .

so - if configured according to your environment - no issues ! ;)

furthermore, uncle_scrooge is correct saying that no AD is needed at all..
---
hoping to help :)

if your problem was solved, pls mark this thread as 'SOLVED'. thank you .

-- no PN support --

Andre
Zer0dat1
Beiträge: 6
Registriert: 10 Apr 2017, 02:06

Re: unable to deploy products from server to client

Beitrag von Zer0dat1 »

Hi,

@uncle_scrooge\@ngbr , Below are the errors I noticed on opsi-client-agent log after the installation.

] [Apr 16 20:44:44:976] HTTP Header: Content-Encoding: deflate\r\nContent-Type: application/json\r\nContent-Length: 52\r\nHost: 192.168.4.31:4447\r\nAccept-Encoding: deflate, identity\r\nUser-Agent: opsi-script 4.11.6.6\r\nAuthorization: Basic YWRtaW51c2VyOm5lYzExbmVj\r\nCookie: OPSISID=PWWpKVCcQyMPtuRGy9PW7iYhvQR7KCp1\r\n
[6] [Apr 16 20:44:45:060] JSON Bench for getDepotId "params":["testvm-win.<dnsdomain>"],"id":1} Start: 20:44:44:976 Time: 00:00:00:084
[8] [Apr 16 20:44:45:060] JSON Call: {"method":"getDepotId","params":["testvm-win.<dnsdomain>"],"id":1} Time: 00:00:00:084
[3] [Apr 16 20:44:45:264] Error: retrieveJSONObject --- opsi service problem ----> {"message":"Bad object id: 'testvm-win.<dnsdomain>'","class":"ValueError"}
[3] [Apr 16 20:44:45:264] Received (first 512): {"id": 1, "result": null, "error": {"message": "Bad object id: 'testvm-win.<dnsdomain>'", "class": "ValueError"}}
[8] [Apr 16 20:44:45:265] Sessionid OPSISID=PWWpKVCcQyMPtuRGy9PW7iYhvQR7KCp1
[6] [Apr 16 20:44:45:265] JSON service request https://192.168.4.31:4447/rpc/rpc getProductProperties_hash
Zer0dat1
Beiträge: 6
Registriert: 10 Apr 2017, 02:06

Re: unable to deploy products from server to client

Beitrag von Zer0dat1 »

Hi,

I notice also that url is not set on below opsicliend.conf file , should it be taking the configserverurl which I inputted during the client agent setup via setup_service.cmd?

######## From C:\Program Files (x86)\opsi.org\opsi-client-agent\opsiclientd #####################

[config_service]
# Service url.
# http(s)://<opsi config server address>:<port>/rpc
url=<configserverurl>/rpc
uncle_scrooge
Beiträge: 650
Registriert: 21 Feb 2012, 12:03
Wohnort: Mainz

Re: unable to deploy products from server to client

Beitrag von uncle_scrooge »

Have the same error once in the log when I install the agent the way you do.
(Would be helpful to have the complete log. If you don't want (or are not allowed) to post it publicly, you may send it to asperagus2000 AT yahoo DOT de. If you trust me.....)

>>JSON service request https://192.168.4.31:4447/rpc/rpc getProductProperties_hash
Assuming that the address points to your OPSI server there is one /rpc to much. No idea where it comes from.

And yes, the [config_service] should look like this:
[config_service]
# Service url.
# http(s)://<opsi config server address>:<port>/rpc
url = https://<OPSI server IP address>:4447/rpc

And, there is still the question why your OPSI client doesn't listen on port 4441.
You mentioned locked down clients. Means what exactly? Disabled this and that by hand according to best practices? Special software? Antivrus with some kind of access protection?

And a shot into the dark: Do your clients run with asian locales? (Language, keyboard, local settings).

Thanks.
Benutzeravatar
n.wenselowski
Ex-uib-Team
Beiträge: 3194
Registriert: 04 Apr 2013, 12:15

Re: unable to deploy products from server to client

Beitrag von n.wenselowski »

Hi,

are there really things with pointed parantheses like <dnsdomain> and <OPSI server IP address> in your config or did you replace them?
Zer0dat1 hat geschrieben: [3] [Apr 16 20:44:45:264] Error: retrieveJSONObject --- opsi service problem ----> {"message":"Bad object id: 'testvm-win.<dnsdomain>'","class":"ValueError"}
[3] [Apr 16 20:44:45:264] Received (first 512): {"id": 1, "result": null, "error": {"message": "Bad object id: 'testvm-win.<dnsdomain>'", "class": "ValueError"}}
There seems to be an issue with the domain part and this could be the culprit.


Kind regards

Niko

Code: Alles auswählen

import OPSI
uncle_scrooge
Beiträge: 650
Registriert: 21 Feb 2012, 12:03
Wohnort: Mainz

Re: unable to deploy products from server to client

Beitrag von uncle_scrooge »

As mentioned above I get the same errors when installing by service_setup.cmd. But the agent runs fine after that.
Maybe the script is trying to retrieve information about the client before it is fully created. Didn't dig deeper into the script.

Main issue here is that his client machine doesn't listen on port 4441/TCP.
He talked about somewhat hardened machines. But questions on that matter are still unanswered.
(We have an AV soultion in place which is able to deny creation of TCP sockets. Maybe something similar is running. Checkpoint would be a candidate for doing funny but nasty things.)
Benutzeravatar
n.wenselowski
Ex-uib-Team
Beiträge: 3194
Registriert: 04 Apr 2013, 12:15

Re: unable to deploy products from server to client

Beitrag von n.wenselowski »

Hi,
uncle_scrooge hat geschrieben:Main issue here is that his client machine doesn't listen on port 4441/TCP.
He talked about somewhat hardened machines. But questions on that matter are still unanswered.
(We have an AV soultion in place which is able to deny creation of TCP sockets. Maybe something similar is running. Checkpoint would be a candidate for doing funny but nasty things.)
That snakeoil stuff often get's in our way. :evil:
With that in mind I can only recommend to try on a client without any of these restrictions and than enable them one after another to find out what exactly is responsible for blocking.


Kind regards

Niko

Code: Alles auswählen

import OPSI
Antworten