CMK version:
check-mk-free-2.1.0p18 OS version:
Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-58-generic x86_64) Error message:
See later Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)
sudo: cmk: command not found
Hello.
I am trying to register an agent installed on a Windows Server 2019.
As suggested in another post i read i checked:
-that port 8000 is open
-omd config show | grep AGENT_RECEIVER show port 8000
-openssl s_client -connect sheldon:8000 gives no errors
-saved and imported on Windows Server 2019 the certificate
but the registration always fails.
Below is the complete output from Windows Server 2019
C:\WINDOWS\system32>"C:\Program Files (x86)\checkmk\service\cmk-agent-ctl.exe" register --hostname sheldon --server 192.168.10.14 --site burana_modena --user automation --password
XXXXXXXXXXXX
Attempt to register on 192.168.10.14:8000/burana_modena. Server certificate details:
PEM-encoded certificate:
-----BEGIN CERTIFICATE-----
MIIC+jCCAeKgAwIBAgIUZB7+7++9hO79Ev7Jecr48K9IodMwDQYJKoZIhvcNAQEL
BQAwKDEmMCQGA1UEAwwdU2l0ZSAnYnVyYW5hX21vZGVuYScgbG9jYWwgQ0EwIBcN
MjMwMTA0MTEzNzM1WhgPMzAyMTA1MDcxMTM3MzVaMBgxFjAUBgNVBAMMDWJ1cmFu
YV9tb2RlbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcypk3BoPL
+r9sCaqdVQLhAiCuZ4CqE3I4BX/Jgzcrs5ks8RbzJCdGAhS2oRsGZJOECAwnQjk
D5hth09m5trubu5+Z3Jda/W3bIsrQAYoTq3ROZzNQd0UML34c5LjlDjhJasVBx7c
7TJIMxPV0TNYeeBID9esVVlpFYjTEdq5JVa3E8NIt2RVgiZyCg6RKyIdOLqcxld8
1Ob5c813ut88g9rnUsPKBdsw9ZK1KDzygn2QyZD4yyvXycg2lWTiWhymoAS/qbKm
7ZrsJi1t6iurtZZCQv2QKRAzW0flbn2/zdtBtO4rT6ZNlwukY9dyFVQ8wu5EQit+
ElRp/3ZRs45rAgMBAAGjKjAoMBgGA1UdEQQRMA+CDWJ1cmFuYV9tb2RlbmEwDAYD
VR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKJRUrCm9aCihoq+3cnvCa4Ll
iuzK8xg1/WvEUmlt2ydfMs5aMvw00Znx0XMu8YkQPzK+DFQ3mVVLKlWA/nC2ErzQ
GNzF/7FZxvBDp9I9+tVSwgCdAtdkUV8eL8l64g3ek1ZgPFOFcwWAUc6CGoLzADV
rjGm5KBrBYBdH2zux6ack+btb1S3pHLhvkyGe1YAPsIoU3zmXAEQusrnFgYd/doP
A2E2m16rlak+siIW5lT0ifpCxdh+vFA42qlvG6jb2vtYxCheieGrnN7UL2o0RULs
OOuldIijUq21UoHh/W4ykaDn26ROQvaa2PgFAVOgVXcUCKIjLro4j3QAeFsqZw==
-----END CERTIFICATE-----
Issued by:
'burana_modena' CA local site
Issued at:
burana_modena
Validity:
From Wed, 04 Jan 2023 11:37:35 +0000
To Mon, 07 May 3021 11:37:35 +0000
Do you want to establish this connection? [Y/n].
> Y
[2023-01-23 22:47:10.054597 +01:00] ERROR [cmk_agent_ctl] src\main.rs:29: Pairing error with 192.168.10.14:8000/burana_modena
Caused by:
Request failed with code 401 Unauthorised: You must be authenticated to use the REST API.
Hello.
Thank you both for your replies.
I used the user “automation” by spinning the dice to generate the password as indicated at Monitoring Windows - The new agent for Windows in detail .
My installation of checkmk at the user level is default, i have not created or customised any users other than changing the password of the “admin” user.
So unfortunately i can’t tell you if the ‘automation’ user has certain types of rights; for me it has the default settings. Where can I check?
Thank you for your reply.
As you can see from the attached photo, the user “automation” does not exist in the menu list you suggested. Is this normal? Do I have to create it? Is it not created by the installer?
Yes Robin i have noticed it now.
But if there are no permissions referring to the user can the user exist?
Anyway, i attach the screenshot of the users as well.
Thank you again for your interest.
Thank you Mike for your reply.
The ‘Administrator’ role of the user ‘automation’ was neither decided nor changed by me; i already found it that way. I assume it was the installation process.
Unfortunatly thats true. An automation user must have only absolute necessary rights.
We do not use 2.1 agent yet but in former agent updater you have to use a special option in case an automation user is used because this user is different. Can you check if instead --user there is maybe a special option for automation user?
The built-in automation user is primarily used for internal and local processes by Checkmk itself. Hence, the user has administrator level permissions. You can use that user for your automations, but of course you can also create automation users tailored to your needs.
That being said, I realize what you are getting at @mike1098, but that has nothing to do with this post in particular.
Hello. Thank you for your answers.
I apologise, but i was asking you to stay on topic.
so administrator level permissions are fine for the automation user?
i could not find a special option for automation user
if i use the cmkadmin user it returns the following output:
Caused by:
Request failed with code 404 Not Found: Host sheldon does not exist.
so i assume that the –hostname option of the register command does not refer to the hostname of the operating system but to the hostname of checkmk.
If this assumption is true, where do I find the checkmk hostname in case i have forgotten it?
Thanks again.
Nope. That option refers to the monitored host. You mistyped the name somehow, either locally or in Checkmk, or you are talking to the central site, instead of the remote site where the host is actually monitored.
OK. Sorry. I should now understand.
The --hostname option of the register command refers to the host to be registered.
Unfortunately, the problem remains:
C:\WINDOWS\system32>"C:\Program Files (x86)\checkmk\service\cmk-agent-ctl.exe" register --hostname s3mo-tape.consorzioburana.it --server 192.168.10.14 --site burana_modena --user automation --password XXXXXXX
Registration attempt at 192.168.10.14:8000/burana_modena. Server certificate details:
PEM-encoded certificate:
-----BEGIN CERTIFICATE-----
MIIC+jCCAeKgAwIBAgIUZB7+7++9hO79Ev7Jecr48K9IodMwDQYJKoZIhvcNAQEL
BQAwKDEmMCQGA1UEAwwdU2l0ZSAnYnVyYW5hX21vZGVuYScgbG9jYWwgQ0EwIBcN
MjMwMTA0MTEzNzM1WhgPMzAyMTA1MDcxMTM3MzVaMBgxFjAUBgNVBAMMDWJ1cmFu
YV9tb2RlbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcypk3BoPL
+r9sCaqdVQLhAiCuZ4CqE3I4BX/Jgzcrs5ks8RbzJCdGAhS2oRsGZJOECAwnQjk
D5hth09m5trubu5+Z3Jda/W3bIsrQAYoTq3ROZzNQd0UML34c5LjlDjhJasVBx7c
7TJIMxPV0TNYeeBID9esVVlpFYjTEdq5JVa3E8NIt2RVgiZyCg6RKyIdOLqcxld8
1Ob5c813ut88g9rnUsPKBdsw9ZK1KDzygn2QyZD4yyvXycg2lWTiWhymoAS/qbKm
7ZrsJi1t6iurtZZCQv2QKRAzW0flbn2/zdtBtO4rT6ZNlwukY9dyFVQ8wu5EQit+
ElRp/3ZRs45rAgMBAAGjKjAoMBgGA1UdEQQRMA+CDWJ1cmFuYV9tb2RlbmEwDAYD
VR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKJRUrCm9aCihoq+3cnvCa4Ll
iuzK8xg1/WvEUmlt2ydfMs5aMvw00Znx0XMu8YkQPzK+DFQ3mVVLKlWA/nC2ErzQ
GNzF/7FZxvBDp9I9+tVSwgCdAtdkUV8eL8l64g3ek1ZgPFOFcwWAUc6CGoLzADV
rjGm5KBrBYBdH2zux6ack+btb1S3pHLhvkyGe1YAPsIoU3zmXAEQusrnFgYd/doP
A2E2m16rlak+siIW5lT0ifpCxdh+vFA42qlvG6jb2vtYxCheieGrnN7UL2o0RULs
OOuldIijUq21UoHh/W4ykaDn26ROQvaa2PgFAVOgVXcUCKIjLro4j3QAeFsqZw==
-----END CERTIFICATE-----
Issued by:
'burana_modena' CA local site
Issued at:
burana_modena
Validity:
From Wed, 04 Jan 2023 11:37:35 +0000
To Mon, 07 May 3021 11:37:35 +0000
Do you want to establish this connection? [Y/n].
> Y
[2023-01-26 15:09:40.632661 +01:00] ERROR [cmk_agent_ctl] src\main.rs:29: Pairing error with 192.168.10.14:8000/burana_modena
Caused by:
Request failed with code 401 Unauthorised: You must be authenticated to use the REST API.
Happens the problem also if you use a normal user for registration?
If i remember it correctly the TLS registration cannot see if this is a real user or an automation user.
Hello.
I humbly apologise to everyone, i realised where the problem lay.
Unfortunately, in the Windows agent registration procedure, i did not pay attention to the CHECKMK web interface.
Basically after rolling the dice to generate a new password i did not click on the Save button (i attach screenshot),
so the password i generated and used to register the agent was not saved in CHECKMK and therefore the automation user was not authenticated.
In my defence, in the documentation there is no reference to the Save button but only to the dice roll as can be seen from Users, roles and permissions - User and authorization configuration
Let me be clear, i do not want to blame the documentation; i should have been more careful.
Anyway, i thank everyone for their suggestions and apologise if i have wasted your time.
Thanks again.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
