Windows agent - unable to start agent (check config)
3,381 views
Skip to first unread message
Krzysztof Zaklikiewicz
Mar 29, 2016, 4:11:19 PM3/29/16
to ossec-list
Hello
I can't start ossec agent for Windows 7 Pro - agent displays error unable to start agent (check config). My Windows is Polish, I added group Administrators and nothing changed. Please help.
Best regards
Krzysztof Zaklikiewicz
I can't start ossec agent for Windows 7 Pro - agent displays error unable to start agent (check config). My Windows is Polish, I added group Administrators and nothing changed. Please help.
Best regards
Krzysztof Zaklikiewicz
Jose Luis Ruiz
Mar 29, 2016, 4:13:58 PM3/29/16
to ossec...@googlegroups.com
Hi Krzysztof
are you compiling your own windows agent from sources? or you are downloading from any web?
————————
Jose Luis Ruiz
Wazuh Inc.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Krzysztof Zaklikiewicz
Mar 29, 2016, 4:21:49 PM3/29/16
to ossec-list
Hi
I downloaded from http://ossec.wazuh.com/windows/
I downloaded from http://ossec.wazuh.com/windows/
In addition, I had to manually add the IP address of the server to ossec.conf <client> <server-ip> 192.168.17.14 </ server-ip> </ client>
Logs of ossec.log
2016/03/29 21:36:22 ossec-agent: INFO: Service does not exist (OssecSvc) nothing to remove.
2016/03/29 21:36:22 ossec-agent: INFO: Successfully added to the service database.
2016/03/29 21:36:23 setup-windows: INFO: System is Vista or newer (Microsoft Windows 7 Business Edition Professional Service Pack 1 (Build 7601) - OSSEC HIDS v2.8.3).
2016/03/29 22:08:48 ossec-agent: Using notify time: 600 and max time to reconnect: 1800
2016/03/29 22:08:48 ossec-agent(1402): ERROR: Authentication key file 'client.keys' not found.
2016/03/29 22:08:48 ossec-agent(1750): ERROR: No remote connection configured. Exiting.
2016/03/29 22:08:48 ossec-agent: INFO: Received exit signal.
Logs of ossec.log
2016/03/29 21:36:22 ossec-agent: INFO: Service does not exist (OssecSvc) nothing to remove.
2016/03/29 21:36:22 ossec-agent: INFO: Successfully added to the service database.
2016/03/29 21:36:23 setup-windows: INFO: System is Vista or newer (Microsoft Windows 7 Business Edition Professional Service Pack 1 (Build 7601) - OSSEC HIDS v2.8.3).
2016/03/29 22:08:48 ossec-agent: Using notify time: 600 and max time to reconnect: 1800
2016/03/29 22:08:48 ossec-agent(1402): ERROR: Authentication key file 'client.keys' not found.
2016/03/29 22:08:48 ossec-agent(1750): ERROR: No remote connection configured. Exiting.
2016/03/29 22:08:48 ossec-agent: INFO: Received exit signal.
Pedro Sanchez
Mar 29, 2016, 4:38:15 PM3/29/16
to ossec...@googlegroups.com
Did you use the UI (win32ui.exe) to add the key? You need to import the key extracted from Manager. Open it as Administrator, paste the key on "Authentication key" and click on "Save" button.
The log is telling us that you didn't add the key, so the file client.keys is not created.
Jose Luis Ruiz
Mar 29, 2016, 4:39:42 PM3/29/16
to ossec...@googlegroups.com
Try to add and admin user to this new Administrator group and reinstall Ossec
-----------------------
Victor Fernandez
Mar 29, 2016, 4:51:25 PM3/29/16
to ossec-list
Hi.
Have you added the original administrator and your own account to the "Administrators" group?
I followed your steps, added my user account to "Administrators", closed and reopened my session, and it did work.
Regards.
Krzysztof Zaklikiewicz
Mar 30, 2016, 4:28:01 AM3/30/16
to ossec-list
Hi
Thanks for answer, I try after 6 pm beacuse now people are working and can not reset the computer.
Thanks for answer, I try after 6 pm beacuse now people are working and can not reset the computer.
Krzysztof Zaklikiewicz
Mar 31, 2016, 2:45:42 PM3/31/16
to ossec-list
Hi
Thanks guys now it's works fine, but on Windows 2012 Server is still problem. I was doing exectly the same how on Windows 7 but when I start agent show error UNABLE TO START AGENT (CHCECK CONFIG), my ossec.log:
2016/03/31 20:31:45 ossec-agent: INFO: Service does not exist (OssecSvc) nothing to remove.
2016/03/31 20:31:45 ossec-agent: INFO: Successfully added to the service database.
2016/03/31 20:31:45 setup-windows: INFO: System is Vista or newer (Microsoft Windows Server 2012 Standard Edition (Build 9200) - OSSEC HIDS v2.8.3).
2016/03/31 20:31:56 ossec-win32ui: INFO: Running the following command (C:\Windows\system32\cmd.exe /c echo y|cacls "new-ossec.conf" /T /G Administrators:f)
2016/03/31 20:31:58 ossec-win32ui: INFO: Running the following command (C:\Windows\system32\cmd.exe /c echo y|cacls "client.keys" /T /G Administrators:f)
What's wrong??
Thanks guys now it's works fine, but on Windows 2012 Server is still problem. I was doing exectly the same how on Windows 7 but when I start agent show error UNABLE TO START AGENT (CHCECK CONFIG), my ossec.log:
2016/03/31 20:31:45 ossec-agent: INFO: Service does not exist (OssecSvc) nothing to remove.
2016/03/31 20:31:45 ossec-agent: INFO: Successfully added to the service database.
2016/03/31 20:31:45 setup-windows: INFO: System is Vista or newer (Microsoft Windows Server 2012 Standard Edition (Build 9200) - OSSEC HIDS v2.8.3).
2016/03/31 20:31:56 ossec-win32ui: INFO: Running the following command (C:\Windows\system32\cmd.exe /c echo y|cacls "new-ossec.conf" /T /G Administrators:f)
2016/03/31 20:31:58 ossec-win32ui: INFO: Running the following command (C:\Windows\system32\cmd.exe /c echo y|cacls "client.keys" /T /G Administrators:f)
What's wrong??
W dniu wtorek, 29 marca 2016 22:51:25 UTC+2 użytkownik Victor Fernandez napisał:
Victor Fernandez
Apr 1, 2016, 7:09:57 AM4/1/16
to ossec-list
Hi.
I remember a problem that I had with permissions in Windows: please check that your OSSEC directory (like C:\Program Files\ossec-agent) and every file contained in it have full permissions for "Administrators".
I hope this solves your problem.
Best regards.
Krzysztof Zaklikiewicz
Apr 2, 2016, 12:01:11 PM4/2/16
to ossec-list
Hi
I checked every file and folder and I was given him full permision for Administrators group but is still the same, nothing changed.
Best Regards
I checked every file and folder and I was given him full permision for Administrators group but is still the same, nothing changed.
Best Regards
Jayalaxmi K
Mar 17, 2017, 8:46:34 AM3/17/17
to ossec-list
Hi Krzysztof ,
Could you please give me the link to download oSSEC agent for windows workstations?? I dint find any details regarding installation od OSSEC agent for windows workstation.
//Jaya
Jose Luis Ruiz
Mar 17, 2017, 9:29:34 AM3/17/17
to ossec...@googlegroups.com, Jayalaxmi K
Hello Jaya
You can download from the following link:
or
Regards
-----------------------
--
Reply all
Reply to author
Forward
0 new messages