Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to sign agent #6409

Closed
bertovn opened this issue Sep 27, 2024 · 7 comments
Closed

Failed to sign agent #6409

bertovn opened this issue Sep 27, 2024 · 7 comments
Assignees
@si458
Labels
bug

Comments

@bertovn
Copy link

bertovn commented Sep 27, 2024
edited
Loading

Hello dear team,
Got an issue with agent signing:

MeshCentral HTTP redirection server running on port 80.
Generating certificates, may take a few minutes...
Generating root certificate...
Generating HTTPS certificate...
Generating MeshAgent certificate...
Generating code signing certificate...
Generating Intel AMT MPS certificate...
MeshCentral v1.1.31, LAN mode.
WARNING: Failed to sign "MeshService.exe": AggregateError
WARNING: Failed to sign "MeshService64.exe": AggregateError
WARNING: Failed to sign "MeshServiceARM64.exe": AggregateError
WARNING: Failed to sign "MeshCmd.exe": AggregateError
WARNING: Failed to sign "MeshCmd64.exe": AggregateError
WARNING: Failed to sign "MeshCmdARM64.exe": AggregateError
Server has no users, next new account will be site administrator.
MeshCentral HTTPS server running on port 443.

My server is in a private network without internet access.
Meschcentral started, but this message looks unhealthy
Host OS is Debian 11 Bullseye
With Meshcentral version 1.1.21 i used workaround with "agentTimeStampServer": false, but now this way doesn't work
Could you please provide any help/advice?

My config.json file

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for d  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "_cert": "myserver.mydomain.com",
    "_WANonly": true,
    "_LANonly": true,
    "_sessionKey": "MyReallySecretPassword1",
    "_port": 443,
    "_aliasPort": 443,
    "_redirPort": 80,
    "_redirAliasPort": 80,
    "agentTimeStampServer": false
  },
  "domains": {
    "": {
      "_title": "MyServer",
      "_title2": "Servername",
      "_minify": true,
      "_newAccounts": true,
      "_userNameIsEmail": true
    }
  },
  "_letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
    "email": "myemail@mydomain.com",
    "names": "myserver.mydomain.com",
    "skipChallengeVerification": true,
    "production": false
  }
}
@bertovn bertovn added the bug label Sep 27, 2024
@si458
Copy link
Collaborator

si458 commented Sep 27, 2024

how did you install meshcentral?
docker? npm install? git clone?

@si458
Copy link
Collaborator

si458 commented Sep 27, 2024

also try running meshcentral in full debug mode and see its output if anything JUMPS out as wrong/incorrect
node node_modules/meshcentral --debug

@bertovn
Copy link
Author

bertovn commented Sep 27, 2024

how did you install meshcentral? docker? npm install? git clone?

npm directly at the host with node node_modules/meshcentral

also try running meshcentral in full debug mode and see its output if anything JUMPS out as wrong/incorrect node node_modules/meshcentral --debug

take a look below pls

MAIN: Core module windows-amt is 637658 bytes.
MAIN: Core module linux-amt is 583581 bytes.
MAIN: Core module linux-noamt is 483045 bytes.
MAIN: Core module windows-recovery is 137824 bytes.
MAIN: Core module linux-recovery is 82212 bytes.
MAIN: Core module windows-agentrecovery is 61977 bytes.
MAIN: Core module linux-agentrecovery is 6365 bytes.
MAIN: Core module windows-tiny is 6305 bytes.
MAIN: Core module linux-tiny is 6305 bytes.
MeshCentral HTTP redirection server running on port 80.
AUTHLOG: Server listening on 0.0.0.0 port 80.
Generating certificates, may take a few minutes...
Generating root certificate...
Generating HTTPS certificate...
Generating MeshAgent certificate...
Generating code signing certificate...
Generating Intel AMT MPS certificate...
MeshCentral v1.1.31, LAN mode.
MAIN: Code signing with arguments: {"out":"/opt/mc1/meshcentral-data/signedagents/MeshService.exe","desc":"c510924c0bc85d3441502f81c15a35df22bfdf3f","url":"https://un-configured/","time":"http://timestamp.comodoca.com/authenticode","proxy":null}
MAIN: Code signing with arguments: {"out":"/opt/mc1/meshcentral-data/signedagents/MeshService64.exe","desc":"c510924c0bc85d3441502f81c15a35df22bfdf3f","url":"https://un-configured/","time":"http://timestamp.comodoca.com/authenticode","proxy":null}
MAIN: Code signing with arguments: {"out":"/opt/mc1/meshcentral-data/signedagents/MeshServiceARM64.exe","desc":"c510924c0bc85d3441502f81c15a35df22bfdf3f","url":"https://un-configured/","time":"http://timestamp.comodoca.com/authenticode","proxy":null}
MAIN: Code signing with arguments: {"out":"/opt/mc1/meshcentral-data/signedagents/MeshCmd.exe","desc":"c510924c0bc85d3441502f81c15a35df22bfdf3f","url":"https://un-configured/","time":"http://timestamp.comodoca.com/authenticode","proxy":null}
MAIN: Code signing with arguments: {"out":"/opt/mc1/meshcentral-data/signedagents/MeshCmd64.exe","desc":"c510924c0bc85d3441502f81c15a35df22bfdf3f","url":"https://un-configured/","time":"http://timestamp.comodoca.com/authenticode","proxy":null}
MAIN: Code signing with arguments: {"out":"/opt/mc1/meshcentral-data/signedagents/MeshCmdARM64.exe","desc":"c510924c0bc85d3441502f81c15a35df22bfdf3f","url":"https://un-configured/","time":"http://timestamp.comodoca.com/authenticode","proxy":null}
WARNING: Failed to sign "MeshService.exe": AggregateError
WARNING: Failed to sign "MeshService64.exe": AggregateError
WARNING: Failed to sign "MeshServiceARM64.exe": AggregateError
WARNING: Failed to sign "MeshCmd.exe": AggregateError
WARNING: Failed to sign "MeshCmd64.exe": AggregateError
WARNING: Failed to sign "MeshCmdARM64.exe": AggregateError
DISPATCH: AddEventDispatch [ 'server-shareremove' ]
DISPATCH: AddEventDispatch [ '*' ]
DISPATCH: DispatchEvent [ '*' ]
MAIN: Server started
Server has no users, next new account will be site administrator.
HTTPS: Server listening on 0.0.0.0 port 443.
MeshCentral HTTPS server running on port 443.

@bertovn
Copy link
Author

bertovn commented Sep 27, 2024

dear @si458 checked just now, "agentTimeStampServer": false feature stopped work from release 1.1.27, in release 1.1.26 it works

si458 added a commit that referenced this issue Sep 27, 2024
@si458
fix agentTimeStampServer and agentTimeStampProxy not being set correc…
2beeb6f 
…tly #6409

Signed-off-by: si458 <simonsmith5521@gmail.com>
@si458
Copy link
Collaborator

si458 commented Sep 27, 2024

so after a quick looking at the source code,
it appears agentTimeStampServer and agentTimeStampProxy where actually being ignored!
they where checking the incorrect values!
we havent changed anything in 2 years!
so im only guessing its been like that since day 1 of the code-signing stuff!
hopefully this PR should fix your issue! 2beeb6f
you can apply the patch manually yourself and try it
OR
use the docker master image in about 15mins

@si458 si458 self-assigned this Sep 27, 2024
@bertovn
Copy link
Author

bertovn commented Sep 28, 2024

so after a quick looking at the source code, it appears agentTimeStampServer and agentTimeStampProxy where actually being ignored! they where checking the incorrect values! we havent changed anything in 2 years! so im only guessing its been like that since day 1 of the code-signing stuff! hopefully this PR should fix your issue! 2beeb6f you can apply the patch manually yourself and try it OR use the docker master image in about 15mins

The song Tina Turner - The Best is playing
Thank you so much for this fastest fix!
Now it works as expected!

MAIN: Core module windows-amt is 637658 bytes.
MAIN: Core module linux-amt is 583581 bytes.
MAIN: Core module linux-noamt is 483045 bytes.
MAIN: Core module windows-recovery is 137824 bytes.
MAIN: Core module linux-recovery is 82212 bytes.
MAIN: Core module windows-agentrecovery is 61977 bytes.
MAIN: Core module linux-agentrecovery is 6365 bytes.
MAIN: Core module windows-tiny is 6305 bytes.
MAIN: Core module linux-tiny is 6305 bytes.
MeshCentral HTTP redirection server running on port 80.
AUTHLOG: Server listening on 0.0.0.0 port 80.
Generating certificates, may take a few minutes...
Generating root certificate...
Generating HTTPS certificate...
Generating MeshAgent certificate...
Generating code signing certificate...
Generating Intel AMT MPS certificate...
MeshCentral v1.1.31, LAN mode.
MAIN: Code signing with arguments: {"out":"/opt/mc2/meshcentral-data/signedagents/MeshService.exe","desc":"a88875a92b1b473c7d774e294bd4a1aa5ed9413a","url":"https://un-configured/","time":null,"proxy":null}
Code signed MeshService.exe.
MAIN: Code signing with arguments: {"out":"/opt/mc2/meshcentral-data/signedagents/MeshService64.exe","desc":"a88875a92b1b473c7d774e294bd4a1aa5ed9413a","url":"https://un-configured/","time":null,"proxy":null}
Code signed MeshService64.exe.
MAIN: Code signing with arguments: {"out":"/opt/mc2/meshcentral-data/signedagents/MeshServiceARM64.exe","desc":"a88875a92b1b473c7d774e294bd4a1aa5ed9413a","url":"https://un-configured/","time":null,"proxy":null}
Code signed MeshServiceARM64.exe.
MAIN: Code signing with arguments: {"out":"/opt/mc2/meshcentral-data/signedagents/MeshCmd.exe","desc":"a88875a92b1b473c7d774e294bd4a1aa5ed9413a","url":"https://un-configured/","time":null,"proxy":null}
Code signed MeshCmd.exe.
MAIN: Code signing with arguments: {"out":"/opt/mc2/meshcentral-data/signedagents/MeshCmd64.exe","desc":"a88875a92b1b473c7d774e294bd4a1aa5ed9413a","url":"https://un-configured/","time":null,"proxy":null}
Code signed MeshCmd64.exe.
MAIN: Code signing with arguments: {"out":"/opt/mc2/meshcentral-data/signedagents/MeshCmdARM64.exe","desc":"a88875a92b1b473c7d774e294bd4a1aa5ed9413a","url":"https://un-configured/","time":null,"proxy":null}
Code signed MeshCmdARM64.exe.
DISPATCH: AddEventDispatch [ 'server-shareremove' ]
DISPATCH: AddEventDispatch [ '*' ]
DISPATCH: DispatchEvent [ '*' ]
MAIN: Server started
Server has no users, next new account will be site administrator.
HTTPS: Server listening on 0.0.0.0 port 443.
MeshCentral HTTPS server running on port 443.

@bertovn bertovn closed this as completed Sep 28, 2024
@si458
Copy link
Collaborator

si458 commented Sep 28, 2024

@bertovn glad it's fixed!
Don't forget to donate if you can ♥️
https://www.si458.co.uk/2024/01/05/donation/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@si458 si458

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@si458 @bertovn