Windows OCO Agents not reporting to Server

Question

Windows OCO Agents not reporting to Server

Closed this issue a year ago · 9 comments

Hi,

we are currently testing your OCO and at first glance it looks like a really promissing Tool.

We setup the OCO Server on a Debian 12. And the Server works fine. But we do have a problem with the Agents. It seems like not all of the Agents are reporting to the Server.

Could you advice what could be the problem, or are there any logs to find out what is going wrong ?

Answer 1 · 2023-11-30T12:38:58.000Z

Yes, please start the OCO agent in a terminal and post the output here. More information: agent troubleshooting.

Answer 2 · 2023-11-30T12:43:54.000Z

I hope this helps.

PS C:\Program Files\OCO Agent> .\oco-agent.exe
[2023-11-30 13:40:15.507236] OCO Agent starting with config file: C:\Program Files\OCO Agent/oco-agent.ini ...
[2023-11-30 13:40:15.510327] OCO Agent starting with lock file (pid 24296)...
[2023-11-30 13:40:15.514236] Sending agent_hello...
[2023-11-30 13:40:15.608728] < {"jsonrpc": "2.0", "id": 1, "method": "oco.agent.hello", "params": {"uid": "B0C595F8-F8EE-41DF-B086-6808466570E4", "hostname": "KSJ-Office", "agent-key": "cdssfv7vcw6sbz2rxodxuw2wcajpn1", "data": {"agent_version": "1.0.2", "networks": [{"addr": "xxx.xxx.xxx.xxx", "netmask": "255.255.0.0", "broadcast": "xxx.xxx.xxx.xxx", "mac": "aa:bb:cc:dd:ee:ff", "interface": "{4417F0DC-8880-40D2-A837-ABE339D84BA0}"}, {"addr": "-", "netmask": "-", "broadcast": "-", "mac": "aa:bb:cc:dd:ee:ff", "interface": "{D2CAA4BE-EE2E-4389-ABB8-06AC8C75CAA3}"}, {"addr": "-", "netmask": "-", "broadcast": "-", "mac": "aa:bb:cc:dd:ee:ff", "interface": "{AD1F9583-44A9-4575-8193-2E157807CD32}"}, {"addr": "-", "netmask": "-", "broadcast": "-", "mac": "aa:bb:cc:dd:ee:ff", "interface": "{3FD6874D-3686-41B8-B4AC-DD2A4CE2782C}"}, {"addr": "xxx.xxx.xxx.xxx", "netmask": "255.255.255.128", "broadcast": "xxx.xxx.xxx.xxx", "mac": "aa:bb:cc:dd:ee:ff", "interface": "{062A93BD-A3F2-45BA-89EA-564CA51D9CB9}"}, {"addr": "-", "netmask": "-", "broadcast": "-", "mac": "aa:bb:cc:dd:ee:ff", "interface": "{87483217-7AA9-4504-ABDB-44370D2934C3}"}, {"addr": "-", "netmask": "-", "broadcast": "-", "mac": "aa:bb:cc:dd:ee:ff", "interface": "{BE1AE9CF-CC33-4D97-8551-C330944CA5A4}"}], "services": [], "uptime": 4289.999999761581}}}
[2023-11-30 13:40:15.731694] > (0.04536s) [200] {"id":1,"error":null,"result":{"success":true,"params":{"server-key":"9f09m42fgghqm4wjcyb4itbuorqyp2","agent-key":null,"update":1,"logins-since":"1970-01-01 01:00:00","software-jobs":[],"events":[]}}}
[2023-11-30 13:40:15.731694] Updating inventory data...
Traceback (most recent call last):
File "oco-agent.py", line 1132, in
File "oco-agent.py", line 966, in mainloop
File "oco-agent.py", line 238, in getUefiOrBios
File "subprocess.py", line 491, in run
File "subprocess.py", line 1011, in communicate
File "encodings\cp1252.py", line 23, in decode
UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 382: character maps to
[24296] Failed to execute script 'oco-agent' due to unhandled exception!
[2023-11-30 13:40:57.371373] Closing lock file and exiting.
PS C:\Program Files\OCO Agent>

Answer 3 · 2023-11-30T12:47:40.000Z

this is an example from one of the agents that is not synchronizing. Ist it possible that this comes because of the Bitlocker Encryption of the Boot Volumes ?

Answer 4 · 2023-11-30T12:48:27.000Z

Because the one that is updating its Inventory does not have BitLocker enabled yet

Answer 5 · 2023-11-30T13:08:07.000Z

Thanks, this is a bug. Bitlocker itself is not the issue here (I'm using the agent myself on computers with Bitlocker). The command bcdedit seems to output non-ASCII chars on these computers. I already know how to fix it since it appeared on another function in the past.

Just out of interest, can you please post the output of bcdedit from one of these computers?

Answer 6 · 2023-11-30T13:09:35.000Z

bcdedit

Windows-Start-Manager

Bezeichner {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
fverecoverymessage Sie haben keinen Wiederherstellungsschlüssel? Wenden Sie sich an den IT-Helpdesk oder gehen Sie zu Ihrem Self Service Portal: https://sophos.com/ssp
default {current}
resumeobject {92b196d5-0fb5-11ed-bca7-0c37966c1f4e}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows-Startladeprogramm

Bezeichner {current}
device partition=C:
path \windows\system32\winload.efi
description Windows 11
locale de-DE
inherit {bootloadersettings}
recoverysequence {e675deb5-0fbc-11ed-8b97-0c37966c1f4e}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \windows
resumeobject {92b196d5-0fb5-11ed-bca7-0c37966c1f4e}
nx OptIn
bootmenupolicy Standard
hypervisorlaunchtype Auto

Answer 7 · 2023-11-30T13:12:35.000Z

The issue here is the ü in your custom recovery message :D
A nice edge case! I'll fix this and release a new version in the next few days.

Answer 8 · 2023-12-01T09:58:21.000Z

Please test again with v1.0.3.

Answer 9 · 2023-12-01T13:43:01.000Z

Hi,

works perfectly thanks.