nonpunctual
commented
11 months ago Closed nonpunctual closed 10 months ago
nonpunctual
commented
11 months ago 
sabrinabuckets
commented
11 months ago Hi @nonpunctual can you provide more specific details about the issue that you are running into? The rerpo steps and screenshot don't seem to be telling the whole story. In my daily testing, I frequently wipe and re-enroll ADE-eligible devices and have not observed any issues recently.
nonpunctual
commented
11 months ago Sorry for not being nore specific or having more detail. The Fleet app / menu bar item & the binary (fleetctl? others?) were not installed during enrollment. I installed the .pkg downloaded manaully by Joanne during our onboarding meeting & there still seem to be missing components.
The enrollment itself wasn't the issue. Remote Management camme up OOB so that means ABM sync & activation were fine. The MDM profile was installed, the FV popup happened, but no other components were installed as part of the initial enrollment / provisioning. If there are logs I can grab for you that will help I am happy to provide but because the entire set of components still doesn't seem to be installed the logs you need might not be getting created. Thanks.
sabrinabuckets
commented
11 months ago Spoke with Brock via Slack and confirmed the issue is specifically with Fleet Desktop not showing up after the initial auto-enrollment. A manual install of Fleet did resolve.
We have seen this issue in the past, though I remain unable to reproduce in my own testing.
nonpunctual
commented
11 months ago 16 -rw-r--r-- 1 root wheel 4911 Dec 18 12:57 /private/var/log/orbit/orbit.stderr.log
2023-12-18T10:56:20-05:00 INF hash(orbit)=3e1ec333a651554499a6571d4b47d0ca9edad010c48c22c51dcae0186ade765369ab0af354956ca6506e73a207d60e59c753a12236f485d92733895aad90dcb4
2023-12-18T10:56:20-05:00 INF hash(osqueryd)=9f581ef831bb89e80a70f3dd4a8160883515ac75d6c1e64c38391114205350c8fdf232ae1e6c3186e77363ef711c445b80513c712a122b0c42e1ba00dfd9b3a2
2023-12-18T10:56:20-05:00 INF hash(desktop)=24c444c1d1d61c1ead8e37a3226ec3b9fe7ab2b4a987e3709a5584fb4a408b5fc32c87d9ebe95544171f0f8476401ac907061febaceb58119778deeeff687618
2023-12-18T10:56:20-05:00 INF update detected target=orbit
2023-12-18T10:56:31-05:00 INF update completed target=orbit
2023-12-18T10:56:31-05:00 INF update detected target=osqueryd
2023-12-18T10:56:33-05:00 INF update completed target=osqueryd
2023-12-18T10:56:33-05:00 INF update detected target=desktop
2023-12-18T10:56:35-05:00 INF update completed target=desktop
2023-12-18T10:56:35-05:00 INF exiting due to successful early update
2023-12-18T10:56:36-05:00 INF hash(orbit)=d24b0b425b412b630174b8274d5e3b946478c6dbf2451dddc5d2a21399941c58afc682bd5dfa311c980e51633bf50adf5a5d6bcf85e401f5faaac3aa6fef44b7
2023-12-18T10:56:36-05:00 INF hash(osqueryd)=c6571e64bcd36eea1d4157b4f28dce301d1422e6ace869b399125a7b29562d95c4c7094f1867e4decc6c52d988d58125562c60e3c0366549d8797790f30e481e
2023-12-18T10:56:36-05:00 INF hash(desktop)=5f198975a6de2a77eb877b21425cc4f09e4cad9d66d46b2de8f76f25f8132bf88084ba699f4fb4979b1fbe9f25b1b970d428c006bcf63f195557ff2beeaabf77
2023-12-18T10:56:42-05:00 INF refreshing the update runner config with Nudge targets and hashes
2023-12-18T10:56:42-05:00 INF refreshing the update runner config with Nudge targets and hashes
2023-12-18T10:56:43-05:00 INF update detected target=nudge
2023-12-18T10:56:44-05:00 INF update completed target=nudge
2023-12-18T10:56:44-05:00 INF token rotation is enabled
2023-12-18T10:56:44-05:00 INF killing any pre-existing fleet-desktop instances
2023-12-18T10:56:44-05:00 INF start osqueryd cmd="/opt/orbit/bin/osqueryd/macos-app/stable/osquery.app/Contents/MacOS/osqueryd --pidfile=/opt/orbit/osquery.pid --database_path=/opt/orbit/osquery.db --extensions_socket=/opt/orbit/orbit-osquery.em --logger_path=/opt/orbit/osquery_log --enroll_secret_env ENROLL_SECRET --host_identifier=uuid --tls_hostname=dogfood.fleetdm.com --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=8000000 --tls_server_certs /opt/orbit/certs.pem --augeas_lenses /opt/orbit/lenses --force --flagfile /opt/orbit/osquery.flags"
2023-12-18T10:56:44-05:00 INF opening path="/opt/orbit/bin/desktop/macos/stable/Fleet Desktop.app"
I1218 10:56:49.685097 1804382208 interface.cpp:137] Registering extension (com.fleetdm.orbit.osquery_extension.v1, 48851, version=, sdk=)
I1218 10:56:49.869453 -479817728 auto_constructed_tables.cpp:241] ATC table: chrome_browser_history Registered
I1218 10:56:49.869904 -479817728 auto_constructed_tables.cpp:241] ATC table: tcc_system_entries Registered
I1218 10:56:49.870779 -479817728 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity: EndpointSecurity is disabled via configuration
I1218 10:56:49.871186 -479817728 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity_fim: EndpointSecurity is disabled via configuration
I1218 10:56:49.871212 -479817728 eventfactory.cpp:156] Event publisher not enabled: openbsm: Publisher disabled via configuration
I1218 10:56:49.871233 -479817728 eventfactory.cpp:156] Event publisher not enabled: scnetwork: Publisher not used
I1218 10:56:49.871259 -479817728 eventfactory.cpp:156] Event publisher not enabled: event_tapping: Publisher disabled via configuration
I1218 10:56:49.875680 -479817728 eventfactory.cpp:352] The minimum events expiration timeout for disk_events has been adjusted: 259260
2023-12-18T10:57:14-05:00 INF refreshing the update runner config with Nudge targets and hashes
2023-12-18T10:57:14-05:00 INF hash(nudge)=c292ca800a12165ce7174f995ec1627c5398b30c0d4368dd68584948d4312304b6e7debc113a8f325a78fd9778d6d540f7efb0335ef52ede911de9be1cd90622
2023-12-18T10:57:44-05:00 INF running Nudge
2023-12-18T11:27:46-05:00 INF running Nudge
2023-12-18T11:56:44-05:00 INF token TTL expired, rotating token
2023-12-18T11:57:48-05:00 INF running Nudge
2023-12-18T12:27:50-05:00 INF running Nudge
2023-12-18T12:56:44-05:00 INF token TTL expired, rotating token
2023-12-18T12:57:53-05:00 INF running Nudge
lukeheath
commented
11 months ago Hey team! Please add your planning poker estimate with Zenhub @ghernandez345 @gillespi314 @mna
nonpunctual
commented
11 months ago Managed Software Center (munki) was also not installed. I didn't realize it was supposed be part of the install / enrollment until last night.
roperzh
commented
10 months ago @nonpunctual I think this might have something to do with the computer being re-purposed, thanks for adding that bit.
I want to note that we only install fleetd, we don't install fleetctl, Munki or anything else by default, and I see that we don't have a bootstrap package configured.
fleet-release
commented
10 months ago Fleet Desktop on Mac, Auto-enrollment seamless, Security intact.
Fleet version: <!-- Copy this from the "My account" page in the Fleet UI, or run
fleetctl --version--> Fleet 0.0.0-SNAPSHOT-f351568 • Go go1.21.5Web browser and operating system: Google Chrome Version 120.0.6099.109 (Official Build) (arm64) macOS
💥 Actual behavior
Details about the OOB experience:
🧑💻 Steps to reproduce
🕯️ More info (optional)
Per Joanne, the computer was repuposed from a previous user. Is there perhaps an issue with overwriting existing records with new enrollment data? ie, Do old enrollment records get zeroed out for a new enrollment with an existing primary key / serial number / UUID (whatever) for a device already stored in the db?