search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3k stars 416 forks source link

Fleet Desktop missing on MDM enrolled macOS host after reset all settings #19499

Open ksatter opened 4 months ago

ksatter commented 4 months ago

Fleet version: v4.50.2

Operating system: macOS Sonoma Version 14.5 (23F79)

💥  Actual behavior

After using "Reset all settings" to wipe my macOS host and continuing through automatic enrollment, Fleet Desktop is not running.

Orbit is seen in running processes, and the host can communicate with Fleet, including live queries:

ksatter@Kathys-MacBook-Air ~ % ps -ax | grep orbit
  839 ??         1:28.65 /opt/orbit/bin/orbit/orbit
  855 ??         0:24.14 /opt/orbit/bin/osqueryd/macos-app/stable/osquery.app/Contents/MacOS/osqueryd --pidfile=/opt/orbit/osquery.pid --extensions_socket=/opt/orbit/orbit-osquery.em --logger_path=/opt/orbit/osquery_log --enroll_secret_env ENROLL_SECRET --tls_hostname=dogfood.fleetdm.com --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=8000000 --tls_server_certs /opt/orbit/certs.pem --augeas_lenses /opt/orbit/lenses --force --flagfile /opt/orbit/osquery.flags --host-identifier uuid --database_path /opt/orbit/osquery.db
  857 ??        16:44.01 /opt/orbit/bin/osqueryd/macos-app/stable/osquery.app/Contents/MacOS/osqueryd

Orbit is also not added to PATH:

ksatter@Kathys-MacBook-Air ~ % sudo orbit shell
sudo: orbit: command not found

Launch Daemon configuration :

ksatter@Kathys-MacBook-Air LaunchDaemons % cat com.fleetdm.orbit.plist 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnvironmentVariables</key>
    <dict>
        <key>ORBIT_USE_SYSTEM_CONFIGURATION</key>
        <string>true</string>
        <key>ORBIT_ORBIT_CHANNEL</key>
        <string>stable</string>
        <key>ORBIT_OSQUERYD_CHANNEL</key>
        <string>stable</string>
        <key>ORBIT_UPDATE_URL</key>
        <string>https://tuf.fleetctl.com</string>
        <key>ORBIT_FLEET_DESKTOP</key>
        <string>true</string>
        <key>ORBIT_DESKTOP_CHANNEL</key>
        <string>stable</string>
        <key>ORBIT_UPDATE_INTERVAL</key>
        <string>15m0s</string>
    </dict>
    <key>KeepAlive</key>
    <true/>
    <key>Label</key>
    <string>com.fleetdm.orbit</string>
    <key>ProgramArguments</key>
    <array>
        <string>/opt/orbit/bin/orbit/orbit</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/var/log/orbit/orbit.stderr.log</string>
    <key>StandardOutPath</key>
    <string>/var/log/orbit/orbit.stdout.log</string>
    <key>ThrottleInterval</key>
    <integer>10</integer>
</dict>
</plist>

Orbit logs:

orbit.stderr.log

I have not done anything to attempt to remediate the issue in case there's additional information we'd like to grab.

🧑‍💻  Steps to reproduce

  1. TODO
  2. TODO

🕯️ More info (optional)

N/A

ghernandez345 commented 3 months ago

@ksatter I cannot repo this locally. Is this issue still occurring?

Can we get the fleet desktop stderr logs from the host that is having this error?

I can see there is a device token error in the provided orbit logs, and I am looking into that atm.

lucasmrod commented 3 months ago

Hi @ksatter!

If you are still experiencing this issue, please set:

<key>ORBIT_DEBUG</key>
<string>true</string>

in /Library/LaunchDaemons/com.fleetdm.orbit.plist

Then do:

 sudo launchctl unload /Library/LaunchDaemons/com.fleetdm.orbit.plist
 sudo launchctl load /Library/LaunchDaemons/com.fleetdm.orbit.plist

PS: I came across this issue as possibly related to https://github.com/fleetdm/fleet/issues/19172 which I also cannot reproduce.

ksatter commented 3 months ago

@lucasmrod reloading the launch daemon seems to have resolved the issue.

I am able to try wiping this machine again to see if the issue pops back up if you'd like.

lucasmrod commented 3 months ago

We'll be attempting to reproduce this issue with Reed tomorrow. I'll ping you if we can't reproduce. Thanks!

dantecatalfamo commented 3 months ago

Orbit is also not added to PATH

I don't think orbit is normally in the path

ghernandez345 commented 2 months ago

@ksatter @lucasmrod is this still an issue? Are we able to close this?

lucasmrod commented 2 months ago

I've seen Fleet Desktop tray icon missing after installation when the device cannot connect to the Fleet server. But I'm not sure if that was the case here.

ksatter commented 2 months ago

Everything else was working properly in my case. It was checking in fine, but Desktop was not launching.

zayhanlon commented 2 months ago

@lucasmrod this is being reported now by a community user on macos version 14.4.1 as well, not just 14.5

Here is some new information: Happened with first time fleet enrolls

For a new hire, we had to tailor the instruction, after they run the fleet installer, we ask them to restart their machines because Fleet will 100% not launch. But then some users after doing the restart will still be unable to launch Fleet Deskop

lucasmrod commented 1 month ago

@zayhanlon Any chance we can get fleetd logs from the user? (/var/log/orbit/)

zayhanlon commented 1 month ago

Requested @lucasmrod