[wpkg-users] Service "wpkgserver" is stopped

Mike Burgener mburgener at caritas.ch
Tue Nov 15 16:53:02 CET 2016


Actually perhaps a dumm question
but why you don’t use guest access with read-only permissions?

About the security-part, if you save the password cleartext or encrypted does not really make a difference because if you save it securely hashed you have to send the hash as credentials and thus somebody with the hash is also able to send the hash so it makes at the end no real difference, only with the hash he would need to be some developer who knows how to use the hash and authenticate with the help of it to be able to reset the accounts password.

Regards

Mike



Von: wpkg-users [mailto:wpkg-users-bounces at lists.wpkg.org] Im Auftrag von Ing. Michal Kolácek
Gesendet: Dienstag, 15. November 2016 15:53
An: wpkg-users at lists.wpkg.org
Betreff: Re: [wpkg-users] Service "wpkgserver" is stopped

Hello,

thanks for your feedback. After the weekend I got a bit of time. The problem is not solved even with the official version (18b1). I can not imagine doing the first run of wpkg-gp manually (GUI) for ~100 new workstations. I have to use the format "clear: password" :-((


Best regard
--
Ing. Michal Koláček
ICT specialist

Department of Information Technology
Faculty of Civil Engineering
BRNO UNIVERSITY OF TECHNOLOGY

Veveří 331/95, Brno, 602 00
T: 5 4114 7196, M: 721 579 945<tel:721%20579%20945>
kolacek.m at fce.vutbr.cz<mailto:kolacek.m at fce.vutbr.cz>
www.vutbr.cz<http://www.vutbr.cz/>

[https://www.vutbr.cz/data_storage/multimedia/jvs/sablony/e-mailovy%20podpis/loga%20do%20podpisu/EN/FCE_color_RGB_EN.gif]

2016-11-11 16:33 GMT+01:00 Nils Thiele <it.service.kultur at uni-hamburg.de<mailto:it.service.kultur at uni-hamburg.de>>:

Hello,

i could be wrong because im totally swamped with other stuff right now but as far as i can remember you can't deploy a crypted password. Because password are encrypted based on the user and the system. even if you deploy it to a machine running the same system image it would be different. Because of this its not possible for wpkg-gp to decrypt the password correctly.

Your problem is now that you are not able to safely deploy it to all the systems because the script would be on every system readable by every user?

never faced this problem sadly. After we setup new workstations we do the first run of wpkg manually which then installs wpkg-gp through wpkg and encrypt the password after the service first started (after installation).



Maybe store the script on a temporary share and not locally? i bet someone else has a better idea tho.

Best Regards,

Nils


Am 11.11.2016 um 16:05 schrieb Ing. Michal Koláček:
Hello,

"...but with a silent installation the service is not working/running." YES! :-)

I sending .ini file without sensitive data and modification password. Thanks for the download link, I'll try it.

I noticed one thing, I have script "wpkg_install_local.bat" with a simple content see below:
@echo off
start /wait "" "Wpkg-GP-0.17.16_x64.exe" /S /Features Client /INI "wpkg-gp.ini"
goto :eof

Content of file wpkg-gp.ini see below (without sensitive data and mod pass):
[WpkgConfig]
EnableViaLGP = 1
IgnoreGroupPolicy = 0
DisableAtBootUp = 0
WpkgCommand = \\path\wpkg-alpha\wpkg.js<file://path/wpkg-alpha/wpkg.js>
WpkgVerbosity = 3
# I try use "" for WpkgNetworkUsername and WpkgNetworkPassword
# But with a silent installation the service is not working/running
WpkgNetworkUsername = toa\wuser
# WpkgNetworkUsername = "toa\wuser"
WpkgNetworkPassword = crypt:AQAAANCMnd8BFdERjHoA68VAgAAAB7G5ApMTstrRQAAACiljCkFZ2zS5oqlntoej6wAAAAASAAAAUABhAHMAcwB3AG8AcgBkAAAAEGYAAHEi94fU5pxkb+gAAAAAoAAAARQB4AGUAYwB1AHQAZQBVAHMAZQByAFAAYQBzAHMAdwBvAHIAZAAAAANmAACoAAAAEAAAAJ3Jmb/7KPeQxclXo9RDypkAAAAABIAAAKAAAAAQAA1bcFATCEUypZG6LYwR4iLbrRdjGUgAAAA4o/449W7GQDB0afYGmjlnLzlhyN1/Biyw=lnLzlhyGQDBYwR4iLbrRdjGUgAAAA4o/4w=lnLzFmgF07wPmM5bPXNvK+ZTZVw==#
# WpkgNetworkPassword = "crypt:AQAAANCMnd8BFdERjHoA68VAgAAAB7G5ApMTstrRQAAACiljCkFZ2zS5oqlntoej6wAAAAASAAAAUABhAHMAcwB3AG8AcgBkAAAAEGYAAHEi94fU5pxkb+gAAAAAoAAAARQB4AGUAYwB1AHQAZQBVAHMAZQByAFAAYQBzAHMAdwBvAHIAZAAAAANmAACoAAAAEAAAAJ3Jmb/7KPeQxclXo9RDypkAAAAABIAAAKAAAAAQAA1bcFATCEUypZG6LYwR4iLbrRdjGUgAAAA4o/449W7GQDB0afYGmjlnLzlhyN1/Biyw=lnLzlhyGQDBYwR4iLbrRdjGUgAAAA4o/4w=lnLzFmgF07wPmM5bPXNvK+ZTZVw==#"
WpkgMaxReboots = 10
WpkgRebootPolicy = force
WpkgExecuteByNonAdmins = 0
WpkgExecuteByLocalUsers = 1
WpkgActivityIndicator = 1
[EnvironmentVariables]
software = \\path\wpkg-alpha\packages<file://path/wpkg-alpha/packages>

You advise me to replace "crypt:password" to "clear:password". It is not safe. Anyone who has access to the script can read the password. Using a script (.bat) I install an instance of 100 clients at a time. Some idea?

Thank you for your response.



S pozdravem a přáním hezkého dne
--
Ing. Michal Koláček
Správce informačních technologií

Centrum informačních technologií
Fakulta stavební
VYSOKÉ UČENÍ TECHNICKÉ V BRNĚ

Veveří 331/95, Brno, 602 00
T: 5 4114 7196, M: 721 579 945<tel:721%20579%20945>
kolacek.m at fce.vutbr.cz<mailto:kolacek.m at fce.vutbr.cz>
www.vutbr.cz<http://www.vutbr.cz>


2016-11-11 15:23 GMT+01:00 Nils Thiele <it.service.kultur at uni-hamburg.de<mailto:it.service.kultur at uni-hamburg.de>>:

Hey,

ah now it clicked.

So wpkg-gp is working fine on a manual installation but with a silent installation the service is not working/running.

I personally use the /ini switch on our installation. can you post your ini (remove sensitive information)?

I noticed one thing, during silent installation you have to pass the clear password to the client, it will be decrypted automatically on the first run so it can't be read out of the configuration file.try passing it to the installation client using "clear:password" and not "crypt:password". Also pass the networkusername with quotes. (/NetworkUsername "domain\user" )



You can download the latest official release (0.18b1) here:

https://drive.google.com/drive/folders/0B9Eadi-crzpOVEtTM01aYm5YNm8

But i dont think this is the issue anymore.



Best Regards,
Nils


Am 11.11.2016 um 14:57 schrieb Ing. Michal Koláček:
Hello,

I'll try again. I used file "Wpkg-GP-0.17.16_x64.exe".

The service is working fine after the initial GUI installation (.exe) and all wpkg-gp task are working as well. GUI = All the choices (Features, path to wpkg.js, username and password for network share) I manually added. Service "wpkgserver" is "RUNNING."

The service is not working fine after the initial silent installation (the same .exe file). All wpkg-gp task are not working. Service "wpkgserver" is "STOPPED."

I tried the silent installation via Switch, /INI and .msi see below

  *   Wpkg-GP-0.17.16_x64.exe /S /Features Client /NetworkUsername ***\*** /WpkgNetworkPassword = "crypt:***" /WpkgCommand "path\wpkg.js"
  *   Wpkg-GP-0.17.16_x64.exe /S /INI "path\wpkg-gp.ini"
  *   msiexec /i Wpkg-GP-0.17.16_x64.msi /passive (The .msi file contained data from .ini)
  *   msiexec /i Wpkg-GP-0.17.16_x64.msi /quiet (The .msi file contained data from .ini)
Where I download the original version of wpkg-gp?

Thank you for your response


Best regard
--
Ing. Michal Koláček
ICT specialist

Department of Information Technology
Faculty of Civil Engineering
BRNO UNIVERSITY OF TECHNOLOGY

Veveří 331/95, Brno, 602 00
T: 5 4114 7196, M: 721 579 945<tel:721%20579%20945>
kolacek.m at fce.vutbr.cz<mailto:kolacek.m at fce.vutbr.cz>
www.vutbr.cz<http://www.vutbr.cz/>


2016-11-11 12:30 GMT+01:00 Nils Thiele <it.service.kultur at uni-hamburg.de<mailto:it.service.kultur at uni-hamburg.de>>:

Hello,

Im not sure i understand you completely, so the service is working fine after the initial installation and all wpkg-gp task are working as well.

What do you mean exactly with performing a silent installation to client? Just running a wpkg task using the service after first reboot?

The exceptions in the code you posted are not occuring in the base wpkg-gp code but in the imported modules for the communication with the windows system.

I noticed that you are using my modification of the original wpkg-gp, have you tried the original version and does the problem occur there as well?

We have not switched to windows10 yet and i have only done some basic tests with wpkg-gp on windows10, maybe it is related to the os.

Best Regards,

Nils



PS: keep in mind that if you run the service manually using the exe that you use the system user for this as well or it can decrypt the encrypted password in your config file.


Am 11.11.2016 um 11:00 schrieb Ing. Michal Koláček:
Hello,

I am using the latest version of the programming environment WPKG-GP "Wpkg-GP-0.17.16_x64.exe". I will try to describe the problem.

Tested on different hardware. Always the same system Windows 10 x64 (version 10.0.14393.0). EnableViaLGP. The file wpkg.js accessed through a domain user and password in AD.

GUI installation wpkg-gp client will be fine. Service "wpkgserver" runs fine. All WPKG-GP system is functional and installation software works fine.

When I try to perform a silent installation to client (Switch, /INI, .msi etc.), service "wpkgserver" is irregularly in "STOPPED". The service will not turn on. Below is diagnostic information.

c:\Program Files\Wpkg-GP>WpkgServer.exe --interactive
Traceback (most recent call last):
  File "boot_service.py", line 185, in <module>
  File "win32serviceutil.pyc", line 592, in HandleCommandLine
IndexError: list index out of range

SERVICE_NAME: wpkgserver
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1066  (0x42a)
        SERVICE_EXIT_CODE  : 1  (0x1)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

WpkgService.log:
2016-11-11 10:33:15,941 - WpkgService - INFO - Logging started with verbosity: 3
2016-11-11 10:33:15,943 - WpkgService - DEBUG - Loading locale cs_CZ.cp1250 in path C:\Program Files\Wpkg-GP\locale
2016-11-11 10:33:15,944 - WpkgService - DEBUG - LGP: Opening C:\WINDOWS\system32\GroupPolicy\gpt.ini
2016-11-11 10:33:15,946 - WpkgService - DEBUG - Config: Reading EnableViaLGP: '1' from ini file
2016-11-11 10:33:15,947 - WpkgService - DEBUG - Config: Reading WpkgCommand: '\\***\wpkg.js' from ini file
2016-11-11 10:33:15,950 - WpkgService - DEBUG - Config: Reading WpkgCommand: '\\***\wpkg.js' from ini file
2016-11-11 10:33:15,950 - WpkgService - DEBUG - Trying to extract share name from \\***\wpkg.js<file://***/wpkg.js>
2016-11-11 10:33:15,950 - WpkgService - DEBUG - Extracted share: '\\***'
2016-11-11 10:33:15,951 - WpkgService - DEBUG - Config: Reading WpkgNetworkUsername: '***\***' from ini file
2016-11-11 10:33:15,951 - WpkgService - DEBUG - Reading WpkgNetworkPassword from ini file

Where is the problem?

Thank you for your response


Best regard
--
Ing. Michal Koláček
ICT specialist

Department of Information Technology
Faculty of Civil Engineering
BRNO UNIVERSITY OF TECHNOLOGY

Veveří 331/95, Brno, 602 00
T: 5 4114 7196, M: 721 579 945<tel:721%20579%20945>
kolacek.m at fce.vutbr.cz<mailto:kolacek.m at fce.vutbr.cz>
www.vutbr.cz<http://www.vutbr.cz/>



---------------------------------

wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/

_______________________________________________

wpkg-users mailing list

wpkg-users at lists.wpkg.org<mailto:wpkg-users at lists.wpkg.org>

https://lists.wpkg.org/mailman/listinfo/wpkg-users

--

IT-Support - Fachbereich 09 Kulturgeschichte und Kulturkunde

Universität Hamburg

Flügelbau West, R. 204

Edmund-Siemers-Allee 1

D-20146 Hamburg

Tel.: +49-40-42838-3024<tel:%2B49-40-42838-3024>

Email: it.service.kultur at uni-hamburg.de<mailto:it.service.kultur at uni-hamburg.de>
--------------------------------- wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/ _______________________________________________ wpkg-users mailing list wpkg-users at lists.wpkg.org<mailto:wpkg-users at lists.wpkg.org> https://lists.wpkg.org/mailman/listinfo/wpkg-users

---------------------------------

wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/

_______________________________________________

wpkg-users mailing list

wpkg-users at lists.wpkg.org<mailto:wpkg-users at lists.wpkg.org>

https://lists.wpkg.org/mailman/listinfo/wpkg-users

--

IT-Support - Fachbereich 09 Kulturgeschichte und Kulturkunde

Universität Hamburg

Flügelbau West, R. 204

Edmund-Siemers-Allee 1

D-20146 Hamburg

Tel.: +49-40-42838-3024<tel:%2B49-40-42838-3024>

Email: it.service.kultur at uni-hamburg.de<mailto:it.service.kultur at uni-hamburg.de>
--------------------------------- wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/ _______________________________________________ wpkg-users mailing list wpkg-users at lists.wpkg.org<mailto:wpkg-users at lists.wpkg.org> https://lists.wpkg.org/mailman/listinfo/wpkg-users

---------------------------------

wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/

_______________________________________________

wpkg-users mailing list

wpkg-users at lists.wpkg.org<mailto:wpkg-users at lists.wpkg.org>

https://lists.wpkg.org/mailman/listinfo/wpkg-users

--

IT-Support - Fachbereich 09 Kulturgeschichte und Kulturkunde

Universität Hamburg

Flügelbau West, R. 204

Edmund-Siemers-Allee 1

D-20146 Hamburg

Tel.: +49-40-42838-3024<tel:%2B49-40-42838-3024>

Email: it.service.kultur at uni-hamburg.de<mailto:it.service.kultur at uni-hamburg.de>

---------------------------------
wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/
_______________________________________________
wpkg-users mailing list
wpkg-users at lists.wpkg.org<mailto:wpkg-users at lists.wpkg.org>
https://lists.wpkg.org/mailman/listinfo/wpkg-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wpkg.org/pipermail/wpkg-users/attachments/20161115/f42e7c81/attachment-0001.html>


More information about the wpkg-users mailing list