hi there I'm installing Crowdstrike url method. Ev

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Tried again with verbose and I can see this <div class="snippet-clipboard-content

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

ok, tried with token, same luck, it gets stuck <div class="snippet-clipboard-conte

Install crowdstrike on windows - Ansible not finishing about ansible_collection_falcon HOT 14 CLOSED

txsastre commented on June 1, 2024

Install crowdstrike on windows - Ansible not finishing

from ansible_collection_falcon.

Comments (14)

carlosmmatos commented on June 1, 2024 1

@txsastre Glad to hear its working for you and you are using Ansible to manage your systems! If you feel like there are things missing, especially on the windows side, please open an issue requesting it!

from ansible_collection_falcon.

carlosmmatos commented on June 1, 2024

Possible issues here might be surrounding installation/provisioning tokens. Please make sure you check what is required on your end for installing a sensor and provide the appropriate installation args.

Take Ansible out of the equation, try to install the sensor via a powershell prompt and see what happens.

from ansible_collection_falcon.

txsastre commented on June 1, 2024

Tried with powershell

WindowsSensor.exe /install /quiet /norestart CID=YOUR_CID MAINTENANCE_TOKEN=YOUR_REVEALED_TOKEN

And it has installed crowdstrike OK.

The playbook is as follows:

---
- hosts: all
  roles:
  - role: crowdstrike.falcon.falcon_install
    vars:
      falcon_install_method: url
      falcon_download_url: 'https://url-download/FalconSensors/Windows/WindowsSensor.LionLanner.exe'
      falcon_download_url_username: 'url-user'
      falcon_download_url_password: 'url-pass'
      falcon_cid: '123412341234123412341234123412341-12'
      falcon_client_secret: '123412341'

from ansible_collection_falcon.

txsastre commented on June 1, 2024

also I left the "unfinished playbook" running, and now I see

"FAILED - RETRYING: [192.168.70.162]: CrowdStrike Falcon | Install Falcon Sensor .exe Package (Windows) (10 retries left)."

from ansible_collection_falcon.

txsastre commented on June 1, 2024

Tried again with verbose and I can see this

FAILED - RETRYING: [192.168.70.162]: CrowdStrike Falcon | Install Falcon Sensor .exe Package (Windows) (2 retries left).Result was: {
    "attempts": 1,
    "changed": false,
    "invocation": {
        "module_args": {
            "arguments": "/install /quiet CID=8A3EFADB098A4EABAA3F441B1B137EFB-E8 /norestart",
            "chdir": null,
            "client_cert": null,
            "client_cert_password": null,
            "creates_path": null,
            "creates_service": "csfalconservice",
            "creates_version": null,
            "expected_return_code": [
                0,
                3010
            ],
            "follow_redirects": "safe",
            "force_basic_auth": false,
            "headers": null,
            "http_agent": "ansible-httpget",
            "log_path": null,
            "maximum_redirection": 50,
            "path": "C:\\Windows\\Temp\\ansible.yysrtj0e.udufalcon\\WindowsSensor.LionLanner.exe",
            "product_id": null,
            "provider": "auto",
            "proxy_password": null,
            "proxy_url": null,
            "proxy_use_default_credential": false,
            "proxy_username": null,
            "state": "present",
            "url_method": null,
            "url_password": null,
            "url_timeout": 30,
            "url_username": null,
            "use_default_credential": false,
            "use_proxy": true,
            "validate_certs": true,
            "wait_for_children": false
        }
    },
    "msg": "unexpected rc from 'C:\\Windows\\Temp\\ansible.yysrtj0e.udufalcon\\WindowsSensor.LionLanner.exe /install /quiet CID=8A3EFADB098A4EABAA3F441B1B137EFB-E8 /norestart': see rc, stdout, and stderr for more details",
    "rc": 1244,
    "reboot_required": false,
    "retries": 3,
    "stderr": "",
    "stderr_lines": [],
    "stdout": "",
    "stdout_lines": []

searched here https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes--1000-1299-

"ERROR_NOT_AUTHENTICATED

1244 (0x4DC)

The operation being requested was not performed because the user has not been authenticated."

I really don't understand.

from ansible_collection_falcon.

carlosmmatos commented on June 1, 2024

Please refer to the role documentation. You have to specify additional install/uninstall args. Look at falcon_windows_install_args

from ansible_collection_falcon.

txsastre commented on June 1, 2024

also tried with standard ansible, with no crowdstrike collection

---
- name: Tasks to download file
  hosts: all
  gather_facts: no
  
  tasks:
  - name: Download CrowdStrike
    ansible.windows.win_get_url:
     url: http://192.168.70.134/software/WindowsSensor.LionLanner.exe
     dest: c:\temp
     force: false
     
  - name: Install CrowdStrike
    win_shell: 'c:\temp\WindowsSensor.LionLanner.exe /install /quiet /norestart CID=12342134123412341234123412341234-12'

Fun fact is meanwhile is "stuck" I can see that the sensor is running, and the other fact is after 20 minutes "stuck" it has finally stopped, but the sensor has gone too.

from ansible_collection_falcon.

carlosmmatos commented on June 1, 2024

@txsastre The only time you showed me a working example is when you passed in a token. I would suggest you do the same via ansible.

from ansible_collection_falcon.

txsastre commented on June 1, 2024

ok, tried with token, same luck, it gets stuck


---
- name: Tasks to download file
  hosts: all
  gather_facts: no
  
  tasks:
  - name: Download CrowdStrike
    ansible.windows.win_get_url:
     url: http://192.168.70.134/software/WindowsSensor.LionLanner.exe
     dest: c:\temp
     force: false
     
  - name: Install CrowdStrike
    win_shell: 'c:\temp\WindowsSensor.LionLanner.exe /install /quiet /norestart CID=12342134123412341234123412341234-12 MAINTENANCE_TOKEN=123456789'

from ansible_collection_falcon.

carlosmmatos commented on June 1, 2024

I don't think that's the correct argument. Try ProvToken=

Also, check the installation logs on the system if it still isn't working. Most of this stuff should be in the sensor installation documentation for more clarity.

from ansible_collection_falcon.

txsastre commented on June 1, 2024

Good morning!

That was the problem, I replaced MAINTENANCE_TOKEN with ProvToken and it worked fine! Thank you very much for your help !

Tried in my lab with 3 servers at once and the agent was installed in 2 minutes in total :D

EDIT: the equivalent of ProvToken in the crowdstrike vars is falcon_provisioning_token

But seems that still gets stuck.

This is my actual playbook with crowdstrike collection


---
- hosts: all
  roles:
  - role: crowdstrike.falcon.falcon_install
    vars:
      falcon_install_method: url
      falcon_download_url: 'http://192.168.70.134/software/WindowsSensor.LionLanner.exe'
      falcon_client_id: '123412341234123412341234123412341-12'
      falcon_cid: '123412341234123412341234123412341-12'
      falcon_provisioning_token: '123412341'
      falcon_windows_install_retries: 2
      falcon_windows_install_delay: 10
      falcon_windows_become_method: runas

And the other one with ansible.windows.win_package. Still doing more tests but this one is working.

---
- name: Tasks to install CrowdStrike
  hosts: all
  gather_facts: no
  
  tasks:
  - name: Download CrowdStrike
    ansible.windows.win_get_url:
     url: http://192.168.70.134/software/WindowsSensor.LionLanner.exe
     dest: c:\temp
     force: false
     
  - name: Install CrowdStrike
    ansible.windows.win_package:
      path: c:\temp\WindowsSensor.LionLanner.exe
      product_id: '123412341234123412341234123412341-12'
      arguments: '/install /quiet /norestart CID=123412341234123412341234123412341-12 ProvToken=123412341'
      state: present
    vars:
      ansible_become_method: runas

from ansible_collection_falcon.

carlosmmatos commented on June 1, 2024

@txsastre Perhaps you missed my last post about consulting the role's README. This should be the variable you are looking for, along with all the other variables the role accepts.

Try the following in your playbook:

---
- hosts: all
  roles:
  - role: crowdstrike.falcon.falcon_install
    vars:
      falcon_install_method: url
      falcon_download_url: 'http://192.168.70.134/software/WindowsSensor.LionLanner.exe'
      falcon_client_id: '123412341234123412341234123412341-12'
      falcon_cid: '123412341234123412341234123412341-12'
      falcon_windows_install_args: '/norestart ProvToken=D0B1BD55'

from ansible_collection_falcon.

txsastre commented on June 1, 2024

You were right, with falcon_windows_install_args: '/norestart ProvToken=123412341' works.

The problem was that I thought that falcon_provisioning_token: '123412341' was where the token should go.

Thank you very much, tested with 2019 and 2012, everything OK !

PS. if you don't mind, could you change the values in you post related to "falcon_windows_install_args: '/norestart ProvToken" ?

from ansible_collection_falcon.

txsastre commented on June 1, 2024

Thanks for your help, we could install crowdstrike in 40 servers .
Also it has been useful to start using ansible to our management.

from ansible_collection_falcon.

Install crowdstrike on windows - Ansible not finishing about ansible_collection_falcon HOT 14 CLOSED

Comments (14)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent