Reputation: 379
Puppet Windows Agent Certificate
I have puppet master on RHEL 6 and agent on Windows. IT is showing up properly in the console Web, however it is not downloading new catalogue, due to CA error. I did renew on client, but the master does not show up the windows cert at all for accepting.
Upvotes: 0
Views: 1767
Answers (1)
Reputation: 12551
This appears to be the agent has a newer certificate and the master will only accept one certificate per machine (based on fqdn or fully qualified domain name). What you need to do is remove the certificate from the master so that it will accept the new request from the machine.
Alternatively you should also make sure you are in an elevated process always when running Puppet (unless you are in advanced scenarios where you are using lower privileges and know all the ins and outs of what that entails on Windows). The reason? Puppet home for elevated processes is in C:\ProgramData\PuppetLabs\Puppet, for non-elevated it is in ~/.puppet (which is usually C:\Users\username\.puppet). A certificate request for each machine can only be accepted once, but a non-elevated process won't see the one in ProgramData and will try unsuccessfully to request another.
Also make sure that the firewall on the Windows machine is not preventing it from accessing the Puppet Server, the port is usually 8140. This can cause SSL issues in reaching the master.
Upvotes: 1
Related Questions
- Puppet: Server hostname did not match server certificate
- Puppet : Did not receive certificate
- Can't request for certificate form agent using ' puppet agent --test '
- Install Puppet Agent on bulk windows server
- Unable to connect to Enterprise Puppet server using Windows agent
- How do I run a Puppet Manifest on a Windows server with Puppet Agent?
- Puppet and Agent configuration
- Windows Puppet Agent does not connect to Puppet Enterprise Master
- How do I make Puppet serve the proper certificate?
- Cannot get puppet agent to work