Windows Agent for UTMStack 10.1.0 and 10.2.0

[jjcoker09]

The notes on the Integration window say that the Windows agent only works on Windows 2016 R2 and above. Is this correct? I am trying to install it on a Windows 2012 R2 server and keep getting a message saying that port 9000 and 50051 need to be open. They are open everywhere on the server. We have a plan to upgrade that server soon, but I am trying to get some visibility into the network prior to the upgrade. Does this also mean the agent will not work on Windows 10/11 Pro?

[Kbayero]

@jjcoker09 To confirm whether ports 9000 and 50051 are open, you can use the following PowerShell commands:

Test-NetConnection your_ip_or_host -Port 9000

Test-NetConnection your_ip_or_host -Port 50051

PLEASE: remember to replace "your_ip_or_host" with the actual IP address or hostname of your UTMStack Instance.
If the output includes a warning similar to the following:

WARNING: TCP connect to (your_ip_or_host : 9000) failed

This indicates that ports 9000 or 50051 on your UTMStack Instance are closed, and you need open them for successful communication.

[jjcoker09]

The ports are not responding from the agent machine. but...on the UTMStack Server: sudo ufw status Status: inactive For iptables, though the ufw is not enabled: iptables -L -v Chain DOCKER-INGRESS (pkts 39) (bytes 2024) (target ACCEPT) (prot tcp) (opt --) (in any) (out any) (source anywhere) (destination anywhere) (tcp dpt:9000) (pkts 0) (bytes 0) (target ACCEPT) (prot tcp) (opt --) (in any) (out any) (source anywhere) (destination anywhere) (tcp spt:9000 ctstate RELATED,ESTABLISHED) ...same for 50051 netstat -na | grep "9000" tcp 6 0 0 :::9000 :::* LISTEN ...same for 50051 We used the ISO install to a VM server for the installation and did what we normally do for these installs...we thought. Not sure what we could have missed. The DOCKER-INGRESS Forward result is below: (pkts 281) (bytes 17707) (target DOCKER-INGRESS) (prot all) (opt --) (in any) (out any) (source anywhere) (destination anywhere) Any ideas?

…

________________________________ From: Yorjander Hernandez Vergara ***@***.***> Sent: Friday, January 26, 2024 6:37 AM To: utmstack/UTMStack Cc: JJ Coker; Mention Subject: Re: [utmstack/UTMStack] Windows Agent for UTMStack 10.1.0 and 10.2.0 (Discussion #370) @jjcoker09<https://github.com/jjcoker09> To confirm whether ports 9000 and 50051 are open, you can use the following PowerShell commands: Test-NetConnection your_ip_or_host -Port 9000 Test-NetConnection your_ip_or_host -Port 50051 PLEASE: remember to replace "your_ip_or_host" with the actual IP address or hostname of your UTMStack Instance. If the output includes a warning similar to the following: WARNING: TCP connect to (your_ip_or_host : 9000) failed This indicates that ports 9000 or 50051 on your UTMStack Instance are closed, and you need open them for successful communication. — Reply to this email directly, view it on GitHub<#370 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BFHZZTUVSGDXX56XP334ZF3YQOPRDAVCNFSM6AAAAABCLP72D2VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DENJWGU4DG>. You are receiving this because you were mentioned.Message ID: ***@***.***>

________________________________ This email has been scanned for spam and viruses by Proofpoint Essentials. Click here<https://us3.proofpointessentials.com/app/report_spam.php?mod_id=11&mod_option=logitem&report=1&type=easyspam&k=k1&payload=53616c7465645f5f096d230b0f1564aab7204026fa20dba8edc6ad9aa5fc6ac818c48b3f790ee999c6a8df360155d9a493545d0776f64a80dc15f2337cc2b6210fc272f73f8a19d5102563592d35417d66db80c8b8a2adc15adebae03d379bc079d79a2cd05df0b81decc82306cff1c536d5900eb2680e1ca3895374f16ef7f174b9a6882f35064c524c3e608f8f1f69292d2c034b6aa657d38ba7b8f8308043> to report this email as spam.

[TYrorare]

I have the same problem. But I instal on UTMServet agent . And it connected to server. But remote agent on other systems imposible to connect

[TYrorare]

Is it way to add agents to UTMStack?

[osmontero]

You may have issues with network routing or firewall. In certain cases it is because UTMStack is on a different network than the agents, and the servers/workstations cannot find the route to the network where UTMStack is located. It could also be that the IP or FQDN that is appearing in the command is not the one you should use in your environment.

We're going to need a little more information about your network configuration. For example CIDR of UTMStack, CIDR of the servers or workstations where the agent is being installed, the command you are running to install the agent, of course removing the connection key that appears in the command, etc.

[TYrorare]

IP For UTMStack is 10.0.0.27/24 . The windows and linux client have the same network. For my comp 10.0.0.17/24

docker_gwbridge Bridge
172.18.0.1/16

docker0 Bridge
172.17.0.1/16

- reloved with>> ping
Pinging [10.0.0.27] with 32 bytes of data:
Reply from 10.0.0.27: bytes=32 time=1ms TTL=64
Reply from 10.0.0.27: bytes=32 time=1ms TTL=64

The last command is:
/opt/utmstack-linux-agent/utmstack_agent_installer install yes"

For windows in PS what is in integration:
New-Item -ItemType Directory -Force -Path "C:\Program Files\UTMStack\UTMStack Agent"; Invoke-WebRequest -Uri "https://cdn.utmstack.com/agent_updates/release/installer/v10.2.1/utmstack_agent_installer.exe" -OutFile "C:\Program Files\UTMStack\UTMStack Agent\utmstack_agent_installer.exe"; Start-Process "C:\Program Files\UTMStack\UTMStack Agent\utmstack_agent_installer.exe" -ArgumentList 'install', '', 'connection key', 'yes' -NoNewWindow -Wait

Anwear for all system is the same:
2024/01/16 18:03:33 UTMStackAgentInstaller PANIC: Error installing the UTMStack Agent: one or more of the requiered ports are closed. Please open ports 9000 and 50051.
2024/01/17 11:58:19 UTMStackAgentInstaller PANIC: Error installing the UTMStack Agent: one or more of the requiered ports are closed. Please open ports 9000 and 50051.

[jjcoker09]

I'm only having this problem with one network install, but it affects all machines on that network. I have had to fight with the ISO installs for some of the other networks but I think I have that worked out now. It appears that Ubuntu 22.04 latest versions have some problems installing on VM Esxi servers. It errors out in the beginning of the install saying there are integrity issues with the ISO file. I downloaded them separately for the different networks where the problem was occurring, and each had the same issue. For now, I am using a VMDK/VMK that I can just drop in place with 22.04 installed.

At this one location, the computers and the UTMStack server are on the same network/subnet. I can nmap to the ports on the UTMStack server and they come up as open (from the machine that is failing the install). I see the ports open on the UTMStack server via netstat and the iptables rules are all set to allow, though UFW is disabled so that should not matter anyway.

I wiped the UTMStack server and set it up again using the new VMDK/VMK. I had to configure the default route as part of the initial setup, but everything after that is normal. Same problem on that same network. One machine that is having the problem is a new Windows 11 machine and the other is an older Windows server.

The Active Directory there was created initially as part of a Windows SBS system. I am wondering if something is left from the group policies that is causing the problem. I am going to take a standalone machine over there next to test the agent install from it.

[osmontero]

The last command is: /opt/utmstack-linux-agent/utmstack_agent_installer install yes"

For windows in PS what is in integration: New-Item -ItemType Directory -Force -Path "C:\Program Files\UTMStack\UTMStack Agent"; Invoke-WebRequest -Uri "https://cdn.utmstack.com/agent_updates/release/installer/v10.2.1/utmstack_agent_installer.exe" -OutFile "C:\Program Files\UTMStack\UTMStack Agent\utmstack_agent_installer.exe"; Start-Process "C:\Program Files\UTMStack\UTMStack Agent\utmstack_agent_installer.exe" -ArgumentList 'install', '', 'connection key', 'yes' -NoNewWindow -Wait

Hi, did you removed the UTMStack's Server IP/URL? or is it missing in the command you are getting from the guide?

[osmontero]

Can you please run the following commands and share the output with us? They are basically checking for system minimum requirements and docker services status.
docker service ls
docker ps
df -h
apt install -y htop && htop

[jjcoker09]

I just snipped an image of HTOP since it was changing and attached it as a jpg.

docker service ls

ID NAME MODE REPLICAS IMAGE PORTS
1r7ttpxsebzx utmstack_agentmanager replicated 1/1 ghcr.io/utmstack/utmstack/agent-manager:v10 *:9000->50051/tcp
n4eztez8ki71 utmstack_aws replicated 1/1 utmstack.azurecr.io/datasources:v10
927j9iehv5k7 utmstack_backend replicated 1/1 ghcr.io/utmstack/utmstack/backend:v10
yezn74x7rhd4 utmstack_bitdefender replicated 1/1 ghcr.io/utmstack/utmstack/bitdefender:v10 *:8000->8000/tcp
fv3ge5mtrx5z utmstack_correlation replicated 1/1 ghcr.io/utmstack/utmstack/correlation:v10 *:10000->8080/tcp
paun1zkk7i2j utmstack_filebrowser replicated 1/1 ghcr.io/utmstack/filebrowser/filebrowser:v10
rwxjh48k5jwh utmstack_frontend replicated 1/1 ghcr.io/utmstack/utmstack/frontend:v10 *:10001->80/tcp
wor8ev9y7hqo utmstack_log-auth-proxy replicated 1/1 ghcr.io/utmstack/utmstack/log-auth-proxy:v10 *:8080->8080/tcp, *:50051->50051/tcp
nma9wfgumenn utmstack_logstash replicated 1/1 utmstack.azurecr.io/logstash:v10
4xakznzfp1ds utmstack_mutate replicated 1/1 ghcr.io/utmstack/utmstack/mutate:v10
rnt1l7d78a3l utmstack_node1 replicated 1/1 utmstack.azurecr.io/opensearch:v10
tr5stryqhxdp utmstack_office365 replicated 1/1 ghcr.io/utmstack/utmstack/office365:v10
m25qcq8whzu5 utmstack_postgres replicated 1/1 utmstack.azurecr.io/postgres:v10
hq34irzrzbb0 utmstack_socai replicated 1/1 ghcr.io/utmstack/soc-ai/soc-ai:v10
edita13y4p30 utmstack_sophos replicated 1/1 utmstack.azurecr.io/datasources:v10
6i48u1icvwjm utmstack_user-auditor replicated 1/1 ghcr.io/utmstack/utmstack/user-auditor:v10

docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
55ed66566c91 ghcr.io/utmstack/utmstack/backend:v10 "java -jar utmstack.…" 5 days ago Up 5 days (healthy) 8080/tcp utmstack_backend.1.0gmhi5a0ptovp8tb0p16hd38o
7ad5a09e22d0 ghcr.io/utmstack/utmstack/agent-manager:v10 "/app/server" 5 days ago Up 5 days (healthy) 50051/tcp utmstack_agentmanager.1.nkh3dx1cyv2sodvp14knys49a
476ddd1eb42e ghcr.io/utmstack/utmstack/correlation:v10 "/run.sh" 5 days ago Up 5 days utmstack_correlation.1.i9fdklmdu59da9jjmkq6tmgz0
b8b2820796f3 utmstack.azurecr.io/datasources:v10 "python3 -m utmstack…" 5 days ago Up 5 days utmstack_sophos.1.px83ducgj4h2wewq7ryb9umn3
8d7a368eff83 utmstack.azurecr.io/datasources:v10 "python3 -m utmstack…" 5 days ago Up 5 days utmstack_aws.1.mpn4ic08n3ozg77zvl9v25ss8
4bec6e27c4f4 utmstack.azurecr.io/postgres:v10 "docker-entrypoint.s…" 5 days ago Up 5 days (healthy) 5432/tcp utmstack_postgres.1.gdomdov4k77iw4edd168mmi4r
0158c30b4cb7 utmstack.azurecr.io/logstash:v10 "/usr/local/bin/dock…" 5 days ago Up 5 days (healthy) 5044/tcp, 9600/tcp utmstack_logstash.1.z4mtn0wsnnapl3y2miaxssz10
1b6554f36dfe utmstack.azurecr.io/opensearch:v10 "./opensearch-docker…" 5 days ago Up 5 days 9200/tcp, 9300/tcp, 9600/tcp, 9650/tcp utmstack_node1.1.brxjqbv6jpbw1i1rutpggiebq
f2fd448706ae ghcr.io/utmstack/utmstack/user-auditor:v10 "java -jar user-audi…" 5 days ago Up 5 days 8080/tcp utmstack_user-auditor.1.6vsd1zjxvv3f2b5ored54a4v4
d0d2fe75f054 ghcr.io/utmstack/utmstack/bitdefender:v10 "/bin/sh -c ./bdgz_i…" 5 days ago Up 5 days utmstack_bitdefender.1.zpae491cr40ewgmd92qxlej8o
4f64a7896444 ghcr.io/utmstack/utmstack/log-auth-proxy:v10 "/app/server" 5 days ago Up 5 days 8080/tcp, 50051/tcp utmstack_log-auth-proxy.1.qjjt7a5tdajcu5kiuqg3aqway
30820182fedc ghcr.io/utmstack/utmstack/frontend:v10 "/docker-entrypoint.…" 5 days ago Up 5 days (healthy) 80/tcp utmstack_frontend.1.lxebmum1eaj5tfmxzemjiz1lc
25ee5101c096 ghcr.io/utmstack/soc-ai/soc-ai:v10 "python /app/SocAI/m…" 5 days ago Up 5 days (healthy) 8080/tcp utmstack_socai.1.vgh8ciwrwxliq30waw0vtumwk
d8cb693610e8 ghcr.io/utmstack/utmstack/mutate:v10 "python main.py" 5 days ago Up 5 days utmstack_mutate.1.c70c5m7bhwtku20uitul5dexz
d3dce6fee7a4 ghcr.io/utmstack/filebrowser/filebrowser:v10 "/run.sh" 5 days ago Up 5 days (healthy) utmstack_filebrowser.1.rrvi8rto909en2vcat1y09dq4
85cd65d11493 ghcr.io/utmstack/utmstack/office365:v10 "/bin/sh -c ./o365_i…" 5 days ago Up 5 days utmstack_office365.1.f5d9vnoglrvw6g4sfby1ejri0

df -h

Filesystem Size Used Avail Use% Mounted on
tmpfs 794M 2.8M 791M 1% /run
/dev/sda2 232G 17G 203G 8% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda3 265M 147M 98M 60% /boot
/dev/sda5 250G 56K 237G 1% /home
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/bbac7175aa68126fe9cb39c9cf35d6e9a5efe8a41d46355e469b6f29191f93c4/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/46deeb77575ef1b715ce659815647e2cd41e6890c8d28f7369cb00651071c660/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/686e6a5a77c07bd74dfac14a6e0babaa0fd1663cf391d6d72464611c687a7c25/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/f93df52745c96e02332a0f8b4c823911bb1c9a4987a8cf8d10437b0e36db3b84/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/1119da6a689f6daeedd9032a0328812f15998d0e124cdee2a07722cd151c46bd/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/c37769bc641f66e00aa4e12d2ee9e00a9cd05e55a98b6711fd6b70c09bc534ce/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/d3b622a66a8dd9c4483ff3be03b5b97aae5542f3831fbe6e0d5de2040d07709b/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/eaf384a9d6e1cb4d846ba135c4afeb9253dc0d2250c52977d5e7c49bbfc4d063/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/965879178ebd5cfccdb492a5886787fac7d2ca64c26f48d085e175c164a5c4a3/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/dcee54c5f980ebf9f7164b15a43dfcc4105b18a5723c5c426a3802eb285627f7/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/98765ee35760866c1a493eaaeb720cd15923e7e91c01f9bc881bb5f6d2be064c/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/0a1c23062c0994b18dace680ccfc485c2bc27a115aea3f789c5a7444ecc681ef/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/015e3f71f4070a596df6869a1a15ce13cc1612a95aa5b94046530846c7178d71/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/b25bd52dc95e3988f1d6ddf8672e4f84dd4996dfddd909ab36d4ae2a60d5cb64/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/5bd107ba01cb6d637f30634db092523cbb63880c66591b4afc602d6670ccb1be/merged
overlay 232G 17G 203G 8% /var/lib/docker/overlay2/5fdc52d759c1ad462545d242e4d1ded55930dd12cf6d3a7d8e198e39f5d6ce99/merged
tmpfs 794M 4.0K 794M 1% /run/user/1000

[TYrorare]

docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
3twdde6r8nst utmstack_agentmanager replicated 1/1 ghcr.io/utmstack/utmstack/agent-manager:v10 *:9000->50051/tcp
tz8ebxtxblw0 utmstack_aws replicated 1/1 utmstack.azurecr.io/datasources:v10
ylcrkhn4w0dl utmstack_backend replicated 1/1 ghcr.io/utmstack/utmstack/backend:v10
g9yz6a6vo57x utmstack_bitdefender replicated 1/1 ghcr.io/utmstack/utmstack/bitdefender:v10 *:8000->8000/tcp
ete0vvlqcuee utmstack_correlation replicated 1/1 ghcr.io/utmstack/utmstack/correlation:v10 *:10000->8080/tcp
o6qf99ewpmx0 utmstack_filebrowser replicated 1/1 ghcr.io/utmstack/filebrowser/filebrowser:v10
t4oe7p61o9fp utmstack_frontend replicated 1/1 ghcr.io/utmstack/utmstack/frontend:v10 *:10001->80/tcp
lcd4yurr656y utmstack_log-auth-proxy replicated 1/1 ghcr.io/utmstack/utmstack/log-auth-proxy:v10 *:8080->8080/tcp, *:50051->50051/tcp
77edjzqerirp utmstack_logstash replicated 1/1 utmstack.azurecr.io/logstash:v10
muxjqshq5k8g utmstack_mutate replicated 1/1 ghcr.io/utmstack/utmstack/mutate:v10
muvbm95q5f1x utmstack_node1 replicated 1/1 utmstack.azurecr.io/opensearch:v10
q988loikod3t utmstack_office365 replicated 1/1 ghcr.io/utmstack/utmstack/office365:v10
gnhvp89qos6a utmstack_postgres replicated 1/1 utmstack.azurecr.io/postgres:v10
q5u18lu1rjd1 utmstack_socai replicated 1/1 ghcr.io/utmstack/soc-ai/soc-ai:v10
ogmbc8oqro0e utmstack_sophos replicated 1/1 utmstack.azurecr.io/datasources:v10
t338aobdd6af utmstack_user-auditor replicated 1/1 ghcr.io/utmstack/utmstack/user-auditor:v10

docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
15856135817b ghcr.io/utmstack/utmstack/user-auditor:v10 "java -jar user-audi…" 4 days ago Up 4 days 8080/tcp utmstack_user-auditor.1.kwpicd3n9gihab8ia08vhke6i
a88069d5a09e ghcr.io/utmstack/utmstack/correlation:v10 "/run.sh" 4 days ago Up 4 days utmstack_correlation.1.6o1chw2uox5q3mj2m6f8umt3u
f73c06a174b9 ghcr.io/utmstack/utmstack/agent-manager:v10 "/app/server" 4 days ago Up 4 days (healthy) 50051/tcp utmstack_agentmanager.1.fgnpewn58e76wuau51e069ea2
d29d4564b81c utmstack.azurecr.io/datasources:v10 "python3 -m utmstack…" 4 days ago Up 4 days utmstack_aws.1.anv7j1gohecdxmp4bniub0iyo
cb14124bad7e utmstack.azurecr.io/datasources:v10 "python3 -m utmstack…" 4 days ago Up 4 days utmstack_sophos.1.ryo9tp61frl5p9zdhty5i74kj
e939e499dd64 utmstack.azurecr.io/opensearch:v10 "./opensearch-docker…" 4 days ago Up 4 days 9200/tcp, 9300/tcp, 9600/tcp, 9650/tcp utmstack_node1.1.a9k1g6ga0ee84iook04xaqt5v
20bb64b6f37c utmstack.azurecr.io/postgres:v10 "docker-entrypoint.s…" 4 days ago Up 4 days (healthy) 5432/tcp utmstack_postgres.1.osuaiapiilm4ib1109543jxkn
4d232aa24e27 utmstack.azurecr.io/logstash:v10 "/usr/local/bin/dock…" 4 days ago Up 4 days (healthy) 5044/tcp, 9600/tcp utmstack_logstash.1.nilht1kkcdob4p3dwjdljlisx
5aa695cf6a43 ghcr.io/utmstack/utmstack/frontend:v10 "/docker-entrypoint.…" 4 days ago Up 4 days (healthy) 80/tcp utmstack_frontend.1.s6s5msixxsyegju01l1n2ckc4
9c3f100d582e ghcr.io/utmstack/utmstack/bitdefender:v10 "/bin/sh -c ./bdgz_i…" 4 days ago Up 4 days utmstack_bitdefender.1.w9wl4g2hro96neivboc8619fo
f9006dde6129 ghcr.io/utmstack/utmstack/mutate:v10 "python main.py" 4 days ago Up 4 days utmstack_mutate.1.shri3gxuudn5op0y214k63h9b
d78b3a19e568 ghcr.io/utmstack/utmstack/log-auth-proxy:v10 "/app/server" 4 days ago Up 4 days 8080/tcp, 50051/tcp utmstack_log-auth-proxy.1.kv3k5d2xmobpowjyh5n1i8qqs
c42abd6d82ad ghcr.io/utmstack/utmstack/backend:v10 "java -jar utmstack.…" 4 days ago Up 4 days (healthy) 8080/tcp utmstack_backend.1.y6i1xlwkjvvg1gr7x9apgtv27
022c42263b51 ghcr.io/utmstack/filebrowser/filebrowser:v10 "/run.sh" 4 days ago Up 4 days (healthy) utmstack_filebrowser.1.6pdr13jfuwkvfevdni69gaxde
f9f147fbd637 ghcr.io/utmstack/utmstack/office365:v10 "/bin/sh -c ./o365_i…" 4 days ago Up 4 days utmstack_office365.1.pedug14vnpu9jp72cwbuma3d8
74047a7fb7b6 ghcr.io/utmstack/soc-ai/soc-ai:v10 "python /app/SocAI/m…" 4 days ago Up 4 days (healthy) 8080/tcp utmstack_socai.1.3oiu5k0b4yg4892mxnsa1666h

df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 688M 2.6M 686M 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 73G 18G 52G 26% /
tmpfs 3.0G 0 3.0G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 251M 1.6G 14% /boot
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/cad9a00246014c2ee714abdabb898c90763173ae379682462b51838011960cbc/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/1615a75bed92f934251e601cc0505f39e662127ed525b14a6ac76980799328c0/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/ffd4f9b6d0d4a2f09d315a2986f70373f0db02bd78b42079bbca7ba6e2aefbf6/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/39e6bd9aaa1e799700ac23d17b63ad5b67aa5b045bbeb3c43883617c0e72b567/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/089ca77bffe76ed9489159b63c86ab9834951813686d69e26f6ee8f090b4ce1a/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/080f02590f3517c2efe1ef8ffadadeac64e6dd92af28627ad0efc3f7c2ce0e84/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/45570e20e92cb5a20f8fe856203e499fcef16e0754e4776217b073f097e85c8d/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/6e3f94e2444a4e012604ac97a3b3928adab377c224e49218aea0efab81ebe53d/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/57a70ef0eda08da69d6775fa3709eb9a7a743f9f65ee41a59048eebe5160a521/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/8d55f23bbc2f3905c971a4230d593a1267faa7e4fdfd193c27f35a3f89c4c4eb/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/e658d6edbacddb33e729eae5699d4aae42b440f81600b77ff57f5b61de6afb99/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/7aa85995818eed81acf47158f75a3287ddb582f128507847718fca69969bb028/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/9ebc73834083b71170e3a13049d70bf48878d4e3719ae4921fb983aed1d3d9f1/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/f63fc985a0eabd67b1deb55287f6511d3398998ac37c097c78a2c5e537f02f8e/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/8a68d47354c7b4ae3f50cefcc2f5441039c55029c4c7bfd1608f3a48b3bbff9e/merged
overlay 73G 18G 52G 26% /var/lib/docker/overlay2/24642e9a99e2a3d0111a1eb8cd94ed2b674f55869086782e2aecba6e040d5b7e/merged
tmpfs 711M 4.0K 711M 1% /run/user/1000

htop

[jjcoker09]

I got a little more into docker after trying a million different things on my local network to try and isolate the issue. I ran "docker network list" to get a list of the docker networks. That gave me the NETWORK ID of the utmstack_default network. When I ran "docker network inspect NETWORK ID" on that network ID, I discovered that the IP range on it was the same as the VPN range on my firewall.

So, I got into my firewall and changed the VPN network there to something different. That did not fix my problem with the agent installs, but I am convinced that the failure MUST have something to do with this. I don't know docker well enough to mess with it. Anyone have any suggestions on what I should do next? If I do another UTMStack install, will it change something if my network gateway isn't pointing to its own VPN zone when the docker networks are being setup?

...I still have a few strands of hair left, but I can't handle too many more failures on this.

[jjcoker09]

This MUST be because of our 10.0.0.X ranges. @TYrorare, you are using the same range I am using and the UTMStack is picking up 10.0.1.X for its docker range. I just completely reinstalled Ubuntu on my network, then reinstalled the UTMStack software after removing the 10.0.1.X VPN zone on my firewall. Still doesn't fix the problem.

I don't think the configured install for UTMStack can run properly on a 10.0.0.X network. All of my working installs are on a different range entirely. None of them have had any problems.

I will bet if we change our internal range to something other than 10.0.0.X, it will work. I have it running on a 10.10.1.X range as well as 192.168.0.X and 10.10.5.X. I am going to change the range on this network tomorrow and test it. (I'll probably break a few printers and copiers, but it shouldn't be too big a deal.

[jjcoker09]

Ok, I can officially say that moving the local network off the 10.0.0.X range fixes this problem. I can't say how much of the 10.0.0.X subnet would be affected. The docker for UTMStack runs on 10.0.1.X so I imagine that subnet would at least have the same problem. In any case, I switched my internal network to 192.168.2.X and let the UTMStack server just pick up a DHCP address on that new range.

I didn't change anything else internally on the install or do a reinstall. The agent installs finished perfectly and everything is up and running. I had to reconfigure some printers and the wifi on the network, but everything else worked well.

This should probably be in the instructions somewhere...or at least there should be some mention of how to fix it if this range is in use on the local network.

[c3s4rfred]

Hi, @jjcoker09 thanks for the feed back

[TYrorare]

Can you explaine, how to change those network addresses?

[jjcoker09]

I may be able to help you with it, depending on how you are setup. Can you describe how your Internet comes into your network and what equipment you have between you and the Internet? Do you have your own firewall? Do you have a server onsite that is responsible for managing your network? Thanks, JJ From: TYrorare ***@***.***> Sent: Monday, March 4, 2024 4:50 AM To: utmstack/UTMStack ***@***.***> Cc: JJ Coker ***@***.***>; Mention ***@***.***> Subject: Re: [utmstack/UTMStack] Windows Agent for UTMStack 10.1.0 and 10.2.0 (Discussion #370) Can you explaine, how to change those network addresses? — Reply to this email directly, view it on GitHub<#370 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BFHZZTQPVEULHYGPUUPDDNDYWRGULAVCNFSM6AAAAABCLP72D2VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DMNRVGEYTA>. You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>

…

________________________________ This email has been scanned for spam and viruses by Proofpoint Essentials. Click here<https://us3.proofpointessentials.com/app/report_spam.php?mod_id=11&mod_option=logitem&report=1&type=easyspam&k=k1&payload=53616c7465645f5f18a4a5553655bf38cbfd088b819af35272d54895b8474b12d0e5995be3494b56a8c021dbf7b73e80cd9ef245f46e4ac134d2bfaf439de71d5a2062a4d920e0b82e8dc690ab65694e7ad7f05b6264dc55ac9614f7c822b970bac4e728234430c5452cd749a78d22502c8410d6e9d731e8740f9b3ece4974fe79f3692afbec726b02f7b7a1b5fc41745e345b739ee2d67ae03eec5e7fbeef88> to report this email as spam.

[TYrorare]

So, I install by ISO. My local network CIDR is 10.0.0.0/24 but i have VPN IPsec with same network 10.1 10.2 10.3 ... 10.10. UMstack server has IP 10.0.0.27/ I gave my own Gateaway/Firewall/VPN with address 10.0.0.1
I dont know how answer for this question "Do you have a server onsite that is responsible for managing your network?" All networks routed by Mikrotik device. And i want to collect all logs from all my mikrotik to UTMStack.

[TYrorare]

I ruan the command docker network inspect utmstack_default
and docker network inspect ingress
and they shows used network 10.0.0.0 and 10.0.1.0