launcher icon indicating copy to clipboard operation
launcher copied to clipboard
verified publisher icon kolide

Launcher should detect, and remediate, changes on boot

Open directionless opened this issue 2 years ago • 6 comments

We have a consistent, if infrequent, issue that happens when migration assistant is used to copy between hosts. When this happens, the agent databases are copied between the nodes, and we end up with two hardware things with the same keys.

The work on TPMs (and the Apple Secure Enclave) would have fixed this, but alas we're not currently using the secure enclave.

I think there are a couple of viable paths. And we may need to try all of them.

  1. https://github.com/kolide/launcher/issues/554
  2. detect serial number change, and remove the database on startup

directionless avatar Sep 09 '23 18:09 directionless

Some Windows machines appear to have their hardware UUID changing more frequently than expected, up to as frequently as on every single query to the system_info table.

RebeccaMahany avatar Jan 10 '24 20:01 RebeccaMahany

Looking at the logs it looks like it's mostly one windows machine responsible.

I wonder if trying to wait till we see a consistent value for a day is too clever

directionless avatar Jan 11 '24 12:01 directionless

We shipped the detection code, but we never enabled the deletion code....

https://github.com/kolide/launcher/blob/7396a0c61bb4f7df4d52d2d30db44debe8d6800e/ee/agent/reset.go#L86-L93

We need to understand if this is safe to enable, and what needs to change to make it safe.

directionless avatar May 30 '24 01:05 directionless