Sometimes you can't deploy...
Mar 25, 2024
When it works, F-Response's built in deployment mechanisms are nothing short of magical. You put in some credentials, and we take care of the rest. We connect to the remote machine, negotiate the right protocol, and get the software where it needs to be. But when it doesn't work... Well, there's nothing more frustrating.
Photo by Taylor Vick on Unsplash
Typically deployment problems fall into a couple of buckets:
-
Firewalls.
-
Authentication and Access issues.
-
Protocol specific errors.
Most of the time an inability to deploy using F-Response stems from a recent policy change or firewall adjustment that makes it impossible to connect to listening ports. Barring that, the other issues are authentication and access based and tend to involve group policy (with active directory) or the like. Lastly, there are protocol specific errors, of which there are too many potential candidates to list.
Thankfully, the process of figuring the above issues out all revolves around the same steps. You need to capture the network traffic during a failed deployment attempt and investigate it for additional details.
One of our favorite tools for doing these sorts of things is Wireshark. It's a free, simple, and relatively easy to use product designed to capture network traffic and translate it for you.
We offer support guides the cover how to do this specifically here, but you will need to know what port to trace. For failure deploying to remote windows machines, capture port TCP port 445. For failure deploying to remote non-windows machines, capture TCP port 22.
Thankfully, the resulting capture is often excellent at pointing out exactly where the issues are. You'll either see no connectivity (aka firewall), a connection with an error message (ACCESS_DENIED, etc.), or a protocol failure that will reference an operating system error code we can investigate further.
Bottom line, knowing how to use Wireshark when deployments don't work gives you an edge and a quick way to troubleshoot the problem before you get to us. However, don't worry, we're still here to help (and to review your wireshark capture) whenever you get stuck.
Thanks and Happy Deploying!
Warmest Regards,
M Shannon