Comments (5)
Sorry for my delay.
The "problem" was that. I needed a different token to uninstall, so there was not a real problem.
Thanks for your help.
from ansible_collection_falcon.
also if I try to remove from the server I get this error
and the file log
[0A10:1534][2023-08-08T14:54:49]i001: Burn v3.14.0.6315, Windows v10.0 (Build 17763: Service Pack 0), path: C:\ProgramData\Package Cache\{8fc42182-d5f1-492c-a5ff-f155cc0a7816}\WindowsSensor.LionLanner.exe
[0A10:1534][2023-08-08T14:54:50]i000: Initializing string variable 'ProvisioningTokenHyperlink' to value '[https://falcon.eu-1.crowdstrike.com/support/documentation/67/host-and-host-group-management#installation-tokens'](https://falcon.eu-1.crowdstrike.com/support/documentation/67/host-and-host-group-management#installation-tokens%27)
[0A10:1534][2023-08-08T14:54:50]i000: Initializing numeric variable 'DowngradingBundle' to value '0'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing numeric variable 'ExistingCustomerId' to value '0'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'CID'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'Password'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing numeric variable 'ProvWaitTime' to value '1200000'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'MAINTENANCE_TOKEN'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'PW'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'ProvToken'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'ProvisioningToken'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing string variable 'BILLINGTYPE' to value ''
[0A10:1534][2023-08-08T14:54:50]i009: Command Line: '"-burn.clean.room=C:\ProgramData\Package Cache\{8fc42182-d5f1-492c-a5ff-f155cc0a7816}\WindowsSensor.LionLanner.exe" -burn.filehandle.attached=652 -burn.filehandle.self=660 /uninstall /norestart'
[0A10:1534][2023-08-08T14:54:50]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\ADMCGI~1.ESI\AppData\Local\Temp\CrowdStrike Windows Sensor_20230808145450.log'
[0A10:1534][2023-08-08T14:54:50]i000: Setting string variable 'WixBundleManufacturer' to value 'CrowdStrike, Inc.'
[0A10:1534][2023-08-08T14:54:50]i100: Detect begin, 12 packages
[0A10:1534][2023-08-08T14:54:50]e000: Error 0x80070645: Attempt to uninstall valid only when bundle is installed.
[0A10:1534][2023-08-08T14:54:50]e000: Error 0x80070643: UX aborted detect begin.
[0A10:1534][2023-08-08T14:54:50]i199: Detect complete, result: 0x80070643
[0A10:2CE4][2023-08-08T14:54:50]i000: Setting numeric variable 'BundleRestartRequired' to value 0
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'WixBundleAction = 5' evaluates to false.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'WixBundleAction = 6' evaluates to false.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'WixBundleAction = 7' evaluates to false.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'WixBundleAction = 3' evaluates to true.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'BundleRestartRequired' evaluates to false.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'NOT BundleRestartRequired' evaluates to true.
[0A10:2CE4][2023-08-08T14:55:47]i000: No specific failing package log to open
from ansible_collection_falcon.
@txsastre Do you know if you have maintenance tokens enabled to prevent uninstalls? I think you are going to have to reach out to support to help with this because the sensor may be in a funky state. Check out this support article
from ansible_collection_falcon.
yes, I'm going to try to find out.
By the way I have done some more test, I cloned 2 widnows 2019, uninstall works in 1 of 3, also uninstall works on a Windows 2012.
Playbook used, same as example
---
- hosts: all
roles:
- role: crowdstrike.falcon.falcon_uninstall
vars:
ffalcon_windows_become_user: SYSTEM
falcon_windows_become_method: runas
falcon_windows_uninstall_args: "MAINTENANCE_TOKEN=12341234"
error log
fatal: [192.168.70.161]:
FAILED! => {"changed":
false, "msg": "unexpected rc
from '\"C:\\ProgramData\\Package Cache\\{9c135872-ac27-49d7-b96b-8ba5752470e3}\\WindowsSensor.LionLanner.exe\" /uninstall /quiet /norestart':
see rc, stdout, and stderr for more details", "rc": 106, "reboot_required": false, "stderr": "",
"stderr_lines": [], "stdout": "", "stdout_lines": []}
Ok I checked closely from CLI and I don't know why, he does not like the "MAINTENANCE_TOKEN=123412342", also putted in the GUI and it says no recognized token.
from ansible_collection_falcon.
Closing for now. Hopefully you opened a support ticket and are working it with them by now.
from ansible_collection_falcon.
Related Issues (20)
- Instaltion method API (Windows) HOT 2
- Install crowdstrike on windows - Ansible not finishing HOT 14
- Uninstall role also to remove nodes from console HOT 2
- Installation fails on Ubuntu 22.04 with ansible.legacy.apt parameter 'allow_downgrade' HOT 6
- ruff errors on 3.3.1
- Removing AID failing in crowdstrike.falcon.falcon_configure HOT 3
- Consider using our own revoke token API call
- Consider update Ansible version support
- v3 new release prep
- Update Required Ansible Version
- Update module url links
- missing win_auth.yml in 4.x HOT 1
- CrowdStrike Falcon | Authenticate to CrowdStrike API - Sorry, try again HOT 9
- Test instances clutter up the Integration SA CID
- Add user-agent string to EDA
- Failed to generate access token for customer HOT 7
- Can't add collection to execution environment for Ansible Automation Platform HOT 6
- Required changes for Red Hat certification HOT 1
- Having issues installing crowdstrike with galaxy HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible_collection_falcon.