Not able to add the windows node to doorman

[PremaPrems]

I followed the below link for osquery installation on windows.
https://holdmybeersecurity.com/2017/08/17/installsetup-doorman-osquery-on-windows-mac-osx-and-linux-deployment/

--host_identifier=uuid
--config_plugin=tls
--config_tls_endpoint=/config
--config_tls_refresh=10
--config_tls_max_attempts=3
--enroll_tls_endpoint=/enroll
--enroll_secret_path=C:\ProgramData\osquery\osquery.key
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/distributed/read
--distributed_tls_write_endpoint=/distributed/write
--logger_plugin=tls
--logger_tls_endpoint=/log
--logger_tls_period=5
--tls_hostname=Doorman IP:5000
--tls_server_certs=C:\ProgramData\osquery\certificate.crt
--log_result_events=false
--pack_delimiter=/
--utc
--verbose

[s-frostick]

@PremaPrems I was running into a similar issue following the same guide but it does work. The issue i believe is caused by osquery/osquery#4548.

$config | Out-File -FilePath C:\Program Data\osquery\osquery.flags

Writing the flags with this caused me the issues. If you just copy the flag settings to notepad and then save (C:\Program Data\osquery\osquery.flags) this resolves the issue.

You can open a powershell as administrator and run

C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile C:\ProgramData\osquery\osquery.flags

To actually see whats happening.

[javuto]

Just add -Encoding ASCII to your Out-File powershell and it works, effectively it does the same as opening the file with Notepad and saving it. Your line would be:

$config | Out-File -FilePath C:\Program Data\osquery\osquery.flags -Encoding ASCII