Ask Your Question

Unable to connect to Enterprise Puppet server using Windows agent

asked 2016-12-26 23:00:46 -0500

Garbageyard gravatar image

updated 2016-12-28 22:35:06 -0500

I have setup Puppet Enterprise server on CentOS Linux 7 (Core).

# /opt/puppetlabs/bin/puppetserver --version
puppetserver version: 2016.5.0.11

I have installed Puppet Enterprise agent on Win Server 2008 R2 Enterprise (64-bit).

C:\Users\Administrator>puppet --version

When i try connecting to the Puppet server, i get only the following output:

C:\Windows\system32>puppet agent --test
Exiting; no certificate found and waitforcert is disabled

On server, if i check for any pending cert signing request, i see nothing:

# puppet cert --list

I have verified that i am able to telnet to Puppet server on port 8140 from my Win agent box.

Also shown below is the Puppet service running as Local System user.

image description

My Puppet server has the following entry in /etc/puppetlabs/puppet/puppet.conf

certname =
server =
user = pe-puppet
group = pe-puppet
environment_timeout = 0
app_management = true
module_groups = base+pe_only
environmentpath = /etc/puppetlabs/code/environments
codedir = /etc/puppetlabs/code

graph = true

node_terminus = classifier
storeconfigs = true
storeconfigs_backend = puppetdb
reports = puppetdb
certname =
always_cache_features = true

On Win agent, i have specified the Puppet server name in host file:

xx.yy.zz.zzz puppet-server

On Win agent, I have also mentioned the server name in C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf file


Any pointers?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2016-12-29 01:19:23 -0500

Garbageyard gravatar image

From IRC (@binford2k), i got help.

"Exiting; no certificate found and waitforcert is disabled" means that the client has already generated a CSR. If it's got a CSR, then it won't try to generate another. However, if somehow the CSR didn't make it to the master, then the master won't know about it and the agent won't try again because it's got a CSR already. To resolve the above, remove the SSL dir on the agent and then try running puppet again.

When i removed the SSL dir (C:\ProgramData\PuppetLabs\puppet\etc\ssl) as per above suggestion, it worked. :)

C:\Windows\system32>puppet agent --test --server=puppet-server
Info: Creating a new SSL key for
Info: Caching certificate for ca
Info: csr_attributes file loading from C:/ProgramData/PuppetLabs/puppet/etc/csr_
Info: Creating a new SSL certificate request for
Info: Certificate Request fingerprint (SHA256): 99:02:46:D1:A4:32:6F:A5:CE:06:39
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-12-26 23:00:46 -0500

Seen: 97 times

Last updated: Dec 29 '16