Error messages
These are some error messages you might encounter when using Puppet on Windows nodes.
Errors include Could not connect via HTTPS to https://forge.puppet.com,
Unable to verify the SSL certificate, The
certificate may not be signed by a valid CA, and The CA bundle
included with OpenSSL may not be valid or up to date.
These errors occurs when you run the puppet module subcommand on
newly provisioned Windows nodes. The Forge uses an SSL certificate signed by the GeoTrust Global
CA certificate, and new Windows nodes might not have that
CA in their root CA store yet.
Download the GeoTrust Global CA certificate from
GeoTrust's list of root certificates, and then manually install it on the agent node by
running: certutil -addstore Root GeoTrust_Global_CA.pem
puppet) failed to start. Verify that you have sufficient privileges to start
system services.
This error occurs when installing Puppet on a UAC system from a non-elevated account. Although the installer displays the UAC prompt to install Puppet, it does not elevate privileges when trying to start the service.
Make sure to run the .msi installation from an
elevated cmd.exe process. For more information, refer to Commands with elevated privileges.
This error occurs if you attempt to run Windows without required gems.
Required gems include: sys-admin, win32-process, win32-dir, win32-service and win32-taskscheduler
Run this command to install the specified gems: gem install
<GEM_NAME>
This error occurs when the task scheduler gem has a version earlier than 0.2.1.
Run this command to update the task scheduler gem: gem update
win32-taskscheduler
This error occurs when a request for an executable on a remote primary server can't be executed.
Make sure the user and group executable bits are set appropriately on the primary server, for example:
file { "C:/tmp/<FILE_NAME>.exe":
source => "puppet:///modules/<FOLDER_NAME>/<FILE_NAME>.exe",
}
exec { 'C:/tmp/<FILE_NAME>.exe':
logoutput => true
}
This error occurs when the agent can't resolve a DNS name into an IP address or if the agent has an incorrect reverse DNS entry.
Verify that you can run nslookup <DNS>. If this fails, there is
a problem with the DNS settings on the Windows agent. For
example, the primary DNS suffix might not be set. For more information, refer to Microsoft's DNS
documentation.
This error can occur if the agent is running in two different security contexts or if the agent's SSL directory is deleted after it retrieves a certificate from the primary server.
Make sure you elevate privileges by selecting Run as Administrator when you select Start Command Prompt with Puppet.
This error occurs when time on the Windows agents isn't synchronized.
Windows agents that are part of an Active Directory (AD) domain automatically have their time synchronized with AD.
For agents that are not part of an AD domain, you must run the following commands to manually enable and add the Windows time service:
w32tm /register net start w32time w32tm /config /manualpeerlist:<NTP_SERVER> /syncfromflags:manual /update w32tm /resync
'='; expected '}'
This error occurs if you run puppet apply -e from the command line,
and the supplied command is surrounded with single quotes ('). The single quotes cause cmd.exe to interpret any rocket
hash (=>) in the command as a redirect.
Retry the command with double quotes (") instead of
single quotes.
