From 0ea87482858dcd6a04500d5466368e975576c73d Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Tue, 16 Jun 2026 16:45:44 -0700 Subject: [PATCH 1/3] =?UTF-8?q?Fix=20Windows=20agent=20path=20in=20docs=20?= =?UTF-8?q?(SmallstepApp=20=E2=86=92=20SmallstepAgent)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Windows installer places the agent at C:\Program Files\Smallstep\SmallstepAgent\smallstep-agent.exe, per the WiX INSTALLFOLDER name. The troubleshooting and install docs referenced the stale SmallstepApp directory. Fixes EFF-380 Co-Authored-By: Claude Opus 4.8 (1M context) --- platform/smallstep-agent.mdx | 2 +- platform/troubleshooting-agent.mdx | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/platform/smallstep-agent.mdx b/platform/smallstep-agent.mdx index b2a9cc8d..9c06c93d 100644 --- a/platform/smallstep-agent.mdx +++ b/platform/smallstep-agent.mdx @@ -481,7 +481,7 @@ Replace `` and `` with your Smallstep [team ID 2. On the device, navigate to the agent installation directory and obtain the device's TPM fingerprint: ``` -cd 'C:\Program Files\Smallstep\SmallstepApp\' +cd 'C:\Program Files\Smallstep\SmallstepAgent\' .\smallstep-agent.exe tpm --fingerprint ``` diff --git a/platform/troubleshooting-agent.mdx b/platform/troubleshooting-agent.mdx index 6fcc5492..e4688699 100644 --- a/platform/troubleshooting-agent.mdx +++ b/platform/troubleshooting-agent.mdx @@ -144,7 +144,7 @@ The Smallstep Agent includes a `doctor` command that performs automated health c **On Windows:** ```powershell -& 'C:\Program Files\Smallstep\SmallstepApp\smallstep-agent.exe' doctor +& 'C:\Program Files\Smallstep\SmallstepAgent\smallstep-agent.exe' doctor ``` **On Linux:** @@ -542,10 +542,10 @@ Quick reference for platform-specific commands and file locations. | Task | Command or Location | |------|---------------------| | Check if agent is running | Task Manager → search for `Smallstep` | -| Check agent version | `& "C:\Program Files\Smallstep\SmallstepApp\smallstep-agent.exe" version` | -| Run doctor | `& "C:\Program Files\Smallstep\SmallstepApp\smallstep-agent.exe" doctor` | +| Check agent version | `& "C:\Program Files\Smallstep\SmallstepAgent\smallstep-agent.exe" version` | +| Run doctor | `& "C:\Program Files\Smallstep\SmallstepAgent\smallstep-agent.exe" doctor` | | Certificate location | Windows Certificate Store (`certmgr.msc` for Current User, `certlm.msc` for Local Machine) | -| Collect logs | `& "C:\Program Files\Smallstep\SmallstepApp\smallstep-agent.exe" logs collect` | +| Collect logs | `& "C:\Program Files\Smallstep\SmallstepAgent\smallstep-agent.exe" logs collect` | ### Linux From b9406292bb1bba9aa24c6d334fcb64670632b801 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Tue, 16 Jun 2026 16:47:10 -0700 Subject: [PATCH 2/3] Add tel.smallstep.com to Connectivity Requirements The agent sends telemetry to tel.smallstep.com:443 (see the agent's telemetry target and doctor check), but it was missing from the Connectivity Requirements host list. Fixes EFF-381 Co-Authored-By: Claude Opus 4.8 (1M context) --- platform/smallstep-agent.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/platform/smallstep-agent.mdx b/platform/smallstep-agent.mdx index 9c06c93d..7e7ef9fc 100644 --- a/platform/smallstep-agent.mdx +++ b/platform/smallstep-agent.mdx @@ -85,6 +85,7 @@ The agent connects to the following Smallstep hosts: - Agent API: `control.infra.smallstep.com` - Smallstep API: `gateway.smallstep.com` - TPM Attestation CA: `att.smallstep.com` +- Telemetry: `tel.smallstep.com` # Downloads From abfd5921045fcfaf3ad52f8c3f7206e09f534363 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Tue, 16 Jun 2026 16:49:15 -0700 Subject: [PATCH 3/3] Add tel.smallstep.com to MDM tutorial firewall allowlists The agent's telemetry host was missing from the per-MDM connectivity allowlists (Jamf, Intune, Mosyle, Fleet, IRU), same gap as the main Connectivity Requirements section. Fixes EFF-381 Co-Authored-By: Claude Opus 4.8 (1M context) --- tutorials/connect-fleet-dm-to-smallstep.mdx | 1 + tutorials/connect-intune-to-smallstep.mdx | 1 + tutorials/connect-iru-to-smallstep.mdx | 1 + tutorials/connect-jamf-pro-to-smallstep.mdx | 1 + tutorials/connect-mosyle-to-smallstep.mdx | 1 + 5 files changed, 5 insertions(+) diff --git a/tutorials/connect-fleet-dm-to-smallstep.mdx b/tutorials/connect-fleet-dm-to-smallstep.mdx index cb7ac66b..7a080d0f 100644 --- a/tutorials/connect-fleet-dm-to-smallstep.mdx +++ b/tutorials/connect-fleet-dm-to-smallstep.mdx @@ -28,6 +28,7 @@ Client requirements: *.[team-name].ca.smallstep.com auth.smallstep.com att.smallstep.com + tel.smallstep.com ``` Supported platforms: diff --git a/tutorials/connect-intune-to-smallstep.mdx b/tutorials/connect-intune-to-smallstep.mdx index 51dfbde1..0e1934e1 100644 --- a/tutorials/connect-intune-to-smallstep.mdx +++ b/tutorials/connect-intune-to-smallstep.mdx @@ -31,6 +31,7 @@ Client requirements: *.[team-name].ca.smallstep.com auth.smallstep.com att.smallstep.com + tel.smallstep.com ``` - Windows 10 (Anniversary Edition) or higher is supported. Windows Home is not supported. diff --git a/tutorials/connect-iru-to-smallstep.mdx b/tutorials/connect-iru-to-smallstep.mdx index 22628c9b..29a39c16 100644 --- a/tutorials/connect-iru-to-smallstep.mdx +++ b/tutorials/connect-iru-to-smallstep.mdx @@ -28,6 +28,7 @@ Client requirements: *.[team-name].ca.smallstep.com auth.smallstep.com att.smallstep.com + tel.smallstep.com ``` Limitations: diff --git a/tutorials/connect-jamf-pro-to-smallstep.mdx b/tutorials/connect-jamf-pro-to-smallstep.mdx index 4caba7ee..13685432 100644 --- a/tutorials/connect-jamf-pro-to-smallstep.mdx +++ b/tutorials/connect-jamf-pro-to-smallstep.mdx @@ -28,6 +28,7 @@ Client requirements: *.[team-name].ca.smallstep.com auth.smallstep.com att.smallstep.com + tel.smallstep.com ``` Limitations: diff --git a/tutorials/connect-mosyle-to-smallstep.mdx b/tutorials/connect-mosyle-to-smallstep.mdx index 8555433a..2c75eae8 100644 --- a/tutorials/connect-mosyle-to-smallstep.mdx +++ b/tutorials/connect-mosyle-to-smallstep.mdx @@ -27,6 +27,7 @@ Client requirements: *.[team-name].ca.smallstep.com auth.smallstep.com att.smallstep.com + tel.smallstep.com ``` Limitations: