client server token issues.

Greg Plamondon

I am having issues with the latest working branch rev 64
for some reason the client will no longer communicate with the server, I get the following in the fog.log

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 10/17/2017 1:17 PM Client-Info Version: 0.11.12
 10/17/2017 1:17 PM Client-Info OS:      Windows
 10/17/2017 1:17 PM Middleware::Authentication Waiting for authentication timeout to pass
 10/17/2017 1:17 PM Middleware::Communication Download: http://10fogserver/fog/management/other/ssl/srvpublic.crt
 10/17/2017 1:17 PM Data::RSA FOG Server CA cert found
 10/17/2017 1:17 PM Middleware::Authentication Cert OK
 10/17/2017 1:17 PM Middleware::Authentication ERROR: Could not get security token
 10/17/2017 1:17 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
 10/17/2017 1:17 PM Middleware::Communication POST URL: http://10fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
 10/17/2017 1:17 PM Middleware::Response Failed to decrypt data

Greg Plamondon

@sebastian-roth I don’t know how that happened but I copied the srvpublic.crt from a backup and it is fixed.

Thanks for all the help

Sebastian Roth

Moved to bug reports as it looks like an issue on the server side from what I see so far. Thanks for reporting. We’ll look into this soon.

@Tom-Elliott Something that changed in the PHP code that could cause this?

Tom Elliott

Nope. Nothing. I’ve been working with Greg most of the day on this. His last working version was 57 (67cd9e). However, this issue still occurs on this version as well, now.

Sebastian Roth

@Tom-Elliott Could we possibly can get a tcpdump of the traffic when this happens? Just run sudo tcpdump -w /tmp/client-foo.pcap host x.x.x.x…

Sebastian Roth

@Tom-Elliott Ok, just had a look at the PCAP (thanks for that!). Looks like the client does send “proper looking” data but the server is not able to handle it.

@Greg-Plamondon Possibly that’s because client and server time differ too much? Please check to see if those match up (at the most ten seconds difference).

Is this a fairly new install (certs created when?) or an old one?

Greg Plamondon

@sebastian-roth The times are synced with 0.pool.ntp.org and are spot on.
This installation is atleast 2-3 years old

Sebastian Roth

@Greg-Plamondon Ok, just wanted to make sure time is not an issue. Please run the following commands on the FOG server terminal and post output here:

openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt
openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem

Greg Plamondon

@sebastian-roth said in client server token issues.:

openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt
openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem

root@10fogserver:~ $ openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt
notBefore=Oct 17 16:56:23 2017 GMT
notAfter=Oct 15 16:56:23 2027 GMT
root@10fogserver:~ $ openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem
notBefore=Jul 19 22:30:11 2016 GMT
notAfter=Jul 17 22:30:11 2026 GMT

Sebastian Roth

@Greg-Plamondon said:

... srvpublic.crt
notBefore=Oct 17 16:56:23 2017 GMT
...

Fairly recently?!?

Greg Plamondon

@sebastian-roth I don’t know how that happened but I copied the srvpublic.crt from a backup and it is fixed.

Thanks for all the help