• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Problems with FOG client and FIPS validation

    Scheduled Pinned Locked Moved Unsolved
    FOG Problems
    3
    9
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Brian David
      last edited by

      Fog Version: 1.5.0-RC-9
      Fog Client Version: 0.11.12
      Server: Ubuntu Server 16.04.3 LTS

      We recently used GPO to force all our computers to require FIPS compliant encryption suites whenever using encryption to communicate (this is a requirement for PCI compliance). Unfortunately, this seems to have broken the FOG Client. Here are the relevant log entries:

      ----------------------------------------------------------------
      ----------------------------------UserTracker-------------------
      ----------------------------------------------------------------
       11/4/2017 5:27 PM Client-Info Client Version: 0.11.12
       11/4/2017 5:27 PM Client-Info Client OS:      Windows
       11/4/2017 5:27 PM Client-Info Server Version: 1.5.0-RC-9
       [...extraneous lines snipped...]
       11/4/2017 5:29 PM Middleware::Communication URL: http://fog/fog/management/index.php?sub=requestClientInfo&configure&newService&json
       11/4/2017 5:29 PM Middleware::Response Success
       11/4/2017 5:29 PM Middleware::Communication URL: http://fog/fog/management/index.php?sub=requestClientInfo&mac=40:8D:5C:D5:08:9B&newService&json
       11/4/2017 5:29 PM Data::AES ERROR: Could not decrypt AES
       11/4/2017 5:29 PM Data::AES ERROR: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
      

      I don’t suppose anyone else has run into this issue and has any workarounds?

      1 Reply Last reply Reply Quote 0
      • Wayne WorkmanW
        Wayne Workman
        last edited by

        @Joe-Schmitt You better take a look at this one.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
        Daily Clean Installation Results:
        https://fogtesting.fogproject.us/
        FOG Reporting:
        https://fog-external-reporting-results.fogproject.us/

        1 Reply Last reply Reply Quote 0
        • B
          Brian David
          last edited by

          @joe-schmitt Okay, sounds good. I’ll keep an eye out on future updates and I appreciate the work you do.

          1 Reply Last reply Reply Quote 0
          • J
            Joe Schmitt Senior Developer
            last edited by

            Ticket: https://github.com/FOGProject/zazzles/issues/24

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            1 Reply Last reply Reply Quote 0
            • J
              Joe Schmitt Senior Developer
              last edited by Joe Schmitt

              @Brian-David could you test this build https://build.jbob.io/Zazzles/nightly/PCI-Compliance-01/Zazzles.dll

              To test:

              • stop the client: net stop fogservice,
              • replace C:\Program Files (x86)\FOG\Zazzles.dll with the file I linked to
              • start the client : net start fogservice

              And then monitor the client logs / behavior for any more issues.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              B 1 Reply Last reply Reply Quote 0
              • B
                Brian David @Joe Schmitt
                last edited by

                @joe-schmitt I followed your instructions, but the FOG Service won’t start after the .dll file is replaced. There were two relevant errors in the event log.

                First:

                Log Name:      Application
                Source:        .NET Runtime
                Date:          11/6/2017 8:24:03 AM
                Event ID:      1026
                Task Category: None
                Level:         Error
                Keywords:      Classic
                User:          N/A
                Computer:     xxx
                Description:
                Application: FOGService.exe
                Framework Version: v4.0.30319
                Description: The process was terminated due to an unhandled exception.
                Exception Info: System.IO.FileLoadException
                   at Zazzles.Settings..cctor()
                
                Exception Info: System.TypeInitializationException
                   at Zazzles.Settings.get_Location()
                   at FOG.Program.Main()
                
                
                Event Xml:
                <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
                  <System>
                    <Provider Name=".NET Runtime" />
                    <EventID Qualifiers="0">1026</EventID>
                    <Level>2</Level>
                    <Task>0</Task>
                    <Keywords>0x80000000000000</Keywords>
                    <TimeCreated SystemTime="2017-11-06T14:24:03.000000000Z" />
                    <EventRecordID>4459</EventRecordID>
                    <Channel>Application</Channel>
                    <Computer>xxx</Computer>
                    <Security />
                  </System>
                  <EventData>
                    <Data>Application: FOGService.exe
                Framework Version: v4.0.30319
                Description: The process was terminated due to an unhandled exception.
                Exception Info: System.IO.FileLoadException
                   at Zazzles.Settings..cctor()
                
                Exception Info: System.TypeInitializationException
                   at Zazzles.Settings.get_Location()
                   at FOG.Program.Main()
                
                </Data>
                  </EventData>
                </Event>
                

                Second:

                Log Name:      Application
                Source:        Application Error
                Date:          11/6/2017 8:24:18 AM
                Event ID:      1000
                Task Category: (100)
                Level:         Error
                Keywords:      Classic
                User:          N/A
                Computer:      xxx
                Description:
                Faulting application name: FOGService.exe, version: 0.0.0.0, time stamp: 0x58f267cf
                Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f32841
                Exception code: 0xe0434352
                Fault offset: 0x00015608
                Faulting process id: 0xa6c
                Faulting application start time: 0x01d3570ae56270de
                Faulting application path: C:\Program Files (x86)\FOG\FOGService.exe
                Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
                Report Id: 2c30df72-c2fe-11e7-8288-408d5cd5089b
                Faulting package full name: 
                Faulting package-relative application ID: 
                Event Xml:
                <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
                  <System>
                    <Provider Name="Application Error" />
                    <EventID Qualifiers="0">1000</EventID>
                    <Level>2</Level>
                    <Task>100</Task>
                    <Keywords>0x80000000000000</Keywords>
                    <TimeCreated SystemTime="2017-11-06T14:24:18.000000000Z" />
                    <EventRecordID>4460</EventRecordID>
                    <Channel>Application</Channel>
                    <Computer>xxx</Computer>
                    <Security />
                  </System>
                  <EventData>
                    <Data>FOGService.exe</Data>
                    <Data>0.0.0.0</Data>
                    <Data>58f267cf</Data>
                    <Data>KERNELBASE.dll</Data>
                    <Data>6.3.9600.18666</Data>
                    <Data>58f32841</Data>
                    <Data>e0434352</Data>
                    <Data>00015608</Data>
                    <Data>a6c</Data>
                    <Data>01d3570ae56270de</Data>
                    <Data>C:\Program Files (x86)\FOG\FOGService.exe</Data>
                    <Data>C:\Windows\SYSTEM32\KERNELBASE.dll</Data>
                    <Data>2c30df72-c2fe-11e7-8288-408d5cd5089b</Data>
                    <Data>
                    </Data>
                    <Data>
                    </Data>
                  </EventData>
                </Event>
                
                1 Reply Last reply Reply Quote 0
                • J
                  Joe Schmitt Senior Developer
                  last edited by Joe Schmitt

                  @Brian-David thanks for the logs, could you try installing a new nightly build? Steps are as follows:

                  1. Uninstall the client on a computer
                  2. Under the computer’s host page in the fog dashboard, hit Reset Encryption Data
                  3. Download and run: https://build.jbob.io/Client/nightly/11-13-2017-pci-compliance-01/SmartInstaller.exe
                  4. Restart the computer

                  It will likely still fail, but it should be a step in the right direction.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                  B 1 Reply Last reply Reply Quote 0
                  • B
                    Brian David @Joe Schmitt
                    last edited by

                    @joe-schmitt Followed your instructions, but unfortunately I am getting the same FIPS error when the client tries to authenticate:

                    11/15/2017 8:44 AM Data::AES ERROR: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
                    
                    1 Reply Last reply Reply Quote 0
                    • J
                      Joe Schmitt Senior Developer
                      last edited by

                      @Brian-David alright, thanks for testing. This will require a bit more work than I was hoping for it seems.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                      1 Reply Last reply Reply Quote 0
                      • S Sebastian Roth referenced this topic on
                      • 1 / 1
                      • First post
                        Last post

                      196

                      Online

                      12.0k

                      Users

                      17.3k

                      Topics

                      155.2k

                      Posts
                      Copyright © 2012-2024 FOG Project