• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Problem with domain join after deployement

Scheduled Pinned Locked Moved Solved
FOG Problems
2
31
3.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    benjamind
    last edited by Apr 3, 2019, 11:33 AM

    @Sebastian-Roth Thanks for your return.

    What error are you talking about exactly?

    All our machines can’t join the domain automatically after a deployment by Fog. Do you talk about a specific error message from the fog.log ?

    I’m doing a deployment again now and I’ll check if I have the file when it will be finished. I’ll keep you update.

    1 Reply Last reply Reply Quote 0
    • B
      benjamind
      last edited by Apr 3, 2019, 1:09 PM

      @Sebastian-Roth Here is the fog.log starting from when i renamed the token.dat.

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Apr 3, 2019, 1:53 PM

        @benjamind Sorry, missed to paste the error message last time: Middleware::Response Failed to decrypt data

        Here is the fog.log starting from when i renamed the token.dat.

        Did you restart the FOG Service or the whole machine after renaming? Just want to make sure.

        Can you please run the following commands on your FOG server and post output here [1]:

        openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt
        openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem
        

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • B
          benjamind
          last edited by Apr 3, 2019, 2:49 PM

          @Sebastian-Roth I have restarted the FOG service.

          root@fog:~# openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt
          notBefore=Sep  3 09:07:28 2018 GMT
          notAfter=Aug 31 09:07:28 2028 GMT
          root@fog:~# openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem
          notBefore=Nov 24 09:57:37 2016 GMT
          notAfter=Nov 22 09:57:37 2026 GMT
          
          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Apr 3, 2019, 3:36 PM

            @benjamind I am wondering, why is the server cert roughly two years younger than the CA? Did you update that server cert by intention last September?

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • B
              benjamind
              last edited by Apr 4, 2019, 8:50 AM

              @Sebastian-Roth Sorry, i give you the return on the commands form an other FOG server. Here is the return form the concerned server :

              root@fog-dev:~# openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt
              notBefore=Mar 14 07:16:32 2019 GMT
              notAfter=Mar 11 07:16:32 2029 GMT
              root@fog-dev:~# openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem
              notBefore=Apr 5 13:49:36 2018 GMT
              notAfter=Apr 2 13:49:36 2028 GMT

              The srvprublic.crt date corresponds to our last FOG update from 1.5.0 to 1.5.5 and the ca.cert.pem should corresponds to the first installation of the server.

              Is it a normal behaviour ?

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Sebastian Roth Apr 4, 2019, 4:03 AM Apr 4, 2019, 10:03 AM

                @benjamind Which command line options did you choose when updating?

                @Tom-Elliott Any ideas??

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 0
                • B
                  benjamind
                  last edited by Apr 4, 2019, 10:55 AM

                  @Sebastian-Roth Here is is the commands i used to update our server :
                  cd /root/fogproject/
                  git pull
                  cd bin/
                  ./installfog.sh

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by Sebastian Roth Apr 4, 2019, 5:29 AM Apr 4, 2019, 11:27 AM

                    @benjamind Sorry, my fault. I went down the wrong road. CA cert should not be renewed (unless you specify so using command line options) but the server cert is renewed on FOG updates.

                    We might need to take a look into your database to see if there are tokens pending that you don’t see in the host settings.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    1 Reply Last reply Reply Quote 0
                    • B
                      benjamind
                      last edited by Apr 4, 2019, 11:37 AM

                      @Sebastian-Roth What do you want to verify precisely on the database ?

                      1 Reply Last reply Reply Quote 0
                      • S
                        Sebastian Roth Moderator
                        last edited by Apr 4, 2019, 11:42 AM

                        @benjamind Try SELECT hostID,hostName,hostSecToken FROM hosts WHERE hostName LIKE '%PC2409M%';

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        1 Reply Last reply Reply Quote 0
                        • B
                          benjamind
                          last edited by Sebastian Roth Apr 8, 2019, 9:18 AM Apr 4, 2019, 12:55 PM

                          @Sebastian-Roth

                          MariaDB [fog]> SELECT hostID,hostName,hostSecToken FROM hosts WHERE hostName LIKE ‘%PC2409M%’;

                          +------------+-------------------+-------------------------+
                          | hostID     | hostName          | hostSecToken            |
                          +------------+-------------------+-------------------------+
                          | 61         | PC2409M           |                         |
                          +------------+-------------------+-------------------------+
                          
                          1 Reply Last reply Reply Quote 0
                          • B
                            benjamind
                            last edited by Apr 8, 2019, 3:01 PM

                            Hi @Sebastian-Roth,

                            Is the result of the command indicative ?

                            1 Reply Last reply Reply Quote 0
                            • S
                              Sebastian Roth Moderator
                              last edited by Apr 8, 2019, 3:37 PM

                              @benjamind Sorry for the deplay. Have been on travels over the weekend. The output is showing an empty sectoken field. So we need to look at other possibilites why this is going wrong.

                              We have not had much requests from people with the error message “Failed to decrypt data” lately. All the old ones were due to an issue in the FOG server as far as I know but that shouldn’t be the case with FOG version 1.5.5 (which we see you have in the logs).

                              Do you see that same error message on several (or all) of your clients?

                              Could you please install tcpdump on your FOG server. Then stop the FOGService on your client run tcpdump -w fog-client.pcap host x.x.x.x and port 80 on your FOG server and start the FOGService on the client.

                              Put in the client PC’s IP address instead of x.x.x.x and just leave the command for 30 seconds - then stop it with Ctrl+c and upload the resulting fog-client.pcap file to an online drive and post a link here. We should see the HTTP communication between FOG server and your client in that file. Hopefully we can figure out what’s going on.

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              1 Reply Last reply Reply Quote 0
                              • B
                                benjamind
                                last edited by Apr 9, 2019, 7:39 AM

                                @Sebastian-Roth We have the same error message on other clients. Here is the fog.log fog.log of an other client.

                                Here is the pcap file.

                                Thnak you for your help.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Sebastian Roth Moderator
                                  last edited by Apr 9, 2019, 3:03 PM

                                  @benjamind Ohhh, I was on the wrong track again. I expected the error message to be from the fog-client source code but looking at the PCAP file I figured that the FOG server is actually sending this (same) message to the fog-client. I am still not really sure why the FOG server is failing with that error but at least the picture is a little different now. The fog-client encrypts the data and sends it over to the server and the server is unable to decrypt it.

                                  Please run the following commands on your FOG server just to make sure certificate and private key match:

                                  openssl x509 -noout -modulus -in /var/www/fog/management/other/ssl/srvpublic.crt | openssl md5
                                  openssl rsa -noout -modulus -in /opt/fog/snapins/ssl/.srvprivate.key | openssl md5
                                  

                                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    benjamind
                                    last edited by Apr 9, 2019, 3:08 PM

                                    @Sebastian-Roth

                                    root@fog-dev:~# openssl x509 -noout -modulus -in /var/www/fog/management/other/ssl/srvpublic.crt | openssl md5
                                    (stdin)= 6bf7b33e8a206b266560c17350102ffa
                                    root@fog-dev:~# openssl rsa -noout -modulus -in /opt/fog/snapins/ssl/.srvprivate.key | openssl md5
                                    (stdin)= 240adcef143c7ba2a2b4551282f476f9

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      Sebastian Roth Moderator
                                      last edited by Sebastian Roth Apr 9, 2019, 2:50 PM Apr 9, 2019, 8:49 PM

                                      @benjamind Ok, here we’ve found it. The certificate (srvpublic.crt) and the private key (.srvprivate.key) don’t match. I have no idea why that might have happened. But we should be able to manually create a new certificate for you and fix this issue. You just need to closely follow the instructions (run as root):

                                      Make sure you set the variables (first two commands) correctly!! IP address instead of x.x.x.x and the proper full qualified hostname of the FOG server.

                                      export ipaddress=x.x.x.x
                                      export hostname=fog-dev.lan.esiee.fr
                                      
                                      mv /var/www/fog/management/other/ssl/srvpublic.crt /var/www/fog/management/other/ssl/srvpublic.crt.old
                                      
                                      cd /opt/fog/snapins/ssl/
                                      
                                      cat > req.cnf << EOF
                                      [req]
                                      distinguished_name = req_distinguished_name
                                      req_extensions = v3_req
                                      prompt = yes
                                      [req_distinguished_name]
                                      CN = $ipaddress
                                      [v3_req]
                                      subjectAltName = @alt_names
                                      [alt_names]
                                      DNS.1 = $ipaddress
                                      DNS.2 = $hostname
                                      EOF
                                      
                                      cat > ca.cnf << EOF
                                      [v3_ca]
                                      subjectAltName = @alt_names
                                      [alt_names]
                                      DNS.1 = $ipaddress
                                      DNS.2 = $hostname
                                      EOF
                                      
                                      openssl req -new -sha512 -key .srvprivate.key -out fog.csr -config req.cnf
                                      
                                      openssl x509 -req -in fog.csr -CA CA/.fogCA.pem -CAkey CA/.fogCA.key -CAcreateserial -out /var/www/fog/management/other/ssl/srvpublic.crt -days 3650 -extensions v3_ca -extfile ca.cnf
                                      

                                      After that check to see if the new certificate returns the same md5 hash as the private key file.

                                      openssl x509 -noout -modulus -in /var/www/fog/management/other/ssl/srvpublic.crt | openssl md5
                                      openssl rsa -noout -modulus -in /opt/fog/snapins/ssl/.srvprivate.key | openssl md5
                                      

                                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        benjamind
                                        last edited by Apr 10, 2019, 7:31 AM

                                        @Sebastian-Roth

                                        It seems to be better :

                                        root@fog-dev:~# openssl x509 -noout -modulus -in /var/www/fog/management/other/ssl/srvpublic.crt | openssl md5
                                        (stdin)= 240adcef143c7ba2a2b4551282f476f9
                                        root@fog-dev:~# openssl rsa -noout -modulus -in /opt/fog/snapins/ssl/.srvprivate.key | openssl md5
                                        (stdin)= 240adcef143c7ba2a2b4551282f476f9

                                        I have started a new deployment i’ll keep you update.

                                        Thank you.

                                        1 Reply Last reply Reply Quote 0
                                        • B
                                          benjamind
                                          last edited by Apr 10, 2019, 10:32 AM

                                          @Sebastian-Roth The deployment is finished and the PC has correctly joined the domain.

                                          Here is the logs file : fog.log.

                                          Does everything seems good to you ?

                                          Thank you very much for your help.

                                          1 Reply Last reply Reply Quote 0
                                          • 1
                                          • 2
                                          • 1 / 2
                                          1 / 2
                                          • First post
                                            19/31
                                            Last post

                                          195

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project