new install attempt to register host failed
-
Its a Premium SSL Wildcard Certificate from Sectigo Certification Authority
-
http:// doesn’t work either
Here is a screenshot of the dashboard with Certificate pulled up.
-
@bogle Ok now we are getting some place.
I see your fog server url is at
fogserver.<redacted>.com
but if you look at your first picture its trying to contact10.141.13.96
server. Why does the conical name work where the IP address doesn’t? -
Good question, I just tried this and it returned results.
Here is my host file
<VirtualHost *:80> <FilesMatch "\.php$"> SetHandler "proxy:fcgi://127.0.0.1:9000/" </FilesMatch> ServerName 10.141.13.96 ServerAlias fogserver.<redacted>.com RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule /management/other/ca.cert.der$ - [L] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L] </VirtualHost> <VirtualHost *:443> KeepAlive Off <FilesMatch "\.php$"> SetHandler "proxy:fcgi://127.0.0.1:9000/" </FilesMatch> ServerName 10.141.13.96 ServerAlias fogserver.<redacted>.com DocumentRoot /var/www/html/ SSLEngine On SSLProtocol all -SSLv3 -SSLv2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder On SSLCertificateFile /etc/pki/tls/certs/STAR_grahamrmc_com.crt SSLCertificateKeyFile /etc/pki/tls/private/_grahamrmc_com.key SSLCertificateChainFile /etc/pki/tls/certs/STAR_grahamrmc_com.ca-bundle <Directory /var/www/html/fog/> DirectoryIndex index.php index.html index.htm </Directory> RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d RewriteRule ^/fog/(.*)$ /fog/api/index.php [QSA,L] </VirtualHost>
I modifed the .fogsettings file portion where SSL Setting is
-
@bogle Well at this point, I’ve hit a wall on my knowledge in regards to SSL and apache. Its either the certificate blocking because its expecting a conical name or in the apache configuration the serveralias needs to have the IP address listed. But you are near the root of your problem. Once you get https working via the IP address it will work.
There is another way to work around it but I really don’t like that method because it make the client rely on DNS resolution to get imaging to work. You can go into the fog configuration settings and change all references to the IP address to the system’s conical name. You will also have to update the storage node settings too.
-
Ok I will revert back to a previous vm snapshot so I can use http instead of https and start over.
-
In the meantime whats the best way to get a windows 10 pro image working?
I am looking at this site right now
https://www.ceos3c.com/sysadmin/create-generalized-windows-10-image-deploy-fog-server/
-
@bogle said in new install attempt to register host failed:
I modifed the .fogsettings file portion where SSL Setting is
Did you re-run the installer after that? The .fogsettings file is only being used by the installer script but not being read at runtime. So changes to this file need to be “populated” by re-running the installer. That said I am not exactly sure if all the things involved to make FOG work with SSL are playing nicely if you change that path. While it definitely should I just wonder if if does because probably not too many people have done this. Usually people using custom certificates simply put those into the places where FOG has it’s cert files by default.
I know this sounds very 80s, like just keep it all to default because changing settings might break it. But SSL is still kind of new in FOG, not being used by the mass of people and we have not had the time to make this rock solid in all cases yet.
It’s interesting you get a page load error when accessing the website using the IP address. Maybe check apache logs (see my signature) to see if there is a hint on why it fails?!
In the meantime whats the best way to get a windows 10 pro image working?
Would you mind opening a new topic on this? Best if we don’t mix up things so we don’t get lost and also other people will find answers easier.
-
@bogle said in new install attempt to register host failed:
In the meantime whats the best way to get a windows 10 pro image working?
That site is a good place to start. You can either build the computer in audit mode or use MDT to create your reference image. Either way, don’t connect the reference image computer to your AD domain at all. Run audit mode unconnected to AD. You will have a better reference image in the end. Let FOG or have the unattend.xml file connect the target computer to AD at the end of deployment.
-
Thanks for your help. I reinstall the FOG Project and it works out of the box. On my test pc it booted successfully to the PXE menu. Tested it twice using legacy mode and uefi mode!
-
@bogle SSL enabled this time or not? Where did you put the certificates?