• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Migrated FOG, Clients Not Happy

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    2
    26
    3.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Scott BS
      Scott B @Sebastian Roth
      last edited by

      @Sebastian-Roth

      I did copy them over and ran the installer again. Is it only files in /opt/fog/snapins/ssl/ or do I have to worry about the certs in /var/www/fog/management/other/ as well?

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by

        @Scott-B said in Migrated FOG, Clients Not Happy:

        I did copy them over and ran the installer again. Is it only files in /opt/fog/snapins/ssl/ or do I have to worry about the certs in /var/www/fog/management/other/ as well?

        The installer should take care of the rest (/var/www/fog/management/other/…). Please see if the client’s are happy reconnecting now.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        Scott BS 1 Reply Last reply Reply Quote 0
        • Scott BS
          Scott B @Sebastian Roth
          last edited by

          @Sebastian-Roth

          They are still not happy.

          ------------------------------------------------------------------------------
          ----------------------------------UserTracker---------------------------------
          ------------------------------------------------------------------------------
           12/19/2019 12:14 PM Client-Info Client Version: 0.11.17
           12/19/2019 12:14 PM Client-Info Client OS:      Windows
           12/19/2019 12:14 PM Client-Info Server Version: 1.5.7.86
           12/19/2019 12:14 PM Middleware::Response ERROR: Unable to get subsection
           12/19/2019 12:14 PM Middleware::Response ERROR: Object reference not set to an instance of an object.
           12/19/2019 12:14 PM Service Sleeping for 84 seconds
           12/19/2019 12:15 PM Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&configure&newService&json
           12/19/2019 12:15 PM Middleware::Response Success
           12/19/2019 12:15 PM Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&mac=2C:41:38:8F:55:FF&newService&json
           12/19/2019 12:15 PM Middleware::Authentication Waiting for authentication timeout to pass
           12/19/2019 12:15 PM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
           12/19/2019 12:16 PM Data::RSA FOG Server CA cert found
           12/19/2019 12:16 PM Data::RSA ERROR: Certificate validation failed
           12/19/2019 12:16 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
           12/19/2019 12:16 PM Middleware::Authentication ERROR: Could not authenticate
           12/19/2019 12:16 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
           12/19/2019 12:16 PM Middleware::Response Success
           12/19/2019 12:16 PM Middleware::Communication URL: http://fogserver/fog/service/getversion.php?clientver&newService&json
           12/19/2019 12:16 PM Middleware::Communication URL: http://fogserver/fog/service/getversion.php?newService&json
          
           12/19/2019 12:16 PM Service Creating user agent cache
           12/19/2019 12:16 PM Middleware::Response ERROR: Unable to get subsection
           12/19/2019 12:16 PM Middleware::Response ERROR: Object reference not set to an instance of an object.
           12/19/2019 12:16 PM Middleware::Response ERROR: Unable to get subsection
           12/19/2019 12:16 PM Middleware::Response ERROR: Object reference not set to an instance of an object.
           12/19/2019 12:16 PM Middleware::Response ERROR: Unable to get subsection
           12/19/2019 12:16 PM Middleware::Response ERROR: Object reference not set to an instance of an object.
          
          
          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Sebastian Roth

            @Scott-B Still the same error. Sounds a bit like it still sends out the old certificate. Re-running the installer should have restarted the Apache webserver. But you might manually restart it (systemctl restart apache2 or systemctl restart httpd) or the whole server.

            Then do a comparison of the thumbprints again. Sorry again, I think I have messed up

            openssl x509 -in /opt/fog/snapins/ssl/CA/.fogCA.pem -fingerprint -noout
            openssl x509 -in /var/www/html/management/other/ssl/ca.cert.pem -fingerprint -noout
            

            Compare those to the thumbprint you find in the certificate management in Windows from the “FOG Server CA”.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • Scott BS
              Scott B
              last edited by

              @Sebastian-Roth said in Migrated FOG, Clients Not Happy:

              systemctl restart apache2

              Restarted apache and rechecked the thumbprints. They are still different. Same thumbprints as before.

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Sebastian Roth

                @Scott-B Funny I just got time to look into this again. It’s very strange you still get the “wrong” thumbprint. Are you sure you copied the right files?

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by

                  @Scott-B Can you get the thumbprints on the old server?

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  Scott BS 1 Reply Last reply Reply Quote 0
                  • Scott BS
                    Scott B @Sebastian Roth
                    last edited by

                    @Sebastian-Roth said in Migrated FOG, Clients Not Happy:

                    @Scott-B Can you get the thumbprints on the old server?

                    The tumbprint from srvpublic.crt in /var/fog/management/other/ssl on the older server is
                    88901133f4640b294ec5f4538e3f098eccadca45

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sebastian Roth Moderator
                      last edited by

                      @Scott-B said in Migrated FOG, Clients Not Happy:

                      The tumbprint from srvpublic.crt in /var/fog/management/other/ssl on the older server is
                      88901133f4640b294ec5f4538e3f098eccadca45

                      Watch out! You don’t want to compare apples with pears! What you need is the same CA certificate (same thumbprint) that you had on the old server to be used on the new server as well. The CA cert is originally generated in /opt/fog/snapins/ssl/CA/.fogCA.pem and then copied over to /var/www/html/management/other/ssl/ca.cert.pem - those two files should have the exact same thumbprint. The later one is used by the fog-client installer to “pin” itself to this exact FOG server. So the certificate you see as “FOG Server CA” on the client should essentially be the exact same as the two mentioned above.

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      1 Reply Last reply Reply Quote 0
                      • S
                        Sebastian Roth Moderator
                        last edited by

                        @Scott-B Did you find what was causing this?

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        Scott BS 1 Reply Last reply Reply Quote 0
                        • Scott BS
                          Scott B @Sebastian Roth
                          last edited by

                          @Sebastian-Roth said in Migrated FOG, Clients Not Happy:

                          @Scott-B Did you find what was causing this?

                          No, I have not. My backup, clients, and current running server all have different thumbprints. I have no idea how that’s happened. Is it possible to take the cert from a client and add it to the server?

                          1 Reply Last reply Reply Quote 0
                          • S
                            Sebastian Roth Moderator
                            last edited by

                            @Scott-B Do you still have a backup copy of your old server?

                            Is it possible to take the cert from a client and add it to the server?

                            Sorry, no. The key needed is only on your server and never transferred to the clients.

                            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                            1 Reply Last reply Reply Quote 0
                            • S
                              Sebastian Roth Moderator
                              last edited by

                              @Scott-B Do you still struggle to get this to work?

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              Scott BS 1 Reply Last reply Reply Quote 0
                              • Scott BS
                                Scott B @Sebastian Roth
                                last edited by

                                @Sebastian-Roth

                                We were not able to bring his setup back online and reconnect the client. I ended up building a new fresh FOG install and we will reimport the machines as we go around. It’s not to big a deal as we needed an excuse to clean up the database anyway.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Sebastian Roth Moderator
                                  last edited by Sebastian Roth

                                  @Scott-B But you’ll need to reinstall the fog-client software on all your machines too.

                                  Other than that you might try to use GPO powershell scripting to exchange the certificates on all the machines as well.

                                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                  Scott BS 1 Reply Last reply Reply Quote 0
                                  • Scott BS
                                    Scott B @Sebastian Roth
                                    last edited by

                                    @Sebastian-Roth

                                    I’ll have to brush up on the commands for replacing the certs on the clients. Been a long time.

                                    1 Reply Last reply Reply Quote 0
                                    • 1
                                    • 2
                                    • 1 / 2
                                    • First post
                                      Last post

                                    151

                                    Online

                                    12.1k

                                    Users

                                    17.3k

                                    Topics

                                    155.3k

                                    Posts
                                    Copyright © 2012-2024 FOG Project