• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Several problems : unable to install CA certificate, userdel fogproject, updating database failed

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    2
    18
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sebastian Roth Moderator
      last edited by Sebastian Roth

      @Matthieu-Jacquart Can you please run ls -la /opt/fog/snapins/ssl/CA so we see if the CA was re-generated as well? Do you have a backup of the old files just in case??

      As well re-download the updated installer (MSI / EXE), delete the old C:\Windows\Temp\FOGService.install.log on the test client, re-run the new MSI/EXE and post log output here again.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      Matthieu JacquartM 1 Reply Last reply Reply Quote 0
      • Matthieu JacquartM
        Matthieu Jacquart @Sebastian Roth
        last edited by

        @Sebastian-Roth said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

        @Matthieu-Jacquart Can you please run ls -la /opt/fog/snapins/ssl/CA so we see if the CA was re-generated as well? Do you have a backup of the old files just in case??

        Yes I still have old files in bakcup

        root@FOG:/opt/fogproject/bin$ ls -la /opt/fog/snapins/ssl/CA
        total 20
        drwxrwxrwx 2 fogproject www-data 4096 janv. 21  2018 .
        drwxrwxrwx 3 fogproject www-data 4096 janv. 21  2018 ..
        -rwxrwxrwx 1 fogproject www-data 3243 janv.  7 15:30 .fogCA.key
        -rwxrwxrwx 1 fogproject www-data 1801 janv.  7 15:30 .fogCA.pem
        -rwxrwxrwx 1 fogproject www-data   17 janv.  8 13:10 .srl
        root@FOG:/opt/fogproject/bin$
        

        As well re-download the updated installer (MSI / EXE), delete the old C:\Windows\Temp\FOGService.install.log on the test client, re-run the new MSI/EXE and post log output here again.

        Same error

         08/01/2020 13:16 Data::RSA FOG Server CA cert found
         08/01/2020 13:16 Data::RSA FOG Server CA cert found
         08/01/2020 13:16 Installer Starting UnpinServerCert()
         08/01/2020 13:16 Installer Trying to open Windows cert store: LocalMachine
         08/01/2020 13:16 Installer Trying to remove cert 'CN=FOG Server CA'from cert store
         08/01/2020 13:16 Installer ERROR: Could not unpin FOG server CA cert
         08/01/2020 13:16 Installer ERROR: Access denied.
         08/01/2020 13:16 Installer ERROR: Could not pin server CA
         08/01/2020 13:16 Installer ERROR: Access denied.
         08/01/2020 13:16 Installer ERROR: Unable to install CA certificate: Access denied.
        

        Fog 1.5.9.138
        Debian 11
        Vmware ESXi

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by

          @Matthieu-Jacquart said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

          -rwxrwxrwx 1 fogproject www-data 3243 janv. 7 15:30 .fogCA.key
          -rwxrwxrwx 1 fogproject www-data 1801 janv. 7 15:30 .fogCA.pem

          Ok, seems like you somehow managed to re-generate the CA files. This should not happen unless you tell the installer to do so or delete the files. I am not exactly sure but I think it shouldn’t happen when you only delete /opt/fog/.fogsettings and re-run the installer.

          Do you know if there are machines that still have the client installed. Probably some which were not turned on today yet. So my suggestion is you grab your backup, take /opt/fog/snapins/ssl/ (all files and sub directories):

          mv /opt/fog/snapins/ssl /opt/fog/snapins/ssl_bak
          mv /backup/path/opt/fog/snapins/ssl /opt/fog/snapins/ssl
          chown -R fogproject:www-data /opt/fog/snapins/ssl
          systemctl restart apache2
          
          08/01/2020 13:16 Installer Trying to open Windows cert store: LocalMachine
          08/01/2020 13:16 Installer Trying to remove cert 'CN=FOG Server CA'from cert store
          

          Ok so it’s actually able to open the certificate store but is not able to remove the cert. Can you please open the certificate management UI on this client (run certmgr. msc) and navigate to “Trusted Authorities”. Do you see “FOG Server CA” there??

          I am wondering if you have some kind of strange GPO in place that prevents access to the cert store somehow?!

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          Matthieu JacquartM 2 Replies Last reply Reply Quote 0
          • Matthieu JacquartM
            Matthieu Jacquart @Sebastian Roth
            last edited by

            @Sebastian-Roth said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

            Ok, seems like you somehow managed to re-generate the CA files. This should not happen unless you tell the installer to do so or delete the files. I am not exactly sure but I think it shouldn’t happen when you only delete /opt/fog/.fogsettings and re-run the installer.

            Do you know if there are machines that still have the client installed. Probably some which were not turned on today yet. So my suggestion is you grab your backup, take /opt/fog/snapins/ssl/ (all files and sub directories):

            mv /opt/fog/snapins/ssl /opt/fog/snapins/ssl_bak
            mv /backup/path/opt/fog/snapins/ssl /opt/fog/snapins/ssl
            chown -R fogproject:www-data /opt/fog/snapins/ssl
            systemctl restart apache2
            

            OK I’ve just I restored older certificate from backup

            Ok so it’s actually able to open the certificate store but is not able to remove the cert. Can you please open the certificate management UI on this client (run certmgr. msc) and navigate to “Trusted Authorities”. Do you see “FOG Server CA” there??

            I am wondering if you have some kind of strange GPO in place that prevents access to the cert store somehow?!

            YESSSS !!! That’s it, after I tried to install https on fog server few weeks ago, I added fog certificate to GPO «Root Trusted Authorities» and problems began with that mess… so sorry, if I delete fog certificate in GPO I can install client !
            But still have this error after install client

            ------------------------------------------------------------------------------
            --------------------------------Authentication--------------------------------
            ------------------------------------------------------------------------------
             08/01/2020 14:04 Client-Info Version: 0.11.17
             08/01/2020 14:04 Client-Info OS:      Windows
             08/01/2020 14:04 Middleware::Authentication Waiting for authentication timeout to pass
             08/01/2020 14:06 Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
             08/01/2020 14:06 Data::RSA FOG Server CA cert found
             08/01/2020 14:06 Middleware::Authentication Cert OK
             08/01/2020 14:06 Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
             08/01/2020 14:06 Middleware::Response Failed to decrypt data on server
            

            Fog 1.5.9.138
            Debian 11
            Vmware ESXi

            1 Reply Last reply Reply Quote 0
            • Matthieu JacquartM
              Matthieu Jacquart @Sebastian Roth
              last edited by Matthieu Jacquart

              @Sebastian-Roth I change «fogserver» with IP but still have these error (test on 2 computers), I have reset encryption data) :

              ------------------------------------------------------------------------------
              --------------------------------Authentication--------------------------------
              ------------------------------------------------------------------------------
               08/01/2020 14:57 Client-Info Version: 0.11.17
               08/01/2020 14:57 Client-Info OS:      Windows
               08/01/2020 14:57 Middleware::Authentication Waiting for authentication timeout to pass
               08/01/2020 14:59 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
               08/01/2020 14:59 Data::RSA FOG Server CA cert found
               08/01/2020 14:59 Data::RSA ERROR: Certificate validation failed
               08/01/2020 14:59 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
               08/01/2020 14:59 Middleware::Authentication ERROR: Could not authenticate
               08/01/2020 14:59 Middleware::Authentication ERROR: Certificate is not from FOG CA
              
              
               08/01/2020 14:59 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&configure&newService&json
               08/01/2020 14:59 Middleware::Response Success
               08/01/2020 14:59 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&mac=74:27:EA:6C:AA:0D&newService&json
               08/01/2020 14:59 Middleware::Authentication Waiting for authentication timeout to pass
               08/01/2020 15:01 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
               08/01/2020 15:01 Data::RSA FOG Server CA cert found
               08/01/2020 15:01 Data::RSA ERROR: Certificate validation failed
               08/01/2020 15:01 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
               08/01/2020 15:01 Middleware::Authentication ERROR: Could not authenticate
               08/01/2020 15:01 Middleware::Authentication ERROR: Certificate is not from FOG CA
               08/01/2020 15:01 Middleware::Response Success
               08/01/2020 15:01 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?clientver&newService&json
               08/01/2020 15:01 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?newService&json
              
               08/01/2020 15:01 Service Creating user agent cache
               08/01/2020 15:01 Middleware::Response ERROR: Unable to get subsection
               08/01/2020 15:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
               08/01/2020 15:01 Middleware::Response ERROR: Unable to get subsection
               08/01/2020 15:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
               08/01/2020 15:01 Middleware::Response ERROR: Unable to get subsection
               08/01/2020 15:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
               08/01/2020 15:01 Service Initializing modules
              
              ------------------------------------------------------------------------------
              ----------------------------------UserTracker---------------------------------
              ------------------------------------------------------------------------------
               08/01/2020 15:01 Client-Info Client Version: 0.11.17
               08/01/2020 15:01 Client-Info Client OS:      Windows
               08/01/2020 15:01 Client-Info Server Version: 1.5.7.89
               08/01/2020 15:01 Middleware::Response ERROR: Unable to get subsection
               08/01/2020 15:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
               08/01/2020 15:01 Service Sleeping for 145 seconds
               08/01/2020 15:03 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&configure&newService&json
               08/01/2020 15:03 Middleware::Response Success
               08/01/2020 15:03 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&mac=74:27:EA:6C:AA:0D&newService&json
               08/01/2020 15:03 Middleware::Authentication Waiting for authentication timeout to pass
               08/01/2020 15:03 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
               08/01/2020 15:03 Data::RSA FOG Server CA cert found
               08/01/2020 15:03 Data::RSA ERROR: Certificate validation failed
               08/01/2020 15:03 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
               08/01/2020 15:03 Middleware::Authentication ERROR: Could not authenticate
               08/01/2020 15:03 Middleware::Authentication ERROR: Certificate is not from FOG CA
               08/01/2020 15:03 Middleware::Response Success
               08/01/2020 15:03 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?clientver&newService&json
               08/01/2020 15:03 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?newService&json
              
               08/01/2020 15:03 Service Creating user agent cache
               08/01/2020 15:03 Middleware::Response ERROR: Unable to get subsection
               08/01/2020 15:03 Middleware::Response ERROR: Object reference not set to an instance of an object.
               08/01/2020 15:03 Middleware::Response ERROR: Unable to get subsection
               08/01/2020 15:03 Middleware::Response ERROR: Object reference not set to an instance of an object.
               08/01/2020 15:03 Middleware::Response ERROR: Unable to get subsection
               08/01/2020 15:03 Middleware::Response ERROR: Object reference not set to an instance of an object.
              

              Do I need to use ./installfog.sh -K option ?

              Fog 1.5.9.138
              Debian 11
              Vmware ESXi

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by

                @Matthieu-Jacquart Yeah, getting closer!!!

                My fault, forgot these commands when I wrote this earlier:

                cp /path/of/backup/var/www/html/fog/management/other/ssl/srvpublic.crt /var/www/html/fog/management/other/ssl/srvpublic.crt
                cp /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/html/fog/management/other/ca.cert.pem
                

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                Matthieu JacquartM 1 Reply Last reply Reply Quote 0
                • Matthieu JacquartM
                  Matthieu Jacquart @Sebastian Roth
                  last edited by Matthieu Jacquart

                  @Sebastian-Roth said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

                  @Matthieu-Jacquart Yeah, getting closer!!!

                  My fault, forgot these commands when I wrote this earlier:

                  cp /path/of/backup/var/www/html/fog/management/other/ssl/srvpublic.crt /var/www/html/fog/management/other/ssl/srvpublic.crt
                  cp /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/html/fog/management/other/ca.cert.pem
                  

                  Unfortunately, I follow your 2 commands but stil this error even after restarting fog server :

                  ------------------------------------------------------------------------------
                  ----------------------------------UserTracker---------------------------------
                  ------------------------------------------------------------------------------
                   08/01/2020 16:59 Client-Info Client Version: 0.11.17
                   08/01/2020 16:59 Client-Info Client OS:      Windows
                   08/01/2020 16:59 Client-Info Server Version: 1.5.7.89
                   08/01/2020 16:59 Middleware::Response ERROR: Unable to get subsection
                   08/01/2020 16:59 Middleware::Response ERROR: La référence d'objet n'est pas définie à une instance d'un objet.
                   08/01/2020 16:59 Service Sleeping for 102 seconds
                   08/01/2020 17:01 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&configure&newService&json
                   08/01/2020 17:01 Middleware::Response Success
                   08/01/2020 17:01 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&mac=74:27:EA:6C:AA:0D&newService&json
                   08/01/2020 17:01 Middleware::Authentication Waiting for authentication timeout to pass
                   08/01/2020 17:01 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
                   08/01/2020 17:01 Data::RSA FOG Server CA cert found
                   08/01/2020 17:01 Data::RSA ERROR: Certificate validation failed
                   08/01/2020 17:01 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
                   08/01/2020 17:01 Middleware::Authentication ERROR: Could not authenticate
                   08/01/2020 17:01 Middleware::Authentication ERROR: Certificate is not from FOG CA
                   08/01/2020 17:01 Middleware::Response Success
                   08/01/2020 17:01 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?clientver&newService&json
                   08/01/2020 17:01 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?newService&json
                  
                   08/01/2020 17:01 Service Creating user agent cache
                   08/01/2020 17:01 Middleware::Response ERROR: Unable to get subsection
                   08/01/2020 17:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                   08/01/2020 17:01 Middleware::Response ERROR: Unable to get subsection
                   08/01/2020 17:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                   08/01/2020 17:01 Middleware::Response ERROR: Unable to get subsection
                   08/01/2020 17:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                  

                  Fog 1.5.9.138
                  Debian 11
                  Vmware ESXi

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by

                    @Matthieu-Jacquart probably some cert mess we have now but I am sure we can figure this out. Please run:

                    ls -alR /var/www/html/fog/management/other
                    ls -alR /opt/fog/snapins/ssl
                    md5sum /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/html/fog/management/other/ca.cert.pem
                    openssl verify -CAfile /var/www/html/fog/management/other/ca.cert.pem /var/www/html/fog/management/other/ssl/srvpublic.crt
                    

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    Matthieu JacquartM 1 Reply Last reply Reply Quote 0
                    • Matthieu JacquartM
                      Matthieu Jacquart @Sebastian Roth
                      last edited by

                      @Sebastian-Roth Nope I just found answer, I had to run installer once again and re-download client after restoring cert, now everything seems great, I just have to redeploy client on all computers 🙂
                      Many thanks for your help Sebastian !

                      Fog 1.5.9.138
                      Debian 11
                      Vmware ESXi

                      1 Reply Last reply Reply Quote 0
                      • S
                        Sebastian Roth Moderator
                        last edited by

                        @Matthieu-Jacquart Sure right. If one client was pinned to the re-newed server CA cert then it can’t connect to the old original one. I missed that point! Good you figured it out!!!

                        Great we got that worked out.

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        • First post
                          Last post

                        157

                        Online

                        12.1k

                        Users

                        17.3k

                        Topics

                        155.3k

                        Posts
                        Copyright © 2012-2024 FOG Project