Unable to install ca certificate - existing / unchanged client
-
Possibly following this: https://forums.fogproject.org/topic/14501/new-snapin-cannot-change-directory/3?_=1591698231148
On a Windows 10 Client that has not changed anything afaik I suddenly get errors relating to the security certificate.
When I run the Smart Installer (v 0.12.0 is already installed though) with Repair I get “Unable to install CA certificate”.
Following another thread I changed the settings.json HTTPs thing to 1, but no change - and wouldnt know why this would suddenly appear in an otherwise unchanged environment. I changed it back to its original https=0 …
The fog.log shows (with https=0) - client was restarted and server too, fog web gui is accessible and responsive, and again it worked fine so far, only recent change was upgrade to current dev-branch:
------------------------------------------------------------------------------ ----------------------------------UserTracker--------------------------------- ------------------------------------------------------------------------------ 09.06.2020 12:40:46 Client-Info Client Version: 0.12.0 09.06.2020 12:40:46 Client-Info Client OS: Windows 09.06.2020 12:40:46 Client-Info Server Version: 1.5.9-RC2.9 09.06.2020 12:40:46 Middleware::Response ERROR: Unable to get subsection 09.06.2020 12:40:46 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. 09.06.2020 12:40:46 Service Sleeping for 60 seconds 09.06.2020 12:41:46 Middleware::Communication URL: https://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&configure&newService&json 09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed 09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed 09.06.2020 12:41:46 Middleware::Communication ERROR: Could not contact FOG server 09.06.2020 12:41:46 Middleware::Communication ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen.. 09.06.2020 12:41:46 Middleware::Response Success 09.06.2020 12:41:46 Service ERROR: Invalid promptTime, using default 09.06.2020 12:41:46 Middleware::Communication URL: https://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&mac=00:FF:9B:99:A9:20|E8:6A:64:D7:EE:EE|02:00:4C:4F:4F:50|0A:00:27:00:00:0B|D0:C6:37:B2:BC:9A|D0:C6:37:B2:BC:9B|D2:C6:37:B2:BC:9A|D0:C6:37:B2:BC:9E||00:15:5D:25:44:CF&newService&json 09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed 09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed 09.06.2020 12:41:47 Middleware::Communication ERROR: Could not contact FOG server 09.06.2020 12:41:47 Middleware::Communication ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen.. 09.06.2020 12:41:47 Middleware::Response Success 09.06.2020 12:41:47 Middleware::Communication URL: https://fog.lfdw.local/fog/service/getversion.php?clientver&newService&json 09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed 09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed 09.06.2020 12:41:47 Service ERROR: Unable to get cycle data 09.06.2020 12:41:47 Service ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen.. 09.06.2020 12:41:47 Middleware::Response SuccessAnybody have an idea what might be wrong or where to look?
-
And now this in the log:
------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 09.06.2020 12:46:43 Client-Info Version: 0.12.0 09.06.2020 12:46:43 Client-Info OS: Windows 09.06.2020 12:46:43 Middleware::Authentication Waiting for authentication timeout to pass 09.06.2020 12:48:44 Middleware::Communication Download: http://fog.lfdw.local/fog/management/other/ssl/srvpublic.crt 09.06.2020 12:48:44 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed 09.06.2020 12:48:44 Middleware::Authentication ERROR: Could not authenticate 09.06.2020 12:48:44 Middleware::Authentication ERROR: Der Wert darf nicht NULL sein. Parametername: authorityI can open the URL just fine in a browser
-
@Taspharel Is your FOG server setup as HTTPS or HTTP??
Can you please uninstall the fog-client from this machine completely and then re-install again. If it still won’t work I would suspect you have some kind of GPO in place that is blocking access to the certificate store. There is a post in the forums about this.
-
Hi and thx.
Accessing via plain http.
Just reinstalled, the install works fine. After restarting the fog service the log shows:
------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 09.06.2020 21:36:46 Client-Info Version: 0.12.0 09.06.2020 21:36:46 Client-Info OS: Windows 09.06.2020 21:36:46 Middleware::Authentication Waiting for authentication timeout to pass 09.06.2020 21:38:45 Middleware::Communication Download: http://fog.lfdw.local/fog/management/other/ssl/srvpublic.crt 09.06.2020 21:38:45 Data::RSA FOG Server CA cert found 09.06.2020 21:38:45 Middleware::Authentication Cert OK 09.06.2020 21:38:45 Middleware::Authentication ERROR: Could not get security token 09.06.2020 21:38:45 Middleware::Authentication ERROR: Die Daten sind unzulässig. 09.06.2020 21:38:46 Middleware::Communication POST URL: http://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&authorize&newService 09.06.2020 21:38:46 Middleware::Response Invalid security tokenWill try and find the thread you mentioned. Just confused because we are a fairly small team and wouldnt know what could have been changed
-
@Taspharel said in Unable to install ca certificate - existing / unchanged client:
Invalid security token
Sorry, I forgot to mention you need to click the button “Reset Encryption Data” in the FOG web UI for this particular host and that error should go away.
Will try and find the thread you mentioned. Just confused because we are a fairly small team and wouldnt know what could have been changed
Ok, now that it seems to work fine after the re-install (well at least not hitting the same rock again) I don’t think you have the same GPO issue. So I have to admit that I am really not sure what has happened in this case. Do you have more than this single one machine showing this issue? To me it seems like this machine had lost it’s FOG server CA certificate for some unknown reason. Maybe someone deleted it manually on that machine?
As I just remembered whom it was I did a quick search myself. Probably would have been very hard for you to find: https://forums.fogproject.org/post/131875
I am wondering if you have some kind of strange GPO in place that prevents access to the cert store somehow?!
YESSSS !!! That’s it, after I tried to install https on fog server few weeks ago, I added fog certificate to GPO «Root Trusted Authorities» and problems began with that mess… so sorry, if I delete fog certificate in GPO I can install client !
PS: When searching I also stumbled upon this old topic. Not related I think as way older versions were used but still funny I reckon.
-
Soooo …
After Resetting the Encryption it works.
So in this case uninstalling the FOG Client, then Reinstalling it, manually started the FOG Service in Window and reset the Encryption Data solved the problems for this client.
I have a second machine that seems to have the same problem at first glance, but have to check that to make sure it really is the same.
And the Thread you found from me at the beginning of my FOG journey … i still add the certificate manually during sysprep via the setupcomplete. On this client I havent imaged in quite some time and its only me using it. Really strange.
I’ll check the other client and report back.
Thanks !