• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Unable to install ca certificate - existing / unchanged client

Scheduled Pinned Locked Moved
Windows Problems
2
6
1.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    Taspharel
    last edited by Jun 9, 2020, 10:47 AM

    Possibly following this: https://forums.fogproject.org/topic/14501/new-snapin-cannot-change-directory/3?_=1591698231148

    On a Windows 10 Client that has not changed anything afaik I suddenly get errors relating to the security certificate.

    When I run the Smart Installer (v 0.12.0 is already installed though) with Repair I get “Unable to install CA certificate”.

    Following another thread I changed the settings.json HTTPs thing to 1, but no change - and wouldnt know why this would suddenly appear in an otherwise unchanged environment. I changed it back to its original https=0 …

    The fog.log shows (with https=0) - client was restarted and server too, fog web gui is accessible and responsive, and again it worked fine so far, only recent change was upgrade to current dev-branch:

    ------------------------------------------------------------------------------
    ----------------------------------UserTracker---------------------------------
    ------------------------------------------------------------------------------
     09.06.2020 12:40:46 Client-Info Client Version: 0.12.0
     09.06.2020 12:40:46 Client-Info Client OS:      Windows
     09.06.2020 12:40:46 Client-Info Server Version: 1.5.9-RC2.9
     09.06.2020 12:40:46 Middleware::Response ERROR: Unable to get subsection
     09.06.2020 12:40:46 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
     09.06.2020 12:40:46 Service Sleeping for 60 seconds
     09.06.2020 12:41:46 Middleware::Communication URL: https://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&configure&newService&json
     09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:46 Middleware::Communication ERROR: Could not contact FOG server
     09.06.2020 12:41:46 Middleware::Communication ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
     09.06.2020 12:41:46 Middleware::Response Success
     09.06.2020 12:41:46 Service ERROR: Invalid promptTime, using default
     09.06.2020 12:41:46 Middleware::Communication URL: https://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&mac=00:FF:9B:99:A9:20|E8:6A:64:D7:EE:EE|02:00:4C:4F:4F:50|0A:00:27:00:00:0B|D0:C6:37:B2:BC:9A|D0:C6:37:B2:BC:9B|D2:C6:37:B2:BC:9A|D0:C6:37:B2:BC:9E||00:15:5D:25:44:CF&newService&json
     09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:47 Middleware::Communication ERROR: Could not contact FOG server
     09.06.2020 12:41:47 Middleware::Communication ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
     09.06.2020 12:41:47 Middleware::Response Success
     09.06.2020 12:41:47 Middleware::Communication URL: https://fog.lfdw.local/fog/service/getversion.php?clientver&newService&json
     09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:47 Service ERROR: Unable to get cycle data
     09.06.2020 12:41:47 Service ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
     09.06.2020 12:41:47 Middleware::Response Success
    

    Anybody have an idea what might be wrong or where to look?

    1 Reply Last reply Reply Quote 0
    • T
      Taspharel
      last edited by Jun 9, 2020, 10:51 AM

      And now this in the log:

      ------------------------------------------------------------------------------
      --------------------------------Authentication--------------------------------
      ------------------------------------------------------------------------------
       09.06.2020 12:46:43 Client-Info Version: 0.12.0
       09.06.2020 12:46:43 Client-Info OS:      Windows
       09.06.2020 12:46:43 Middleware::Authentication Waiting for authentication timeout to pass
       09.06.2020 12:48:44 Middleware::Communication Download: http://fog.lfdw.local/fog/management/other/ssl/srvpublic.crt
       09.06.2020 12:48:44 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
       09.06.2020 12:48:44 Middleware::Authentication ERROR: Could not authenticate
       09.06.2020 12:48:44 Middleware::Authentication ERROR: Der Wert darf nicht NULL sein.
      Parametername: authority
      

      I can open the URL just fine in a browser 😕

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Jun 9, 2020, 12:10 PM

        @Taspharel Is your FOG server setup as HTTPS or HTTP??

        Can you please uninstall the fog-client from this machine completely and then re-install again. If it still won’t work I would suspect you have some kind of GPO in place that is blocking access to the certificate store. There is a post in the forums about this.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • T
          Taspharel
          last edited by Jun 9, 2020, 7:40 PM

          Hi and thx.

          Accessing via plain http.

          Just reinstalled, the install works fine. After restarting the fog service the log shows:

          ------------------------------------------------------------------------------
          --------------------------------Authentication--------------------------------
          ------------------------------------------------------------------------------
           09.06.2020 21:36:46 Client-Info Version: 0.12.0
           09.06.2020 21:36:46 Client-Info OS:      Windows
           09.06.2020 21:36:46 Middleware::Authentication Waiting for authentication timeout to pass
           09.06.2020 21:38:45 Middleware::Communication Download: http://fog.lfdw.local/fog/management/other/ssl/srvpublic.crt
           09.06.2020 21:38:45 Data::RSA FOG Server CA cert found
           09.06.2020 21:38:45 Middleware::Authentication Cert OK
           09.06.2020 21:38:45 Middleware::Authentication ERROR: Could not get security token
           09.06.2020 21:38:45 Middleware::Authentication ERROR: Die Daten sind unzulässig.
          
           09.06.2020 21:38:46 Middleware::Communication POST URL: http://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&authorize&newService
           09.06.2020 21:38:46 Middleware::Response Invalid security token
          

          Will try and find the thread you mentioned. Just confused because we are a fairly small team and wouldnt know what could have been changed 😕

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Sebastian Roth Jun 9, 2020, 2:43 PM Jun 9, 2020, 8:31 PM

            @Taspharel said in Unable to install ca certificate - existing / unchanged client:

            Invalid security token

            Sorry, I forgot to mention you need to click the button “Reset Encryption Data” in the FOG web UI for this particular host and that error should go away.

            Will try and find the thread you mentioned. Just confused because we are a fairly small team and wouldnt know what could have been changed 😕

            Ok, now that it seems to work fine after the re-install (well at least not hitting the same rock again) I don’t think you have the same GPO issue. So I have to admit that I am really not sure what has happened in this case. Do you have more than this single one machine showing this issue? To me it seems like this machine had lost it’s FOG server CA certificate for some unknown reason. Maybe someone deleted it manually on that machine?

            As I just remembered whom it was I did a quick search myself. Probably would have been very hard for you to find: https://forums.fogproject.org/post/131875

            I am wondering if you have some kind of strange GPO in place that prevents access to the cert store somehow?!

            YESSSS !!! That’s it, after I tried to install https on fog server few weeks ago, I added fog certificate to GPO «Root Trusted Authorities» and problems began with that mess… so sorry, if I delete fog certificate in GPO I can install client !

            PS: When searching I also stumbled upon this old topic. Not related I think as way older versions were used but still funny I reckon.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • T
              Taspharel
              last edited by Jun 10, 2020, 7:32 AM

              Soooo … 🙂

              After Resetting the Encryption it works.

              So in this case uninstalling the FOG Client, then Reinstalling it, manually started the FOG Service in Window and reset the Encryption Data solved the problems for this client.

              I have a second machine that seems to have the same problem at first glance, but have to check that to make sure it really is the same.

              And the Thread you found from me at the beginning of my FOG journey … i still add the certificate manually during sysprep via the setupcomplete. On this client I havent imaged in quite some time and its only me using it. Really strange. 😕

              I’ll check the other client and report back.

              Thanks !

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              1 / 1
              • First post
                2/6
                Last post

              206

              Online

              12.0k

              Users

              17.3k

              Topics

              155.2k

              Posts
              Copyright © 2012-2024 FOG Project