Installing Windows FOG Client (smartinstaller.exe) in a PC within a pfsense firewall

mgoh

Hello all,
Trying to install FOG client on a WinOS to trigger restart and deploy from FOG interface remotely. In short, I used the SmartInstaller.exe, and during the installation process’ “Pinning the FOG server”, the process stops and says “Unable to install CA certificate”.

What I tried next is to go to my FOG server (installed in Ubuntu 20) to regenerate the certificate and keys using the following commands:

./installfog.sh --recreate-CA --recreate-keys (or using the -C -K options)

Restarted the FOG server, attempted to install FOG client, and received the same error message.

Another thing to note is that the FOG server and the PC are located in a local network gated by a pfsense firewall, in which the pfsense is the DHCP server. I suspect, this may have caused this problem as I managed to install FOG client in a non pfsense firewalled network, and not sure what specifically need to be done both in pfsense and FOG web interfaces settings.

Finally, I’m able to deploy images to this device with the FOG server that I installed to this network. It’s just that I’m unable to install the FOG client.

Any advice? Thanks.

Sebastian Roth

@mgoh Which version of FOG do you use and which fog-client version did you try to install?

Most probably an issue with old TLS version. Please use the latest fog-client version and see if it’s still saying “Unable to install CA certificate”.

By the way, I am pretty sure this has nothing to do with your pfSense unless client and FOG server are in separate subnets. Then of course you would need to allow port 80/443 (tcp) for fog-client communication.

mgoh

@sebastian-roth said in Installing Windows FOG Client (smartinstaller.exe) in a PC within a pfsense firewall:

By the way, I am pretty sure this has nothing to do with your pfSense unless client and FOG server are in separate subnets. Then of course you would need to allow port 80/443 (tcp) for fog-client communication.

@Sebastian-Roth thanks so much for your reply. I tried the latest SmartInstaller.exe you provided, and unfortunately same result. I also ensured that I’m using the same subnet for both pfsense and the FOG server (and the hosts).

Is there any other settings in FOG server (or host) that I should check?

Jack Mills

Coincidentally I have just setup the same environment.
On the configure stage of the fog client install, make sure that the server address (which defaults to fogserver) matches the ip address or DNS name of your server that is also defined in the certificate that can be found at
http://<Fog server address>/fog/management/other/ssl/srvpublic.crt

I’m assuming the client installer tries to download this certificate from your server and when it can’t find it, it fails

mgoh

@jack-mills Thank you. This is the solution.

In short, during the installation process, the installer will ask for server address with the default to ‘fogserver’. You will need to replace ‘fogserver’ with the IP address of your FOG server (i.e. the http://<FOG_ADDRESS>/fog/management).

If you’ve already installed FOG client, in order to change the ‘fogserver’ variable, you need to remove then reinstall FOG to get the window prompt asking for the server address.

I’m not sure how I missed that in my notes. Thanks again.