• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    unable to install CA certificate

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    4
    9
    16.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      infotc
      last edited by

      Server
      • FOG Version: 1.4.0
      • OS: ubuntu server
      Client
      • Service Version: 0.11.12
      • OS: windows 7
      Description

      Hi,
      i managed to install fog server and upload an image, (pxe boot ok, upload task ok), but i can’t install the smart installer on my professional network (virtual or physical machines). I have always the message : “unable to install CA certificate” during the process : pinning fog server.
      No log on the client, nothing in the fog server logs .
      I tried on the server address with the ip address, fogserver, the FQDN : idem
      Limitations on my network: no ping allowed to the outside, no access to the firewall rules, proxy to access internet.

      I found options for the smart installer
      https://wiki.fogproject.org/wiki/index.php?title=FOG_Client
      but when i launch the exe with options, nothing happens.
      I had one exception : the install was fine on 1 machine after ten testings.
      It coud be a network issue, but my ping to the fog server is stable
      What can i do ?

      1 Reply Last reply Reply Quote 0
      • I
        infotc
        last edited by

        Hi again,
        i try to recreate the certificate
        ./installfog.sh --recreate-CA --recreate-keys
        no errors encountered.
        I download the new smart-installer and launched it : same error (unable to install CA certificate)
        I change the time on my fog server with timedatectl to have the same as my computer clients and relaunched smarte installer : same error.
        I found on the computer where i could finally install the client the fog log :


        --------------------------------Authentication--------------------------------

        30/05/2017 16:26 Client-Info Version: 0.11.12
        30/05/2017 16:26 Client-Info OS: Windows
        30/05/2017 16:26 Middleware::Authentication Waiting for authentication timeout to pass
        30/05/2017 16:28 Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
        30/05/2017 16:28 Data::RSA FOG Server CA cert found
        30/05/2017 16:28 Middleware::Authentication Cert OK
        30/05/2017 16:28 Middleware::Authentication ERROR: Could not get security token
        30/05/2017 16:28 Middleware::Authentication ERROR: Could not find file ‘C:\Program Files (x86)\FOG\token.dat’.
        30/05/2017 16:28 Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
        30/05/2017 16:28 Middleware::Response Invalid host
        30/05/2017 16:28 Middleware::Communication URL: http://fogserver/fog/service/register.php?hostname=tc205-infotc&mac=64:00:6A:20:FA:81||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json


        --------------------------------Authentication--------------------------------

        30/05/2017 16:28 Client-Info Version: 0.11.12
        30/05/2017 16:28 Client-Info OS: Windows
        30/05/2017 16:28 Middleware::Authentication Waiting for authentication timeout to pass
        30/05/2017 16:30 Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
        30/05/2017 16:30 Data::RSA FOG Server CA cert found
        30/05/2017 16:30 Middleware::Authentication Cert OK
        30/05/2017 16:30 Middleware::Authentication ERROR: Could not get security token
        30/05/2017 16:30 Middleware::Authentication ERROR: Could not find file ‘C:\Program Files (x86)\FOG\token.dat’.
        30/05/2017 16:30 Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
        30/05/2017 16:30 Middleware::Response Success
        30/05/2017 16:30 Middleware::Authentication Authenticated

        30/05/2017 16:30 Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&configure&newService&json
        30/05/2017 16:30 Middleware::Response Success
        30/05/2017 16:30 Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&mac=64:00:6A:20:FA:81||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
        30/05/2017 16:30 Middleware::Response Success
        30/05/2017 16:30 Middleware::Communication URL: http://fogserver/fog/service/getversion.php?clientver&newService&json
        30/05/2017 16:30 Middleware::Communication URL: http://fogserver/fog/service/getversion.php?newService&json

        30/05/2017 16:30 Service Creating user agent cache
        30/05/2017 16:30 Middleware::Response Invalid time
        30/05/2017 16:30 Middleware::Response No Printers
        30/05/2017 16:30 Middleware::Response Module is disabled globally on the FOG server
        30/05/2017 16:30 Service Initializing modules

        1 Reply Last reply Reply Quote 0
        • Tom ElliottT
          Tom Elliott
          last edited by

          @infotc said in unable to install CA certificate:

          30/05/2017 16:28 Middleware::Response Invalid host

          The fog client only works with valid hosts. See the error I quoted? This tells me either the host is not registered, or is in a “pending” state.

          I’m assuming the logs you gave are for the working system though? I don’t know, it’s confusing to say, this isn’t working, here’s the logs of something that IS working.

          Can you get us the logs of the system having problems installing?

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • I
            infotc
            last edited by

            sorry for the mistake. I thought the first part of the log was the failure log of the computer before it succeed.
            When the smart installer failed, there is no log to look at, except in the event viewer (i hope it can help) :
            Nom du journal :Application
            Source : MsiInstaller
            Date : 31/05/2017 08:46:46
            ID de l’événement :1013
            Catégorie de la tâche :Aucun
            Niveau : Erreur
            Mots clés : Classique
            Utilisateur : TEST-9L3C8U8BQM\technicien
            Ordinateur : TEST-9L3C8U8BQM
            Description :
            Product: FOG Service – Unable to install CA certificate
            XML de l’événement :
            <Event xmlns=“http://schemas.microsoft.com/win/2004/08/events/event”>
            <System>
            <Provider Name=“MsiInstaller” />
            <EventID Qualifiers=“0”>1013</EventID>
            <Level>2</Level>
            <Task>0</Task>
            <Keywords>0x80000000000000</Keywords>
            <TimeCreated SystemTime=“2017-05-31T06:46:46.000000000Z” />
            <EventRecordID>2331</EventRecordID>
            <Channel>Application</Channel>
            <Computer>TEST-9L3C8U8BQM</Computer>
            <Security UserID=“S-1-5-21-1187659382-2467208848-1537523985-1002” />
            </System>
            <EventData>
            <Data>Product: FOG Service – Unable to install CA certificate</Data>
            <Data>(NULL)</Data>
            <Data>(NULL)</Data>
            <Data>(NULL)</Data>
            <Data>(NULL)</Data>
            <Data>(NULL)</Data>
            <Data>
            </Data>
            <Binary>7B32443435393535362D464542362D344532392D383342382D3744354146364546463837317D</Binary>
            </EventData>
            </Event>

            Tom ElliottT 1 Reply Last reply Reply Quote 0
            • Tom ElliottT
              Tom Elliott @infotc
              last edited by

              @infotc There’s a C:\Program files (x86)\FOG\zazzles.log that should help us out (possibly).

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • I
                infotc
                last edited by

                like the smart installer failed, it said that “fog service setup wizard ended prematuraly because of an error.your system has not been modified.”
                the folder FOG is not present, so no logs to send, sorry.

                1 Reply Last reply Reply Quote 0
                • I
                  infotc
                  last edited by

                  I found what caused the error even if i can’t explain it.
                  In my network, we have two dns suffix : The first gave by the domain, the second gave by the dhcp server (different, because it point at an outside kms server).
                  My computers weren’t part of the domain, so they had only the second dns suffix.
                  In the smart installer, even if i type the FQDN name of the fog server, it failed.
                  BUT, if i type the main dns suffix (my domain) in the computer properties,
                  and after in the smart installer i type the short name of the fog server, IT WORKS !
                  Sorry for my bad english language and for the disturbance

                  1 Reply Last reply Reply Quote 1
                  • J
                    JGwinner
                    last edited by

                    Hey, I just wanted to Necro this thread as I ran into the same problem, but had a different and simpler problem.

                    My DHCP address hand changed on the server! I didn’t use DNS names, but IP addresses, as I thought I’d be in a remote location with IPX but not DNS.

                    The fix was to update the address in the FOG settings. Voila, no problems installing the CA certificate.

                    The error message is probably spurious; the right fix might be to say “IP address not reachable” or something.

                        == John ==
                    
                    1 Reply Last reply Reply Quote 0
                    • rogalskijR
                      rogalskij
                      last edited by

                      Version 1.5.10.1629
                      Environment - Dell Poweredge server running Alma Linux 9.5

                      Not to dredge up an old forum post, but I experienced this same error after migrating from an old CentOS server to newer hardware and Alma Linux. (What apparently many are moving to now).

                      For me the issue seemed to be related to trying to pull an image from a laptop that had the previous client on it. I have 2 computers that I use as dedicated imaging devices, 1 laptop and 1 desktop. I uninstalled the old FOG client, but when installing the new client and attempting to point it to the server, I got the CA Certificate error mentioned on the “Pinning” stage of the install. I tried to find an old cert on the device itself, with no luck.

                      What I ended up attempting after doing a little digging was to add back the following Windows firewall rules. I did that, and it seemed to kick over immediately and installed on the very next try. I am unsure if this is coincidence or if the firewall rules truly needed to be on the device before installing. But it worked after that and I now have a successfully pulled base image like I utilized on the previous server. The rules I used in an elevated command prompt are below. Perhaps someone from the FOG community can comment on the accuracy of my firewall rules? Good luck and hope this helps someone in need!

                      netsh advfirewall firewall add rule name=“Fog Client” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGService.exe”
                      netsh advfirewall firewall add rule name=“Fog Shutdown” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGShutdownGUI.exe”
                      netsh advfirewall firewall add rule name=“Fog Tray” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGTray.exe”
                      netsh advfirewall firewall add rule name=“Fog Update Helper” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUpdateHelper.exe”
                      netsh advfirewall firewall add rule name=“Fog Update Waiter” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUpdateWaiter.exe”
                      netsh advfirewall firewall add rule name=“Fog User Service” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUserService.exe”

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post

                      177

                      Online

                      12.0k

                      Users

                      17.3k

                      Topics

                      155.2k

                      Posts
                      Copyright © 2012-2024 FOG Project