unable to install CA certificate
-
Server
- FOG Version: 1.4.0
- OS: ubuntu server
Client
- Service Version: 0.11.12
- OS: windows 7
Description
Hi,
i managed to install fog server and upload an image, (pxe boot ok, upload task ok), but i can’t install the smart installer on my professional network (virtual or physical machines). I have always the message : “unable to install CA certificate” during the process : pinning fog server.
No log on the client, nothing in the fog server logs .
I tried on the server address with the ip address, fogserver, the FQDN : idem
Limitations on my network: no ping allowed to the outside, no access to the firewall rules, proxy to access internet.I found options for the smart installer
https://wiki.fogproject.org/wiki/index.php?title=FOG_Client
but when i launch the exe with options, nothing happens.
I had one exception : the install was fine on 1 machine after ten testings.
It coud be a network issue, but my ping to the fog server is stable
What can i do ? -
Hi again,
i try to recreate the certificate
./installfog.sh --recreate-CA --recreate-keys
no errors encountered.
I download the new smart-installer and launched it : same error (unable to install CA certificate)
I change the time on my fog server with timedatectl to have the same as my computer clients and relaunched smarte installer : same error.
I found on the computer where i could finally install the client the fog log :
--------------------------------Authentication--------------------------------
30/05/2017 16:26 Client-Info Version: 0.11.12
30/05/2017 16:26 Client-Info OS: Windows
30/05/2017 16:26 Middleware::Authentication Waiting for authentication timeout to pass
30/05/2017 16:28 Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
30/05/2017 16:28 Data::RSA FOG Server CA cert found
30/05/2017 16:28 Middleware::Authentication Cert OK
30/05/2017 16:28 Middleware::Authentication ERROR: Could not get security token
30/05/2017 16:28 Middleware::Authentication ERROR: Could not find file ‘C:\Program Files (x86)\FOG\token.dat’.
30/05/2017 16:28 Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
30/05/2017 16:28 Middleware::Response Invalid host
30/05/2017 16:28 Middleware::Communication URL: http://fogserver/fog/service/register.php?hostname=tc205-infotc&mac=64:00:6A:20:FA:81||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
--------------------------------Authentication--------------------------------
30/05/2017 16:28 Client-Info Version: 0.11.12
30/05/2017 16:28 Client-Info OS: Windows
30/05/2017 16:28 Middleware::Authentication Waiting for authentication timeout to pass
30/05/2017 16:30 Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
30/05/2017 16:30 Data::RSA FOG Server CA cert found
30/05/2017 16:30 Middleware::Authentication Cert OK
30/05/2017 16:30 Middleware::Authentication ERROR: Could not get security token
30/05/2017 16:30 Middleware::Authentication ERROR: Could not find file ‘C:\Program Files (x86)\FOG\token.dat’.
30/05/2017 16:30 Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
30/05/2017 16:30 Middleware::Response Success
30/05/2017 16:30 Middleware::Authentication Authenticated30/05/2017 16:30 Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&configure&newService&json
30/05/2017 16:30 Middleware::Response Success
30/05/2017 16:30 Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&mac=64:00:6A:20:FA:81||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
30/05/2017 16:30 Middleware::Response Success
30/05/2017 16:30 Middleware::Communication URL: http://fogserver/fog/service/getversion.php?clientver&newService&json
30/05/2017 16:30 Middleware::Communication URL: http://fogserver/fog/service/getversion.php?newService&json30/05/2017 16:30 Service Creating user agent cache
30/05/2017 16:30 Middleware::Response Invalid time
30/05/2017 16:30 Middleware::Response No Printers
30/05/2017 16:30 Middleware::Response Module is disabled globally on the FOG server
30/05/2017 16:30 Service Initializing modules -
@infotc said in unable to install CA certificate:
30/05/2017 16:28 Middleware::Response Invalid host
The fog client only works with valid hosts. See the error I quoted? This tells me either the host is not registered, or is in a “pending” state.
I’m assuming the logs you gave are for the working system though? I don’t know, it’s confusing to say, this isn’t working, here’s the logs of something that IS working.
Can you get us the logs of the system having problems installing?
-
sorry for the mistake. I thought the first part of the log was the failure log of the computer before it succeed.
When the smart installer failed, there is no log to look at, except in the event viewer (i hope it can help) :
Nom du journal :Application
Source : MsiInstaller
Date : 31/05/2017 08:46:46
ID de l’événement :1013
Catégorie de la tâche :Aucun
Niveau : Erreur
Mots clés : Classique
Utilisateur : TEST-9L3C8U8BQM\technicien
Ordinateur : TEST-9L3C8U8BQM
Description :
Product: FOG Service – Unable to install CA certificate
XML de l’événement :
<Event xmlns=“http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
<Provider Name=“MsiInstaller” />
<EventID Qualifiers=“0”>1013</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=“2017-05-31T06:46:46.000000000Z” />
<EventRecordID>2331</EventRecordID>
<Channel>Application</Channel>
<Computer>TEST-9L3C8U8BQM</Computer>
<Security UserID=“S-1-5-21-1187659382-2467208848-1537523985-1002” />
</System>
<EventData>
<Data>Product: FOG Service – Unable to install CA certificate</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Binary>7B32443435393535362D464542362D344532392D383342382D3744354146364546463837317D</Binary>
</EventData>
</Event> -
@infotc There’s a C:\Program files (x86)\FOG\zazzles.log that should help us out (possibly).
-
like the smart installer failed, it said that “fog service setup wizard ended prematuraly because of an error.your system has not been modified.”
the folder FOG is not present, so no logs to send, sorry. -
I found what caused the error even if i can’t explain it.
In my network, we have two dns suffix : The first gave by the domain, the second gave by the dhcp server (different, because it point at an outside kms server).
My computers weren’t part of the domain, so they had only the second dns suffix.
In the smart installer, even if i type the FQDN name of the fog server, it failed.
BUT, if i type the main dns suffix (my domain) in the computer properties,
and after in the smart installer i type the short name of the fog server, IT WORKS !
Sorry for my bad english language and for the disturbance -
Hey, I just wanted to Necro this thread as I ran into the same problem, but had a different and simpler problem.
My DHCP address hand changed on the server! I didn’t use DNS names, but IP addresses, as I thought I’d be in a remote location with IPX but not DNS.
The fix was to update the address in the FOG settings. Voila, no problems installing the CA certificate.
The error message is probably spurious; the right fix might be to say “IP address not reachable” or something.
== John == -
Version 1.5.10.1629
Environment - Dell Poweredge server running Alma Linux 9.5Not to dredge up an old forum post, but I experienced this same error after migrating from an old CentOS server to newer hardware and Alma Linux. (What apparently many are moving to now).
For me the issue seemed to be related to trying to pull an image from a laptop that had the previous client on it. I have 2 computers that I use as dedicated imaging devices, 1 laptop and 1 desktop. I uninstalled the old FOG client, but when installing the new client and attempting to point it to the server, I got the CA Certificate error mentioned on the “Pinning” stage of the install. I tried to find an old cert on the device itself, with no luck.
What I ended up attempting after doing a little digging was to add back the following Windows firewall rules. I did that, and it seemed to kick over immediately and installed on the very next try. I am unsure if this is coincidence or if the firewall rules truly needed to be on the device before installing. But it worked after that and I now have a successfully pulled base image like I utilized on the previous server. The rules I used in an elevated command prompt are below. Perhaps someone from the FOG community can comment on the accuracy of my firewall rules? Good luck and hope this helps someone in need!
netsh advfirewall firewall add rule name=“Fog Client” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGService.exe”
netsh advfirewall firewall add rule name=“Fog Shutdown” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGShutdownGUI.exe”
netsh advfirewall firewall add rule name=“Fog Tray” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGTray.exe”
netsh advfirewall firewall add rule name=“Fog Update Helper” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUpdateHelper.exe”
netsh advfirewall firewall add rule name=“Fog Update Waiter” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUpdateWaiter.exe”
netsh advfirewall firewall add rule name=“Fog User Service” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUserService.exe”
