Problem with some hostname and AD integration
-
Hi
In the second post I’ve just paste lines about section “hostname changer” from fog file in one host.
I have a lot of other problems since thursday (fog began to download images on hosts and the hosts reboot after few percent or I have no access to web console durnng downloading hosts…), so I’ve just restored an okd backup, I’ll make new test on monday. -
Ok, after restoring my fog VM, I’ve launch isntallation script with -C and -K parameters
After that, I desinstall and reinstalled fog client on two computers, and I’ve got he message------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 24/08/2015 08:42 Client-Info Version: 0.9.4 24/08/2015 08:42 HostnameChanger Running... 24/08/2015 08:42 Middleware::Communication URL: http://192.168.10.60/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=00:1C:C0:3A:70:E4||00:00:00:00:00:00:00:E0&newService=1 24/08/2015 08:42 Middleware::Communication Response: Success 24/08/2015 08:42 Middleware::Communication URL: http://192.168.10.60/fog/service/hostname.php?moduleid=hostnamechanger&mac=00:1C:C0:3A:70:E4||00:00:00:00:00:00:00:E0&newService=1 24/08/2015 08:42 Middleware::Communication Response: Invalid host certificate 24/08/2015 08:42 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt 24/08/2015 08:42 Data::RSA CA cert found 24/08/2015 08:42 Middleware::Authentication Cert OK 24/08/2015 08:42 Middleware::Communication POST URL: http://192.168.10.60/fog/management/index.php?sub=authorize 24/08/2015 08:42 Middleware::Communication Response: Invalid host certificate ------------------------------------------------------------------------------``` -
@Matthieu-Jacquart What does the log show in regards to the authenticate sequence?
-
24/08/2015 11:47 RegistryHandler ERROR: Could not retrieve Software\Wow6432Node\FOG\Server 24/08/2015 11:47 RegistryHandler ERROR: Null key 24/08/2015 11:47 RegistryHandler 32 bit registry detected 24/08/2015 11:47 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ca.cert.der 24/08/2015 11:50 Bus Became bus server 24/08/2015 11:50 Bus { "channel": "Status", "data": "{\r\n \"action\": \"load\"\r\n}" } 24/08/2015 11:50 Bus Emmiting message on channel: Status ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 24/08/2015 11:50 Client-Info Version: 0.9.4 24/08/2015 11:50 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt 24/08/2015 11:52 Data::RSA CA cert found 24/08/2015 11:52 Middleware::Authentication Cert OK 24/08/2015 11:52 Middleware::Communication POST URL: http://192.168.10.60/fog/management/index.php?sub=authorize 24/08/2015 11:52 Middleware::Communication Response: Invalid host certificate 24/08/2015 11:52 Bus Registering ParseBus in channel Power -
@Matthieu-Jacquart is there any corresponding apache error logs?
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott I have tons of error in my apache2 error.log, all due to fog
for example :[Mon Aug 24 08:31:14.683337 2015] [:error] [pid 30298] [client 192.168.8.77:49463] PHP Warning: mysqli::reap_async_query(): MySQL server has gone away in /var/www/html/fog/lib/db/MySQL.class.php on line 76 [Mon Aug 24 08:31:14.683376 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning: mysqli::reap_async_query(): Error reading result set's header in /var/www/html/fog/lib/db/MySQL.class.php on line 76 [Mon Aug 24 08:31:14.683389 2015] [:error] [pid 30298] [client 192.168.8.77:49463] PHP Warning: mysqli::reap_async_query(): Error reading result set's header in /var/www/html/fog/lib/db/MySQL.class.php on line 76 [Mon Aug 24 08:31:14.699162 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning: mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 37 [Mon Aug 24 08:31:14.699273 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning: mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 39 [Mon Aug 24 08:31:14.699360 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning: mysqli::query(): Couldn't fetch mysqli in /var/www/html/fog/lib/db/MySQL.class.php on line 63 [Mon Aug 24 08:31:14.706534 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning: mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 37 [Mon Aug 24 08:31:14.706628 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning: mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 39 [Mon Aug 24 08:31:14.706696 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning: mysqli::query(): Couldn't fetch mysqli in /var/www/html/fog/lib/db/MySQL.class.php on line 63 [Mon Aug 24 08:52:00.327952 2015] [:error] [pid 8707] [client 192.168.10.100:57295] PHP Fatal error: Call to a member function get() on null in /var/www/html/fog/lib/pages/DashboardPage.class.php on line 118, referer: http://192.168.10.60/fog/management/index.php?node=client [Mon Aug 24 12:12:31.750576 2015] [:error] [pid 5159] [client 192.168.10.100:52084] PHP Warning: mcrypt_encrypt(): Key of size 0 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in /var/www/html/fog/lib/fog/FOGBase.class.php on line 225 -
@Matthieu-Jacquart The mysqli problems you see being thrown look to me to be from an installation, rather than a consistent problem. By installation, I mean something was being requested when web services were active, but mysql or files were being updated. Meaning things simply weren’t “available” when those get thrown into the logs. Those, I think, are non-issues and should be expected but only during the time of updates/upgrades of the fog system. This could also happen in the case of your disk being 100% as the mysql process will usually die without the web server services dying. That does not look to the be the case here.
I do see the error (get() on line 118 of the DashboardPage.class.php) but that isn’t the problem with AD joining.
-
Thanks
Since I restored my VM, I suppose AD joining will be ok, but the problem is certificate error, hostname changer didn’t work. do you know how to fix it ?
For information, I install the lastest svn with -C -K argument, after that I downloaded the new client and install it on 2 clients, but always error “Invalid host certificate”And now with my own computer (win 10), I’ve got this
24/08/2015 13:09 RegistryHandler 64 bit registry detected 24/08/2015 13:09 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ca.cert.der 24/08/2015 13:43 Bus Became bus server 24/08/2015 13:43 Bus { "channel": "Status", "data": "{\r\n \"action\": \"load\"\r\n}" } 24/08/2015 13:43 Bus Emmiting message on channel: Status ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 24/08/2015 13:43 Client-Info Version: 0.9.4 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt 24/08/2015 13:43 Middleware::Communication ERROR: Could not download file 24/08/2015 13:43 Middleware::Communication ERROR: Impossible de se connecter au serveur distant 24/08/2015 13:43 Middleware::Authentication ERROR: Could not authenticate 24/08/2015 13:43 Middleware::Authentication ERROR: Le fichier spécifié est introuvable. 24/08/2015 13:43 Bus Registering ParseBus in channel Power ------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 24/08/2015 13:43 Client-Info Version: 0.9.4 24/08/2015 13:43 HostnameChanger Running... 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|02:50:F2:00:00:01||00:00:00:00:00:00:00:E0&newService=1 24/08/2015 13:43 Middleware::Communication Response: Success 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/service/hostname.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|02:50:F2:00:00:01||00:00:00:00:00:00:00:E0&newService=1 24/08/2015 13:43 Middleware::Communication Unknown Response: ------------------------------------------------------------------------------Fog 1.5.9.138
Debian 11
Vmware ESXi -
I’m sorry, but has somenone a solution ?
I’ve 300 computers to fog before wednesday, i began to stress a little ^^
Thanks a lot -
I just had another person report the same “Invalid host certificate” error to me. The one thing I am absolutely positive of is that this is a server issue. I’ll let you know when I learn more.
-
I test with removing new client and installing the old one, and everything works fine (hostname changer + AD joining).
Certificate problem between fog client and fog server… -
The certificate problem is mostly likely as simple as the srvpublic.crt file is non-existent for whatever reason. I’m unable to replicate. When I push a commit, I update two servers, one running Fedora and one running Ubuntu. Right now they’re Fedora 22 and Ubuntu 15.04 just so I can get as broad as possible in testing the GUI and installer function properly on even “current” releases of OS. Part of the initial installer is the creation of the server’s keys. After that, the only thing that is performed is a certificate generation.
I need more info if at all possible.
-
Ok
This morning, I reinstall fog with 6C 6K parameters and thse file where created in “/var/www/fog/management/other/”
-rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssland in ssl folder, I’ve got
-rw-r--r-- 1 www-data www-data 1679 août 25 08:01 srvpublic.crtWith 0.3 client all is ok, with 0.9.4 client all is ok in log for printers or snapin, communication seems good with server, but certificate error…
-
@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?
Does this sound accurate?
-
@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?
Does this sound accurate?
Does the file exist:
/var/www/html/fog/management/other/ca.cert.der or /var/www/fog/management/other/ca.cert.der
-
Communication with server is good, for exmaple snapin and printers are ok
On the server I’ve got the file ca.cert.der in the 2 folders
In /var/www/fog/management/other/ : drwxr-xr-x 3 www-data www-data 4096 août 25 08:01 . drwxr-xr-x 12 www-data www-data 4096 août 25 08:00 .. -rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssl In /var/www/html/fog/management/other/ : drwxr-xr-x 3 www-data www-data 4096 août 25 08:01 . drwxr-xr-x 12 www-data www-data 4096 août 25 08:00 .. -rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssl -
The only other thing I can think of them is the client does not have the proper ca certificated stored. This means it cannot verify the servers public key and therefor will not attempt further communication using encryption based protocols. Snapins and maybe printers and possibly all client services beside hostname do not require encryption.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott I agree with that, question is : how to modidy certificate stored by new client ?
-
@Matthieu-Jacquart There’s a few ways.
The easiest way, supposedly, is to simply uninstall the “new client” fog and reinstall. Another way is to go into the Certificate Store and look for FOG CA Certificate. Or whatever it’s labeled as.
-
For uninstalling/reinstalling client, already did (a lot of time ^^)
With rebbot between, and each time douwnloading client from web interface to be sure it is up to date.For the other solution, where is the certificate store ?
