Reset Encryption Data
-
Hi,
I just want to know, why do i need to click on “reset encryption data” on some computers (not all, seems aleatory ) ?
If not, hostname changer seems not work (computer does not rename and integrate in AD)Thanks
Matthieu -
@Matthieu-Jacquart The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host.
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).
Now, as to why hostnamechanger doesn’t work. Well, up to 0.9.X, encryption is only required for hostnamechanger. The next major release (0.X) of the client will force encryption on all modules. In order to have encrypted traffic, our handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.
The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
-
@Jbob said:
The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host.
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).
Going straight into the wiki. https://wiki.fogproject.org/wiki/index.php/Reset_Encryption_Data
-
Hi
I update my post, because regularly, I have to click on reset encryption data on several host.
If not, fog.log give me a message------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 05/10/2015 09:18 Client-Info Version: 0.9.5 05/10/2015 09:18 HostnameChanger Running... 05/10/2015 09:18 Middleware::Communication URL: http://192.168.10.60/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|&newService=1 05/10/2015 09:18 Middleware::Communication Response: Success 05/10/2015 09:18 Middleware::Communication URL: http://192.168.10.60/fog/service/hostname.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|&newService=1 05/10/2015 09:18 Middleware::Communication Response: Invalid host certificate 05/10/2015 09:18 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt 05/10/2015 09:18 Data::RSA CA cert found 05/10/2015 09:18 Middleware::Authentication Cert OK 05/10/2015 09:18 Middleware::Communication POST URL: http://192.168.10.60/fog/management/index.php?sub=authorize 05/10/2015 09:18 Middleware::Communication Response: Invalid security tokenIs this normal ? How to do this not happen anymore ?
-
@Matthieu-Jacquart does the invalid token issue happen at random or after say freshly imaging? Is there possibly a replicate able method to see this problem? @jbob and I have tried testing potential avenues for this problem and we came up initially with a specific set of ways to replicate but we also fixed that problem. To my knowledge no one else has been having this issue. Either that or they just haven’t reported it recently.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott It appears randomly, for example on my computer, on fresh install windows 10.
When I look into log, regularly I have the error I posted before, I had to reset encryption data and it works for few days.
And in groups configuration, I’ve got sometimes clients which retired from groups, some services which deactivate… -
@Tom-Elliott said:
To my knowledge no one else has been having this issue. Either that or they just haven’t reported it recently.
I have the same issue, but no way to determine a set of circumstances that can reproduce it.
Seams really random -
For information, I’ve just deployed 24 computers and 2 of them need to reset encryption data (if not, invalid security token in fog.log)
