Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)



  • Server
    • FOG Version: 1.4.0
    • OS: Ubuntu 17.04
    Client
    • Service Version: 0.11.12
    • OS: Windows 7 64-bit
    Description

    Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)

    Client computers are not getting renamed or joining the domain after imaging. We did upgrade from fog 1.2.0 to fog 1.4.0, this functionality hasn’t worked since. To upgrade we installed fog 1.4.0 on a fresh Ubuntu server and then imported the database and upgraded the schema. I have re-entered the plain text password in the FOG_AD_DEFAULT_PASSWORD field under FOG Settings > Active Directory Defaults and saved it.

    Below is the output from fog.log. It seems like it’s complaining about authentication errors, I’m not sure exactly what this means or where to look in order to fix this, any help is greatly appreciated. Let me know if there is additional info that could be helpful (from logs, debugger, etc.)

    Here is the results I get if I browse to the various URL’s listed in the fog.log file.

    http://10.10.10.10/fog/management/index.php?sub=requestClientInfo&configure&newService&json
    {“sleep”:106,“maxsize”:“204800000”,“promptTime”:“60”,“force”:false,“bannerURL”:"",“bannerHash”:"",“color”:"#",“company”:""}

    http://10.10.10.10/fog/management/index.php?sub=requestClientInfo&mac=E4:A4:71:24:D6:5A|28:F1:0E:1A:2B:03|54:4F:C8:54:29:0B||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
    #!ihc

    http://10.10.10.10/fog/management/other/ssl/srvpublic.crt
    downloads the certificate used by fog web interface

    http://10.10.10.10/fog/service/getversion.php?clientver&newService&json
    0.11.12

    http://10.10.10.10/fog/service/getversion.php?newService&json
    1.4.0


    ----------------------------------UserTracker---------------------------------

    6/20/2017 8:24 AM Client-Info Client Version: 0.11.12
    6/20/2017 8:24 AM Client-Info Client OS: Windows
    6/20/2017 8:24 AM Client-Info Server Version: 1.4.0
    6/20/2017 8:24 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:24 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
    6/20/2017 8:24 AM Service Sleeping for 107 seconds
    6/20/2017 8:25 AM Middleware::Communication URL: http://10.10.10.10/fog/management/index.php?sub=requestClientInfo&configure&newService&json
    6/20/2017 8:25 AM Middleware::Response Success
    6/20/2017 8:25 AM Middleware::Communication URL: http://10.10.10.10/fog/management/index.php?sub=requestClientInfo&mac=E4:A4:71:24:D6:5A|28:F1:0E:1A:2B:03|54:4F:C8:54:29:0B||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
    6/20/2017 8:25 AM Middleware::Authentication Waiting for authentication timeout to pass
    6/20/2017 8:26 AM Middleware::Communication Download: http://10.10.10.10/fog/management/other/ssl/srvpublic.crt
    6/20/2017 8:26 AM Middleware::Authentication ERROR: Could not authenticate
    6/20/2017 8:26 AM Middleware::Authentication ERROR: Value cannot be null.
    Parameter name: authority
    6/20/2017 8:26 AM Middleware::Response Success
    6/20/2017 8:26 AM Middleware::Communication URL: http://10.10.10.10/fog/service/getversion.php?clientver&newService&json
    6/20/2017 8:26 AM Middleware::Communication URL: http://10.10.10.10/fog/service/getversion.php?newService&json

    6/20/2017 8:26 AM Service Creating user agent cache
    6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
    6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
    6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.


    ---------------------------------ClientUpdater--------------------------------

    6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
    6/20/2017 8:26 AM Client-Info Client OS: Windows
    6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
    6/20/2017 8:26 AM Middleware::Response Success


    ----------------------------------TaskReboot----------------------------------

    6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
    6/20/2017 8:26 AM Client-Info Client OS: Windows
    6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
    6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.


    --------------------------------HostnameChanger-------------------------------

    6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
    6/20/2017 8:26 AM Client-Info Client OS: Windows
    6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
    6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.


    ---------------------------------SnapinClient---------------------------------

    6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
    6/20/2017 8:26 AM Client-Info Client OS: Windows
    6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
    6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.


    --------------------------------PrinterManager--------------------------------

    6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
    6/20/2017 8:26 AM Client-Info Client OS: Windows
    6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
    6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.


    --------------------------------PowerManagement-------------------------------

    6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
    6/20/2017 8:26 AM Client-Info Client OS: Windows
    6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
    6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
    6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.


  • Moderator

    @gnevills said in Fog Client 11.12 not renaming computer/joining domain (Could not authenticate):

    To upgrade we installed fog 1.4.0 on a fresh Ubuntu server and then imported the database and upgraded the schema.

    If the db came from 1.3 or higher, you must also copy the certs. Info on how to do all of this correctly is here: https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG


  • Developer

    @gnevills said in Fog Client 11.12 not renaming computer/joining domain (Could not authenticate):

    Somehow I’ve gone blind or it got deleted, it seems like there was something posted that involved editing a couple files

    Yeah, I edited my initial post as I was on the wrong track with that!

    I should mention this is a certificate that we issued from our internal Root CA, which is trusted by all of our clients.

    You mean the srvpublic.crt is issued by your own CA and not the FOG CA? Well that could actually be the problem. The certificate can surely verify the certificate signature but the fog-client uses the string “FOG Server CA” to find the CA cert in the client’s cert store. Please tell us more about which cert was issued by your internal CA and how did you install it on the server? Maybe the certs are a bit mixed up.



  • @Sebastian-Roth Somehow I’ve gone blind or it got deleted, it seems like there was something posted that involved editing a couple files (functions.sh) on a test environment. I got a test fog server setup, is this still worth trying or was it deleted because that seemed like the wrong path?

    I do not see that certificate installed, in the local or computer certificate stores. Although again I can download it from the link and open it, it does appear to be a valid certificate. I should mention this is a certificate that we issued from our internal Root CA, which is trusted by all of our clients. It’s CN & SAN are not the IP address, they are the FQDN of the fog server. I have tried installing the fog client specifying the fog server address as both the IP address and as the FQDN.

    This is the powershell command I used to search the certificate stores.

    get-childitem -recurse | where-object {$_.subject -like '*ipaddressORhostname*'}
    

    How do I obtain a full client log


  • Developer

    @coop90 said:

    ERROR: Could not download file
    ERROR: Unable to connect to the remote server

    Those errors clearly point to a download/communication issue. Did you try accessing that file from the same client? Maybe a personal firewall or antivirus is getting in the way here?

    Would you mind starting a new posting with this error? Right now it looks as if those two things are not related and I don’t want to confuse things.


  • Developer

    @gnevills @Joseph-Hales Unfortunately I don’t know the client code well but I still jumped in to figure this one out. As I don’t have any Windows machine here at home I am left to dig in the code but cannot verify my findings so far.

    To me this looks as if the CA certificate didn’t get installed on the client. Although I am not sure I think you should be able to find the certificate in your windows cert store. Please check if you can find it.

    I guess you can’t. Then we need a full client log to hopefully be able to spot why it wasn’t able to install the CA cert on the client in the first place. AFAIK this is not done by the client installer but when running the client for the first time…



  • @Sebastian-Roth Yes, I can download it through the browser.


  • Developer

    @coop90 Looks different, but you never know. Can you download the certificate with your browser or wget? http://10.1.4.59/fog/management/other/ssl/srvpublic.crt



  • I am getting errors as well in my fog log only recently. I am using ubuntu server. Not sure if these are related to gnevills’s error.

    -----------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     6/20/2017 3:34 PM Client-Info Version: 0.11.12
     6/20/2017 3:34 PM Client-Info OS:      Windows
     6/20/2017 3:34 PM Middleware::Authentication Waiting for authentication timeout to pass
     6/20/2017 3:34 PM Middleware::Communication Download: http://10.1.4.59/fog/management/other/ssl/srvpublic.crt
     6/20/2017 3:34 PM Middleware::Communication ERROR: Could not download file
     6/20/2017 3:34 PM Middleware::Communication ERROR: Unable to connect to the remote server
     6/20/2017 3:34 PM Middleware::Authentication ERROR: Could not authenticate
     6/20/2017 3:34 PM Middleware::Authentication ERROR: The system cannot find the file specified.```

  • Developer

    @gnevills Tried this on my debian machine. Seems like your Ubuntu 17.04 comes with a newer version of MySQL: https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sql-mode-changes

    … in MySQL 5.6 with strict mode but not NO_ZERO_DATE enabled, TIMESTAMP columns can be defined with DEFAULT ‘0000-00-00 00:00:00’. In MySQL 5.7.4 with the same mode settings, strict mode includes the effect of NO_ZERO_DATE and TIMESTAMP columns cannot be defined with DEFAULT ‘0000-00-00 00:00:00’. This causes replication of CREATE TABLE statements from 5.6 to 5.7.4 to fail if they contain such TIMESTAMP columns.

    @Tom-Elliott Do you know about this already? I think this could cause us a lot of problems when people migrate to newer versions of MySQL.

    @Joseph-Hales Thanks a lot for reminding me on this post. Looks very similar and I already tried ti figure out where this Value cannot be null. Parameter name: authority is coming from. So far it looks like this could be something with the C# runtime environment. Has there been a windows update on that kind of stuff lately?



  • @Sebastian-Roth Thanks for the suggestions so far :)

    I tried the query again with single quotes instead of double quotes, probably should have noticed that, but I still received the same message:

    mysql> UPDATE hosts SET hostPubKey='', hostSecToken='', hostSecTime='0000-00-00 00:00:00' WHERE hostname like 'hostname';
    ERROR 1292 (22007): Incorrect datetime value: '0000-00-00 00:00:00' for column 'hostSecTime' at row 1
    

    In case it should be updated to have single quotes, here is the article that had that query.
    https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Reset_encryption_data

    I did also run this query and it looks like you’re right, those fields don’t appear to be set.

    mysql> select hostname,hostPubKey,hostSecToken,hostSecTime from hosts where hostname like 'hostname';
    +--------------+------------+--------------+---------------------+
    | hostname     | hostPubKey | hostSecToken | hostSecTime         |
    +--------------+------------+--------------+---------------------+
    | hostname |            |              | 0000-00-00 00:00:00 |
    +--------------+------------+--------------+---------------------+
    1 row in set (0.00 sec)
    

  • Testers

    Also if you add the host to a group it will force the reset encryption button to appear in group management you can try that. This appears to be the same issue I am seeing in https://forums.fogproject.org/topic/10167/fog-client-fails-to-authenticate/11 but we haven’t got an answer there yet either but you can try some of the same steps yourself.


  • Developer

    @gnevills You need single quotes for the mysql update command:

    UPDATE hosts SET hostPubKey='', hostSecToken='', hostSecTime='0000-00-00 00:00:00' WHERE hostname like 'myhostname';
    

    If you don’t see the “Reset encryption data” button in the host settings page then neither hostPubKey nor hostSecToken are set in the DB anyway. Still give it a try but I guess we need to dig deeper. I am still looking through the stuff you posted. Maybe I missed some important detail there.



  • Hi Sebastian

    I did not try doing that. I just looked around on the wiki a bit and found some pages indicating “Reset encryption data” should be on the general tab in fog 1.3. I went and looked on the General tab for this host (and a few other hosts), there doesn’t appear to be a “Reset encryption data” button on General or any of the other tabs.

    I found a page on the wiki indicating this should have the same effect:
    UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime=“0000-00-00 00:00:00” WHERE hostname like ‘myhostname’;

    But I got this message when running that:
    ERROR 1292 (22007): Incorrect datetime value: ‘0000-00-00 00:00:00’ for column ‘hostSecTime’ at row 1.


  • Developer

    @gnevills Did you try “Reset encryption data” for this host in the FOG web GUI?


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.