Problem with domain join after deployement
-
Hi @Sebastian-Roth,
Thank you for yous answer. Sorry, i have forgotten the attachment : fog.log
-
@benjamind Try resetting the encryption data in the host settings of the web ui and see if that helps.
-
@Sebastian-Roth I can’t find the “Reset encryption data” button :
-
@benjamind There is no MAC address set for this host? Might explain the problem as well?!?!
-
@Sebastian-Roth I have edited the image to erase the MAC address but it is configured.
-
Hi,
Does anyone , please, got an idea to solve my problem ?
Thanks.
-
@benjamind Do you see this exact same error (``) on all your machines or is it just one single one?
Please check if you have a file
C:\Program Files (x86)\FOG\token.dat
. I suppose you have that as the logs you posted don’t mention creating it. Please go to Windows service management, stop FOGService, rename the mentionedtoken.dat
, start FOGService and keep an eye on the log again. Please post the full log starting from when you renamed thattoken.dat
again. -
@Sebastian-Roth Thanks for your return.
What error are you talking about exactly?
All our machines can’t join the domain automatically after a deployment by Fog. Do you talk about a specific error message from the fog.log ?
I’m doing a deployment again now and I’ll check if I have the file when it will be finished. I’ll keep you update.
-
@Sebastian-Roth Here is the fog.log starting from when i renamed the token.dat.
-
@benjamind Sorry, missed to paste the error message last time:
Middleware::Response Failed to decrypt data
Here is the fog.log starting from when i renamed the token.dat.
Did you restart the FOG Service or the whole machine after renaming? Just want to make sure.
Can you please run the following commands on your FOG server and post output here [1]:
openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem
-
@Sebastian-Roth I have restarted the FOG service.
root@fog:~# openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt notBefore=Sep 3 09:07:28 2018 GMT notAfter=Aug 31 09:07:28 2028 GMT root@fog:~# openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem notBefore=Nov 24 09:57:37 2016 GMT notAfter=Nov 22 09:57:37 2026 GMT
-
@benjamind I am wondering, why is the server cert roughly two years younger than the CA? Did you update that server cert by intention last September?
-
@Sebastian-Roth Sorry, i give you the return on the commands form an other FOG server. Here is the return form the concerned server :
root@fog-dev:~# openssl x509 -dates -noout -in /var/www/fog/management/other/ssl/srvpublic.crt
notBefore=Mar 14 07:16:32 2019 GMT
notAfter=Mar 11 07:16:32 2029 GMT
root@fog-dev:~# openssl x509 -dates -noout -in /var/www/fog/management/other/ca.cert.pem
notBefore=Apr 5 13:49:36 2018 GMT
notAfter=Apr 2 13:49:36 2028 GMTThe srvprublic.crt date corresponds to our last FOG update from 1.5.0 to 1.5.5 and the ca.cert.pem should corresponds to the first installation of the server.
Is it a normal behaviour ?
-
@benjamind Which command line options did you choose when updating?
@Tom-Elliott Any ideas??
-
@Sebastian-Roth Here is is the commands i used to update our server :
cd /root/fogproject/
git pull
cd bin/
./installfog.sh -
@benjamind Sorry, my fault. I went down the wrong road. CA cert should not be renewed (unless you specify so using command line options) but the server cert is renewed on FOG updates.
We might need to take a look into your database to see if there are tokens pending that you don’t see in the host settings.
-
@Sebastian-Roth What do you want to verify precisely on the database ?
-
@benjamind Try
SELECT hostID,hostName,hostSecToken FROM hosts WHERE hostName LIKE '%PC2409M%';
-
MariaDB [fog]> SELECT hostID,hostName,hostSecToken FROM hosts WHERE hostName LIKE ‘%PC2409M%’;
+------------+-------------------+-------------------------+ | hostID | hostName | hostSecToken | +------------+-------------------+-------------------------+ | 61 | PC2409M | | +------------+-------------------+-------------------------+
-
Hi @Sebastian-Roth,
Is the result of the command indicative ?