• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

new install attempt to register host failed

Scheduled Pinned Locked Moved Solved
FOG Problems
3
16
1.3k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bogle
    last edited by Jul 24, 2019, 4:03 PM

    20190723_160329.jpg

    Fresh install over SSL and changed settings to use my wildcard certificate. This was a test to register a host.

    Any ideas?

    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Jul 24, 2019, 5:46 PM

      @bogle What kind of “Wildcard” certificate do you use?? Which certificate authority is this from?

      Be aware that you need to put the certificate into the right plane and re-run the installer or manually run the iPXE build script to have the certificate included into the binaries.

      As well you need to know that the fog-client currently does not work with custom certificates.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      B 1 Reply Last reply Jul 24, 2019, 7:00 PM Reply Quote 0
      • G
        george1421 Moderator
        last edited by Jul 24, 2019, 5:49 PM

        While I’m not up to speed on the FOG SSL thing, it does appear that you did not recompile the iPXE boot loaders with your matching certificate that apache is running under -or- apache is not listening on port 443.

        For apache listening on port 443 you can use this command netstat -an |grep :443 You should see something like this returned.

        tcp4       0      0 :::443                  :::*                    LISTEN
        

        You can also test from a browser trying to connect to https://10.141.13.36/fog/service/ipxe/boot.php?mac=00:00:00:00:00 that will/should return the contents of the FOG iPXE menu. We are only concerned about if something is returned or not.

        If both tests above are successful but you can’t connect using iPXE then you need to recompile iPXE with your certificate.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        B 1 Reply Last reply Jul 24, 2019, 6:54 PM Reply Quote 0
        • B
          bogle @george1421
          last edited by Jul 24, 2019, 6:54 PM

          @george1421

          netstat output.PNG

          2.PNG

          G 1 Reply Last reply Jul 24, 2019, 6:57 PM Reply Quote 0
          • G
            george1421 Moderator @bogle
            last edited by Jul 24, 2019, 6:57 PM

            @bogle Well half looks right. The web browser bit doesn’t look good. You should have a web page that starts out like this:

            #!ipxe
            set fog-ip 192.168.1.53
            set fog-webroot fog
            set boot-url http://${fog-ip}/${fog-webroot}
            cpuid --ext 29 && set arch x86_64 || set arch i386
            goto get_console
            :console_set
            colour --rgb 0x00567a 1 ||
            colour --rgb 0x00567a 2 ||
            colour --rgb 0x00567a 4 ||
            cpair --foreground 7 --background 2 2 ||
            goto MENU
            :alt_console
            cpair --background 0 1 ||
            cpair --background 1 2 ||
            goto MENU
            :get_console
            console --picture http://192.168.1.53/fog/service/ipxe/bg.png --left 100 --right 80 && goto console_set || goto alt_console
            :MENU
            menu
            colour --rgb 0xff0000 0 ||
            cpair --foreground 1 1 ||
            cpair --foreground 0 3 ||
            cpair --foreground 4 4 ||
            

            Try the same url but use the http:// instead.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            B 1 Reply Last reply Jul 24, 2019, 7:04 PM Reply Quote 0
            • B
              bogle @Sebastian Roth
              last edited by Jul 24, 2019, 7:00 PM

              @Sebastian-Roth

              Its a Premium SSL Wildcard Certificate from Sectigo Certification Authority

              1 Reply Last reply Reply Quote 0
              • B
                bogle @george1421
                last edited by Jul 24, 2019, 7:04 PM

                @george1421

                http:// doesn’t work either

                Here is a screenshot of the dashboard with Certificate pulled up.

                Capture.PNG

                G 1 Reply Last reply Jul 24, 2019, 7:14 PM Reply Quote 0
                • G
                  george1421 Moderator @bogle
                  last edited by Jul 24, 2019, 7:14 PM

                  @bogle Ok now we are getting some place.

                  I see your fog server url is at fogserver.<redacted>.com but if you look at your first picture its trying to contact 10.141.13.96 server. Why does the conical name work where the IP address doesn’t?

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                  B 1 Reply Last reply Jul 24, 2019, 7:19 PM Reply Quote 0
                  • B
                    bogle @george1421
                    last edited by george1421 Jul 24, 2019, 1:26 PM Jul 24, 2019, 7:19 PM

                    @george1421

                    Good question, I just tried this and it returned results.

                    Capture.PNG

                    Here is my host file

                    <VirtualHost *:80>
                        <FilesMatch "\.php$">
                            SetHandler "proxy:fcgi://127.0.0.1:9000/"
                        </FilesMatch>
                        ServerName 10.141.13.96
                        ServerAlias fogserver.<redacted>.com
                        RewriteEngine On
                        RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
                        RewriteRule .* - [F]
                        RewriteRule /management/other/ca.cert.der$ - [L]
                        RewriteCond %{HTTPS} off
                        RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
                    </VirtualHost>
                    <VirtualHost *:443>
                        KeepAlive Off
                        <FilesMatch "\.php$">
                            SetHandler "proxy:fcgi://127.0.0.1:9000/"
                        </FilesMatch>
                        ServerName 10.141.13.96
                        ServerAlias fogserver.<redacted>.com
                        DocumentRoot /var/www/html/
                        SSLEngine On
                        SSLProtocol all -SSLv3 -SSLv2
                        SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
                        SSLHonorCipherOrder On
                        SSLCertificateFile /etc/pki/tls/certs/STAR_grahamrmc_com.crt
                        SSLCertificateKeyFile /etc/pki/tls/private/_grahamrmc_com.key
                        SSLCertificateChainFile /etc/pki/tls/certs/STAR_grahamrmc_com.ca-bundle
                        <Directory /var/www/html/fog/>
                            DirectoryIndex index.php index.html index.htm
                        </Directory>
                        RewriteEngine On
                        RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
                        RewriteRule .* - [F]
                        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
                        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
                        RewriteRule ^/fog/(.*)$ /fog/api/index.php [QSA,L]
                    </VirtualHost>
                    

                    I modifed the .fogsettings file portion where SSL Setting is

                    Capture.PNG

                    G 1 Reply Last reply Jul 24, 2019, 7:24 PM Reply Quote 0
                    • G
                      george1421 Moderator @bogle
                      last edited by Jul 24, 2019, 7:24 PM

                      @bogle Well at this point, I’ve hit a wall on my knowledge in regards to SSL and apache. Its either the certificate blocking because its expecting a conical name or in the apache configuration the serveralias needs to have the IP address listed. But you are near the root of your problem. Once you get https working via the IP address it will work.

                      There is another way to work around it but I really don’t like that method because it make the client rely on DNS resolution to get imaging to work. You can go into the fog configuration settings and change all references to the IP address to the system’s conical name. You will also have to update the storage node settings too.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                      B 1 Reply Last reply Jul 24, 2019, 7:41 PM Reply Quote 0
                      • B
                        bogle @george1421
                        last edited by Jul 24, 2019, 7:41 PM

                        @george1421

                        Ok I will revert back to a previous vm snapshot so I can use http instead of https and start over.

                        B 1 Reply Last reply Jul 24, 2019, 8:07 PM Reply Quote 0
                        • B
                          bogle @bogle
                          last edited by Jul 24, 2019, 8:07 PM

                          @bogle

                          In the meantime whats the best way to get a windows 10 pro image working?

                          I am looking at this site right now

                          https://www.ceos3c.com/sysadmin/create-generalized-windows-10-image-deploy-fog-server/

                          G 1 Reply Last reply Jul 24, 2019, 8:42 PM Reply Quote 0
                          • S
                            Sebastian Roth Moderator
                            last edited by Jul 24, 2019, 8:33 PM

                            @bogle said in new install attempt to register host failed:

                            I modifed the .fogsettings file portion where SSL Setting is

                            Did you re-run the installer after that? The .fogsettings file is only being used by the installer script but not being read at runtime. So changes to this file need to be “populated” by re-running the installer. That said I am not exactly sure if all the things involved to make FOG work with SSL are playing nicely if you change that path. While it definitely should I just wonder if if does because probably not too many people have done this. Usually people using custom certificates simply put those into the places where FOG has it’s cert files by default.

                            I know this sounds very 80s, like just keep it all to default because changing settings might break it. 😞 But SSL is still kind of new in FOG, not being used by the mass of people and we have not had the time to make this rock solid in all cases yet.

                            It’s interesting you get a page load error when accessing the website using the IP address. Maybe check apache logs (see my signature) to see if there is a hint on why it fails?!

                            In the meantime whats the best way to get a windows 10 pro image working?

                            Would you mind opening a new topic on this? Best if we don’t mix up things so we don’t get lost and also other people will find answers easier.

                            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                            1 Reply Last reply Reply Quote 0
                            • G
                              george1421 Moderator @bogle
                              last edited by Jul 24, 2019, 8:42 PM

                              @bogle said in new install attempt to register host failed:

                              In the meantime whats the best way to get a windows 10 pro image working?

                              That site is a good place to start. You can either build the computer in audit mode or use MDT to create your reference image. Either way, don’t connect the reference image computer to your AD domain at all. Run audit mode unconnected to AD. You will have a better reference image in the end. Let FOG or have the unattend.xml file connect the target computer to AD at the end of deployment.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                              1 Reply Last reply Reply Quote 0
                              • B
                                bogle
                                last edited by Jul 24, 2019, 8:50 PM

                                Thanks for your help. I reinstall the FOG Project and it works out of the box. On my test pc it booted successfully to the PXE menu. Tested it twice using legacy mode and uefi mode!

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Sebastian Roth Moderator
                                  last edited by Sebastian Roth Jul 24, 2019, 10:48 PM Jul 25, 2019, 4:48 AM

                                  @bogle SSL enabled this time or not? Where did you put the certificates?

                                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                  1 Reply Last reply Reply Quote 0
                                  • 1 / 1
                                  1 / 1
                                  • First post
                                    7/16
                                    Last post

                                  217

                                  Online

                                  12.0k

                                  Users

                                  17.3k

                                  Topics

                                  155.2k

                                  Posts
                                  Copyright © 2012-2024 FOG Project