• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Several problems : unable to install CA certificate, userdel fogproject, updating database failed

Scheduled Pinned Locked Moved Solved
FOG Problems
2
18
1.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    Matthieu Jacquart
    last edited by Matthieu Jacquart Jan 7, 2020, 6:39 AM Jan 7, 2020, 8:35 AM

    Hi,

    I have different problems with my fog server :

    • Since few weeks it’s impossible to install fog client on computers, I tried with FOGService.msi and SmartInstaller.exe, using right Fog server IP but each time this message is displayed
    unable to install CA certificate: access denied
    
    • Each time I want to update Fog I have to run command userdel fogproject, if not this message is dispayed
    Setting up fogproject user................................../var/log/lastlog: Aucun fichier ou dossier de ce type
    Already exists
    The account "fogproject" already exists and has been used to logon and work on this machine. We highly recommend you NOT use this account for your work as it is supposed to be a system account!
    Please remove the account "fogproject" manually before running the installer again. Run: userdel fogproject
    
    • I 'm actually on master branch (1.5.7), so I tried to use dev-branch (1.5.7.89) to see if it resolves these issues, but then installation failed with message
    * Updating Database...........................................Failed!
    

    Thanks for your help
    Matthieu

    Fog 1.5.9.138
    Debian 11
    Vmware ESXi

    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Jan 7, 2020, 1:51 PM

      @Matthieu-Jacquart Let’s try to sort things a bit first. Which version of the fog-client do you use? Probably 0.11.16 which is the last version that was released with FOG 1.5.7 (and 1.5.6). Lately I have worked on the fog-client and released 0.11.17. While I am not sure if this can fix the problem you run into it might be worth a try. If not, 0.11.18 is on the doorstep and we can probably find and fix the issue you have if it is not yet.

      unable to install CA certificate: access denied

      I have seen the first part of this error message a lot when debugging an issue days ago. For me it happened when I tried to install 0.11.16 with a FOG server that uses HTTPS connection. But the access denied message sounds like you hit a different issue here. I improved the error logging in the newer version already. Can you please try using these: MSI / EXE. After running one of these installers you should have the following log file: C:\Windows\Temp\FOGService.install.log…

      /var/log/lastlog: Aucun fichier ou dossier de ce type

      Translated: “/var/log/lastlog: No such file or directory”??? Why don’t you have lastlog file on your server? Did you remove that by intention?

      Updating Database…Failed!

      Please post the last 20 lines of your install error log file (found in fogproject/bin/error_logs/...)!

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • M
        Matthieu Jacquart
        last edited by Jan 7, 2020, 2:14 PM

        Hi Sebastian,

        Thanks for your reply.

        • Concerning error with fog client, it’s exactly the same problem with 0.11.17 (and yes I was using 0.11.16 previously), here is the content of FOGService.install.log file :
         07/01/2020 14:59 Data::RSA FOG Server CA cert found
         07/01/2020 15:00 Data::RSA FOG Server CA cert found
         07/01/2020 15:00 Installer ERROR: Could not unpin FOG server CA cert
         07/01/2020 15:00 Installer ERROR: Access denied.
         07/01/2020 15:00 Installer ERROR: Could not pin server CA
         07/01/2020 15:00 Installer ERROR: Access denied.
        
        • For lastlog file I absolutely don’t know why it’s missing, I recreated it (touch /var/log/lastlog) so know error message is :
         * Setting up fogproject user..................................Already exists
        
        The account "fogproject" already exists but this seems to be a
        fresh install. We highly recommend to NOT creating this account
        beforehand as it is supposed to be a system account not meant
        to be used to login and work on the machine!
        
        Please remove the account "fogproject" manually before running
        the installer again. Run: userdel fogproject
        
        • And for updating database error, here is the end of fog_error_1.5.7.log (sorry some french words…)
        To activate the new configuration, you need to run:
          systemctl reload apache2
        Site 000-default disabled.
        To activate the new configuration, you need to run:
          systemctl reload apache2
        ● apache2.service - The Apache HTTP Server
           Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
           Active: active (running) since Tue 2020-01-07 15:11:34 CET; 2s ago
          Process: 15930 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
         Main PID: 15935 (apache2)
            Tasks: 6 (limit: 4915)
           CGroup: /system.slice/apache2.service
                   ├─15935 /usr/sbin/apache2 -k start
                   ├─15942 /usr/sbin/apache2 -k start
                   ├─15943 /usr/sbin/apache2 -k start
                   ├─15944 /usr/sbin/apache2 -k start
                   ├─15945 /usr/sbin/apache2 -k start
                   └─15946 /usr/sbin/apache2 -k start
        
        janv. 07 15:11:34 FOG systemd[1]: Starting The Apache HTTP Server...
        janv. 07 15:11:34 FOG systemd[1]: Started The Apache HTTP Server.
        
        ● php7.0-fpm.service - The PHP 7.0 FastCGI Process Manager
           Loaded: loaded (/lib/systemd/system/php7.0-fpm.service; enabled; vendor preset: enabled)
           Active: active (running) since Tue 2020-01-07 15:11:34 CET; 2s ago
             Docs: man:php-fpm7.0(8)
         Main PID: 15934 (php-fpm7.0)
           Status: "Ready to handle connections"
            Tasks: 6 (limit: 4915)
           CGroup: /system.slice/php7.0-fpm.service
                   ├─15934 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
                   ├─15936 php-fpm: pool www
                   ├─15937 php-fpm: pool www
                   ├─15938 php-fpm: pool www
                   ├─15939 php-fpm: pool www
                   └─15940 php-fpm: pool www
        
        janv. 07 15:11:34 FOG systemd[1]: Starting The PHP 7.0 FastCGI Process Manager...
        janv. 07 15:11:34 FOG systemd[1]: Started The PHP 7.0 FastCGI Process Manager.
        --2020-01-07 15:11:36--  http://192.168.10.60//fog//maintenance/backup_db.php
        Connexion à 192.168.10.60:80… connecté.
        requête HTTP transmise, en attente de la réponse… 302 Found
        Could not parse String-Transport-Security header
        Emplacement : ?node=schema [suivant]
        --2020-01-07 15:11:36--  http://192.168.10.60//fog//maintenance/backup_db.php?node=schema
        Connexion à 192.168.10.60:80… connecté.
        requête HTTP transmise, en attente de la réponse… 200 OK
        Taille : non indiqué [text/html]
        Sauvegarde en : « /home//fogDBbackups/fog_sql_1.5.7_20200107_031136.sql »
        
             0K                                                        1,58M=0s
        
        2020-01-07 15:11:37 (1,58 MB/s) - « /home//fogDBbackups/fog_sql_1.5.7_20200107_031136.sql » sauvegardé [31]
        

        Fog 1.5.9.138
        Debian 11
        Vmware ESXi

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Jan 7, 2020, 3:33 PM

          @Matthieu-Jacquart Nice, I think we are getting closer.

          Concerning error with fog client, it’s exactly the same problem with 0.11.17 (and yes I was using 0.11.16 previously), here is the content of FOGService.install.log file:

          Hmmmm, I have never seen “Access denied” at this stage before. This is Windows installation right? Do you run the installer with admin rights? Do you have an older version of the client installed on this machine?

          For lastlog file I absolutely don’t know why it’s missing, I recreated it (touch /var/log/lastlog) so know error message is

          Please run lastlog command on your console and see if it produces an error message. Post output here.

          And for updating database error, here is the end of fog_error_1.5.7.log (sorry some french words…)

          Please open the FOG server URL (http://192.168.10.60/fog/) in your browser and make sure it’s working properly and update the schema.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          M 1 Reply Last reply Jan 8, 2020, 8:05 AM Reply Quote 0
          • M
            Matthieu Jacquart
            last edited by Jan 7, 2020, 3:55 PM

            • For client, it’s a Windows installation, there is no older version on machine, same error with admin rights.
              But I think it could be related to a modification I made few weeks ago : I tried to run fog installer to activate https (./installfog.sh -S). It worked but I returned back because I’ve got another application on Fog server which was inaccessible with https activated…

            • Lastlog command returns this (and I don’t have the fogproject user error anymore so that’s a very good point !!!):

            Username         Port     From             Latest
            root                                       **Never logged in**
            daemon                                     **Never logged in**
            bin                                        **Never logged in**
            sys                                        **Never logged in**
            sync                                       **Never logged in**
            games                                      **Never logged in**
            man                                        **Never logged in**
            lp                                         **Never logged in**
            mail                                       **Never logged in**
            news                                       **Never logged in**
            uucp                                       **Never logged in**
            proxy                                      **Never logged in**
            www-data                                   **Never logged in**
            backup                                     **Never logged in**
            list                                       **Never logged in**
            irc                                        **Never logged in**
            gnats                                      **Never logged in**
            nobody                                     **Never logged in**
            systemd-timesync                           **Never logged in**
            systemd-network                            **Never logged in**
            systemd-resolve                            **Never logged in**
            systemd-bus-proxy                           **Never logged in**
            _apt                                       **Never logged in**
            messagebus                                 **Never logged in**
            sshd                                       **Never logged in**
            debian                                     **Never logged in**
            mysql                                      **Never logged in**
            statd                                      **Never logged in**
            tftp                                       **Never logged in**
            ftp                                        **Never logged in**
            fog                                        **Never logged in**
            fogproject                                 **Never logged in**
            
            • And for updating database error I run fog installer once again from scratch (deleted .fogsettings), it asked me mysql password twice and now update is ok (1.5.7 and then 1.5.7.89). So I tested once again client installation after 1.5.7.89 update (client 0.11.17 available on web interface) but still same error…

            Good news is that now I’ve just one problem to resolve : client installation !
            See you tomorrow 😉

            Fog 1.5.9.138
            Debian 11
            Vmware ESXi

            1 Reply Last reply Reply Quote 0
            • M
              Matthieu Jacquart @Sebastian Roth
              last edited by Jan 8, 2020, 8:05 AM

              @Sebastian-Roth Hi, big problem this morning, after upgrading to 1.5.7.89 yesterday, all computers tried to update fog client to 0.11.17, and it failed for all !
              fog.log give me this :

              ------------------------------------------------------------------------------
              ----------------------------------UserTracker---------------------------------
              ------------------------------------------------------------------------------
               07/01/2020 16:44 Client-Info Client Version: 0.11.16
               07/01/2020 16:44 Client-Info Client OS:      Windows
               07/01/2020 16:44 Client-Info Server Version: 1.5.7
               07/01/2020 16:44 Middleware::Response ERROR: Unable to get subsection
               07/01/2020 16:44 Middleware::Response ERROR: Object reference not set to an instance of an object.
               07/01/2020 16:44 Service Sleeping for 126 seconds
               07/01/2020 16:46 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&configure&newService&json
               07/01/2020 16:46 Middleware::Response Success
               07/01/2020 16:46 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&mac=74:27:EA:6C:AA:0D&newService&json
               07/01/2020 16:46 Middleware::Authentication Waiting for authentication timeout to pass
               07/01/2020 16:46 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
               07/01/2020 16:46 Data::RSA FOG Server CA cert found
               07/01/2020 16:46 Data::RSA ERROR: Certificate validation failed
               07/01/2020 16:46 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: La signature du certificat ne peut pas être vérifiée. (NotSignatureValid)
               07/01/2020 16:46 Middleware::Authentication ERROR: Could not authenticate
               07/01/2020 16:46 Middleware::Authentication ERROR: Certificate is not from FOG CA
               07/01/2020 16:46 Middleware::Response Success
               07/01/2020 16:46 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?clientver&newService&json
               07/01/2020 16:46 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?newService&json
              
               07/01/2020 16:46 Service Creating user agent cache
               07/01/2020 16:46 Middleware::Response ERROR: Unable to get subsection
               07/01/2020 16:46 Middleware::Response ERROR: Object reference not set to an instance of an object.
               07/01/2020 16:46 Middleware::Response ERROR: Unable to get subsection
               07/01/2020 16:46 Middleware::Response ERROR: Object reference not set to an instance of an object.
               07/01/2020 16:46 Middleware::Response ERROR: Unable to get subsection
               07/01/2020 16:46 Middleware::Response ERROR: Object reference not set to an instance of an object.
              
              ------------------------------------------------------------------------------
              ---------------------------------ClientUpdater--------------------------------
              ------------------------------------------------------------------------------
               07/01/2020 16:46 Client-Info Client Version: 0.11.16
               07/01/2020 16:46 Client-Info Client OS:      Windows
               07/01/2020 16:46 Client-Info Server Version: 1.5.7.89
               07/01/2020 16:46 Middleware::Response Success
               07/01/2020 16:46 Middleware::Communication Download: http://192.168.10.60/fog/client/SmartInstaller.exe
               07/01/2020 16:46 Data::RSA FOG Project cert found
               07/01/2020 16:46 ClientUpdater Update file is authentic
              ------------------------------------------------------------------------------
              
               07/01/2020 16:46 Bus Emmiting message on channel: Update
               07/01/2020 16:46 Service-Update Spawning update helper
               07/01/2020 16:46 UpdaterHelper Shutting down service...
               07/01/2020 16:46 UpdaterHelper Killing remaining processes...
               07/01/2020 16:46 UpdaterHelper Applying update...
               07/01/2020 16:47 UpdaterHelper Starting service...
              

              And nothing since more than 12 hours… Do I have to regenerate certificate ? With what consequences ?
              Thanks

              Fog 1.5.9.138
              Debian 11
              Vmware ESXi

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Jan 8, 2020, 10:25 AM

                @Matthieu-Jacquart said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

                Hi, big problem this morning, after upgrading to 1.5.7.89 yesterday, all computers tried to update fog client to 0.11.17, and it failed for all !
                fog.log give me this

                Ohhh no! Not good. Hmmmmmm let me think.

                 07/01/2020 16:46 Middleware::Authentication Waiting for authentication timeout to pass
                 07/01/2020 16:46 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
                 07/01/2020 16:46 Data::RSA FOG Server CA cert found
                 07/01/2020 16:46 Data::RSA ERROR: Certificate validation failed
                 07/01/2020 16:46 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: La signature du certificat ne peut pas être vérifiée. (NotSignatureValid)
                 07/01/2020 16:46 Middleware::Authentication ERROR: Could not authenticate
                 07/01/2020 16:46 Middleware::Authentication ERROR: Certificate is not from FOG CA
                

                It’s very strange this client log shows that it wasn’t able to properly communicate with the FOG server in the first place. Do you know why?

                And for updating database error I run fog installer once again from scratch (deleted .fogsettings)

                Did you just delete that file or the whole /opt/fog directory? Because from the error above it seems like the server CA and certificate was regenerated and that made the clients fail in the first place.

                 07/01/2020 16:46 Data::RSA FOG Project cert found
                 07/01/2020 16:46 ClientUpdater Update file is authentic
                ------------------------------------------------------------------------------
                
                 07/01/2020 16:46 Bus Emmiting message on channel: Update
                 07/01/2020 16:46 Service-Update Spawning update helper
                 07/01/2020 16:46 UpdaterHelper Shutting down service...
                 07/01/2020 16:46 UpdaterHelper Killing remaining processes...
                 07/01/2020 16:46 UpdaterHelper Applying update...
                 07/01/2020 16:47 UpdaterHelper Starting service...
                

                I am sorry to say this but the fog-client is completely uninstalled at this stage. I know this is not a good behaviour and I am trying to change this but this is how 0.11.16 (and 0.11.17 still) worked. So you need to re-deploy the fog-client on all the machines I think. Sorry! Will be back with more informations in a few minutes.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                M 1 Reply Last reply Jan 8, 2020, 10:49 AM Reply Quote 0
                • M
                  Matthieu Jacquart @Sebastian Roth
                  last edited by Jan 8, 2020, 10:49 AM

                  @Sebastian-Roth said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

                  It’s very strange this client log shows that it wasn’t able to properly communicate with the FOG server in the first place. Do you know why?

                  Absolutely not, maybe because I made lot of test yesterday with some VM backup restore so it may have borke something and I had to reset encryption data

                  Did you just delete that file or the whole /opt/fog directory? Because from the error above it seems like the server CA and certificate was regenerated and that made the clients fail in the first place.

                  just the .fogsetting file, not the opt/fog folder, but I can see in ssl folder that files have been modified yesteray…

                  root@FOG:/opt/fog/snapins/ssl$ ls -la
                  total 28
                  drwxrwxrwx 3 fogproject www-data 4096 janv. 21  2018 .
                  drwxrwxrwx 3 fogproject www-data 4096 janv.  7 13:10 ..
                  drwxrwxrwx 2 fogproject www-data 4096 janv. 21  2018 CA
                  -rwxrwxrwx 1 fogproject www-data   91 janv.  7 16:52 ca.cnf
                  -rwxrwxrwx 1 fogproject www-data 1667 janv.  7 15:30 fog.csr
                  -rwxrwxrwx 1 fogproject www-data  223 janv.  7 15:30 req.cnf
                  -rwxrwxrwx 1 fogproject www-data 3243 janv.  7 15:30 .srvprivate.key
                  

                  I am sorry to say this but the fog-client is completely uninstalled at this stage. I know this is not a good behaviour and I am trying to change this but this is how 0.11.16 (and 0.11.17 still) worked. So you need to re-deploy the fog-client on all the machines I think. Sorry! Will be back with more informations in a few minutes.

                  Not a big deal, I have some software to deploy silently if it’s possible with msi client, do you think I have to regenerate certificate ?

                  Fog 1.5.9.138
                  Debian 11
                  Vmware ESXi

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by Sebastian Roth Jan 8, 2020, 6:05 AM Jan 8, 2020, 12:02 PM

                    @Matthieu-Jacquart Can you please run ls -la /opt/fog/snapins/ssl/CA so we see if the CA was re-generated as well? Do you have a backup of the old files just in case??

                    As well re-download the updated installer (MSI / EXE), delete the old C:\Windows\Temp\FOGService.install.log on the test client, re-run the new MSI/EXE and post log output here again.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    M 1 Reply Last reply Jan 8, 2020, 12:17 PM Reply Quote 0
                    • M
                      Matthieu Jacquart @Sebastian Roth
                      last edited by Jan 8, 2020, 12:17 PM

                      @Sebastian-Roth said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

                      @Matthieu-Jacquart Can you please run ls -la /opt/fog/snapins/ssl/CA so we see if the CA was re-generated as well? Do you have a backup of the old files just in case??

                      Yes I still have old files in bakcup

                      root@FOG:/opt/fogproject/bin$ ls -la /opt/fog/snapins/ssl/CA
                      total 20
                      drwxrwxrwx 2 fogproject www-data 4096 janv. 21  2018 .
                      drwxrwxrwx 3 fogproject www-data 4096 janv. 21  2018 ..
                      -rwxrwxrwx 1 fogproject www-data 3243 janv.  7 15:30 .fogCA.key
                      -rwxrwxrwx 1 fogproject www-data 1801 janv.  7 15:30 .fogCA.pem
                      -rwxrwxrwx 1 fogproject www-data   17 janv.  8 13:10 .srl
                      root@FOG:/opt/fogproject/bin$
                      

                      As well re-download the updated installer (MSI / EXE), delete the old C:\Windows\Temp\FOGService.install.log on the test client, re-run the new MSI/EXE and post log output here again.

                      Same error

                       08/01/2020 13:16 Data::RSA FOG Server CA cert found
                       08/01/2020 13:16 Data::RSA FOG Server CA cert found
                       08/01/2020 13:16 Installer Starting UnpinServerCert()
                       08/01/2020 13:16 Installer Trying to open Windows cert store: LocalMachine
                       08/01/2020 13:16 Installer Trying to remove cert 'CN=FOG Server CA'from cert store
                       08/01/2020 13:16 Installer ERROR: Could not unpin FOG server CA cert
                       08/01/2020 13:16 Installer ERROR: Access denied.
                       08/01/2020 13:16 Installer ERROR: Could not pin server CA
                       08/01/2020 13:16 Installer ERROR: Access denied.
                       08/01/2020 13:16 Installer ERROR: Unable to install CA certificate: Access denied.
                      

                      Fog 1.5.9.138
                      Debian 11
                      Vmware ESXi

                      1 Reply Last reply Reply Quote 0
                      • S
                        Sebastian Roth Moderator
                        last edited by Jan 8, 2020, 12:29 PM

                        @Matthieu-Jacquart said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

                        -rwxrwxrwx 1 fogproject www-data 3243 janv. 7 15:30 .fogCA.key
                        -rwxrwxrwx 1 fogproject www-data 1801 janv. 7 15:30 .fogCA.pem

                        Ok, seems like you somehow managed to re-generate the CA files. This should not happen unless you tell the installer to do so or delete the files. I am not exactly sure but I think it shouldn’t happen when you only delete /opt/fog/.fogsettings and re-run the installer.

                        Do you know if there are machines that still have the client installed. Probably some which were not turned on today yet. So my suggestion is you grab your backup, take /opt/fog/snapins/ssl/ (all files and sub directories):

                        mv /opt/fog/snapins/ssl /opt/fog/snapins/ssl_bak
                        mv /backup/path/opt/fog/snapins/ssl /opt/fog/snapins/ssl
                        chown -R fogproject:www-data /opt/fog/snapins/ssl
                        systemctl restart apache2
                        
                        08/01/2020 13:16 Installer Trying to open Windows cert store: LocalMachine
                        08/01/2020 13:16 Installer Trying to remove cert 'CN=FOG Server CA'from cert store
                        

                        Ok so it’s actually able to open the certificate store but is not able to remove the cert. Can you please open the certificate management UI on this client (run certmgr. msc) and navigate to “Trusted Authorities”. Do you see “FOG Server CA” there??

                        I am wondering if you have some kind of strange GPO in place that prevents access to the cert store somehow?!

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        M 2 Replies Last reply Jan 8, 2020, 1:09 PM Reply Quote 0
                        • M
                          Matthieu Jacquart @Sebastian Roth
                          last edited by Jan 8, 2020, 1:09 PM

                          @Sebastian-Roth said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

                          Ok, seems like you somehow managed to re-generate the CA files. This should not happen unless you tell the installer to do so or delete the files. I am not exactly sure but I think it shouldn’t happen when you only delete /opt/fog/.fogsettings and re-run the installer.

                          Do you know if there are machines that still have the client installed. Probably some which were not turned on today yet. So my suggestion is you grab your backup, take /opt/fog/snapins/ssl/ (all files and sub directories):

                          mv /opt/fog/snapins/ssl /opt/fog/snapins/ssl_bak
                          mv /backup/path/opt/fog/snapins/ssl /opt/fog/snapins/ssl
                          chown -R fogproject:www-data /opt/fog/snapins/ssl
                          systemctl restart apache2
                          

                          OK I’ve just I restored older certificate from backup

                          Ok so it’s actually able to open the certificate store but is not able to remove the cert. Can you please open the certificate management UI on this client (run certmgr. msc) and navigate to “Trusted Authorities”. Do you see “FOG Server CA” there??

                          I am wondering if you have some kind of strange GPO in place that prevents access to the cert store somehow?!

                          YESSSS !!! That’s it, after I tried to install https on fog server few weeks ago, I added fog certificate to GPO «Root Trusted Authorities» and problems began with that mess… so sorry, if I delete fog certificate in GPO I can install client !
                          But still have this error after install client

                          ------------------------------------------------------------------------------
                          --------------------------------Authentication--------------------------------
                          ------------------------------------------------------------------------------
                           08/01/2020 14:04 Client-Info Version: 0.11.17
                           08/01/2020 14:04 Client-Info OS:      Windows
                           08/01/2020 14:04 Middleware::Authentication Waiting for authentication timeout to pass
                           08/01/2020 14:06 Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
                           08/01/2020 14:06 Data::RSA FOG Server CA cert found
                           08/01/2020 14:06 Middleware::Authentication Cert OK
                           08/01/2020 14:06 Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
                           08/01/2020 14:06 Middleware::Response Failed to decrypt data on server
                          

                          Fog 1.5.9.138
                          Debian 11
                          Vmware ESXi

                          1 Reply Last reply Reply Quote 0
                          • M
                            Matthieu Jacquart @Sebastian Roth
                            last edited by Matthieu Jacquart Jan 8, 2020, 8:11 AM Jan 8, 2020, 2:07 PM

                            @Sebastian-Roth I change «fogserver» with IP but still have these error (test on 2 computers), I have reset encryption data) :

                            ------------------------------------------------------------------------------
                            --------------------------------Authentication--------------------------------
                            ------------------------------------------------------------------------------
                             08/01/2020 14:57 Client-Info Version: 0.11.17
                             08/01/2020 14:57 Client-Info OS:      Windows
                             08/01/2020 14:57 Middleware::Authentication Waiting for authentication timeout to pass
                             08/01/2020 14:59 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
                             08/01/2020 14:59 Data::RSA FOG Server CA cert found
                             08/01/2020 14:59 Data::RSA ERROR: Certificate validation failed
                             08/01/2020 14:59 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
                             08/01/2020 14:59 Middleware::Authentication ERROR: Could not authenticate
                             08/01/2020 14:59 Middleware::Authentication ERROR: Certificate is not from FOG CA
                            
                            
                             08/01/2020 14:59 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&configure&newService&json
                             08/01/2020 14:59 Middleware::Response Success
                             08/01/2020 14:59 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&mac=74:27:EA:6C:AA:0D&newService&json
                             08/01/2020 14:59 Middleware::Authentication Waiting for authentication timeout to pass
                             08/01/2020 15:01 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
                             08/01/2020 15:01 Data::RSA FOG Server CA cert found
                             08/01/2020 15:01 Data::RSA ERROR: Certificate validation failed
                             08/01/2020 15:01 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
                             08/01/2020 15:01 Middleware::Authentication ERROR: Could not authenticate
                             08/01/2020 15:01 Middleware::Authentication ERROR: Certificate is not from FOG CA
                             08/01/2020 15:01 Middleware::Response Success
                             08/01/2020 15:01 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?clientver&newService&json
                             08/01/2020 15:01 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?newService&json
                            
                             08/01/2020 15:01 Service Creating user agent cache
                             08/01/2020 15:01 Middleware::Response ERROR: Unable to get subsection
                             08/01/2020 15:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                             08/01/2020 15:01 Middleware::Response ERROR: Unable to get subsection
                             08/01/2020 15:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                             08/01/2020 15:01 Middleware::Response ERROR: Unable to get subsection
                             08/01/2020 15:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                             08/01/2020 15:01 Service Initializing modules
                            
                            ------------------------------------------------------------------------------
                            ----------------------------------UserTracker---------------------------------
                            ------------------------------------------------------------------------------
                             08/01/2020 15:01 Client-Info Client Version: 0.11.17
                             08/01/2020 15:01 Client-Info Client OS:      Windows
                             08/01/2020 15:01 Client-Info Server Version: 1.5.7.89
                             08/01/2020 15:01 Middleware::Response ERROR: Unable to get subsection
                             08/01/2020 15:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                             08/01/2020 15:01 Service Sleeping for 145 seconds
                             08/01/2020 15:03 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&configure&newService&json
                             08/01/2020 15:03 Middleware::Response Success
                             08/01/2020 15:03 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&mac=74:27:EA:6C:AA:0D&newService&json
                             08/01/2020 15:03 Middleware::Authentication Waiting for authentication timeout to pass
                             08/01/2020 15:03 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
                             08/01/2020 15:03 Data::RSA FOG Server CA cert found
                             08/01/2020 15:03 Data::RSA ERROR: Certificate validation failed
                             08/01/2020 15:03 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
                             08/01/2020 15:03 Middleware::Authentication ERROR: Could not authenticate
                             08/01/2020 15:03 Middleware::Authentication ERROR: Certificate is not from FOG CA
                             08/01/2020 15:03 Middleware::Response Success
                             08/01/2020 15:03 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?clientver&newService&json
                             08/01/2020 15:03 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?newService&json
                            
                             08/01/2020 15:03 Service Creating user agent cache
                             08/01/2020 15:03 Middleware::Response ERROR: Unable to get subsection
                             08/01/2020 15:03 Middleware::Response ERROR: Object reference not set to an instance of an object.
                             08/01/2020 15:03 Middleware::Response ERROR: Unable to get subsection
                             08/01/2020 15:03 Middleware::Response ERROR: Object reference not set to an instance of an object.
                             08/01/2020 15:03 Middleware::Response ERROR: Unable to get subsection
                             08/01/2020 15:03 Middleware::Response ERROR: Object reference not set to an instance of an object.
                            

                            Do I need to use ./installfog.sh -K option ?

                            Fog 1.5.9.138
                            Debian 11
                            Vmware ESXi

                            1 Reply Last reply Reply Quote 0
                            • S
                              Sebastian Roth Moderator
                              last edited by Jan 8, 2020, 2:40 PM

                              @Matthieu-Jacquart Yeah, getting closer!!!

                              My fault, forgot these commands when I wrote this earlier:

                              cp /path/of/backup/var/www/html/fog/management/other/ssl/srvpublic.crt /var/www/html/fog/management/other/ssl/srvpublic.crt
                              cp /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/html/fog/management/other/ca.cert.pem
                              

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              M 1 Reply Last reply Jan 8, 2020, 4:07 PM Reply Quote 0
                              • M
                                Matthieu Jacquart @Sebastian Roth
                                last edited by Matthieu Jacquart Jan 8, 2020, 10:08 AM Jan 8, 2020, 4:07 PM

                                @Sebastian-Roth said in Several problems : unable to install CA certificate, userdel fogproject, updating database failed:

                                @Matthieu-Jacquart Yeah, getting closer!!!

                                My fault, forgot these commands when I wrote this earlier:

                                cp /path/of/backup/var/www/html/fog/management/other/ssl/srvpublic.crt /var/www/html/fog/management/other/ssl/srvpublic.crt
                                cp /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/html/fog/management/other/ca.cert.pem
                                

                                Unfortunately, I follow your 2 commands but stil this error even after restarting fog server :

                                ------------------------------------------------------------------------------
                                ----------------------------------UserTracker---------------------------------
                                ------------------------------------------------------------------------------
                                 08/01/2020 16:59 Client-Info Client Version: 0.11.17
                                 08/01/2020 16:59 Client-Info Client OS:      Windows
                                 08/01/2020 16:59 Client-Info Server Version: 1.5.7.89
                                 08/01/2020 16:59 Middleware::Response ERROR: Unable to get subsection
                                 08/01/2020 16:59 Middleware::Response ERROR: La référence d'objet n'est pas définie à une instance d'un objet.
                                 08/01/2020 16:59 Service Sleeping for 102 seconds
                                 08/01/2020 17:01 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&configure&newService&json
                                 08/01/2020 17:01 Middleware::Response Success
                                 08/01/2020 17:01 Middleware::Communication URL: http://192.168.10.60/fog/management/index.php?sub=requestClientInfo&mac=74:27:EA:6C:AA:0D&newService&json
                                 08/01/2020 17:01 Middleware::Authentication Waiting for authentication timeout to pass
                                 08/01/2020 17:01 Middleware::Communication Download: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
                                 08/01/2020 17:01 Data::RSA FOG Server CA cert found
                                 08/01/2020 17:01 Data::RSA ERROR: Certificate validation failed
                                 08/01/2020 17:01 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
                                 08/01/2020 17:01 Middleware::Authentication ERROR: Could not authenticate
                                 08/01/2020 17:01 Middleware::Authentication ERROR: Certificate is not from FOG CA
                                 08/01/2020 17:01 Middleware::Response Success
                                 08/01/2020 17:01 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?clientver&newService&json
                                 08/01/2020 17:01 Middleware::Communication URL: http://192.168.10.60/fog/service/getversion.php?newService&json
                                
                                 08/01/2020 17:01 Service Creating user agent cache
                                 08/01/2020 17:01 Middleware::Response ERROR: Unable to get subsection
                                 08/01/2020 17:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                                 08/01/2020 17:01 Middleware::Response ERROR: Unable to get subsection
                                 08/01/2020 17:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                                 08/01/2020 17:01 Middleware::Response ERROR: Unable to get subsection
                                 08/01/2020 17:01 Middleware::Response ERROR: Object reference not set to an instance of an object.
                                

                                Fog 1.5.9.138
                                Debian 11
                                Vmware ESXi

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Sebastian Roth Moderator
                                  last edited by Jan 8, 2020, 4:16 PM

                                  @Matthieu-Jacquart probably some cert mess we have now but I am sure we can figure this out. Please run:

                                  ls -alR /var/www/html/fog/management/other
                                  ls -alR /opt/fog/snapins/ssl
                                  md5sum /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/html/fog/management/other/ca.cert.pem
                                  openssl verify -CAfile /var/www/html/fog/management/other/ca.cert.pem /var/www/html/fog/management/other/ssl/srvpublic.crt
                                  

                                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                  M 1 Reply Last reply Jan 8, 2020, 4:20 PM Reply Quote 0
                                  • M
                                    Matthieu Jacquart @Sebastian Roth
                                    last edited by Jan 8, 2020, 4:20 PM

                                    @Sebastian-Roth Nope I just found answer, I had to run installer once again and re-download client after restoring cert, now everything seems great, I just have to redeploy client on all computers 🙂
                                    Many thanks for your help Sebastian !

                                    Fog 1.5.9.138
                                    Debian 11
                                    Vmware ESXi

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      Sebastian Roth Moderator
                                      last edited by Jan 8, 2020, 4:26 PM

                                      @Matthieu-Jacquart Sure right. If one client was pinned to the re-newed server CA cert then it can’t connect to the old original one. I missed that point! Good you figured it out!!!

                                      Great we got that worked out.

                                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                      1 Reply Last reply Reply Quote 0
                                      • 1 / 1
                                      1 / 1
                                      • First post
                                        12/18
                                        Last post

                                      286

                                      Online

                                      12.0k

                                      Users

                                      17.3k

                                      Topics

                                      155.2k

                                      Posts
                                      Copyright © 2012-2024 FOG Project