FOG Client error: Middleware::Authentication ERROR: Could not get security token
-
Updated the server and reinstalled the client on this host and I cannot seem to get the client to connect and auto-register. Maybe I could push it manually from a pxe boot but believe I had the process automated before. It is not listed under Pending Hosts either.
FOG.log on the client
------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/16/2020 3:11:10 PM Client-Info Version: 0.11.19 4/16/2020 3:11:10 PM Client-Info OS: Windows 4/16/2020 3:11:10 PM Middleware::Authentication Waiting for authentication timeout to pass 4/16/2020 3:11:10 PM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt 4/16/2020 3:11:10 PM Data::RSA FOG Server CA cert found 4/16/2020 3:11:10 PM Middleware::Authentication Cert OK 4/16/2020 3:11:10 PM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before 4/16/2020 3:11:10 PM Middleware::Authentication ERROR: Could not get security token 4/16/2020 3:11:10 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'. 4/16/2020 3:11:10 PM Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService 4/16/2020 3:11:10 PM Middleware::Response Invalid security token ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/16/2020 3:11:10 PM Client-Info Version: 0.11.19 4/16/2020 3:11:10 PM Client-Info OS: Windows 4/16/2020 3:11:10 PM Middleware::Authentication Waiting for authentication timeout to pass 4/16/2020 3:13:10 PM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt 4/16/2020 3:13:10 PM Data::RSA FOG Server CA cert found 4/16/2020 3:13:10 PM Middleware::Authentication Cert OK 4/16/2020 3:13:10 PM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before 4/16/2020 3:13:10 PM Middleware::Authentication ERROR: Could not get security token 4/16/2020 3:13:10 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'. 4/16/2020 3:13:10 PM Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService 4/16/2020 3:13:10 PM Middleware::Response Invalid security token ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/16/2020 3:13:10 PM Client-Info Version: 0.11.19 4/16/2020 3:13:10 PM Client-Info OS: Windows 4/16/2020 3:13:10 PM Middleware::Authentication Waiting for authentication timeout to pass
apache access_log on fogserver
<Client_IP_Address> - - [16/Apr/2020:15:11:09 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1744 "-" "-" <Client_IP_Address> - - [16/Apr/2020:15:11:10 -0500] "POST /fog/management/index.php?sub=requestClientInfo&authorize&newService HTTP/1.1" 200 15 "-" "-" <Client_IP_Address> - - [16/Apr/2020:15:13:09 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1744 "-" "-" <Client_IP_Address> - - [16/Apr/2020:15:13:09 -0500] "POST /fog/management/index.php?sub=requestClientInfo&authorize&newService HTTP/1.1" 200 15 "-" "-" -
@altitudehack said in FOG Client error: Middleware::Authentication ERROR: Could not get security token:
Middleware::Response Invalid security token
This message in the log tells us that there seems to be an existing host with the MAC this address and a security token set in the DB for this host. Try to find that in the database:
shell> mysql -u fogmaster -p ... mysql> use fog; ... mysql> SELECT hostID,hostName,hostSecToken FROM hosts WHERE hostID IN (SELECT hmHostID FROM hostMAC WHERE hmMAC LIKE '%00:00:00:00:00:01%'); ...Put in the hosts MAC address instead of
00:00:00:00:00:01. You can find the DB credentials in/opt/fog/.fogsettings.If you can’t find anything in the DB using the primary MAC address of this host you might need to look at other MAC addresses, like wireless or VPN adapters. If you still can’t find it you might need to run wireshark on the host and capture the full HTTP traffic to find out what MAC addresses it sends over via POST parameters.
-
Hi Sebastian, thanks for the rapid and accurate response! I did find a duplicate of the MAC address which is because the clients all use a VPN.
I added the first three parts of the MAC address (0A:00:27) into FOG Configuration -> FOG Settings -> FOG Client - Host Register -> QUICKREG PENDING MAC FILTER:
Isn’t that supposed to make it ignore the duplicate?In the meantime, I will try ignoring it via the duplicate host’s Additional MACs screen:
Please let me know if there’s a better or different approach I can take.
-
@altitudehack Yeah, that pending MAC filter is supposed to do exactly that. Maybe there is an issue in that. Which version of FOG do you run?
Just to make sure, please check to see if you have pending hosts in the list: http://x.x.x.x/fog/management/index.php?node=host&sub=pending (put in your FOG server’s IP instead of x.x.x.x)
-
@Sebastian-Roth Thanks for confirming the function of the pending MAC filter. Are the MAC addresses in the comma-separated list case-sensitive by chance?
The computer was listed under Pending when I checked this morning with the primary MAC with the correct value but it also had an
Additional MACsentry labeledNot foundwhich matches the filter (I added the checkmarks):
Maybe I need to enter it again as54:ea:3f? -
@Sebastian-Roth
My version:Your version of FOG is up to date.
You're running the latest dev-branch version: 1.5.8.28 -
@altitudehack I will try to replicate the issue in the next days when I have a bit more time.
-
@altitudehack I still have this on my list. Sorry for taking so long. Will get to it soon.
-
@altitudehack I am very sorry it took so long to answer. I knew this one would be complicated and so I kept on putting it off.
Have had a play with it just now and I found why the pending MAC filter isn’t working as expected. Though I wanna check with Tom about this before we fix it.
-
@Sebastian-Roth, not a problem at all. I manually added the affected client.
Thank you for your genuine efforts and good luck sleuthing it out! -
@altitudehack Ok this should be fixed in latest
dev-branchnow. Would you give it a try? -
@Sebastian-Roth Hi, I had the same problem, and I had push the update 1.5.9-RC2 on my server, but the error still appear. I had reinstall the client to check if it’s the problem, with no changes…
A idea? I have more that 300 clients in this situation, it’s work when you made it manually, but …
Thank you!
------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 2020-05-21 15:30:36 Client-Info Version: 0.11.19 2020-05-21 15:30:36 Client-Info OS: Windows 2020-05-21 15:30:36 Middleware::Authentication Waiting for authentication timeout to pass 2020-05-21 15:33:21 Main Overriding exception handling 2020-05-21 15:33:22 Main Bootstrapping Zazzles 2020-05-21 15:33:22 Controller Initialize 2020-05-21 15:33:22 Controller Start 2020-05-21 15:33:22 Service Starting service 2020-05-21 15:33:27 Bus Became bus server 2020-05-21 15:33:27 Bus Emmiting message on channel: Status 2020-05-21 15:33:27 Service Invoking early JIT compilation on needed binaries ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 2020-05-21 15:33:27 Client-Info Version: 0.11.19 2020-05-21 15:33:27 Client-Info OS: Windows 2020-05-21 15:33:27 Middleware::Authentication Waiting for authentication timeout to pass 2020-05-21 15:33:27 Middleware::Communication Download: http://172.xx.xx.xx/fog/management/other/ssl/srvpublic.crt 2020-05-21 15:33:27 Data::RSA FOG Server CA cert found 2020-05-21 15:33:27 Middleware::Authentication Cert OK 2020-05-21 15:33:27 Middleware::Communication POST URL: http://172.xx.xx.xx/fog/management/index.php?sub=requestClientInfo&authorize&newService 2020-05-21 15:33:27 Middleware::Response Invalid security token ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 2020-05-21 15:33:27 Client-Info Version: 0.11.19 2020-05-21 15:33:27 Client-Info OS: Windows 2020-05-21 15:33:27 Middleware::Authentication Waiting for authentication timeout to pass -
@ITHand Is this log from a client that is registered to the FOG server already or a new one?
What do you mean by “it’s work when you made it manually”??
-
@Sebastian-Roth It’s for a new client, and the registring work well when we process in the ipxe menu. It’s the “Auto register function” of the client that doesn’t work… I had made a clean install of the client, without success. About this, the SmartInstaller.exe -u for the uninstallation doesn’t work, nothing append. Thank you!
-
@ITHand Have you read through this topic start to end? May I ask you to do the database queries mentioned below and see if you can find out if one of the MAC addresses is already in the DB and which one it is. Take a very close look at all the network interfaces you have in your network manager on Windows - also tunnel interfaces and such.