FOG Client error: Middleware::Authentication ERROR: Could not get security token



  • Updated the server and reinstalled the client on this host and I cannot seem to get the client to connect and auto-register. Maybe I could push it manually from a pxe boot but believe I had the process automated before. It is not listed under Pending Hosts either.


    FOG.log on the client

    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     4/16/2020 3:11:10 PM Client-Info Version: 0.11.19
     4/16/2020 3:11:10 PM Client-Info OS:      Windows
     4/16/2020 3:11:10 PM Middleware::Authentication Waiting for authentication timeout to pass
     4/16/2020 3:11:10 PM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
     4/16/2020 3:11:10 PM Data::RSA FOG Server CA cert found
     4/16/2020 3:11:10 PM Middleware::Authentication Cert OK
     4/16/2020 3:11:10 PM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
     4/16/2020 3:11:10 PM Middleware::Authentication ERROR: Could not get security token
     4/16/2020 3:11:10 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
     4/16/2020 3:11:10 PM Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
     4/16/2020 3:11:10 PM Middleware::Response Invalid security token
    
    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     4/16/2020 3:11:10 PM Client-Info Version: 0.11.19
     4/16/2020 3:11:10 PM Client-Info OS:      Windows
     4/16/2020 3:11:10 PM Middleware::Authentication Waiting for authentication timeout to pass
     4/16/2020 3:13:10 PM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
     4/16/2020 3:13:10 PM Data::RSA FOG Server CA cert found
     4/16/2020 3:13:10 PM Middleware::Authentication Cert OK
     4/16/2020 3:13:10 PM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
     4/16/2020 3:13:10 PM Middleware::Authentication ERROR: Could not get security token
     4/16/2020 3:13:10 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
     4/16/2020 3:13:10 PM Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
     4/16/2020 3:13:10 PM Middleware::Response Invalid security token
    
    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     4/16/2020 3:13:10 PM Client-Info Version: 0.11.19
     4/16/2020 3:13:10 PM Client-Info OS:      Windows
     4/16/2020 3:13:10 PM Middleware::Authentication Waiting for authentication timeout to pass
    

    apache access_log on fogserver

    <Client_IP_Address> - - [16/Apr/2020:15:11:09 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1744 "-" "-"
    <Client_IP_Address> - - [16/Apr/2020:15:11:10 -0500] "POST /fog/management/index.php?sub=requestClientInfo&authorize&newService HTTP/1.1" 200 15 "-" "-"
    <Client_IP_Address> - - [16/Apr/2020:15:13:09 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1744 "-" "-"
    <Client_IP_Address> - - [16/Apr/2020:15:13:09 -0500] "POST /fog/management/index.php?sub=requestClientInfo&authorize&newService HTTP/1.1" 200 15 "-" "-"
    

  • Senior Developer

    @ITHand Have you read through this topic start to end? May I ask you to do the database queries mentioned below and see if you can find out if one of the MAC addresses is already in the DB and which one it is. Take a very close look at all the network interfaces you have in your network manager on Windows - also tunnel interfaces and such.



  • @Sebastian-Roth It’s for a new client, and the registring work well when we process in the ipxe menu. It’s the “Auto register function” of the client that doesn’t work… I had made a clean install of the client, without success. About this, the SmartInstaller.exe -u for the uninstallation doesn’t work, nothing append. Thank you!


  • Senior Developer

    @ITHand Is this log from a client that is registered to the FOG server already or a new one?

    What do you mean by “it’s work when you made it manually”??



  • @Sebastian-Roth Hi, I had the same problem, and I had push the update 1.5.9-RC2 on my server, but the error still appear. I had reinstall the client to check if it’s the problem, with no changes…

    A idea? I have more that 300 clients in this situation, it’s work when you made it manually, but …

    Thank you!

    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     2020-05-21 15:30:36 Client-Info Version: 0.11.19
     2020-05-21 15:30:36 Client-Info OS:      Windows
     2020-05-21 15:30:36 Middleware::Authentication Waiting for authentication timeout to pass
     2020-05-21 15:33:21 Main Overriding exception handling
     2020-05-21 15:33:22 Main Bootstrapping Zazzles
     2020-05-21 15:33:22 Controller Initialize
     2020-05-21 15:33:22 Controller Start
    
     2020-05-21 15:33:22 Service Starting service
     2020-05-21 15:33:27 Bus Became bus server
     2020-05-21 15:33:27 Bus Emmiting message on channel: Status
     2020-05-21 15:33:27 Service Invoking early JIT compilation on needed binaries
    
    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     2020-05-21 15:33:27 Client-Info Version: 0.11.19
     2020-05-21 15:33:27 Client-Info OS:      Windows
     2020-05-21 15:33:27 Middleware::Authentication Waiting for authentication timeout to pass
     2020-05-21 15:33:27 Middleware::Communication Download: http://172.xx.xx.xx/fog/management/other/ssl/srvpublic.crt
     2020-05-21 15:33:27 Data::RSA FOG Server CA cert found
     2020-05-21 15:33:27 Middleware::Authentication Cert OK
     2020-05-21 15:33:27 Middleware::Communication POST URL: http://172.xx.xx.xx/fog/management/index.php?sub=requestClientInfo&authorize&newService
     2020-05-21 15:33:27 Middleware::Response Invalid security token
    
    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     2020-05-21 15:33:27 Client-Info Version: 0.11.19
     2020-05-21 15:33:27 Client-Info OS:      Windows
     2020-05-21 15:33:27 Middleware::Authentication Waiting for authentication timeout to pass
    
    
    

  • Senior Developer

    @altitudehack Ok this should be fixed in latest dev-branch now. Would you give it a try?



  • @Sebastian-Roth, not a problem at all. I manually added the affected client.
    Thank you for your genuine efforts and good luck sleuthing it out!


  • Senior Developer

    @altitudehack I am very sorry it took so long to answer. I knew this one would be complicated and so I kept on putting it off. 😞

    Have had a play with it just now and I found why the pending MAC filter isn’t working as expected. Though I wanna check with Tom about this before we fix it.


  • Senior Developer

    @altitudehack I still have this on my list. Sorry for taking so long. Will get to it soon.


  • Senior Developer

    @altitudehack I will try to replicate the issue in the next days when I have a bit more time.



  • @Sebastian-Roth
    My version: Your version of FOG is up to date.
    You're running the latest dev-branch version: 1.5.8.28



  • @Sebastian-Roth Thanks for confirming the function of the pending MAC filter. Are the MAC addresses in the comma-separated list case-sensitive by chance?

    The computer was listed under Pending when I checked this morning with the primary MAC with the correct value but it also had an Additional MACs entry labeled Not found which matches the filter (I added the checkmarks):

    addl_MAC.png
    quickreg_filter.png
    Maybe I need to enter it again as 54:ea:3f?


  • Senior Developer

    @altitudehack Yeah, that pending MAC filter is supposed to do exactly that. Maybe there is an issue in that. Which version of FOG do you run?

    Just to make sure, please check to see if you have pending hosts in the list: http://x.x.x.x/fog/management/index.php?node=host&sub=pending (put in your FOG server’s IP instead of x.x.x.x)



  • Hi Sebastian, thanks for the rapid and accurate response! I did find a duplicate of the MAC address which is because the clients all use a VPN.

    I added the first three parts of the MAC address (0A:00:27) into FOG Configuration -> FOG Settings -> FOG Client - Host Register -> QUICKREG PENDING MAC FILTER:
    Screenshot from 2020-04-17 06-55-27.png
    Isn’t that supposed to make it ignore the duplicate?

    In the meantime, I will try ignoring it via the duplicate host’s Additional MACs screen:
    Screenshot from 2020-04-17 06-56-56.png

    Please let me know if there’s a better or different approach I can take.


  • Senior Developer

    @altitudehack said in FOG Client error: Middleware::Authentication ERROR: Could not get security token:

    Middleware::Response Invalid security token

    This message in the log tells us that there seems to be an existing host with the MAC this address and a security token set in the DB for this host. Try to find that in the database:

    shell> mysql -u fogmaster -p
    ...
    mysql> use fog;
    ...
    mysql> SELECT hostID,hostName,hostSecToken FROM hosts WHERE hostID IN (SELECT hmHostID FROM  hostMAC WHERE hmMAC LIKE '%00:00:00:00:00:01%');
    ...
    

    Put in the hosts MAC address instead of 00:00:00:00:00:01. You can find the DB credentials in /opt/fog/.fogsettings.

    If you can’t find anything in the DB using the primary MAC address of this host you might need to look at other MAC addresses, like wireless or VPN adapters. If you still can’t find it you might need to run wireshark on the host and capture the full HTTP traffic to find out what MAC addresses it sends over via POST parameters.


Log in to reply
 

339
Online

7.2k
Users

14.4k
Topics

135.6k
Posts