Unable to install ca certificate - existing / unchanged client



  • Possibly following this: https://forums.fogproject.org/topic/14501/new-snapin-cannot-change-directory/3?_=1591698231148

    On a Windows 10 Client that has not changed anything afaik I suddenly get errors relating to the security certificate.

    When I run the Smart Installer (v 0.12.0 is already installed though) with Repair I get “Unable to install CA certificate”.

    Following another thread I changed the settings.json HTTPs thing to 1, but no change - and wouldnt know why this would suddenly appear in an otherwise unchanged environment. I changed it back to its original https=0 …

    The fog.log shows (with https=0) - client was restarted and server too, fog web gui is accessible and responsive, and again it worked fine so far, only recent change was upgrade to current dev-branch:

    ------------------------------------------------------------------------------
    ----------------------------------UserTracker---------------------------------
    ------------------------------------------------------------------------------
     09.06.2020 12:40:46 Client-Info Client Version: 0.12.0
     09.06.2020 12:40:46 Client-Info Client OS:      Windows
     09.06.2020 12:40:46 Client-Info Server Version: 1.5.9-RC2.9
     09.06.2020 12:40:46 Middleware::Response ERROR: Unable to get subsection
     09.06.2020 12:40:46 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
     09.06.2020 12:40:46 Service Sleeping for 60 seconds
     09.06.2020 12:41:46 Middleware::Communication URL: https://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&configure&newService&json
     09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:46 Middleware::Communication ERROR: Could not contact FOG server
     09.06.2020 12:41:46 Middleware::Communication ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
     09.06.2020 12:41:46 Middleware::Response Success
     09.06.2020 12:41:46 Service ERROR: Invalid promptTime, using default
     09.06.2020 12:41:46 Middleware::Communication URL: https://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&mac=00:FF:9B:99:A9:20|E8:6A:64:D7:EE:EE|02:00:4C:4F:4F:50|0A:00:27:00:00:0B|D0:C6:37:B2:BC:9A|D0:C6:37:B2:BC:9B|D2:C6:37:B2:BC:9A|D0:C6:37:B2:BC:9E||00:15:5D:25:44:CF&newService&json
     09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:47 Middleware::Communication ERROR: Could not contact FOG server
     09.06.2020 12:41:47 Middleware::Communication ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
     09.06.2020 12:41:47 Middleware::Response Success
     09.06.2020 12:41:47 Middleware::Communication URL: https://fog.lfdw.local/fog/service/getversion.php?clientver&newService&json
     09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:41:47 Service ERROR: Unable to get cycle data
     09.06.2020 12:41:47 Service ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
     09.06.2020 12:41:47 Middleware::Response Success
    

    Anybody have an idea what might be wrong or where to look?



  • Soooo … 🙂

    After Resetting the Encryption it works.

    So in this case uninstalling the FOG Client, then Reinstalling it, manually started the FOG Service in Window and reset the Encryption Data solved the problems for this client.

    I have a second machine that seems to have the same problem at first glance, but have to check that to make sure it really is the same.

    And the Thread you found from me at the beginning of my FOG journey … i still add the certificate manually during sysprep via the setupcomplete. On this client I havent imaged in quite some time and its only me using it. Really strange. 😕

    I’ll check the other client and report back.

    Thanks !


  • Senior Developer

    @Taspharel said in Unable to install ca certificate - existing / unchanged client:

    Invalid security token

    Sorry, I forgot to mention you need to click the button “Reset Encryption Data” in the FOG web UI for this particular host and that error should go away.

    Will try and find the thread you mentioned. Just confused because we are a fairly small team and wouldnt know what could have been changed 😕

    Ok, now that it seems to work fine after the re-install (well at least not hitting the same rock again) I don’t think you have the same GPO issue. So I have to admit that I am really not sure what has happened in this case. Do you have more than this single one machine showing this issue? To me it seems like this machine had lost it’s FOG server CA certificate for some unknown reason. Maybe someone deleted it manually on that machine?

    As I just remembered whom it was I did a quick search myself. Probably would have been very hard for you to find: https://forums.fogproject.org/post/131875

    I am wondering if you have some kind of strange GPO in place that prevents access to the cert store somehow?!

    YESSSS !!! That’s it, after I tried to install https on fog server few weeks ago, I added fog certificate to GPO «Root Trusted Authorities» and problems began with that mess… so sorry, if I delete fog certificate in GPO I can install client !

    PS: When searching I also stumbled upon this old topic. Not related I think as way older versions were used but still funny I reckon.



  • Hi and thx.

    Accessing via plain http.

    Just reinstalled, the install works fine. After restarting the fog service the log shows:

    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     09.06.2020 21:36:46 Client-Info Version: 0.12.0
     09.06.2020 21:36:46 Client-Info OS:      Windows
     09.06.2020 21:36:46 Middleware::Authentication Waiting for authentication timeout to pass
     09.06.2020 21:38:45 Middleware::Communication Download: http://fog.lfdw.local/fog/management/other/ssl/srvpublic.crt
     09.06.2020 21:38:45 Data::RSA FOG Server CA cert found
     09.06.2020 21:38:45 Middleware::Authentication Cert OK
     09.06.2020 21:38:45 Middleware::Authentication ERROR: Could not get security token
     09.06.2020 21:38:45 Middleware::Authentication ERROR: Die Daten sind unzulässig.
    
     09.06.2020 21:38:46 Middleware::Communication POST URL: http://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&authorize&newService
     09.06.2020 21:38:46 Middleware::Response Invalid security token
    

    Will try and find the thread you mentioned. Just confused because we are a fairly small team and wouldnt know what could have been changed 😕


  • Senior Developer

    @Taspharel Is your FOG server setup as HTTPS or HTTP??

    Can you please uninstall the fog-client from this machine completely and then re-install again. If it still won’t work I would suspect you have some kind of GPO in place that is blocking access to the certificate store. There is a post in the forums about this.



  • And now this in the log:

    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     09.06.2020 12:46:43 Client-Info Version: 0.12.0
     09.06.2020 12:46:43 Client-Info OS:      Windows
     09.06.2020 12:46:43 Middleware::Authentication Waiting for authentication timeout to pass
     09.06.2020 12:48:44 Middleware::Communication Download: http://fog.lfdw.local/fog/management/other/ssl/srvpublic.crt
     09.06.2020 12:48:44 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
     09.06.2020 12:48:44 Middleware::Authentication ERROR: Could not authenticate
     09.06.2020 12:48:44 Middleware::Authentication ERROR: Der Wert darf nicht NULL sein.
    Parametername: authority
    

    I can open the URL just fine in a browser 😕


Log in to reply
 

409
Online

7.4k
Users

14.5k
Topics

136.5k
Posts