FOG Client Private Key not readable


  • Hello,

    on a manually installed notebook no communication between Fog Client and Fog Server is possible. The following error messages appear in the Fog Client log:

    Start of Log:
    06.04.2021 11:37:52 Middleware::Communication URL: http://10.70.7.10/fog/management/index.php?sub=requestClientInfo&configure&newService&json
    06.04.2021 11:37:52 Middleware::Response Success
    06.04.2021 11:37:52 Middleware::Communication URL: http://10.70.7.10/fog/management/index.php?sub=requestClientInfo&mac=74:78:27:2C:07:41|B0:7D:64:0C:CB:64|B0:7D:64:0C:CB:65|B2:7D:64:0C:CB:64|B0:7D:64:0C:CB:68&newService&json
    06.04.2021 11:37:52 Middleware::Authentication Waiting for authentication timeout to pass
    06.04.2021 11:37:52 Middleware::Communication Download: http://10.70.7.10/fog/management/other/ssl/srvpublic.crt
    06.04.2021 11:37:52 Data::RSA FOG Server CA cert found
    06.04.2021 11:37:52 Middleware::Authentication Cert OK
    06.04.2021 11:37:52 Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
    06.04.2021 11:37:52 Middleware::Authentication ERROR: Could not get security token
    06.04.2021 11:37:52 Middleware::Authentication ERROR: Die Datei “C:\Program Files (x86)\FOG\token.dat” konnte nicht gefunden werden.
    06.04.2021 11:37:52 Middleware::Communication POST URL: http://10.70.7.10/fog/management/index.php?sub=requestClientInfo&authorize&newService
    06.04.2021 11:37:52 Middleware::Response Private key not readable
    06.04.2021 11:37:52 Middleware::Response Success
    06.04.2021 11:37:52 Middleware::Communication URL: http://10.70.7.10/fog/service/getversion.php?clientver&newService&json
    06.04.2021 11:37:53 Middleware::Communication URL: http://10.70.7.10/fog/service/getversion.php?newService&json

    06.04.2021 11:37:53 Service Creating user agent cache
    06.04.2021 11:37:53 Middleware::Response ERROR: Unable to get subsection
    06.04.2021 11:37:53 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    06.04.2021 11:37:53 Middleware::Response ERROR: Unable to get subsection
    06.04.2021 11:37:53 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    06.04.2021 11:37:53 Middleware::Response ERROR: Unable to get subsection
    06.04.2021 11:37:53 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.


    ---------------------------------ClientUpdater--------------------------------

    06.04.2021 11:37:53 Client-Info Client Version: 0.12.0
    06.04.2021 11:37:53 Client-Info Client OS: Windows
    06.04.2021 11:37:53 Client-Info Server Version: 1.5.9
    06.04.2021 11:37:53 Middleware::Response Success


    ----------------------------------TaskReboot----------------------------------

    06.04.2021 11:37:53 Client-Info Client Version: 0.12.0
    06.04.2021 11:37:53 Client-Info Client OS: Windows
    06.04.2021 11:37:53 Client-Info Server Version: 1.5.9
    06.04.2021 11:37:53 Middleware::Response ERROR: Unable to get subsection
    06.04.2021 11:37:53 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.


    --------------------------------HostnameChanger-------------------------------

    06.04.2021 11:37:53 Client-Info Client Version: 0.12.0
    06.04.2021 11:37:53 Client-Info Client OS: Windows
    06.04.2021 11:37:53 Client-Info Server Version: 1.5.9
    06.04.2021 11:37:53 Middleware::Response ERROR: Unable to get subsection
    06.04.2021 11:37:53 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.


    ---------------------------------SnapinClient---------------------------------

    06.04.2021 11:37:53 Client-Info Client Version: 0.12.0
    06.04.2021 11:37:53 Client-Info Client OS: Windows
    06.04.2021 11:37:53 Client-Info Server Version: 1.5.9
    06.04.2021 11:37:53 Middleware::Response ERROR: Unable to get subsection
    06.04.2021 11:37:53 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.

    END of Log

    What can i do here?

    FOG Server Version:
    1.5.9 with local Storage Node, no NAS!


  • @tom-elliott

    The FOG Server was installed not special like 10 others in our enviroment…

    Works now after running:
    sudo chmod 750 /opt/fog/snapins/ssl/.srvprivate.key

    Thanks a lot!

  • Senior Developer

    @johannesd How did this file get created?

    It doesn’t seem to have the correct permissions. First, it’s blocked off as only owner can read and write to it. (-rw-------) and that means ONLY root can do such a thing.

    While permissions directly shouldn’t be an issue, the owner most likely is as a web request is what’s providing information. So basically, your FOG Client is polling for the certificate and one cannot be read.

    You can fix this a multitude of ways, though I would start with the most restrictive set first:

    From the fog server, ssh
    sudo chown fogproject:apache /opt/fog/snapins/ssl/.srvprivate.key (If using Ubuntu change apache to www-data)

    If this still doesn’t work, I’d at least suggest rwxr-x— permissions:
    sudo chmod 750 /opt/fog/snapins/ssl/.srvprivate.key

    If neither of these seem to work then you can try ensuring configuration is set for the folder and rwxrwxrwx for all files in the folder with:
    sudo chown -R fogproject:apache /opt/fogsnapins/ssl
    sudo chmod -R 777 /opt/fog/snapins/ssl

    (Again cahnge apache with www-data if running Ubuntu/Debian variant.


  • @sebastian-roth Hello, i dont change the SSL Path.

    When i run the Command it shows:
    -rw------- 1 root root 3247 Dez 29 14:32 /opt/fog/snapins/ssl/.srvprivate.key

  • Senior Developer

    @johannesd said in FOG Client Private Key not readable:

    Private key not readable

    First go to the FOG web UI and check the storage nodes’ setting SSL Path. Default is /opt/fog/snapins/ssl. Did you change that setting? If not then run ls -al /opt/fog/snapins/ssl/.srvprivate.key to see what access rights are set for this file.

356
Online

8.6k
Users

15.3k
Topics

143.5k
Posts