FOGclient Response Failed to decrypt data on server
-
Hello,
After upgrading FOG server (on Ubuntu 20.04 LTS) to latest dev-branch version: 1.5.9.159 all FOG clients have “Middleware::Response Failed to decrypt data on server” in their log files.
Please see attached log.
Any ideas what to do…where to start?
-
@GregorS Which version of FOG did you use before? 1.5.9 or an earlier dev-branch version? I am not aware of an update causing this problem but still it would be good to know the version you updated from.
Please run the following two commands on your FOG server and post output here:
openssl x509 -noout -modulus -in /var/www/fog/management/other/ssl/srvpublic.crt | openssl md5 openssl rsa -noout -modulus -in /opt/fog/snapins/ssl/.srvprivate.key | openssl md5This is to check if private key and certificate match. The checksums should be identical.
As well run this command to make sure the cert can be verified against the CA:
openssl verify -verbose -CAfile /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/fog/management/other/ssl/srvpublic.crthttps://forums.fogproject.org/topic/13100/problem-with-domain-join-after-deployement
-
@sebastian-roth Which version of FOG did you use before?
1.5.9.111 or 1.5.9.154 …sorry but i’m not sure exactly.openssl x509 -noout -modulus -in /var/www/fog/management/other/ssl/srvpublic.crt | openssl md5
(stdin)= a3b32215b30b501670ffae86597cbb8f
openssl rsa -noout -modulus -in /opt/fog/snapins/ssl/.srvprivate.key | openssl md5
(stdin)= 4fc67bd30e70b917d24443c620a2cd07
openssl verify -verbose -CAfile /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/fog/management/other/ssl/srvpublic.crt
/var/www/fog/management/other/ssl/srvpublic.crt: OK
-
@sebastian-roth said in FOGclient Response Failed to decrypt data on server:
https://forums.fogproject.org/topic/13100/problem-with-domain-join-after-deployement
Solved my problem with commands you suggested to @benjamind on Apr 9, 2019, 10:49 PM.
Thanks for help.
-
@GregorS Good to know this worked for you as well. Allow me one question on this: Did you change the FOG server’s IP address or hostname at some point?
We do see this kind of issue maybe once a year in the forums and I still have no idea why. The mentioned srvpublic.crt certificate is being regenerated every time you update (or re-run the installer) and it’s not causing any trouble 99.9% of the time.
-
@sebastian-roth The IP or the host name was not changed from the initial OS installation.
-
@gregors said in FOGclient Response Failed to decrypt data on server:
The IP or the host name was not changed from the initial OS installation.
Thanks for the info. No idea what would cause the new generated cert to not match the key.