Unable to join to domain - build 3331

Frank · Apr 30, 2015, 9:32 AM

Hi,
I am doing tests to upgrade our fog service and with version 3331 under ubuntu 12.04 with new fog client 0.7.2 I get this on log file in a client machine which should join to a domain:

-------------------------------HostnameChanger-------------------------------

30/04/2015 11:27 Client-Info Version: 0.7.2
30/04/2015 11:27 HostnameChanger Running…
30/04/2015 11:27 CommunicationHandler URL: [url]http://172.16.1.43/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=00:FF:EC:5A:67:35|00:0E:0C:5E:17:AE||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1[/url]
30/04/2015 11:27 CommunicationHandler Response: Success
30/04/2015 11:27 CommunicationHandler URL: [url]http://172.16.1.43/fog/service/hostname.php?moduleid=hostnamechanger&mac=00:FF:EC:5A:67:35|00:0E:0C:5E:17:AE||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1[/url]
30/04/2015 11:28 CommunicationHandler Response: Invalid host certificate

Which certificate is it about?

Frank

Tom Elliott · Apr 30, 2015, 10:09 AM

The certificate is the new client trying to generate an AES key, but most likely your systems don’t have C++ Redistributable 2010. If you install this, then restart the service the IHC (Invalid Host Certificate) error should go away.

Frank · Apr 30, 2015, 11:01 AM

I’ve checked it, and it is installed (Microsoft Visual C++ 2010 x86 Redistributable 10.0)
Any other possibility?

Thanks for your help Tom.

Tom Elliott · Apr 30, 2015, 11:30 AM

whats the authenticate portion of the log look like?

Frank · Apr 30, 2015, 11:35 AM

--------------------------------Authentication--------------------------------

30/04/2015 13:28 Client-Info Version: 0.7.2
30/04/2015 13:28 CommunicationHandler URL: [url]http://172.16.1.43/fog/management/other/ssl/srvpublic.key[/url]
30/04/2015 13:29 CommunicationHandler URL: [url]http://172.16.1.43/fog/management/index.php?sub=authorize&sym_key=78feb292d19c52ec00f6ea87bce277632a47effa058ce85ee7971ae087e568f977f519a167c7cf18d511673305644c426384999d8d65e22b336b2cfe99f01e3a9774339999c28dc84533e6467e8df819e6061e6597474eeeb9b94da3a3e4cd907aecc8da0ac5db58040306eaecccd5b5339c46d3287e0cdf214c28517d336b39577909869fed0c25a1ca54f8a8d79dad237af9753800e69c54917f2ec65ff32468d800566df2151c614a499a5e42e6cf285f66a7b0388a6d9b7fc3507790638a58d32f334fa652eb549efd6d9b503ba93e11c442f033363a8b8ffd39a791196a7ead4d71e270fd504f7f6a6b4f2173ac112511f980d07d2127d6b6ac3cca0997c977cf032e97b2a993427ba0e0ede7b86bc7c89b940274ccf520f8f3438d9bf196a196241157307c4765de5be8a7c66a98d06d257003a3b0059feee12fbfaf3a13da042d126beb3b19da6438e2de7a64ddd297cf56080479c58120f95985849abf841f7a670b735ab99b39ee4923fc104d61d7fb18366395ec3a6789bb79cee614a5e75b74a939fa7e8f0be94b0079fcd3373122ec0b508feaff2e2cac0b21ea9e848bd9d2ae4387c1d9e1f8680a7ad870087bf551b007e5039e33ba5fa4b0eb1d661008da661422b196664fa434379baeb79959eb3b2dbc79704cbebe678495d9a8dd495f10b8775e01b6a4c30ad4ef6402f0695276d6d33d1635dcfabae647&mac=00:FF:EC:5A:67:35|00:0E:0C:5E:17:AE||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1[/url]
30/04/2015 13:29 CommunicationHandler Response: Invalid host certificate
30/04/2015 13:29 CommunicationHandler Failed to authenticate

Frank · Jun 17, 2015, 8:11 AM

This is the complete auth log:

------------------------------------------------------------------------------ 
--------------------------------Authentication-------------------------------- 
------------------------------------------------------------------------------ 
 30/04/2015 13:28 Client-Info Version: 0.7.2 
 30/04/2015 13:28 CommunicationHandler URL: [url]http://172.16.1.43/fog/management/other/ssl/srvpublic.key[/url] 
 30/04/2015 13:29 CommunicationHandler URL: [url]http://172.16.1.43/fog/management/index.php?sub=authorize&sym_key=78feb292d19c52ec00f6ea87bce277632a47effa058ce85ee7971ae087e568f977f519a167c7cf18[/url]
d511673305644c426384999d8d65e22b336b2cfe99f01e3a9774339999c28dc84533e6467e8df819e6061e6597474eeeb9b94da
3a3e4cd907aecc8da0ac5db58040306eaecccd5b5339c46d3287e0cdf214c28517d336b39577909869fed0c25a1ca54f8a8d79d
ad237af9753800e69c54917f2ec65ff32468d800566df2151c614a499a5e42e6cf285f66a7b0388a6d9b7fc3507790638a58d32
f334fa652eb549efd6d9b503ba93e11c442f033363a8b8ffd39a791196a7ead4d71e270fd504f7f6a6b4f2173ac112511f980d0
7d2127d6b6ac3cca0997c977cf032e97b2a993427ba0e0ede7b86bc7c89b940274ccf520f8f3438d9bf196a196241157307c476
5de5be8a7c66a98d06d257003a3b0059feee12fbfaf3a13da042d126beb3b19da6438e2de7a64ddd297cf56080479c58120f959
85849abf841f7a670b735ab99b39ee4923fc104d61d7fb18366395ec3a6789bb79cee614a5e75b74a939fa7e8f0be94b0079fcd
3373122ec0b508feaff2e2cac0b21ea9e848bd9d2ae4387c1d9e1f8680a7ad870087bf551b007e5039e33ba5fa4b0eb1d661008
da661422b196664fa434379baeb79959eb3b2dbc79704cbebe678495d9a8dd495f10b8775e01b6a4c30ad4ef6402f0695276d6d
33d1635dcfabae647&mac=00:FF:EC:5A:67:35|00:0E:0C:5E:17:AE||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:
E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1 
 30/04/2015 13:29 CommunicationHandler Response: Invalid host certificate 
 30/04/2015 13:29 CommunicationHandler Failed to authenticate

Frank · May 5, 2015, 10:25 AM

Excuse me Tom, any suggestion with this?

Thanks.

Tom Elliott · May 5, 2015, 10:44 AM

can you try upgrading to latest svn?

Frank · May 5, 2015, 11:00 AM

Of course.Right now!

Frank · May 5, 2015, 2:43 PM

The same thing.
This is the GET line log before “Invalid host certificate”. Perhaps can show you something:
[05/May/2015:16:36:16 +0200] “GET /fog/management/index.php?sub=authorize&sym_key=8d951420a55d8b8f7d4845105b33cd8cfffaf3d2aca9f47cfef66585104cae607822811e2aaf93a55290577ca0918d743cf549eb5c1fa06e77d99f49a7378f96ee10f36df0fc36a7595b704b3712cb2d2f8412b18c4ceab1da1a290d42605d243d3c0c7df1487ce4b214a36e66e5dc44e3abdc22d773f1fa4e879b122968d1d27a7d80eb3c0ca636052cb2aaf5104c129c138c1662697ab9872e678e04178793b9abf5192b98ce105a6f08c87b8c51e530f9df4ea6d9d4f3e7b44489ebc73f15b3e4d50020bd05a8bfac2c17be9bd25b5cd6d16978daa7df6f0caa5ed53e2a6c5ba87cd9ce42a6b13d083318b5d8e59b06e5f1fba89e88ccd46f0d8b2b701621b5d486dfdf6043b70b4a96a4904dfdb13bb58880fe0b2b22df958a3859919778da9a1ca73d88f14c8b8ea0f795dfa2d9b43f0f24a2564c202ac204f29a44873068396dc3cd13e94f6f33dace7179cf4156d7dc591c7af3509eb4eac2bfe0e4622702e5c84a745702550c09179771b11d0740e954b16d58d8fdeab62a8b84e5fc02960d092982f0be0732d608b9996d47d8d60168298621802c8bdfd547829b5d688014fe54a51e47798bd3fa8c810e427b53121ec19a5281227344059edd8ef035ea85e2241c1c1adecb7bf09aae0bda90038336c80faefd72a243fadba53f94a20eddd27b41dbb1e870a835eb44e3aa983db3bdea17143373ff49587ccfd53e&mac=00:FF:EC:5A:67:35%7C00:0E:0C:5E:17:AE%7C%7C00:00:00:00:00:00:00:E0%7C00:00:00:00:00:00:00:E0%7C00:00:00:00:00:00:00:E0%7C00:00:00:00:00:00:00:E0&newService=1 HTTP/1.1” 200 403 “-” “-”

I’ve noticed that the “sym_key” changes in each service start.

Tom Elliott · May 5, 2015, 2:59 PM

It should change every time. Do me a favor and delete the folders /var/www/fog/management/other/ssl and /opt/fog/snapins/ssl. Then restart the fogservice on that machine.

Frank · May 5, 2015, 3:36 PM

I have done this:

removed /var/www/fog/management/other/ssl and /opt/fog/snapins/ssl
uninstalled fog client on client machine
be sure no fog files remain on client machine
install fog client and reboot
on server, directory /var/www/fog/management/other/ssl with srvpublic.key file has been created again
on client machine logs show this:

05/05/2015 17:25 RegistryHandler 32 bit registry detected

--------------------------------Authentication--------------------------------

05/05/2015 17:25 Client-Info Version: 0.7.2
05/05/2015 17:25 CommunicationHandler URL: [url]http://172.16.1.43/fog/management/other/ssl/srvpublic.key[/url]
05/05/2015 17:25 CommunicationHandler ERROR: error:0906D06C:PEM routines:PEM_read_bio:no start line
05/05/2015 17:25 CommunicationHandler Failed to authenticate

So different. But what does this mean?

Joe Schmitt · May 5, 2015, 4:39 PM

Ah, glorious PEM errors. Since you deleted the public keys, the client is trying to use a blank public key. You’re going need have FOG re-generate its public keys. The reason Tom had you delete them is that the client was retrieving a public key that didn’t match your private key.

Frank · May 6, 2015, 6:15 AM

Ok, that sounds good:)
How do I do that? Just removing /var/www/fog/management/other/ssl/srvpublic.key and invoking “installfog.sh” again?

Frank · May 6, 2015, 8:12 AM

I have reinstalled all fog files in server and fog client in client machine and logs are the same.
I guess public key is at “/var/www/fog/management/other/ssl/srvpublic.key” in server and at “\program files\FOG\tmp” in client machine, and I have checked they are equal.
I have found private key in server at “/opt/fog/snapins/ssl/.srvprivate.key”. Is that where is supposed to be?
I don’t know how go on from here!

Wayne Workman · Apr 4, 2017, 8:23 PM

@Frank said in Unable to join to domain - build 3331:

I guess public key is at “/var/www/fog/management/other/ssl/srvpublic.key”

Just dropping a friendly moderator line here - in FOG 1.4 the public key is here on the main fog server:
/var/www/fog/management/other/ssl/srvpublic.crt
You should be able to view the public certificate via the below URL, replacing x.x.x.x with your FOG Server’s IP address or FQDN.
http://x.x.x.x/fog/management/other/ssl/srvpublic.crt

Unable to join to domain - build 3331

-------------------------------HostnameChanger-------------------------------

--------------------------------Authentication--------------------------------

05/05/2015 17:25 RegistryHandler 32 bit registry detected

--------------------------------Authentication--------------------------------

185

12.0k

17.3k

155.2k