Problem with some hostname and AD integration

Joe Schmitt

The second log you posted, did you edit it at all? Some things are happening in it that just aren’t possible with v0.9.4.

Matthieu Jacquart

Hi

In the second post I’ve just paste lines about section “hostname changer” from fog file in one host.
I have a lot of other problems since thursday (fog began to download images on hosts and the hosts reboot after few percent or I have no access to web console durnng downloading hosts…), so I’ve just restored an okd backup, I’ll make new test on monday.

Matthieu Jacquart

Ok, after restoring my fog VM, I’ve launch isntallation script with -C and -K parameters
After that, I desinstall and reinstalled fog client on two computers, and I’ve got he message

------------------------------------------------------------------------------
--------------------------------HostnameChanger-------------------------------
------------------------------------------------------------------------------
 24/08/2015 08:42 Client-Info Version: 0.9.4
 24/08/2015 08:42 HostnameChanger Running...
 24/08/2015 08:42 Middleware::Communication URL: http://192.168.10.60/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=00:1C:C0:3A:70:E4||00:00:00:00:00:00:00:E0&newService=1
 24/08/2015 08:42 Middleware::Communication Response: Success
 24/08/2015 08:42 Middleware::Communication URL: http://192.168.10.60/fog/service/hostname.php?moduleid=hostnamechanger&mac=00:1C:C0:3A:70:E4||00:00:00:00:00:00:00:E0&newService=1
 24/08/2015 08:42 Middleware::Communication Response: Invalid host certificate
 24/08/2015 08:42 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
 24/08/2015 08:42 Data::RSA CA cert found
 24/08/2015 08:42 Middleware::Authentication Cert OK
 24/08/2015 08:42 Middleware::Communication POST URL: http://192.168.10.60/fog/management/index.php?sub=authorize
 24/08/2015 08:42 Middleware::Communication Response: Invalid host certificate
------------------------------------------------------------------------------```

Tom Elliott

@Matthieu-Jacquart What does the log show in regards to the authenticate sequence?

Matthieu Jacquart

 24/08/2015 11:47 RegistryHandler ERROR: Could not retrieve Software\Wow6432Node\FOG\Server
 24/08/2015 11:47 RegistryHandler ERROR: Null key
 24/08/2015 11:47 RegistryHandler 32 bit registry detected
 24/08/2015 11:47 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ca.cert.der
 24/08/2015 11:50 Bus Became bus server
 24/08/2015 11:50 Bus {
  "channel": "Status",
  "data": "{\r\n  \"action\": \"load\"\r\n}"
}
 24/08/2015 11:50 Bus Emmiting message on channel: Status

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 24/08/2015 11:50 Client-Info Version: 0.9.4
 24/08/2015 11:50 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
 24/08/2015 11:52 Data::RSA CA cert found
 24/08/2015 11:52 Middleware::Authentication Cert OK
 24/08/2015 11:52 Middleware::Communication POST URL: http://192.168.10.60/fog/management/index.php?sub=authorize
 24/08/2015 11:52 Middleware::Communication Response: Invalid host certificate
 24/08/2015 11:52 Bus Registering ParseBus in channel Power

Tom Elliott

@Matthieu-Jacquart is there any corresponding apache error logs?

Matthieu Jacquart

@Tom-Elliott I have tons of error in my apache2 error.log, all due to fog
for example :

[Mon Aug 24 08:31:14.683337 2015] [:error] [pid 30298] [client 192.168.8.77:49463] PHP Warning:  mysqli::reap_async_query(): MySQL server has gone away in /var/www/html/fog/lib/db/MySQL.class.php on line 76

[Mon Aug 24 08:31:14.683376 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::reap_async_query(): Error reading result set's header in /var/www/html/fog/lib/db/MySQL.class.php on line 76

[Mon Aug 24 08:31:14.683389 2015] [:error] [pid 30298] [client 192.168.8.77:49463] PHP Warning:  mysqli::reap_async_query(): Error reading result set's header in /var/www/html/fog/lib/db/MySQL.class.php on line 76

[Mon Aug 24 08:31:14.699162 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 37

[Mon Aug 24 08:31:14.699273 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 39

[Mon Aug 24 08:31:14.699360 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::query(): Couldn't fetch mysqli in /var/www/html/fog/lib/db/MySQL.class.php on line 63

[Mon Aug 24 08:31:14.706534 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 37

[Mon Aug 24 08:31:14.706628 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 39

[Mon Aug 24 08:31:14.706696 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::query(): Couldn't fetch mysqli in /var/www/html/fog/lib/db/MySQL.class.php on line 63

[Mon Aug 24 08:52:00.327952 2015] [:error] [pid 8707] [client 192.168.10.100:57295] PHP Fatal error:  Call to a member function get() on null in /var/www/html/fog/lib/pages/DashboardPage.class.php on line 118, referer: http://192.168.10.60/fog/management/index.php?node=client

[Mon Aug 24 12:12:31.750576 2015] [:error] [pid 5159] [client 192.168.10.100:52084] PHP Warning:  mcrypt_encrypt(): Key of size 0 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in /var/www/html/fog/lib/fog/FOGBase.class.php on line 225

Tom Elliott

@Matthieu-Jacquart The mysqli problems you see being thrown look to me to be from an installation, rather than a consistent problem. By installation, I mean something was being requested when web services were active, but mysql or files were being updated. Meaning things simply weren’t “available” when those get thrown into the logs. Those, I think, are non-issues and should be expected but only during the time of updates/upgrades of the fog system. This could also happen in the case of your disk being 100% as the mysql process will usually die without the web server services dying. That does not look to the be the case here.

I do see the error (get() on line 118 of the DashboardPage.class.php) but that isn’t the problem with AD joining.

Matthieu Jacquart

Thanks

Since I restored my VM, I suppose AD joining will be ok, but the problem is certificate error, hostname changer didn’t work. do you know how to fix it ?
For information, I install the lastest svn with -C -K argument, after that I downloaded the new client and install it on 2 clients, but always error “Invalid host certificate”

And now with my own computer (win 10), I’ve got this

 24/08/2015 13:09 RegistryHandler 64 bit registry detected
 24/08/2015 13:09 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ca.cert.der
 24/08/2015 13:43 Bus Became bus server
 24/08/2015 13:43 Bus {
  "channel": "Status",
  "data": "{\r\n  \"action\": \"load\"\r\n}"
}
 24/08/2015 13:43 Bus Emmiting message on channel: Status

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 24/08/2015 13:43 Client-Info Version: 0.9.4
 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
 24/08/2015 13:43 Middleware::Communication ERROR: Could not download file
 24/08/2015 13:43 Middleware::Communication ERROR: Impossible de se connecter au serveur distant
 24/08/2015 13:43 Middleware::Authentication ERROR: Could not authenticate
 24/08/2015 13:43 Middleware::Authentication ERROR: Le fichier spécifié est introuvable.

 24/08/2015 13:43 Bus Registering ParseBus in channel Power

------------------------------------------------------------------------------
--------------------------------HostnameChanger-------------------------------
------------------------------------------------------------------------------
 24/08/2015 13:43 Client-Info Version: 0.9.4
 24/08/2015 13:43 HostnameChanger Running...
 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|02:50:F2:00:00:01||00:00:00:00:00:00:00:E0&newService=1
 24/08/2015 13:43 Middleware::Communication Response: Success
 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/service/hostname.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|02:50:F2:00:00:01||00:00:00:00:00:00:00:E0&newService=1
 24/08/2015 13:43 Middleware::Communication Unknown Response: 
------------------------------------------------------------------------------

Matthieu Jacquart

I’m sorry, but has somenone a solution ?
I’ve 300 computers to fog before wednesday, i began to stress a little ^^
Thanks a lot

Joe Schmitt

I just had another person report the same “Invalid host certificate” error to me. The one thing I am absolutely positive of is that this is a server issue. I’ll let you know when I learn more.

Matthieu Jacquart

I test with removing new client and installing the old one, and everything works fine (hostname changer + AD joining).
Certificate problem between fog client and fog server…

Tom Elliott

The certificate problem is mostly likely as simple as the srvpublic.crt file is non-existent for whatever reason. I’m unable to replicate. When I push a commit, I update two servers, one running Fedora and one running Ubuntu. Right now they’re Fedora 22 and Ubuntu 15.04 just so I can get as broad as possible in testing the GUI and installer function properly on even “current” releases of OS. Part of the initial installer is the creation of the server’s keys. After that, the only thing that is performed is a certificate generation.

I need more info if at all possible.

Matthieu Jacquart

Ok

This morning, I reinstall fog with 6C 6K parameters and thse file where created in “/var/www/fog/management/other/”

-rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
-rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
-rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
-rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
-rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl

and in ssl folder, I’ve got

-rw-r--r-- 1 www-data www-data 1679 août  25 08:01 srvpublic.crt

With 0.3 client all is ok, with 0.9.4 client all is ok in log for printers or snapin, communication seems good with server, but certificate error…

Tom Elliott

@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?

Does this sound accurate?

Tom Elliott

@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?

Does this sound accurate?

Does the file exist:

/var/www/html/fog/management/other/ca.cert.der or /var/www/fog/management/other/ca.cert.der

Matthieu Jacquart

Communication with server is good, for exmaple snapin and printers are ok

On the server I’ve got the file ca.cert.der in the 2 folders

In /var/www/fog/management/other/ :
drwxr-xr-x  3 www-data www-data  4096 août  25 08:01 .
drwxr-xr-x 12 www-data www-data  4096 août  25 08:00 ..
-rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
-rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
-rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
-rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
-rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl

 In /var/www/html/fog/management/other/ :
drwxr-xr-x  3 www-data www-data  4096 août  25 08:01 .
drwxr-xr-x 12 www-data www-data  4096 août  25 08:00 ..
-rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
-rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
-rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
-rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
-rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl

Tom Elliott

The only other thing I can think of them is the client does not have the proper ca certificated stored. This means it cannot verify the servers public key and therefor will not attempt further communication using encryption based protocols. Snapins and maybe printers and possibly all client services beside hostname do not require encryption.

Matthieu Jacquart

@Tom-Elliott I agree with that, question is : how to modidy certificate stored by new client ?

Tom Elliott

@Matthieu-Jacquart There’s a few ways.

The easiest way, supposedly, is to simply uninstall the “new client” fog and reinstall. Another way is to go into the Certificate Store and look for FOG CA Certificate. Or whatever it’s labeled as.