Problem with some hostname and AD integration

Tom Elliott

@Matthieu-Jacquart is there any corresponding apache error logs?

Matthieu Jacquart

@Tom-Elliott I have tons of error in my apache2 error.log, all due to fog
for example :

[Mon Aug 24 08:31:14.683337 2015] [:error] [pid 30298] [client 192.168.8.77:49463] PHP Warning:  mysqli::reap_async_query(): MySQL server has gone away in /var/www/html/fog/lib/db/MySQL.class.php on line 76

[Mon Aug 24 08:31:14.683376 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::reap_async_query(): Error reading result set's header in /var/www/html/fog/lib/db/MySQL.class.php on line 76

[Mon Aug 24 08:31:14.683389 2015] [:error] [pid 30298] [client 192.168.8.77:49463] PHP Warning:  mysqli::reap_async_query(): Error reading result set's header in /var/www/html/fog/lib/db/MySQL.class.php on line 76

[Mon Aug 24 08:31:14.699162 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 37

[Mon Aug 24 08:31:14.699273 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 39

[Mon Aug 24 08:31:14.699360 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::query(): Couldn't fetch mysqli in /var/www/html/fog/lib/db/MySQL.class.php on line 63

[Mon Aug 24 08:31:14.706534 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 37

[Mon Aug 24 08:31:14.706628 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::mysqli(): (HY000/2002): Connection refused in /var/www/html/fog/lib/db/MySQL.class.php on line 39

[Mon Aug 24 08:31:14.706696 2015] [:error] [pid 30308] [client 192.168.8.79:49467] PHP Warning:  mysqli::query(): Couldn't fetch mysqli in /var/www/html/fog/lib/db/MySQL.class.php on line 63

[Mon Aug 24 08:52:00.327952 2015] [:error] [pid 8707] [client 192.168.10.100:57295] PHP Fatal error:  Call to a member function get() on null in /var/www/html/fog/lib/pages/DashboardPage.class.php on line 118, referer: http://192.168.10.60/fog/management/index.php?node=client

[Mon Aug 24 12:12:31.750576 2015] [:error] [pid 5159] [client 192.168.10.100:52084] PHP Warning:  mcrypt_encrypt(): Key of size 0 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in /var/www/html/fog/lib/fog/FOGBase.class.php on line 225

Tom Elliott

@Matthieu-Jacquart The mysqli problems you see being thrown look to me to be from an installation, rather than a consistent problem. By installation, I mean something was being requested when web services were active, but mysql or files were being updated. Meaning things simply weren’t “available” when those get thrown into the logs. Those, I think, are non-issues and should be expected but only during the time of updates/upgrades of the fog system. This could also happen in the case of your disk being 100% as the mysql process will usually die without the web server services dying. That does not look to the be the case here.

I do see the error (get() on line 118 of the DashboardPage.class.php) but that isn’t the problem with AD joining.

Matthieu Jacquart

Thanks

Since I restored my VM, I suppose AD joining will be ok, but the problem is certificate error, hostname changer didn’t work. do you know how to fix it ?
For information, I install the lastest svn with -C -K argument, after that I downloaded the new client and install it on 2 clients, but always error “Invalid host certificate”

And now with my own computer (win 10), I’ve got this

 24/08/2015 13:09 RegistryHandler 64 bit registry detected
 24/08/2015 13:09 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ca.cert.der
 24/08/2015 13:43 Bus Became bus server
 24/08/2015 13:43 Bus {
  "channel": "Status",
  "data": "{\r\n  \"action\": \"load\"\r\n}"
}
 24/08/2015 13:43 Bus Emmiting message on channel: Status

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 24/08/2015 13:43 Client-Info Version: 0.9.4
 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
 24/08/2015 13:43 Middleware::Communication ERROR: Could not download file
 24/08/2015 13:43 Middleware::Communication ERROR: Impossible de se connecter au serveur distant
 24/08/2015 13:43 Middleware::Authentication ERROR: Could not authenticate
 24/08/2015 13:43 Middleware::Authentication ERROR: Le fichier spécifié est introuvable.

 24/08/2015 13:43 Bus Registering ParseBus in channel Power

------------------------------------------------------------------------------
--------------------------------HostnameChanger-------------------------------
------------------------------------------------------------------------------
 24/08/2015 13:43 Client-Info Version: 0.9.4
 24/08/2015 13:43 HostnameChanger Running...
 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|02:50:F2:00:00:01||00:00:00:00:00:00:00:E0&newService=1
 24/08/2015 13:43 Middleware::Communication Response: Success
 24/08/2015 13:43 Middleware::Communication URL: http://192.168.10.60/fog/service/hostname.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|02:50:F2:00:00:01||00:00:00:00:00:00:00:E0&newService=1
 24/08/2015 13:43 Middleware::Communication Unknown Response: 
------------------------------------------------------------------------------

Matthieu Jacquart

I’m sorry, but has somenone a solution ?
I’ve 300 computers to fog before wednesday, i began to stress a little ^^
Thanks a lot

Joe Schmitt

I just had another person report the same “Invalid host certificate” error to me. The one thing I am absolutely positive of is that this is a server issue. I’ll let you know when I learn more.

Matthieu Jacquart

I test with removing new client and installing the old one, and everything works fine (hostname changer + AD joining).
Certificate problem between fog client and fog server…

Tom Elliott

The certificate problem is mostly likely as simple as the srvpublic.crt file is non-existent for whatever reason. I’m unable to replicate. When I push a commit, I update two servers, one running Fedora and one running Ubuntu. Right now they’re Fedora 22 and Ubuntu 15.04 just so I can get as broad as possible in testing the GUI and installer function properly on even “current” releases of OS. Part of the initial installer is the creation of the server’s keys. After that, the only thing that is performed is a certificate generation.

I need more info if at all possible.

Matthieu Jacquart

Ok

This morning, I reinstall fog with 6C 6K parameters and thse file where created in “/var/www/fog/management/other/”

-rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
-rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
-rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
-rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
-rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl

and in ssl folder, I’ve got

-rw-r--r-- 1 www-data www-data 1679 août  25 08:01 srvpublic.crt

With 0.3 client all is ok, with 0.9.4 client all is ok in log for printers or snapin, communication seems good with server, but certificate error…

Tom Elliott

@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?

Does this sound accurate?

Tom Elliott

@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?

Does this sound accurate?

Does the file exist:

/var/www/html/fog/management/other/ca.cert.der or /var/www/fog/management/other/ca.cert.der

Matthieu Jacquart

Communication with server is good, for exmaple snapin and printers are ok

On the server I’ve got the file ca.cert.der in the 2 folders

In /var/www/fog/management/other/ :
drwxr-xr-x  3 www-data www-data  4096 août  25 08:01 .
drwxr-xr-x 12 www-data www-data  4096 août  25 08:00 ..
-rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
-rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
-rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
-rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
-rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl

 In /var/www/html/fog/management/other/ :
drwxr-xr-x  3 www-data www-data  4096 août  25 08:01 .
drwxr-xr-x 12 www-data www-data  4096 août  25 08:00 ..
-rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
-rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
-rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
-rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
-rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl

Tom Elliott

The only other thing I can think of them is the client does not have the proper ca certificated stored. This means it cannot verify the servers public key and therefor will not attempt further communication using encryption based protocols. Snapins and maybe printers and possibly all client services beside hostname do not require encryption.

Matthieu Jacquart

@Tom-Elliott I agree with that, question is : how to modidy certificate stored by new client ?

Tom Elliott

@Matthieu-Jacquart There’s a few ways.

The easiest way, supposedly, is to simply uninstall the “new client” fog and reinstall. Another way is to go into the Certificate Store and look for FOG CA Certificate. Or whatever it’s labeled as.

Matthieu Jacquart

For uninstalling/reinstalling client, already did (a lot of time ^^)
With rebbot between, and each time douwnloading client from web interface to be sure it is up to date.

For the other solution, where is the certificate store ?

tmerrick

I just upgraded to 4491 and now the hostnamechanger fails on my clients also with an Invalid Host Certificate. I am running on Red Hat 6.6 and it did work before the upgrade. I have taken one client and uninstalled/reinstalled the new client and it still does not work. I am also seeing problems on previously installed new clients when the hostnamechanger runs on them.

Matthieu Jacquart

I feel less alone… ^^
I agree with that, I updated svn each day and trouble began last thursday I think, don’t remember precise svn version at this date.

tmerrick

I have some more information. I deleted the fog certificate and then did a repair on fog and got the message “Failed to download CA certificate”. So it still looks like a problem with the certificate on the server.

Later I uninstalled the fog client, rebooted, and successfully reinstalled it. Still getting the same errors though.

tmerrick

Here is the directory of the fog certificate area on the server:

-rw-r--r-- 1 apache apache  1287 Aug 25 07:51 ca.cert.der
-rw-r--r-- 1 apache apache  1797 Aug 25 07:51 ca.cert.pem
-rw-r--r-- 1 apache apache 35147 Aug 25 07:51 gpl-3.0.txt
-rw-r--r-- 1 apache apache    89 Aug 25 07:51 hostimport.csv
-rw-r--r-- 1 apache apache  4493 Aug 25 07:51 index.php
drwxr-xr-x 2 apache apache  4096 Aug 25 07:51 ssl
[root@clstfogi other]# ls -l ssl
total 4
-rw-r--r-- 1 apache apache 1675 Aug 25 07:51 srvpublic.crt

It looks like all of the files were regenerated when I reinstalled this morning, unless there is one missing. Are the files being created wrong?