Reset Encryption Data



  • Hi,

    I just want to know, why do i need to click on “reset encryption data” on some computers (not all, seems aleatory ) ?
    If not, hostname changer seems not work (computer does not rename and integrate in AD)

    Thanks
    Matthieu



  • For information, I’ve just deployed 24 computers and 2 of them need to reset encryption data (if not, invalid security token in fog.log)



  • @Tom-Elliott said:

    To my knowledge no one else has been having this issue. Either that or they just haven’t reported it recently.

    I have the same issue, but no way to determine a set of circumstances that can reproduce it.
    Seams really random



  • @Tom-Elliott It appears randomly, for example on my computer, on fresh install windows 10.
    When I look into log, regularly I have the error I posted before, I had to reset encryption data and it works for few days.
    And in groups configuration, I’ve got sometimes clients which retired from groups, some services which deactivate…


  • Senior Developer

    @Matthieu-Jacquart does the invalid token issue happen at random or after say freshly imaging? Is there possibly a replicate able method to see this problem? @jbob and I have tried testing potential avenues for this problem and we came up initially with a specific set of ways to replicate but we also fixed that problem. To my knowledge no one else has been having this issue. Either that or they just haven’t reported it recently.



  • Hi

    I update my post, because regularly, I have to click on reset encryption data on several host.
    If not, fog.log give me a message

    ------------------------------------------------------------------------------
    --------------------------------HostnameChanger-------------------------------
    ------------------------------------------------------------------------------
     05/10/2015 09:18 Client-Info Version: 0.9.5
     05/10/2015 09:18 HostnameChanger Running...
     05/10/2015 09:18 Middleware::Communication URL: http://192.168.10.60/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|&newService=1
     05/10/2015 09:18 Middleware::Communication Response: Success
     05/10/2015 09:18 Middleware::Communication URL: http://192.168.10.60/fog/service/hostname.php?moduleid=hostnamechanger&mac=74:27:EA:6C:AA:0D|&newService=1
     05/10/2015 09:18 Middleware::Communication Response: Invalid host certificate
     05/10/2015 09:18 Middleware::Communication URL: http://192.168.10.60/fog/management/other/ssl/srvpublic.crt
     05/10/2015 09:18 Data::RSA CA cert found
     05/10/2015 09:18 Middleware::Authentication Cert OK
     05/10/2015 09:18 Middleware::Communication POST URL: http://192.168.10.60/fog/management/index.php?sub=authorize
     05/10/2015 09:18 Middleware::Communication Response: Invalid security token
    

    Is this normal ? How to do this not happen anymore ?


  • Moderator

    @Jbob said:

    The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host.

    Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).

    Going straight into the wiki. https://wiki.fogproject.org/wiki/index.php/Reset_Encryption_Data


  • Senior Developer

    @Matthieu-Jacquart The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host.

    Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).

    Now, as to why hostnamechanger doesn’t work. Well, up to 0.9.X, encryption is only required for hostnamechanger. The next major release (0.X) of the client will force encryption on all modules. In order to have encrypted traffic, our handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.

    The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.


Log in to reply
 

387
Online

39.3k
Users

11.0k
Topics

104.6k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.