FOGClient 0.9.11: Could not get security token after sysprep



  • Hello!

    With FOGClient 0.9.11, I’ve problem after deploy syspreped Windows 10 image:

    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     08/03/2016 16:13 Client-Info Version: 0.9.11
     08/03/2016 16:13 Middleware::Communication URL: http://fog.domain.local//management/other/ssl/srvpublic.crt
     08/03/2016 16:13 Middleware::Authentication ERROR: Could not get security token
     08/03/2016 16:13 Middleware::Authentication ERROR: Le fichier 'C:\Windows\system32\token.dat' est introuvable.
     08/03/2016 16:13 Data::RSA FOG Server CA cert found
     08/03/2016 16:13 Data::RSA ERROR: Certificate validation failed
     08/03/2016 16:13 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: Un certificat requis n’est pas dans sa période de validité selon la vérification par rapport à l’horloge système en cours ou le tampon daté dans le fichier signé. (NotTimeValid)
     08/03/2016 16:13 Middleware::Authentication ERROR: Could not authenticate
     08/03/2016 16:13 Middleware::Authentication ERROR: Certificate is not from FOG CA
     08/03/2016 16:13 Service Sleeping for 120 seconds
    

    Thanks in advance for the help :)



  • @Sebastian-Roth
    DC synchronize time only with computers added in AD but FOGClient can’t add computer in AD…
    I found a solution by synchronizing time just before the sysprep command.

    edit: I finally installs the client after deploying the post via a script called by unattended file.


  • Developer

    @aruhuno said:

    it’s impossible to synchronize time with a DC

    Why is that??



  • @Jbob
    Ok, but after deploy, it’s impossible to synchronize time with a DC (computer added in AD with FOGClient) and computer doesn’t have access to WAN (proxy parameters pushed by GPO and the proxy to require an AD auth).

    How to do?


  • Senior Developer

    @aruhuno

    Un certificat requis n’est pas dans sa période de validité selon la vérification par rapport à l’horloge système en cours ou le tampon daté dans le fichier signé.

    The problem is that your machines do not have the same time set as your server. This means, when you updated your server the keys were re-generated and signed against the server’s time. But if the machine’s time is behind (say by 3 hours), according to the clients the keys were signed in the future, and thus invalid.

    You can either fix your server / client times, or wait for the clients to get past the “time in the future” that the keys were made.


Log in to reply
 

757
Online

38719
Users

10547
Topics

99847
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.