Authentication Client CA error
Updated svn. Started getting this error on SOME clients. Went into our all group and hit the recert button. Doing that again now…
Tue Jun 21, 2016 12:50 pm
Running Version: 8197
SVN Revision: 5726
6/21/2016 12:43 PM Client-Info Version: 0.9.10
6/21/2016 12:43 PM Middleware::Communication URL: http://10.95.95.100/fog/management/other/ssl/srvpublic.crt
6/21/2016 12:43 PM Data::RSA FOG Server CA cert found
6/21/2016 12:43 PM Data::RSA ERROR: Certificate validation failed
6/21/2016 12:43 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
6/21/2016 12:43 PM Middleware::Authentication ERROR: Could not authenticate
6/21/2016 12:43 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
6/21/2016 12:43 PM Service Sleeping for 120 seconds
@Roger-Saffle I’m just guessing that the ca was updated at some point either knowingly or unknown. I’d suggest updating the image that has the 0.9.10 client on it.
it seems to be very limited to some machines with 9.10 or older. All of the machines i checked that had client 0.9.12 have upgraded to 0.11 . I manually upgraded the 0.9.10 to 0.11 and the error went away. Ill just deal with those as i see them. They must have been having the error a while to never move past 0.9.10 as we have client update on for everyone.
let me find another machine and make sure its not just the two in the lab here.
The only thing I did between yesterday and today was the couple svn updates to get power management. Ill report back in a bit.
@Joe-Schmitt correct me if I’m wrong, shouldn’t the client update regardless of authentication? Of course I’m sure the new installer is checked for a valid signature though but i think this is a seperate thing?
Please try re-running the client installer.
I just tested on a windows xp system. I put 0.9.10 on as in your environment. First startup was Invalid Security Token, i reset encryption data and restarted the service and it immediately updated to 0.11.0
If I had to guess, you updated your CA stuff sometime between 0.9.10 and now? I don’t know all the specifics, but it’s the best information I can give you for now.
Thats the whole point of this exersize, to get my clients updated. I do have it on, but its not going to update due to the CA error.
You need to allow client updates. 0.9.10 probably won’t even work with current trunk, plus 0.9.10 was full of bugs.