Authentication Client CA error



  • Updated svn. Started getting this error on SOME clients. Went into our all group and hit the recert button. Doing that again now…

    Tue Jun 21, 2016 12:50 pm
    Running Version: 8197
    SVN Revision: 5726
    --------------------------------Authentication--------------------------------

    6/21/2016 12:43 PM Client-Info Version: 0.9.10
    6/21/2016 12:43 PM Middleware::Communication URL: http://10.95.95.100/fog/management/other/ssl/srvpublic.crt
    6/21/2016 12:43 PM Data::RSA FOG Server CA cert found
    6/21/2016 12:43 PM Data::RSA ERROR: Certificate validation failed
    6/21/2016 12:43 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
    6/21/2016 12:43 PM Middleware::Authentication ERROR: Could not authenticate
    6/21/2016 12:43 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
    6/21/2016 12:43 PM Service Sleeping for 120 seconds


  • Senior Developer

    @Roger-Saffle I’m just guessing that the ca was updated at some point either knowingly or unknown. I’d suggest updating the image that has the 0.9.10 client on it.



  • @Tom-Elliott
    it seems to be very limited to some machines with 9.10 or older. All of the machines i checked that had client 0.9.12 have upgraded to 0.11 . I manually upgraded the 0.9.10 to 0.11 and the error went away. Ill just deal with those as i see them. They must have been having the error a while to never move past 0.9.10 as we have client update on for everyone.

    Thanks.



  • @Tom-Elliott
    let me find another machine and make sure its not just the two in the lab here.
    The only thing I did between yesterday and today was the couple svn updates to get power management. Ill report back in a bit.


  • Moderator

    @Joe-Schmitt correct me if I’m wrong, shouldn’t the client update regardless of authentication? Of course I’m sure the new installer is checked for a valid signature though but i think this is a seperate thing?


  • Senior Developer

    Please try re-running the client installer.

    I just tested on a windows xp system. I put 0.9.10 on as in your environment. First startup was Invalid Security Token, i reset encryption data and restarted the service and it immediately updated to 0.11.0

    If I had to guess, you updated your CA stuff sometime between 0.9.10 and now? I don’t know all the specifics, but it’s the best information I can give you for now.



  • @Wayne-Workman
    Thats the whole point of this exersize, to get my clients updated. I do have it on, but its not going to update due to the CA error.


  • Moderator

    You need to allow client updates. 0.9.10 probably won’t even work with current trunk, plus 0.9.10 was full of bugs.


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.