Authentication Client CA error



  • Updated svn. Started getting this error on SOME clients. Went into our all group and hit the recert button. Doing that again now…

    Tue Jun 21, 2016 12:50 pm
    Running Version: 8197
    SVN Revision: 5726
    --------------------------------Authentication--------------------------------

    6/21/2016 12:43 PM Client-Info Version: 0.9.10
    6/21/2016 12:43 PM Middleware::Communication URL: http://10.95.95.100/fog/management/other/ssl/srvpublic.crt
    6/21/2016 12:43 PM Data::RSA FOG Server CA cert found
    6/21/2016 12:43 PM Data::RSA ERROR: Certificate validation failed
    6/21/2016 12:43 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
    6/21/2016 12:43 PM Middleware::Authentication ERROR: Could not authenticate
    6/21/2016 12:43 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
    6/21/2016 12:43 PM Service Sleeping for 120 seconds


  • Senior Developer

    @Roger-Saffle I’m just guessing that the ca was updated at some point either knowingly or unknown. I’d suggest updating the image that has the 0.9.10 client on it.



  • @Tom-Elliott
    it seems to be very limited to some machines with 9.10 or older. All of the machines i checked that had client 0.9.12 have upgraded to 0.11 . I manually upgraded the 0.9.10 to 0.11 and the error went away. Ill just deal with those as i see them. They must have been having the error a while to never move past 0.9.10 as we have client update on for everyone.

    Thanks.



  • @Tom-Elliott
    let me find another machine and make sure its not just the two in the lab here.
    The only thing I did between yesterday and today was the couple svn updates to get power management. Ill report back in a bit.



  • @Joe-Schmitt correct me if I’m wrong, shouldn’t the client update regardless of authentication? Of course I’m sure the new installer is checked for a valid signature though but i think this is a seperate thing?


  • Senior Developer

    Please try re-running the client installer.

    I just tested on a windows xp system. I put 0.9.10 on as in your environment. First startup was Invalid Security Token, i reset encryption data and restarted the service and it immediately updated to 0.11.0

    If I had to guess, you updated your CA stuff sometime between 0.9.10 and now? I don’t know all the specifics, but it’s the best information I can give you for now.



  • @Wayne-Workman
    Thats the whole point of this exersize, to get my clients updated. I do have it on, but its not going to update due to the CA error.



  • You need to allow client updates. 0.9.10 probably won’t even work with current trunk, plus 0.9.10 was full of bugs.


 

536
Online

41.8k
Users

12.3k
Topics

116.0k
Posts