"Unable to get subsection" error with RC-4
-
no dice. Same errors.
-
@Bob-Henderson Did it cycle back over in the log and you’re still seeing the same issue?
Can you post a log of the host you just reset encryption data on?
-
looks like I needed to just give it a moment. I went down to take a look at it again, and it had joined the domain and all was hunky dory. I just reset the encryption on the other host that was giving me the same issue, and it joined right up as well.
Now, is there any way to not have to reset the encryption per host manually? I’m looking at 700 hosts to image out, and while it’s doable, it’ll be…tedious.
-
@Bob-Henderson You can reset data to all hosts through groups.
I don’t know why it’s not getting the right codes. That I need to work with @joe-schmitt as I’m pretty sure we have code in place to prevent this issue.
-
@Tom-Elliott Perfect. Thanks so much.
-
@Bob-Henderson I have a group setup with all hosts in it and hit reset encryption there is I need to do for all. It is a quick and dirty way to do it.
-
@Psycholiquid Just did the exact same thing, and pushed out an image multicast to 46 devices in 13 minutes, from start to being able to login.
best. Feeling. Ever.
-
@Bob-Henderson Thats because @Tom-Elliott and the other devs rock here at FOG
-
@Psycholiquid Don’t leave out @testers, @moderators and in general the users.
-
@Psycholiquid said in "Unable to get subsection" error with RC-4:
@Bob-Henderson I have a group setup with all hosts in it and hit reset encryption there is I need to do for all. It is a quick and dirty way to do it.
Not even quick and dirty. This is the recommended way to do it.
-
@Tom-Elliott Adding more info: Net 4.5.1 is included in my image (WIN 7 x64), I redeployed to host, verified, restarted for good measure. No change in snapin deployment, the error persists. Updated logs below.
@Wayne-Workman I did attempt to reset encryption on the host via Groups, 192.168.35.155 is my machine, and I think that’s what is showing in the Apache error logs. May not be related, but in searching past post on this error the Apache logs were posted and I wanted to include is as much info as I could. Let me know if more of that log would be helpful.
------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 7/27/2016 9:17 AM Client-Info Version: 0.11.4 7/27/2016 9:17 AM Client-Info OS: Windows 7/27/2016 9:17 AM Middleware::Authentication Waiting for authentication timeout to pass 7/29/2016 9:19 AM Middleware::Communication Download: http://172.16.23.1/fog/management/other/ssl/srvpublic.crt 7/29/2016 9:19 AM Data::RSA FOG Server CA cert found 7/29/2016 9:19 AM Data::RSA ERROR: Certificate validation failed 7/29/2016 9:19 AM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid), A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (NotTimeValid) 7/29/2016 9:19 AM Middleware::Authentication ERROR: Could not authenticate 7/29/2016 9:19 AM Middleware::Authentication ERROR: Certificate is not from FOG CA 7/29/2016 9:19 AM Bus Registering ParseBus in channel Power 7/29/2016 9:19 AM Middleware::Communication URL: http://172.16.23.1/fog/management/index.php?sub=requestClientInfo&mac=B8:08:CF:42:4A:FE|B8:08:CF:42:4A:FA|28:F1:0E:21:C8:0C||00:00:00:00:00:00:00:E0&newService&json 7/29/2016 9:19 AM Middleware::Authentication Waiting for authentication timeout to pass 7/29/2016 9:21 AM Middleware::Communication Download: http://172.16.23.1/fog/management/other/ssl/srvpublic.crt 7/29/2016 9:21 AM Data::RSA FOG Server CA cert found 7/29/2016 9:21 AM Data::RSA ERROR: Certificate validation failed 7/29/2016 9:21 AM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid), A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (NotTimeValid) 7/29/2016 9:21 AM Middleware::Authentication ERROR: Could not authenticate 7/29/2016 9:21 AM Middleware::Authentication ERROR: Certificate is not from FOG CA 7/29/2016 9:21 AM Middleware::Response Success 7/29/2016 9:21 AM Middleware::Communication URL: http://172.16.23.1/fog/service/getversion.php?clientver&newService&json 7/29/2016 9:21 AM Middleware::Communication URL: http://172.16.23.1/fog/service/getversion.php?newService&json 7/29/2016 9:21 AM Service Creating user agent cache 7/29/2016 9:21 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:21 AM Middleware::Response ERROR: Object reference not set to an instance of an object. 7/29/2016 9:21 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:21 AM Middleware::Response ERROR: Object reference not set to an instance of an object. 7/29/2016 9:21 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:21 AM Middleware::Response ERROR: Object reference not set to an instance of an object. 7/29/2016 9:21 AM Service Initializing modules ------------------------------------------------------------------------------ ---------------------------------ClientUpdater-------------------------------- ------------------------------------------------------------------------------ 7/29/2016 9:21 AM Client-Info Client Version: 0.11.4 7/29/2016 9:21 AM Client-Info Client OS: Windows 7/29/2016 9:21 AM Client-Info Server Version: 1.3.0-RC-4 7/29/2016 9:21 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------TaskReboot---------------------------------- ------------------------------------------------------------------------------ 7/29/2016 9:21 AM Client-Info Client Version: 0.11.4 7/29/2016 9:21 AM Client-Info Client OS: Windows 7/29/2016 9:21 AM Client-Info Server Version: 1.3.0-RC-4 7/29/2016 9:21 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:21 AM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 7/29/2016 9:21 AM Client-Info Client Version: 0.11.4 7/29/2016 9:21 AM Client-Info Client OS: Windows 7/29/2016 9:21 AM Client-Info Server Version: 1.3.0-RC-4 7/29/2016 9:21 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:21 AM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ ---------------------------------SnapinClient--------------------------------- ------------------------------------------------------------------------------ 7/29/2016 9:21 AM Client-Info Client Version: 0.11.4 7/29/2016 9:21 AM Client-Info Client OS: Windows 7/29/2016 9:21 AM Client-Info Server Version: 1.3.0-RC-4 7/29/2016 9:21 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:21 AM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ --------------------------------PrinterManager-------------------------------- ------------------------------------------------------------------------------ 7/29/2016 9:21 AM Client-Info Client Version: 0.11.4 7/29/2016 9:21 AM Client-Info Client OS: Windows 7/29/2016 9:21 AM Client-Info Server Version: 1.3.0-RC-4 7/29/2016 9:21 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:21 AM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ --------------------------------PowerManagement------------------------------- ------------------------------------------------------------------------------ 7/29/2016 9:21 AM Client-Info Client Version: 0.11.4 7/29/2016 9:21 AM Client-Info Client OS: Windows 7/29/2016 9:21 AM Client-Info Server Version: 1.3.0-RC-4 7/29/2016 9:21 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:21 AM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ ----------------------------------UserTracker--------------------------------- ------------------------------------------------------------------------------ 7/29/2016 9:25 AM Client-Info Client Version: 0.11.4 7/29/2016 9:25 AM Client-Info Client OS: Windows 7/29/2016 9:25 AM Client-Info Server Version: 1.3.0-RC-4 7/29/2016 9:25 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:25 AM Middleware::Response ERROR: Object reference not set to an instance of an object. 7/29/2016 9:25 AM Middleware::Communication URL: http://172.16.23.1/fog/management/index.php?sub=requestClientInfo&configure&newService&json 7/29/2016 9:25 AM Middleware::Response Success 7/29/2016 9:25 AM Service Sleeping for 132 seconds 7/29/2016 9:28 AM Middleware::Communication URL: http://172.16.23.1/fog/management/index.php?sub=requestClientInfo&mac=B8:08:CF:42:4A:FE|B8:08:CF:42:4A:FA|28:F1:0E:21:C8:0C||00:00:00:00:00:00:00:E0&newService&json 7/29/2016 9:28 AM Middleware::Authentication Waiting for authentication timeout to pass 7/29/2016 9:28 AM Middleware::Communication Download: http://172.16.23.1/fog/management/other/ssl/srvpublic.crt 7/29/2016 9:28 AM Data::RSA FOG Server CA cert found 7/29/2016 9:28 AM Data::RSA ERROR: Certificate validation failed 7/29/2016 9:28 AM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid), A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (NotTimeValid) 7/29/2016 9:28 AM Middleware::Authentication ERROR: Could not authenticate 7/29/2016 9:28 AM Middleware::Authentication ERROR: Certificate is not from FOG CA 7/29/2016 9:28 AM Middleware::Response Success 7/29/2016 9:28 AM Middleware::Communication URL: http://172.16.23.1/fog/service/getversion.php?clientver&newService&json 7/29/2016 9:28 AM Middleware::Communication URL: http://172.16.23.1/fog/service/getversion.php?newService&json 7/29/2016 9:28 AM Service Creating user agent cache 7/29/2016 9:28 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:28 AM Middleware::Response ERROR: Object reference not set to an instance of an object. 7/29/2016 9:28 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:28 AM Middleware::Response ERROR: Object reference not set to an instance of an object. 7/29/2016 9:28 AM Middleware::Response ERROR: Unable to get subsection 7/29/2016 9:28 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
-
7/29/2016 9:19 AM Data::RSA ERROR: Certificate validation failed
7/29/2016 9:19 AM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid), A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (NotTimeValid)
7/29/2016 9:19 AM Middleware::Authentication ERROR: Could not authenticate
7/29/2016 9:19 AM Middleware::Authentication ERROR: Certificate is not from FOG CAWell there’s your problem. At some point you regenerated your FOG server root CA certificates, or setup a new server and didn’t transfer your keys.
-
@Joe-Schmitt Thanks Joe. I definitely did not intentionally regenerate CA cert during install. Any tips for transferring the old keys or resolving the client error with the new keys?
-
@Tom-Elliott I will say that this issue appears generally after reverting from a newer versionI believe. I’ve had to do the group reset encryption.
-
@Hanz this is unrelated now. The root CA keys are now incorrect.
-
@JoeG The best I can tell you, for now.
If you simply built a brand new server, and still have the old server available, you can do the “fixing” rather easily. If this is the case, you need to copy the ssl folder from the old in the new server’s ssl location (default is typically /opt/fog/snapins/ssl). Then you would need to rerun the FOG Installer on the new server. This will remake the public key so it matches the key pairing information from the original server, thus allowing your clients to operate.
If the above is NOT the case, and this happened to occur on the SAME server you’ve always had, it’s not going to be a fun time. The quickest way to ensure things are good immediately, and for the future would be to rebuild the “master” image removing the FOG Client, and reinstalling it. Then you would capture that image and deploy it to the hosts that require it.
I hope this helps lead you in the right direction.
-
@Tom-Elliott said in "Unable to get subsection" error with RC-4:
If you simply built a brand new server, and still have the old server available, you can do the “fixing” rather easily. If this is the case, you need to copy the ssl folder from the old in the new server’s ssl location (default is typically /opt/fog/snapins/ssl). Then you would need to rerun the FOG Installer on the new server. This will remake the public key so it matches the key pairing information from the original server, thus allowing your clients to operate.
Thanks, Tom. I have dev and prod FOG servers and luckily this error has been on my dev server. My prod server is still RC-3, I will try copying that server’s ssl directory to the dev RC-4 server.
-
@JoeG after copying over that directory you will also need to issue an SSL regen command from the fog installer. @Tom-Elliott or @Wayne-Workman can tell you how.
-
@Joe-Schmitt We wouldn’t. The public keys are automatically generated every reinstall.
-
My mistake. @JoeG what you are doing right now is cloning the identity of your prod server to your dev server. When a client installs it locks itself to a single server identity. By cloning it to multiple servers, the client will accept commands from either one.