@sebastian-roth Thanks for the suggestion, those commands are handy. I ran --recreate-CA alone & with --recreate-keys and just got a newer version of that same strange cert. I’m looking into it now but I believe someone may have customized the openssl.cnf file on our template, and something with that may be causing this behavior.
Posts made by gnevills
-
RE: Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)
-
RE: Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)
@wayne-workman @Sebastian-Roth I’m starting to look at this again. It’s been a busy month & somehow I missed your last post on this until a few days ago.
It does seem that this may be related to the srvpublic.crt file in /var/www/fog/management/other/ssl. I now have 1 test server (deployed from our Ubuntu template) with the “incorrect” cert & 1 test server (clean Ubuntu install) with the normal Fog CA cert. Clients contacting the server with the incorrect cert don’t join the domain (get the errors previously mentioned in fog.log), clients contacting the server with the Fog CA cert do join the domain (and have no errors in fog.log).
All I did was deploy our template and install Fog, I’m honestly not sure how this other cert ends up in /var/www/fog/management/other/ssl yet. I was wrong previously in saying that it’s issued by our internal root CA. It’s a certificate that is issued to our domain name by our domain name (issued to example.org issued by example.org) with an effective date that matches the date/time that Fog was installed. Very strange …
-
RE: Upgrading FOG
@george1421 Yes, upgrade successful. Please feel free to mark it as solved.
-
RE: Upgrading FOG
thanks @george1421 I downloaded the FOG installer from Sourceforge & ran installfog.sh, starting with the Master node. I guess all the warnings (specifically “not recommended that you install this on a production system”) the installfog.sh script presents had me second guessing that this was the best way to update FOG, but it all seemed to work just fine.
When I went to actually proceed with the install script I also noticed it does say “Version 1.4.4 Installer/Updater.”, so that should have been a clue
-
Upgrading FOG
Server
- FOG Version: 1.4.0
- OS: Ubuntu 17.04
Client
- Service Version: 11.12
- OS: Windows 10 64-bit
Description
What’s the best approach to upgrade FOG 1.4.0 to 1.4.4? Setup is 1 management server and 3 storage nodes, all currently running 1.4.0.
Is it best to backup configuration files and just run installfog.sh or is there a better way to just update fog rather than re-install with the latest version?
-
RE: Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)
@Sebastian-Roth Somehow I’ve gone blind or it got deleted, it seems like there was something posted that involved editing a couple files (functions.sh) on a test environment. I got a test fog server setup, is this still worth trying or was it deleted because that seemed like the wrong path?
I do not see that certificate installed, in the local or computer certificate stores. Although again I can download it from the link and open it, it does appear to be a valid certificate. I should mention this is a certificate that we issued from our internal Root CA, which is trusted by all of our clients. It’s CN & SAN are not the IP address, they are the FQDN of the fog server. I have tried installing the fog client specifying the fog server address as both the IP address and as the FQDN.
This is the powershell command I used to search the certificate stores.
get-childitem -recurse | where-object {$_.subject -like '*ipaddressORhostname*'}
How do I obtain a full client log
-
RE: Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)
@Sebastian-Roth Thanks for the suggestions so far
I tried the query again with single quotes instead of double quotes, probably should have noticed that, but I still received the same message:
mysql> UPDATE hosts SET hostPubKey='', hostSecToken='', hostSecTime='0000-00-00 00:00:00' WHERE hostname like 'hostname'; ERROR 1292 (22007): Incorrect datetime value: '0000-00-00 00:00:00' for column 'hostSecTime' at row 1
In case it should be updated to have single quotes, here is the article that had that query.
https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Reset_encryption_dataI did also run this query and it looks like you’re right, those fields don’t appear to be set.
mysql> select hostname,hostPubKey,hostSecToken,hostSecTime from hosts where hostname like 'hostname'; +--------------+------------+--------------+---------------------+ | hostname | hostPubKey | hostSecToken | hostSecTime | +--------------+------------+--------------+---------------------+ | hostname | | | 0000-00-00 00:00:00 | +--------------+------------+--------------+---------------------+ 1 row in set (0.00 sec)
-
RE: Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)
Hi Sebastian
I did not try doing that. I just looked around on the wiki a bit and found some pages indicating “Reset encryption data” should be on the general tab in fog 1.3. I went and looked on the General tab for this host (and a few other hosts), there doesn’t appear to be a “Reset encryption data” button on General or any of the other tabs.
I found a page on the wiki indicating this should have the same effect:
UPDATE hosts SET hostPubKey=“”, hostSecToken=“”, hostSecTime=“0000-00-00 00:00:00” WHERE hostname like ‘myhostname’;But I got this message when running that:
ERROR 1292 (22007): Incorrect datetime value: ‘0000-00-00 00:00:00’ for column ‘hostSecTime’ at row 1. -
Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)
Server
- FOG Version: 1.4.0
- OS: Ubuntu 17.04
Client
- Service Version: 0.11.12
- OS: Windows 7 64-bit
Description
Fog Client 11.12 not renaming computer/joining domain (Could not authenticate)
Client computers are not getting renamed or joining the domain after imaging. We did upgrade from fog 1.2.0 to fog 1.4.0, this functionality hasn’t worked since. To upgrade we installed fog 1.4.0 on a fresh Ubuntu server and then imported the database and upgraded the schema. I have re-entered the plain text password in the FOG_AD_DEFAULT_PASSWORD field under FOG Settings > Active Directory Defaults and saved it.
Below is the output from fog.log. It seems like it’s complaining about authentication errors, I’m not sure exactly what this means or where to look in order to fix this, any help is greatly appreciated. Let me know if there is additional info that could be helpful (from logs, debugger, etc.)
Here is the results I get if I browse to the various URL’s listed in the fog.log file.
http://10.10.10.10/fog/management/index.php?sub=requestClientInfo&configure&newService&json
{“sleep”:106,“maxsize”:“204800000”,“promptTime”:“60”,“force”:false,“bannerURL”:“”,“bannerHash”:“”,“color”:“#”,“company”:“”}http://10.10.10.10/fog/management/other/ssl/srvpublic.crt
downloads the certificate used by fog web interfacehttp://10.10.10.10/fog/service/getversion.php?clientver&newService&json
0.11.12http://10.10.10.10/fog/service/getversion.php?newService&json
1.4.0
----------------------------------UserTracker---------------------------------
6/20/2017 8:24 AM Client-Info Client Version: 0.11.12
6/20/2017 8:24 AM Client-Info Client OS: Windows
6/20/2017 8:24 AM Client-Info Server Version: 1.4.0
6/20/2017 8:24 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:24 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
6/20/2017 8:24 AM Service Sleeping for 107 seconds
6/20/2017 8:25 AM Middleware::Communication URL: http://10.10.10.10/fog/management/index.php?sub=requestClientInfo&configure&newService&json
6/20/2017 8:25 AM Middleware::Response Success
6/20/2017 8:25 AM Middleware::Communication URL: http://10.10.10.10/fog/management/index.php?sub=requestClientInfo&mac=E4:A4:71:24:D6:5A|28:F1:0E:1A:2B:03|54:4F:C8:54:29:0B||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
6/20/2017 8:25 AM Middleware::Authentication Waiting for authentication timeout to pass
6/20/2017 8:26 AM Middleware::Communication Download: http://10.10.10.10/fog/management/other/ssl/srvpublic.crt
6/20/2017 8:26 AM Middleware::Authentication ERROR: Could not authenticate
6/20/2017 8:26 AM Middleware::Authentication ERROR: Value cannot be null.
Parameter name: authority
6/20/2017 8:26 AM Middleware::Response Success
6/20/2017 8:26 AM Middleware::Communication URL: http://10.10.10.10/fog/service/getversion.php?clientver&newService&json
6/20/2017 8:26 AM Middleware::Communication URL: http://10.10.10.10/fog/service/getversion.php?newService&json6/20/2017 8:26 AM Service Creating user agent cache
6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
---------------------------------ClientUpdater--------------------------------
6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
6/20/2017 8:26 AM Client-Info Client OS: Windows
6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
6/20/2017 8:26 AM Middleware::Response Success
----------------------------------TaskReboot----------------------------------
6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
6/20/2017 8:26 AM Client-Info Client OS: Windows
6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
--------------------------------HostnameChanger-------------------------------
6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
6/20/2017 8:26 AM Client-Info Client OS: Windows
6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
---------------------------------SnapinClient---------------------------------
6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
6/20/2017 8:26 AM Client-Info Client OS: Windows
6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
--------------------------------PrinterManager--------------------------------
6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
6/20/2017 8:26 AM Client-Info Client OS: Windows
6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
--------------------------------PowerManagement-------------------------------
6/20/2017 8:26 AM Client-Info Client Version: 0.11.12
6/20/2017 8:26 AM Client-Info Client OS: Windows
6/20/2017 8:26 AM Client-Info Server Version: 1.4.0
6/20/2017 8:26 AM Middleware::Response ERROR: Unable to get subsection
6/20/2017 8:26 AM Middleware::Response ERROR: Object reference not set to an instance of an object.