@SNP said:
I have the same problem in 1.20, can some one help me where i find where this javascrip are in 1.20.
(From a big fan of fog, fog has saved us a lot of time.)
For fog 1.20, files are located at:
fog/management/ajax/login.info.php <- Comment out entire page after <?php
fog/lib/fog/ProcessLogin.class.php <- Comment out lines 230-233 and 244
@Sebastian-Roth Thank you very much for your help! After you pointed me to the right file, i found a very easy and good working solution.
/var/www/html/fog/lib/fog/fogbase.class.php:
Changed line 2305 from:
$size = filesize($file);
to:
$size = exec("stat -c %s ".$file);
I found this nice solution over here:
Reverted my changes that i showed in the last post, restarted FOGImageReplicator service, and it works perfect!
We know that this can’t work for forever, and Updates are also nice and good, so we need to change a few internal things, and also reinstall this Server with x64 Debian.
Thanks for your great support. Keep up this very very nice project!
@sebastian-roth said in FOG-Client suddenly stopped working:
Unless there is really something strange going on with the CA and certificate generation on the new server I can’t see why you would need to copy the certs from the old server to the new one when you actually run the fog-client installer to the hosts anyway.
I think there is something strange going on, it only worked with the old certificate, also don‘t know why, reinstalled client and mono and also deleted all residual folders after uninstallation of mono.
But it only happened after Storage Node update (1.5.8 to 1.5.9). (We have 8 linux servers, 3 of them are Storage nodes. All have Debian Buster OS)
But most of our linux machines with client (~150) had never problems, but they use all a old fixed version of mono, because they are Lubuntu 18.04 LTS OS and the Ubuntu repo has no mono included (They are also using some old version of the Client (0.11.1x). Master-Server is also Debian 10.
So are you saying a fresh install of the fog-client on Linux is not able to communicate with an up to date FOG server?
Yes. Unless you copy over the cert from the old server. (ca.cert.der)
@sebastian-roth said in FOG-Client suddenly stopped working:
You need to know that on installation the fog-client will download the specific server CA cert (http://…/fog/management/other/ca.cert.der) and pinn that client to this server. So copying /var/www/fog/management/other/ssl/srvpublic.crt to a different server is not enough!
SOLVED!
Copied /fog/management/other/ca.cert.der from old to new server, and it works! Also works with HTTPS: 1 in /opt/fog-service/settings.json! I just need to bring all the clients on the Server to version 0.12.0 ( only 8 ). So solution is update/recreate the Server, copy over the all the certs from the old server and install newest FOG-Client on all Hosts.
Can be marked as solved!
@sebastian-roth said in FOG-Client suddenly stopped working:
What do you mean by that? This particular client you posted the information here can communicate with a different FOG server just fine?
Update:
We are updating also the storage nodes after the master-server. The problem seems to come from the update, we also updated this storage node that worked before, and now we have the same problem… But the mono-complete Version seems not to change… so it must be another packet… (Both the Server that has a not working Client and the Server that had a working Client before are Storage nodes)
But the Server that had before the Update a working client has Version 0.11.18 installed, and the log is different:
------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
2/19/2021 9:26:03 PM Client-Info Version: 0.11.18
2/19/2021 9:26:03 PM Client-Info OS: Linux
2/19/2021 9:26:03 PM Middleware::Authentication Waiting for authentication timeout to pass
2/19/2021 9:28:03 PM Middleware::Communication Download: http://<fogserver>/fog/management/other/ssl/srvpublic.crt
2/19/2021 9:28:03 PM Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
2/19/2021 9:28:03 PM Middleware::Authentication ERROR: Could not authenticate
2/19/2021 9:28:03 PM Middleware::Authentication ERROR: Value cannot be null.
Parameter name: authority
UPDATE: followed the tutorial at: https://wiki.fogproject.org/wiki/index.php/FOG_Client#Installing_-_Linux
And have now mono-complete Version 6.12.0.107-0xamarin13+debian10b1
But same messages in the log…
Sorry for the late reply, we are very busy at the moment…
So we reinstalled our FOG-Server last week, and now the Server and the Storage-Nodes are up-to-date (1.5.9) from the old Server we copied over /var/www/fog/management/other/ssl/srvpublic.crt, and we have as mentioned earlier no problems with most of the Clients. Only eight of our Servers (total), still have problems… So with Server-Version 1.5.9 and Client version 0.12.0 we still have problems, here the log:
2/19/2021 5:18:13 PM Main Overriding exception handling
2/19/2021 5:18:13 PM Main Bootstrapping Zazzles
2/19/2021 5:18:13 PM Controller Initialize
2/19/2021 5:18:13 PM Controller Start
2/19/2021 5:18:13 PM Service Starting service
2/19/2021 5:18:13 PM Bus Became bus server
2/19/2021 5:18:13 PM Bus Emmiting message on channel: Status
2/19/2021 5:18:13 PM Service Invoking early JIT compilation on needed binaries
------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
2/19/2021 5:18:14 PM Client-Info Version: 0.12.0
2/19/2021 5:18:14 PM Client-Info OS: Linux
2/19/2021 5:18:14 PM Middleware::Authentication Waiting for authentication timeout to pass
2/19/2021 5:18:14 PM Middleware::Communication Download: http://<fogserver>/fog/management/other/ssl/srvpublic.crt
2/19/2021 5:18:14 PM Data::RSA FOG Server CA cert found
2/19/2021 5:18:14 PM Data::RSA ERROR: Certificate validation failed
2/19/2021 5:18:14 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: NotSignatureValid (NotSignatureValid)
2/19/2021 5:18:14 PM Middleware::Authentication ERROR: Could not authenticate
2/19/2021 5:18:14 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
2/19/2021 5:18:14 PM Client-Info Version: 0.12.0
2/19/2021 5:18:14 PM Client-Info OS: Linux
2/19/2021 5:18:14 PM Middleware::Authentication Waiting for authentication timeout to pass
Complete output of certmgr -list -c -v -m Trust:
Mono Certificate Manager - version 5.18.0.240
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.
Self-signed X.509 v3 Certificate
Serial Number: 4AC79159C96A75A1B146429056E03B08
Issuer Name: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Subject Name: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Valid From: 11/10/2006 12:00:00 AM
Valid Until: 11/10/2031 12:00:00 AM
Unique Hash: B34DDD372ED92E8F2ABFBB9E20A9D31F204F194B
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 2D99D41C39044F7C
Issuer Name: C=US, O=AffirmTrust, CN=AffirmTrust Networking
Subject Name: C=US, O=AffirmTrust, CN=AffirmTrust Networking
Valid From: 1/29/2010 2:08:24 PM
Valid Until: 12/31/2030 2:08:24 PM
Unique Hash: 2110A6E8DA67CEE9D90CCBF913117C60EC31C914
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: C04404
Issuer Name: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
Subject Name: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
Valid From: 10/22/2008 12:07:37 PM
Valid Until: 12/31/2029 12:07:37 PM
Unique Hash: A8569CCD21EF9CC5737C7A12DF608C2CBC545DF1
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 00
Issuer Name: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2
Subject Name: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2
Valid From: 5/29/2009 5:00:39 AM
Valid Until: 5/29/2029 5:00:39 AM
Unique Hash: 453ECC5C2C07CCC737ABCA4F06054723F20169FCE993F86657343DB97515C000
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.11
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 3DE54602353EEE020BE065828A2D814E
Issuer Name: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
Subject Name: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
Valid From: 12/1/2006 12:00:00 AM
Valid Until: 12/31/2029 11:59:59 PM
Unique Hash: C1F49DACC04C76C9D07297565C4C2FDA367B90DC
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 4AE671E3D889CA4C003FED73A0F98054
Issuer Name: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, E=pki@sk.ee
Subject Name: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, E=pki@sk.ee
Valid From: 10/30/2010 10:10:30 AM
Valid Until: 12/17/2030 11:59:59 PM
Unique Hash: 3FD9A3751E2081CB6BF65CCEBD588623D20D9A61
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: A45A1CB823AEC6C4DF4093C900ECA54C8A5F1608
Issuer Name: C=HK, S=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3
Subject Name: C=HK, S=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3
Valid From: 6/3/2017 2:29:46 AM
Valid Until: 6/3/2042 2:29:46 AM
Unique Hash: D6ED17A5F51972C262E2D3A8677577857C6A85700A2D22E0A4F87948D6834F63
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.11
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 4B2FBB542FD41B4F
Issuer Name: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
Subject Name: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
Valid From: 10/25/2006 8:32:46 AM
Valid Until: 10/25/2036 8:32:46 AM
Unique Hash: 526AAA5D52A07C057AD6E17522FB678A3E154558
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: E1A6E3C46D41E6A30D0355F1891BE9CA00
Issuer Name: C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA
Subject Name: C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA
Valid From: 10/1/2013 8:32:27 AM
Valid Until: 10/1/2033 8:32:27 AM
Unique Hash: 9668D6C44B5F62EE4A56423640D93D45A2C772C6D42ED178978AF5ADDB15FDAE
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.11
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 0905
Issuer Name: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
Subject Name: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
Valid From: 11/24/2006 6:27:00 PM
Valid Until: 11/24/2031 6:23:33 PM
Unique Hash: C8F8A3C6BF401D34E6F1D8F8E1DDD08BBB934626
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: FF48C90F01E3DCFE00
Issuer Name: C=FR, O=Dhimyotis, CN=Certigna
Subject Name: C=FR, O=Dhimyotis, CN=Certigna
Valid From: 6/29/2007 3:13:05 PM
Valid Until: 6/29/2027 3:13:05 PM
Unique Hash: D49BA8CA0DB5E6C661B57B56F33B4F05163FF8F2
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 7DE619D78BF5CBE1BF5F48165AB7B000
Issuer Name: C=ES, O=IZENPE S.A., CN=Izenpe.com
Subject Name: C=ES, O=IZENPE S.A., CN=Izenpe.com
Valid From: 12/13/2007 1:08:28 PM
Valid Until: 12/13/2037 8:27:25 AM
Unique Hash: 9E5428441BEFFA8BCFD95D3272309D63A6AB83812A09D6D7A71B514408AF47A1
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.11
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 9DBCD206E45E0097B8AF5C4765BDC815
Issuer Name: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root Certification Authority
Subject Name: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root Certification Authority
Valid From: 12/20/2004 2:31:27 AM
Valid Until: 12/20/2034 2:31:27 AM
Unique Hash: E2D1E7E0391A13E13A9759961938A4FAAB8DEA65
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: E0683190E3171647E6165CC26F33CB57
Issuer Name: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
Subject Name: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
Valid From: 12/1/2006 12:00:00 AM
Valid Until: 12/31/2029 11:59:59 PM
Unique Hash: 930DBFC5830B7BFD486F9056FCB8751F3D21BF12
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: 3082010A0282010100E4BC7E92306DC6D88E2B0BBC46CEE02796DEDEF9FA12D33C3373B3042FBC718CE59FB622603E5F5DCE09FF820C1B9A51501A2689DDD5615D19DC120F2D0AA2435D17D0349220EA73CF382C0626097A72F7FA5032F8C293D369A223CE41B1CCE4D51F36D18A3AF88C63E2145969ED0DD37F6BE8B803E54F6AE59863694805BE2EFF33B6E9975969F86719AE9361964415D372B03FBC6A7DEC487F8DC3ABAA712B5369415334B5B0B9C5060AC4B045F5415D6E89457B3D3B268C74C2E5D2D17DB211D4FB5832229A80C9DCFD0CE97F5E0397CE3B001487277038A98E6EB327769851E005E321AB1AD585223C29B59A16C580A8F4BB6B308F2F4602A2B10C22E0D30203010001
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: BBAE4BE7B757EB7FAA2DB77347856AC1E4A51DE4E73CE9F4596577B57A5B5A8D2536E07A972E38C05760839806839FB9767A6E50E0BA882CFC45CC18B09995510EEC1DB888FF87501C82C2E3E03280BFA00B47C8C331EF996732804F1721790C695CDE5E34AE02B526EA50DF7F18652CC9F263E1A907FE7C711F6B33246A1E05F70568C06A12CB2E5E61CBAE28D37EC2B46691265F3C2E245FCB580FEB28ECAF1196F3DC7B6FC0A788F25377B3605EAEAE28DA352C6F3445D326E1DEEC5B4F276B167CBD44041882B389791710713D7AA2164EF501CDA46C6568A149765C43C9D8BC36676CA594B5D4CCB9BD6A355621DED8C3EBFBCBA4604CB055A0A07B57B2
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: E4D6E4DC2DEB015FB6E3B7D532D255EC075D8A3E
Issuer Name: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2
Subject Name: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2
Valid From: 10/19/2015 7:43:30 AM
Valid Until: 10/19/2035 7:43:30 AM
Unique Hash: 8F65AB514D193E1BC2C69D82520F73C4E3255744356064E9859107F26C0EFD5C
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: 3082010A0282010100B7BC3E50A84BCD40B5CE61E796CAB4A1DA0C22B0FAB57B7600778C0BCF7DA886CC2651E4203D850CD658E3E7F42A189DDAD1AE26EEEB53DCF490D6134A0C903CC3F4DAD28E0D923ADCB1B1FF38DEC3BA2D5F80B902BD4A9D1B0FB4C3C2C16703DDDC1B9C3DB3B0DE001EA83447BB9AEBFE0B14BD3684DA0D20BFFA5BCBA91620AD3960EE2F75B6E7979CF93EFD7E4D6F4D2FEF880D6AFADDF13D6E20A5A012B44D70B9CED7723B8993A780841C27497249B5FF3B959EC1CCC801ECE80E8A0A96E7B3A687E5D6F9052B0D9740703CBAAC755A9CD54D9D020AD24B9B664B46071765AD9F6C8800DC2289E0E164D467BC3179613CBBCA41CD5C6A00C83C388E58AF0203010001
Signature Algorithm: 1.2.840.113549.1.1.11
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 53CB9B519C3E686A
Issuer Name: C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
Subject Name: C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
Valid From: 3/5/2013 12:09:48 PM
Valid Until: 3/3/2023 12:09:48 PM
Unique Hash: AE284D570FF1601F3D9E2067F8B5D44E58B49D5142A2D888235926E44B49A1EB
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.11
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: C54AEFA1421099D600
Issuer Name: C=US, S=Illinious, L=Chicago, O=FOG Project, CN=FOG Project, E=noreply@fogproject.org
Subject Name: C=US, S=Illinious, L=Chicago, O=FOG Project, CN=FOG Project, E=noreply@fogproject.org
Valid From: 9/9/2015 1:04:11 AM
Valid Until: 9/7/2020 1:04:11 AM
Unique Hash: A2401FF1B2C3528B250FBA08FEF97C19E570D35C
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.5
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: C0C2F61A23F8B3468785F0745220B176
Issuer Name: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
Subject Name: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
Valid From: 12/1/2014 3:00:32 PM
Valid Until: 12/1/2039 3:10:31 PM
Unique Hash: 04524E82755B1E36393B942C01DEE51978C032D7D4519F7DA6C964ABF89C5EA9
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.11
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
Self-signed X.509 v3 Certificate
Serial Number: 00
Issuer Name: C=US, S=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2
Subject Name: C=US, S=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2
Valid From: 9/1/2009 12:00:00 AM
Valid Until: 12/31/2037 11:59:59 PM
Unique Hash: 3560E45B41E46B8F36537025D1D5BC02D9652A10645B0EFF69E8B6A52191F335
Key Algorithm: 1.2.840.113549.1.1.1
Algorithm Parameters: 0500
Public Key: (removed)
Signature Algorithm: 1.2.840.113549.1.1.11
Algorithm Parameters: 0500
Signature: (removed)
Private Key: False
KeyPair Key: False
X.509 v3 Certificate
Serial Number: 26CC8089CDDE5671D2C5945AC5998B5C
Issuer Name: C=US, S=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
Subject Name: C=US, S=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
Valid From: 2/1/2010 12:00:00 AM
Valid Until: 1/18/2038 11:59:59 PM
Unique Hash:
Key Algorithm: 1.2.840.10045.2.1
Algorithm Parameters: 06052B81040022
Public Key: (removed)
Signature Algorithm: 1.2.840.10045.4.3.3
Algorithm Parameters: None
Unhandled Exception:
System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.10045.4.3.3
at Mono.Security.X509.X509Certificate.get_Signature () [0x001a1] in <c8dae181eb1743bd94c3ab5b607caeb0>:0
at Mono.Tools.CertificateManager.DisplayCertificate (Mono.Security.X509.X509Certificate x509, System.Boolean machine, System.Boolean verbose) [0x00132] in <52d071828ee44ab9ab181a6c5989b2db>:0
at Mono.Tools.CertificateManager.List (Mono.Tools.CertificateManager+ObjectType type, Mono.Security.X509.X509Store store, System.Boolean machine, System.String file, System.Boolean verbose) [0x0002b] in <52d071828ee44ab9ab181a6c5989b2db>:0
at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00204] in <52d071828ee44ab9ab181a6c5989b2db>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.10045.4.3.3
at Mono.Security.X509.X509Certificate.get_Signature () [0x001a1] in <c8dae181eb1743bd94c3ab5b607caeb0>:0
at Mono.Tools.CertificateManager.DisplayCertificate (Mono.Security.X509.X509Certificate x509, System.Boolean machine, System.Boolean verbose) [0x00132] in <52d071828ee44ab9ab181a6c5989b2db>:0
at Mono.Tools.CertificateManager.List (Mono.Tools.CertificateManager+ObjectType type, Mono.Security.X509.X509Store store, System.Boolean machine, System.String file, System.Boolean verbose) [0x0002b] in <52d071828ee44ab9ab181a6c5989b2db>:0
at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00204] in <52d071828ee44ab9ab181a6c5989b2db>:0
mono-complete Version: 5.18.0.240+dfsg-3
Strange thing: Same server (from a software perspective) with all versions the same, it´s working fine…
Mono certificate store: (/usr/share/.mono/certs/) :
ls -lah /usr/share/.mono/certs/
drwxr-xr-x 3 root root 4.0K Feb 19 14:17 .
drwxr-xr-x 5 root root 4.0K Feb 19 14:20 ..
drwxr-xr-x 2 root root 20K Feb 19 17:18 Trust
@sebastian-roth said in FOG-Client suddenly stopped working:
Run certmgr -list -c -v -m Trust as root to see if a CA cert named FOG Server CA is there and still valid.
Output (end):
Unhandled Exception:
System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.10045.4.3.3
at Mono.Security.X509.X509Certificate.get_Signature () [0x001a1] in <c8dae181eb1743bd94c3ab5b607caeb0>:0
at Mono.Tools.CertificateManager.DisplayCertificate (Mono.Security.X509.X509Certificate x509, System.Boolean machine, System.Boolean verbose) [0x00132] in <52d071828ee44ab9ab181a6c5989b2db>:0
at Mono.Tools.CertificateManager.List (Mono.Tools.CertificateManager+ObjectType type, Mono.Security.X509.X509Store store, System.Boolean machine, System.String file, System.Boolean verbose) [0x0002b] in <52d071828ee44ab9ab181a6c5989b2db>:0
at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00204] in <52d071828ee44ab9ab181a6c5989b2db>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.10045.4.3.3
at Mono.Security.X509.X509Certificate.get_Signature () [0x001a1] in <c8dae181eb1743bd94c3ab5b607caeb0>:0
at Mono.Tools.CertificateManager.DisplayCertificate (Mono.Security.X509.X509Certificate x509, System.Boolean machine, System.Boolean verbose) [0x00132] in <52d071828ee44ab9ab181a6c5989b2db>:0
at Mono.Tools.CertificateManager.List (Mono.Tools.CertificateManager+ObjectType type, Mono.Security.X509.X509Store store, System.Boolean machine, System.String file, System.Boolean verbose) [0x0002b] in <52d071828ee44ab9ab181a6c5989b2db>:0
at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00204] in <52d071828ee44ab9ab181a6c5989b2db>:0
@sebastian-roth said in FOG-Client suddenly stopped working:
Is the srvpublic.crt still valid?
Was the first thought, but no, its valid.
Sorry for the late answer, very busy at the moment.
I re-checked with my colleagues, not all clients have this Problem, just a few servers, so no problem to replace the Zazzles.dll, but with HTTPS, 1 in settings.json, (and newest 0.12.0 Version fog-client) we get:
------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
1/11/2021 12:34:34 PM Client-Info Version: 0.12.0
1/11/2021 12:34:34 PM Client-Info OS: Linux
1/11/2021 12:34:34 PM Middleware::Authentication Waiting for authentication timeout to pass
1/11/2021 12:34:34 PM Middleware::Communication Download: https://<fogdomain>/fog/management/other/ssl/srvpublic.crt
1/11/2021 12:34:36 PM Data::RSA FOG Server CA cert found
1/11/2021 12:34:36 PM Data::RSA ERROR: Certificate validation failed
1/11/2021 12:34:36 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: PartialChain (PartialChain)
1/11/2021 12:34:36 PM Middleware::Communication SSL certificate chain error: NotTimeValid
1/11/2021 12:34:36 PM Middleware::Communication ERROR: Could not download file
1/11/2021 12:34:36 PM Middleware::Communication ERROR: Error: TrustFailure (Authentication failed, see inner exception.)
@sebastian-roth said in FOG-Client suddenly stopped working:
It’s strange/interesting you get this error just now. Possibly a Mono update on your Linux systems??
No we use a fixed Version of Mono (Mono Repository with specific Version specified), but can’t tell you at the moment what version we are using exactly. We did no Updates on both Server and Client.
Maybe we can find the Problem, with the new Information provided. I will try to manually replace the Zazzles.dll on one Client just to see if it works. We also have an Internal Repository, we could update the Mono-Package and create a package for the FOG-Client. But because we Updating our Clients also via FOG-Client we still need to touch them all, but with this solution we have at least a GUI to Update.
FOG-Client suddenly stopped working this Year. Nothing was changed. Output of the Client fog.log:
Middleware::Communication Download: https://<fogdomain>/fog/management/other/ssl/srvpublic.crt
Middleware::Communication ERROR: Could not download file
Middleware::Communication ERROR: Error: TrustFailure (Authentication failed, see inner exception.)
On Windows it is working without problems.
We have about 100 Linux Clients, is there a server solution without touching them all?
Thanks in advance!
@Sebastian-Roth Thank you very much for your help! After you pointed me to the right file, i found a very easy and good working solution.
/var/www/html/fog/lib/fog/fogbase.class.php:
Changed line 2305 from:
$size = filesize($file);
to:
$size = exec("stat -c %s ".$file);
I found this nice solution over here:
Reverted my changes that i showed in the last post, restarted FOGImageReplicator service, and it works perfect!
We know that this can’t work for forever, and Updates are also nice and good, so we need to change a few internal things, and also reinstall this Server with x64 Debian.
Thanks for your great support. Keep up this very very nice project!