RE: Migrated FOG, Clients Not Happy

@Sebastian-Roth said in Migrated FOG, Clients Not Happy:

systemctl restart apache2

Restarted apache and rechecked the thumbprints. They are still different. Same thumbprints as before.

@Sebastian-Roth

They are still not happy.

------------------------------------------------------------------------------
----------------------------------UserTracker---------------------------------
------------------------------------------------------------------------------
 12/19/2019 12:14 PM Client-Info Client Version: 0.11.17
 12/19/2019 12:14 PM Client-Info Client OS:      Windows
 12/19/2019 12:14 PM Client-Info Server Version: 1.5.7.86
 12/19/2019 12:14 PM Middleware::Response ERROR: Unable to get subsection
 12/19/2019 12:14 PM Middleware::Response ERROR: Object reference not set to an instance of an object.
 12/19/2019 12:14 PM Service Sleeping for 84 seconds
 12/19/2019 12:15 PM Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&configure&newService&json
 12/19/2019 12:15 PM Middleware::Response Success
 12/19/2019 12:15 PM Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&mac=2C:41:38:8F:55:FF&newService&json
 12/19/2019 12:15 PM Middleware::Authentication Waiting for authentication timeout to pass
 12/19/2019 12:15 PM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
 12/19/2019 12:16 PM Data::RSA FOG Server CA cert found
 12/19/2019 12:16 PM Data::RSA ERROR: Certificate validation failed
 12/19/2019 12:16 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
 12/19/2019 12:16 PM Middleware::Authentication ERROR: Could not authenticate
 12/19/2019 12:16 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
 12/19/2019 12:16 PM Middleware::Response Success
 12/19/2019 12:16 PM Middleware::Communication URL: http://fogserver/fog/service/getversion.php?clientver&newService&json
 12/19/2019 12:16 PM Middleware::Communication URL: http://fogserver/fog/service/getversion.php?newService&json

 12/19/2019 12:16 PM Service Creating user agent cache
 12/19/2019 12:16 PM Middleware::Response ERROR: Unable to get subsection
 12/19/2019 12:16 PM Middleware::Response ERROR: Object reference not set to an instance of an object.
 12/19/2019 12:16 PM Middleware::Response ERROR: Unable to get subsection
 12/19/2019 12:16 PM Middleware::Response ERROR: Object reference not set to an instance of an object.
 12/19/2019 12:16 PM Middleware::Response ERROR: Unable to get subsection
 12/19/2019 12:16 PM Middleware::Response ERROR: Object reference not set to an instance of an object.

@Sebastian-Roth

I did copy them over and ran the installer again. Is it only files in /opt/fog/snapins/ssl/ or do I have to worry about the certs in /var/www/fog/management/other/ as well?

@Sebastian-Roth said in Migrated FOG, Clients Not Happy:

openssl x509 -in /opt/fog/snapins/ssl/CA/.fogCA.pem -fingerprint -noout

Comparing the FOG Server CA on the workstation and the server shows two different thumbprints.

Server:
E5:D3:32:A3:5F:8D:A4:B8:BD:3C:6B:CC:76:A6:A5:F0:85:3C:9B:B8

Client:
6B:9D:5B:3F:BC:23:7B:9D:1E:69:46:80:C2:90:CB:9A:BC:97:DD:70

Here is the output when using wget from the server console.

root@fogserver:~/fogproject/bin# wget http://fogserver/fog/management/other/ssl/srvpublic.crt
--2019-12-18 20:23:57--  http://fogserver/fog/management/other/ssl/srvpublic.crt
Resolving fogserver (fogserver)... 127.0.1.1
Connecting to fogserver (fogserver)|127.0.1.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1757 (1.7K) [application/x-x509-ca-cert]
Saving to: ‘srvpublic.crt’

srvpublic.crt                           100%[============================================================================>]   1.72K  --.-KB/s    in 0s

2019-12-18 20:23:57 (189 MB/s) - ‘srvpublic.crt’ saved [1757/1757]

I can try from a different computer if you need me to. Looking at the cert store on the windows device I have both the FOG Server CA which is valid as well as the FOG Project cert.

@Sebastian-Roth said in Migrated FOG, Clients Not Happy:

http://fogserver/fog/management/other/ssl/srvpublic.crt

I am able to download the file with wget as well.

@Sebastian-Roth said in Migrated FOG, Clients Not Happy:

Scott-B I pushed out a new fog-client release (0.11.17) a couple of days ago. This is the first time I have done this (took over the work from another person) and seems like something is wrong although we did some thorough testing before the release.

Visiting that URL I am prompted to download a crt file. All the details inside the cert seem to be correct.

I migrated out FOG install over to a new server. But the clients are not happy and cannot connect to it. Below is the fog.log file.

I installed the OS (Ubuntu 18.04)
Installed latest SVN
Imported backup of our FOG database
Copied all files from /opt/fog/snapins/ssl to the new server at /opt/fog/snapins/ssl
Ran FOG installer again
Reset encryption data on all clients

 12/18/2019 11:53 AM Main Overriding exception handling
 12/18/2019 11:53 AM Main Bootstrapping Zazzles
 12/18/2019 11:53 AM Controller Initialize
 12/18/2019 11:53 AM Controller Start

 12/18/2019 11:53 AM Service Starting service
 12/18/2019 11:54 AM Bus Became bus server
 12/18/2019 11:54 AM Bus Emmiting message on channel: Status
 12/18/2019 11:54 AM Service Invoking early JIT compilation on needed binaries

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 12/18/2019 11:54 AM Client-Info Version: 0.11.17
 12/18/2019 11:54 AM Client-Info OS:      Windows
 12/18/2019 11:54 AM Middleware::Authentication Waiting for authentication timeout to pass
 12/18/2019 11:54 AM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
 12/18/2019 11:54 AM Data::RSA FOG Server CA cert found
 12/18/2019 11:54 AM Data::RSA ERROR: Certificate validation failed
 12/18/2019 11:54 AM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
 12/18/2019 11:54 AM Middleware::Authentication ERROR: Could not authenticate
 12/18/2019 11:54 AM Middleware::Authentication ERROR: Certificate is not from FOG CA

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 12/18/2019 11:54 AM Client-Info Version: 0.11.17
 12/18/2019 11:54 AM Client-Info OS:      Windows
 12/18/2019 11:54 AM Middleware::Authentication Waiting for authentication timeout to pass

After clearing all the details from the active directory tab in the individual client then reapplying the stored ad details the client was able to join the domain. Is there a way to set this across all clients at once?

Since updating to FOG v1.5.7.56 newly imaged clients have not been auto joining our domain. I was reading THIS thread about the same issue. I created a user with admin rights and a password without any special characters to test as mentioned in that thread but it did not correct the issue. Manually joining a client with the same credientails stored in FOG will join the client with no issue.

Server is Ubuntu 18.04.3 LTS

------------------------------------------------------------------------------
--------------------------------HostnameChanger-------------------------------
------------------------------------------------------------------------------
 12/4/2019 10:58 AM Client-Info Client Version: 0.11.16
 12/4/2019 10:58 AM Client-Info Client OS:      Windows
 12/4/2019 10:58 AM Client-Info Server Version: 1.5.7.56
 12/4/2019 10:58 AM Middleware::Response Success
 12/4/2019 10:58 AM HostnameChanger Checking Hostname
 12/4/2019 10:58 AM HostnameChanger Hostname is correct
 12/4/2019 10:58 AM HostnameChanger Attempting to join domain
 12/4/2019 10:58 AM HostnameChanger Logon failure: unknown username or bad password, code =  1326
------------------------------------------------------------------------------

@Scott-B said in New Image Upload - Stuck on Updating Database:

@george1421 said in New Image Upload - Stuck on Updating Database:

I have an image going up now. I’ll see what it does.

Well those two images just completed successfully, so I don’t know what the deal was. The 4 test images before them all had the error.

@george1421 said in New Image Upload - Stuck on Updating Database:

I have an image going up now. I’ll see what it does.

@george1421 said in New Image Upload - Stuck on Updating Database:

php-fpm error log

root@fogserver:/# tail /var/log/php7.2-fpm.log

[28-May-2019 18:58:44] NOTICE: [pool www] child 820 exited with code 0 after 989.730318 seconds from start
[28-May-2019 18:58:44] NOTICE: [pool www] child 11586 started
[28-May-2019 18:58:44] NOTICE: [pool www] child 813 exited with code 0 after 990.608738 seconds from start
[28-May-2019 18:58:44] NOTICE: [pool www] child 11587 started
[28-May-2019 18:58:47] NOTICE: [pool www] child 836 exited with code 0 after 991.969990 seconds from start
[28-May-2019 18:58:47] NOTICE: [pool www] child 11632 started
[28-May-2019 19:04:56] NOTICE: [pool www] child 4953 exited with code 0 after 990.381560 seconds from start
[28-May-2019 19:04:56] NOTICE: [pool www] child 15598 started
[28-May-2019 19:05:41] NOTICE: [pool www] child 5491 exited with code 0 after 983.723588 seconds from start
[28-May-2019 19:05:41] NOTICE: [pool www] child 16055 started

@Sebastian-Roth said in New Image Upload - Stuck on Updating Database:

@Scott-B Are you able to access the FOG web UI just fine while it hangs at that stage? Also check the PHP FPM log (see my signature).

GUI is working great during that time. Error on using the command in your sig.

root@fogserver:/# php-fpm log (/var/log/php*-fpm.log)
-bash: syntax error near unexpected token `('

Pushing up a new image and everything seems to go fine until the very end where it updates the database. It will sit for a long time, eventually retry, and eventually fail and reboot.

FOG 1.5.6.2
Ubuntu 18.04.2

@AllenYoest said in Adding Hiren’s BootCD PE to Advanced Menu:

I managed to get it working using the Windows PE instructions provided here:

https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images/17

Good link. I hadn’t seen that one before. That helped me get further than I have. Almost boots, but I get an error after it starts.

Resource exceeds length of file
Emulating drive 0x01
FATAL: no bootmgr.exe
Press a key to reboot...

@Valer said in Adding Hiren’s BootCD PE to Advanced Menu:

ould also be interested. You have tried t

I have, but the “new” Hirens seems to require something different.

@Scott-B said in chainloading failed advanced menu:

I think we are good. I was able to add DBAN back to the menu list.

For anyone who may find this thread down the road below is the quick advanced menu I wrote for this thread.

#!ipxe
menu
item --gap – ---------------- iPXE boot menu ----------------
item DBAN Boot and Nuke
item DBANAUTO Boot and Nuke Autowipe
item HIRENSCD Hirens Boot CD (Most Features Outdated)
item GPARTED GParted Partition Editor 
item SRCD System Rescue CD
item SHELL iPXE Shell
item RETURN Return to previous menu
choose --default RETURN --timeout 10000 target && goto ${target}

:DBAN
kernel ${boot_url}/dban/dban.bzi nuke="dwipe" silent vga=785
boot
goto MENU

:DBANAUTO
kernel ${boot_url}/dban/dban.bzi nuke="dwipe --autonuke" silent nousb vga=785
boot
goto MENU

:HIRENSCD
sanboot http://${fog-ip}/hirenscd/HirensBootCD152.iso
chain memdisk iso raw ||
goto MENU

:GPARTED
kernel http://${fog-ip}/gparted/live/vmlinuz vmlinuz boot=live config components union=overlay username=user noswap noeject ip= vga=788 fetch=${fog-ip}/gparted/live/filesystem.squashfs
initrd http://${fog-ip}/gparted/live/initrd.img
boot

:SRCD
kernel http://${fog-ip}/srcd/rescue64 netboot=http://${fog-ip}/srcd/sysrcd.dat
initrd http://${fog-ip}/srcd/initram.igz
boot
boot

:SHELL
shell ||
goto MENU

:RETURN
chain http://${fog-ip}/${fog-webroot}/service/ipxe/boot.php?mac=${net0/mac} ||
prompt
goto MENU

autoboot```

I wondered if anyone has had luck adding the newer Hiren’s BootCD PE disk to boot from FOG’s advanced menu. This is a community updated version of the old Hiren’s boot CD based on Windows 10x64.

@Sebastian-Roth said in Clear Primary User and Other Tag Fields:

actually clear those fields for ALL your hosts! If you don’t have a backup, there is no way back after running tho

Perfect, exactly what I needed. Thank you!