RE: Need help to understand host.class.php

@jamaal said in Need help to understand host.class.php:

Hello all,

I’m banging my head to understand the host.class.php file.
I have a few posts based on Powershell to add the “location” field for a computer to be created for example.

I already have the locations plug in installed and it works fine in the gui, but when I run the powershell script, location doesn’t show in Powershell, but in the gui.

I’m not trying to image yet, but I want to be able to add on a custom website; ex; Jira ticket system, the host location. It should match up in the “location” field in Powershelll.

I saw a post you can edit the host.class.php file.

I did and here’s a screen shot:

I went to create a host and it doesn’t show up, not sure what I’m doing wrong.

Here’s when I went to see if the host got created when attempting to add it via the gui. I forgot to get the words before it, but it says hosts not found.

If I can get some guidance to what I’m donig wrong, I appreciate it.

Here’s my version of FOG:

All,

This can be resolved. I finally was able to add location via Powershell! I didn’t even need to mess with the host.class file in FOG. This is thanks too @JJ-Fullmer . He had a reference to a post he had about Powershell and FOG via adding groups:

https://forums.fogproject.org/topic/12026/powershell-api-module/15?_=1648864559519

So I ended up adding another variable called $newassocias2

Again thanks to everyone that contributes to this page. I’m happy & grateful to using this product.

Ok, I think I got this figured out just now.
Thanks to you jj, I followed your example from your original link:

https://forums.fogproject.org/topic/12026/powershell-api-module/11

So far I got this to work on one host: Here’s what I did by using your script:

$newAssocs = New-Object System.Collections.Generic.List[object];
$computer = (get-foghost -hostname “itloaner”).id
$groups = (get-fogobject -type object -coreobject group).groups | where-object name -eq “sales”
$groupAssocs = Get-FogObject -Type Object -CoreObject groupassociation

$json = @{
“hostID”=$computer;
“groupID”=“$($groups.id)”;
} | ConvertTo-Json;
# Note, when creating the json splat and then piping it to convertto-json you must encapsulate properties and values in quotes and match the case of the original property (i.e. ID instead of Id) as in this example or it won’t parse right and will return a 417 error from the api

$result = New-FogObject -type object -coreObject groupassociation -jsonData $json;
$NewAssocs.Add($result);

#list the newassocs that added the laptops to your group
$NewAssocs;

It then showed up as it added as per the results attached in this message.

For further proof, I went to my test host and verified it was added via the new-fogobject command. I’m starting to understand now how this works. I just need to keep playing around with it and should be good going forward.

My next task is to try to create a task via powershell to get the inventory of the machine before deploying the image. If you know of any commands, please let me know and I’ll keep trying myself as well.

Again thanks for the info.

@george1421 hey George, so I see what the problem was with WSUS. I thought the content folder can be put anywhere since it said remote path. I tried my NAS both network path and iscsi, but still locks up the downloads. I did research and said it’s not supported in a network share, so I put it back on the local.

Now for the Office 2013 updates, I found this online to extract the service pack 1 and I was able to get the updates faster compared to WSUS.

https://www.howto-outlook.com/howto/slipstreamoffice2013sp.htm

I’m working on the unattend file and will work on copying files this weekend. The offline script I was following sucked and didn’t work no matter what I tried. I’ll keep you posted. Thanks for leading me in the right direction.

@Sebastian-Roth said in unable to install CA certificate (MDT 2013):

@Jamaal said in unable to install CA certificate (MDT 2013):

I changed from the quiet switch to passive and I noticed the CA certificate error.

Please give us more information about this. Exact error message? Possible take a screenshot and port here.

Please close this ticket! It was my mistake. The issue was that I found a powershell script to disable the internet access during the MDT process, but the program was since fog tried to reach the ip address of the fog server, it was being blocked due to non internet access. I moved the script further down the process and it installed. Thanks for all of your input though.

@jj-fullmer

Hello, jj,

Thanks for the fog api notes, appreciate you helping us out. I’m not sure if you remembered me, but have a few questions.

I’m trying to do 2 things. One to assign a group to a machine one created in fog via powershell. I tried get-foggroupbyname, but says the parameter is not recognized.

It then told me to go to c:\program files… until I got to fogapi.psm1

I copied and pasted the command for cmdletBinding.

It didn’t error out, but didn’t return anything. Ex; , I know I created a Sales group in the Fog Gui with snapins assigned to it, so I wanted the machine to be assigned to that group to make it more dynamic. Please see attached pics. I’ll keep trying as well on my side. I’m so so on Powershell, but came a long way.

@jj-fullmer said in fog API powershell help:

$snapinsToRemove = @(‘snapin’,‘names’,‘here’);

That’s what I needed, an array to choose from a list. Thank you so much! Really appreciate you on helping me on this.

@Sebastian-Roth said in FOG 1.5.4 API host module settings:

Pinging @JJ-Fullmer on this.

All,

I figured this out! I got hostname changer via PowerShell. So here’s what I did to resolve it.
So with the script I got from this forum last week, I know it had the Json in a splat format. I’m so so with PowerShell
and doing a lot better than a few years back. So basically what KaterKarlo said, he has moduleid = 9.

It wasn’t working for me. To get the correct name and ID number, I ended up going to my fog server via the browser, then right click on the browser and view page source did a search for hostname changer. Then it came up the name modules and the value of 9. I finally ended up putting it with the rest of the splat and joined it with no issues:

“modules” = 9

I hope this helps someone as well if they need to get the values of a host.
But thank you guys always for pointing me in the right direction.

@jj-fullmer said in Powershell API Module:

vscode

Thanks jj,

I’ll install & try out.

@george1421 said in PXE issues:

@Jamaal This problem is solvable but it make take some effort on your part.

Lets start with the basics.

For the DHCP IP zone where your pxe booting clients live, you need to set dhcp options 66 to the IP address of your fog server. And for dhcp options 67 that needs to be snponly.efi or snp.efi. With those settings configured on a MS Windows based dhcp server a pxe booting client should boot. Make sure on your dhcp server that is responding to bootp and dhcp requests. Its been a while since I messed with windows but on the dhcp server there should be a setting of dhcp bootp or both. Select both.

Now lets talk about WDS for a second. A WDS server can use dhcp options 66 and 67 as above, but it can also run a proxy dhcp service that tells the client to ignore the dhcp options and come talk to it for boot information after it gets an IP address for the dhcp server. This maybe called a netboot service or something like that on your WDS server. Its not part of the main WDS service. If this service is still enabled it will override any settings you make in dhcp for pxe booting.

So how do you figure this out to what’s wrong?

The easiest and most complicated issue is to identify what is flying down your network during the pxe booting process. You can do this with wireshark on a witness computer (computer not part of the pxe booting process). This witness computer can either be a ms windows or linux computer, the key is to have wireshark loaded. When you start up a capture use a capture filter of port 67 or port 68 or port 4011 That will limit what wireshark sees to only the dhcp packets. Make sure the witness computer is connected to the same subnet as the pxe booting computer.

Start the packet capture and then attempt to pxe boot the target computer. Continue to capture the packet until the pxe booting computer either reaches the fog iPXE menu or errors out. Then stop the capture.

In the top section you should see the DORA (discover, offer, request, and finally ack/nack) process. The process goes as follows:
Client -> Discovery
Server-> Offer
Client -> Request
Server -> Ack/Nack

In this process you are most interested in the one or more OFFER packets. In a normal network you should only see one OFFER packet. When WDS is involved you will see one OFFER packet from your main dhcp server and a second OFFER packet from your WDS server. If you are seeing the OFFER from your WDS server then you don’t have the proxy-dhcp service disabled, and that is causing your issue. If you are seeing two offer packets from two different dhcp servers, such as a primary / secondary setup make sure both dhcp server are configured to boot from FOG server.

Now what do you do if you only have one OFFER packet and its still not working. This is where you need to select the OFFER packet and then look at the data in the parameters box. There will be the bootp fields of next-server and boot-file these need to be configured for the fog server IP and snp.efi. Then in the dhcp options section options 66 and 67 need to be set correctly. If one or the other sections are not set correctly you will get random machines not booting while others are.

If you can’t figure it out save the packet capture file “be sure you only captured the dhcp process” and up load the file to a file share site and post the link here and one of us will take a look to see what’s wrong. But I think from what I covered here you should be able to figure out what the pxe booting client is being told to do incorrectly.

George,

I ran the idea with the system administrator at my job and of course he was doubtful (conceited), he turned off the server thinking that would solve the issue. I ended up looking at an older forum and made a USB with the ipce file and booted up the machines that were given me issues and that worked. You guys can close this and mark as resolved. Again, I appreciate your guidance on this.

@mfe said in FOG Client service disconnection, pending snapins are not even being detected:

Hi,

We are experiencing some issues related to snapin installation both in ubuntu and windows clients.

FOG Server version: 1.5.10.1639
FOG Client 0.13, both in our Windows as in our Ubuntu systems.

We have classrooms with more than 30 computers and dual boot (Windows, Ubuntu).

The situation is that we have (for example) the thirty computers in the classroom logged in in Windows and we want a snapin to be installed in all the 30 windows systems. It is very common that let’s say 15 computers have the snapin in the state Queued for ever.

We then force a Reset encryption data from the server and this is not enough, they are still queued.

It seems that the FOG Client gets disconnected (timeout?) from the server after a while and the only way we have to get the snapin Checked-In is by restarting manually the FOG Client service.

The maintenance free gaps we have are short which makes this issue important to be resolved.

I guess there must be some specific FOG Server configuration to avoid this problem but I don’t find it.

Any help would be really apreciated.
Thanks in advance,
m.fernández

Hello,

I started to experience that as well with that version yesterday. When I get to work today, I’m gonna work on it. If I get it going, I’ll reply as well.

Hello all,

I’ve been having some PXE issues at work and tried what I could, but things are not working out correctly. Here’s what going on and I searched throughout the internet and can’t get it.

The FOG version I have is 1.5.10.1754, kernel 6.12.35 for both 32 and 64 bit.

We have some HP desktop computers that have the generic network card (11) 1219-LM.
A model that’s giving issues for example is a HP mini ProDesk 400 G6. Not that it matters, but it has an i5 processor.

I finally talked some sense to our IT admin to use FOG instead of MDT (snail). Anyway,
he has the WDS server disabled. We have a Windows Server 2022 that has DHCP server enabled.

When I boot the mini via PXE, it flashes back to the boot menu like it doesn’t see FOG.
If you go to the BIOS and select F6 (some PXE test mode I think), it wants to PXE from the disabled WDS server and shows the boot file it wants to boot from instead of FOG. It happens to an older HP ProDesk 400 G4 with the same 1219-lm network adapter. It shows its Ip address. As a test, I asked him to re enable the WDS server yesterday and it pxe with no issues.

If you put a HP Mini that’s an i7 (I believe a HP Pro Mini 400 G9) that has the same 1219-LM network adapter, it sees FOG and it’s ready for registration.

I double checked and triple checked DHCP is setup correctly on that vlan, ex; correct fog server name and file is ipxe.efi, even created the policy for the pxe arch to 0007 and 0009.

I tried downgrading to different kernels, but didn’t fix neither.

I’m at a loss on what else to try because WDS is very slow and I don’t want to keep using it to slow us down as we have MDT with it deploying Windows 10 and having to upgrade to Windows 11 with a PowerShell script. I was thinking about reinstalling FOG, but not sure if that would help.

Again, thanks for your guys support for all theses years.

Ok,

I finally figured this out. I know it’s not the best method, but I prefer this than having the wording “plain text” Here’s what I did in case someone needs to do the same.

I read that API tokens do not go well as a securestring. Here are some references:
https://jamesone111.wordpress.com/2020/04/10/transformers-for-powershell-parameters-which-take-secrets/, and https://github.com/Azure/azure-powershell/issues/25533.

So in order to get past this, I needed to create another variable as show below:

• $testapi1 = [pscredential]::new(“token”,$yourtoken)

You’re basically adding the pscredential above like you’re going to setup a username, but you put something like “token” or any wording as a placeholder for the username, then put the token in.

• Then after you define the header you do something like this: $testheader.add(fog-user-token’,$testapi1.GetNetworkCredential().password)

Again it’s not the best method, but I also read a way when you do read-host -aseecurestring and save your api there as a variable, you can dispose that variable so it doesn’t stay in memory.

$test.disposeof

If someone has any better ideas, please let me know as I’m always on here learning new things and want to share as well. This basically can be closed out.

Hello @JJ-Fullmer , hope all is well.
First of all, thanks for creating that Powershell module for FOG to be used via Powershell.
I have a question in regards to the script I’ve been using for a while. In it has the API for both the user and the FOG server.

I want to be more secure in the sense of not putting the API in the script. I tried Microsoft’s module Secret Management and I can store both api keys under 2 different secrets. Here is the link from Microsoft: https://learn.microsoft.com/en-us/powershell/utility-modules/secretmanagement/get-started/using-secretstore?view=ps-modules

But when I try to retrieve the secrets, I get the 403 forbidden message.

Powershell variables for the both api keys for example:

Error message:

It will only work if I add -asplaintext for example:

It won’t take the System.Security.SecureString

I double checked to make sure I’m using the correct fog and user api keys, but no dice.
Is there a way to secure these API keys instead of putting them directly in the Powershell script and also not doing the command -asplaintext?

If anyone has suggestions, please let me know.

@george1421

Ok, let me try some things this week and let you guys know. Thanks guys.

Hello, all,

I haven’t posted in a while because I haven’t had any issues for a long time. So there it goes.
We recently started purchasing Dell Latitude 5530 laptops I have an issue with them for some reason.
First off, the version of FOG I have is 1.5.9 now, had 1.5.10 and went back down because I thought this was causing the issue.

The problem is that FOG images the laptop fine, but when it restarts to boot into Windows and continue the step “getting devices ready”, it goes right
to the ctrl alt delete screen and then the administrator password is not working. This is very weird.

Before I downgraded back to 1.5.9, I reimaged a Lenovo T510 laptop (yes it’s a dinosaur, lol) to rule out anything with setupcomplete.cmd, imaged with no issues.

I have FOG running on Ubuntu 20.04.6 on Windows Hyper-v, 2019.

I deleted the network drivers from the Latitude 5530 folder numerous times and still after it images, the network at the ctrl alt delete is not working.
No wireless nor network card, can’t even log onto the laptop.

I know I have the pnp command in the setupcomplete.cmd and it works fine on Lenovo laptops, but for some reason from since yesterday, I started to run into issues.
I looked in the forum before posting this, but can’t find any solution. If someone can give me an idea why this is happening, I appreciate it.

@Gerrit-Anderson Thank you for this! I was battling this yesterday and this fixed the issue immediately.

@sebastian-roth said in Powershell and fog:

@Jamaal Anything in the Apache error logs? Sure the API is enabled (user and global)?

Yes, the API is enabled. I’m not sure on how to check the apache error logs.

@tom-elliott said in Powershell and fog:

@jamaal What if you define fogsrv to the IP address of the fogserver?

FQDN must be reachable by the device in question. Using the IP address is usually a more sure bet.

I’m going to try that later & let you know. Thanks for the suggestion, Tom.