@ibivibiv Ok I was correct! I think maybe there is a more clever way to update the grub directory contents (grub update command etc.) but basically if I do the following I find myself with a fairly close to working system:

dd the MBR file to /dev/sda sfdisk the partitions to /dev/sda partclone restore d1p1.img to /dev/sda1 Take the grub contents from the original machine and overwrite them onto sda1 partclone restore d1p6.img to /dev/sda6 mkswap to /dev/sda5 with the uuid from the orig uuid file

This drops me into the grub menu and after the timeout it boots as normal.

Not too bad, and hopefully it helps anybody else that asks this question. I saw it gets brought up sometimes.

@Mr_Matten Ah, glad you figured it out!

@vmesuria Make sure you have CHANGE HOSTNAME EARLY enabled in FOG configuration -> FOG settings -> General settings in the FOG Web UI. Aß well you need to have the image OS ID set to an of the Windows IDs and Windows needs to be on a NTFS formated partition! If those three things apply it should do the early host rename for you.

@xburnerx00 The short answer is it should just work if you have the dhcp boot options set.

With that said, let me explain why this usb boot disk exists in the first place.

We have historically seen the pxe booting process hang (stop/freeze/abend what ever you want to call it) in 4 spots that causes the FOG admin troubles.

Either the computer doesn’t have a pxe boot option or for what ever reason iPXE isn’t being sent to the target computer. iPXE is delivered to the target computer but iPXE will not startup iPXE will start up but will not start up the FOS Linux kernel (bzImage). We almost always see this in uefi mode due to buggy uefi firmware on the target computer. In uefi mode the imaging tech is using a network adapter not supported by the computer manufacturer so pxe booting isn’t an option.

So what the FOS Linux usb boot drive does is boot into Grub and then calls FOS Linux directly from the usb flash drive. This bypasses pxe booting and iPXE eliminating the above conditions. In this setup the Grub menu is a weak analogy to the more capable dynamic iPXE menus.

We did include iPXE boot loaders on the flash drive to boot iPXE directly from the usb boot stick instead of by PXE. By doing that we can eliminate issues 1 and 4 from above. But any issues with iPXE in 2 and 3 would still exist.

@Sebastian-Roth
Works fine for me on all the flavors of 10 we use. LTSB LTSC and 1703 1803

@Alk said:

I know i am a pain but is there a way to avoid the reboot during quick registration and just go back to the main menu in pxe boot?

Not without changing FOG/FOS as far as I can see. But you are more than welcome to play with the scripts and adjust things to make what you want.

Doing it via UI is a bit slow since i have to type in the mac of the device.

Well if you use CSV import that shouldn’t be slow at all if you have the MACs at hand. This way you can add several hosts in one go and have the correct names assigned at the same time as well. This will save you time!

@xardoniak Well to start breaking this down, do you have a physical computer on the same subnet you can test with?

Really we have 2 timings to consider. The first is the transfer of the linux kernel and initfs via tftp, then you have the kernel startup to end that timing. Once the kernel is up and running it uses nfs to connect to the FOG server to load the squashfs that has the actual OS image. Once the nfs bit happens that starts the second timing. tftp is the slowest of the protocols but that is only used to get vmlinz and initrd over to the target computer, the rest is done by nfs.

@fry_p @dooleyrd @kafluke I still hat no time to look into this. It’s just too many topics und not enough people to do the stuff. Any chance one of you guys or your co-workers can help with this?

@jester805 For Windows 2012+ dhcp server there is guidance on how to set it up here: https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence#Using_Windows_Server_2012_.28R1_and_later.29_DHCP_Policy

The instructions are for 2012 dhcp server, but I can tell you they work well for 2016 dhcp server too.

A couple of deviations from the tutorial.

I would setup these classes Type Architecture Name ---- ----------------- 6 EFI IA32 7 EFI BC (EFI Byte Code) 9 EFI x86-64 Set your default dhcp option 67 to undionly.kpxe. Set dhcp option 66 to the IP address of your fog server In the custom filters only set dhcp option 67. Don’t set option 66 like in the instructions\

The idea is if one of the filters don’t match then it will pick the default values which will be for bios computers (undionly.kpxe)

If you are imaging for Forensic Analysis for legal reasons you should not use FOG. You need to use something like “Arsenal Recon” or “SANS SIFT” (which could be delivered by PXE booting in FOG). This software needs to be nationally recognized that exports its information in AFF format. If you don’t use a legally approved method the image collection will be discarded as tainted evidence.

@Sebastian-Roth : then don’t rush for me. What I can do for now is install the fog client and then copy the modules.dll that uses codepage 850. I have already created a script that does this. I will use this script to roll out the Fog client to all existing workplaces with psexec.

@bogle The FOG server talks to the target computer via the FOG Client/service. That service has a check in interval that is set in the fog settings. So the default may be 5 minutes (300 seconds), so if you issue a task to the target computer it could take up to 5 minutes before the target system reacts.

Also on the fog up/down indicator it doesn’t use a ping, but a connect to port 445 to confirm the system is up or not. If your windows firewall is blocking connections to port 445 then fog will assume its down.

@bogle Ah ok. I don’t know how the cloning would affect the intricacies of a web server. Please feel free to start a new thread if you run into any troubles with the windows imaging later.

@nexx34 said in PXE Booting ESXI 6.7u2:

Is it ever planned to make pxe booting “easier”?

Any suggestions are welcome. 🙂

We work a lot with scripts, we don’t use msi and exe, all our snapins are developed as scripts, usually powershell for windows and bash scripting for linux, we use sometimes php, python, perl… called from bash a so on.

Check the potential of the scripting for the 2 first points.
And as alternative to deploy software you can work with snapins+chocolatey

On the third point, we use fog snapins to start/stop services, deploy clients etc…

Currently we are using a reversed vnc server deployed/configured/started/stopped/removed as an unattended snapin, where we have firewalls, As GUI we use a Guacamole Gateway with a vnc-proxy, on the other side where we have not firewalls we are using Dameware and RDP to remote control. The services can be controlled with scripted snapins but the clients/servers/proxyes… must be provided as external services.

I only want to add, that with a deep knowledge of the targets, and with a good knowledge about scripting, and if you add a custom/complete toolset around FOG, you can get a pretty and usefull system admin/management environment.

@Sebastian-Roth said in MFA or logging for brute force attempts:

ust to clarify, what George meant was not actually AD logging done by FOG but using the LDAP plugin

Yes thank you for clarifying. I WAS talking about AD event driven logging. Since they are concerned about brute force attacks, I assume that there is already in place some kind of reporting against AD password hacking. Then from FOG’s standpoint there is nothing to monitor since everything is hitting AD.

@Sebastian-Roth @george1421 Thank you both. I understand that FOG was not really created for this large of a project, however, I’m interested to see how to handles it and what, if anything, will break along the way. I will keep everyone updated with my experiences and issues so that hopefully somebody else can avoid my mistakes in the future!

With the amount of stores we have, I think it may be better to use each FOG server independently to avoid overloading any single part of the system. This will make managing the project more difficult but in the end I think it will be better suited for this client. Each store has a maximum of 7 computers so that should be much more within the programs capabilities. For our corporate office and some of the larger daughter sites, (upwards of 300 computers per site) I will be performing local upgrades.

If I had more time to play around with a central FOG node I might try to make it work, but with Windows 10 support ending at the close of this year, I need to have all 1200+ computer upgraded by then as to not give our compliance department a stroke.

Again, thank you both for the prompt response and for supporting an opensource program.

@george1421 thanks for the reply!

After following your instructions I noticed that there is no “Installing Patch” text on the new server that is not behaving.
Also, /bin/fog.man.reg exists on both servers.

So I decided to follow the rest of your instructions on the old server that behaves as it should just to see what kind of results I should be getting. The results from following your post on the OLD server were as follows:

After getting to the command prompt I keyed in fog and hit Ctrl+C once i saw “* Running post init scripts … Installing Patch”. However, when I was returned to the command prompt and keyed in set |grep postinitpath nothing was returned and I was returned to the command prompt. I did grep for other words/variables that appear after keying in set by itself, just to make sure everything was functional, and set |grep type returned type=down as expected.

As for the NEW server, “Installing Patch” did not appear at all, just “* Running post init scripts … Done” . I did press Ctrl+C after this to see what set |grep postinitpath would return and it too output nothing and returned me to the command prompt. Keying in set |grep type for testing purposes returned type=down.

I also executed the fog command multiple times so that i could stopping the procedure at different debug steps to check set |grep postinitpath on both the OLD and NEW server and it never returned the location of the fog.man.reg.cust file.

Please let me know what you think.

@george1421 Worked flawlessly! Thank you and @Sebastian-Roth so much for the help!