@jhumpf There is no resolution to this. UEFI captured images can only function on uefi based computers. The same is true for BIOS captured images they can only function on bios based systems. The hardware is interfaced differerntly between the two. Most will just create two images, one for BIOS and one for UEFI systems which is MUCH cleaner and a MS supported solution.

I’m having a similar issue… What’s the best manner to turn on DCHP on my fog server after i’ve already installed it?

Thanks again for your help. I will research more what the System User can do. It looks like I am out of luck to do things that require elevated permissions (such as enabling Bitlocker) using a SnapIn. I think I will start to evaluate other ways to do post-provisioning scripts/tasks.

@tomhtil said in Storage node behind NAT:

@Sebastian-Roth is there an easy way to sync the database as well? I’d be happy with multi master setup if i could sync the images folder and the relevant config for just the images.

Galera

@Sebastian-Roth Thank you for your help, sorry for the late reply was very busy in the last weeks.
I managed it with turning on/off the no menu option.

@jtappen From what you wrote it seems like you are on the right track with this - Active Directory Defaults in the FOG settings should be the was to go.

So which way do you actually register your clients?

Our Fog is on versoin 1.5.6

This is not the latest version. I cannot say for sure we have found und fixed in the latest but if we find this to be a bug I need you to update to the very latest version.

@ibivibiv Ok I was correct! I think maybe there is a more clever way to update the grub directory contents (grub update command etc.) but basically if I do the following I find myself with a fairly close to working system:

dd the MBR file to /dev/sda sfdisk the partitions to /dev/sda partclone restore d1p1.img to /dev/sda1 Take the grub contents from the original machine and overwrite them onto sda1 partclone restore d1p6.img to /dev/sda6 mkswap to /dev/sda5 with the uuid from the orig uuid file

This drops me into the grub menu and after the timeout it boots as normal.

Not too bad, and hopefully it helps anybody else that asks this question. I saw it gets brought up sometimes.

@Mr_Matten Ah, glad you figured it out!

@vmesuria Make sure you have CHANGE HOSTNAME EARLY enabled in FOG configuration -> FOG settings -> General settings in the FOG Web UI. Aß well you need to have the image OS ID set to an of the Windows IDs and Windows needs to be on a NTFS formated partition! If those three things apply it should do the early host rename for you.

@xburnerx00 The short answer is it should just work if you have the dhcp boot options set.

With that said, let me explain why this usb boot disk exists in the first place.

We have historically seen the pxe booting process hang (stop/freeze/abend what ever you want to call it) in 4 spots that causes the FOG admin troubles.

Either the computer doesn’t have a pxe boot option or for what ever reason iPXE isn’t being sent to the target computer. iPXE is delivered to the target computer but iPXE will not startup iPXE will start up but will not start up the FOS Linux kernel (bzImage). We almost always see this in uefi mode due to buggy uefi firmware on the target computer. In uefi mode the imaging tech is using a network adapter not supported by the computer manufacturer so pxe booting isn’t an option.

So what the FOS Linux usb boot drive does is boot into Grub and then calls FOS Linux directly from the usb flash drive. This bypasses pxe booting and iPXE eliminating the above conditions. In this setup the Grub menu is a weak analogy to the more capable dynamic iPXE menus.

We did include iPXE boot loaders on the flash drive to boot iPXE directly from the usb boot stick instead of by PXE. By doing that we can eliminate issues 1 and 4 from above. But any issues with iPXE in 2 and 3 would still exist.

@Sebastian-Roth
Works fine for me on all the flavors of 10 we use. LTSB LTSC and 1703 1803

@Alk said:

I know i am a pain but is there a way to avoid the reboot during quick registration and just go back to the main menu in pxe boot?

Not without changing FOG/FOS as far as I can see. But you are more than welcome to play with the scripts and adjust things to make what you want.

Doing it via UI is a bit slow since i have to type in the mac of the device.

Well if you use CSV import that shouldn’t be slow at all if you have the MACs at hand. This way you can add several hosts in one go and have the correct names assigned at the same time as well. This will save you time!

@xardoniak Well to start breaking this down, do you have a physical computer on the same subnet you can test with?

Really we have 2 timings to consider. The first is the transfer of the linux kernel and initfs via tftp, then you have the kernel startup to end that timing. Once the kernel is up and running it uses nfs to connect to the FOG server to load the squashfs that has the actual OS image. Once the nfs bit happens that starts the second timing. tftp is the slowest of the protocols but that is only used to get vmlinz and initrd over to the target computer, the rest is done by nfs.

@fry_p @dooleyrd @kafluke I still hat no time to look into this. It’s just too many topics und not enough people to do the stuff. Any chance one of you guys or your co-workers can help with this?

@jester805 For Windows 2012+ dhcp server there is guidance on how to set it up here: https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence#Using_Windows_Server_2012_.28R1_and_later.29_DHCP_Policy

The instructions are for 2012 dhcp server, but I can tell you they work well for 2016 dhcp server too.

A couple of deviations from the tutorial.

I would setup these classes Type Architecture Name ---- ----------------- 6 EFI IA32 7 EFI BC (EFI Byte Code) 9 EFI x86-64 Set your default dhcp option 67 to undionly.kpxe. Set dhcp option 66 to the IP address of your fog server In the custom filters only set dhcp option 67. Don’t set option 66 like in the instructions\

The idea is if one of the filters don’t match then it will pick the default values which will be for bios computers (undionly.kpxe)

If you are imaging for Forensic Analysis for legal reasons you should not use FOG. You need to use something like “Arsenal Recon” or “SANS SIFT” (which could be delivered by PXE booting in FOG). This software needs to be nationally recognized that exports its information in AFF format. If you don’t use a legally approved method the image collection will be discarded as tainted evidence.

@Sebastian-Roth : then don’t rush for me. What I can do for now is install the fog client and then copy the modules.dll that uses codepage 850. I have already created a script that does this. I will use this script to roll out the Fog client to all existing workplaces with psexec.

@bogle The FOG server talks to the target computer via the FOG Client/service. That service has a check in interval that is set in the fog settings. So the default may be 5 minutes (300 seconds), so if you issue a task to the target computer it could take up to 5 minutes before the target system reacts.

Also on the fog up/down indicator it doesn’t use a ping, but a connect to port 445 to confirm the system is up or not. If your windows firewall is blocking connections to port 445 then fog will assume its down.

@bogle Ah ok. I don’t know how the cloning would affect the intricacies of a web server. Please feel free to start a new thread if you run into any troubles with the windows imaging later.