@jmeyer Having a FOG server with a dual nic is a standard and supported configuration for installing FOG.

There are a few things you need to know/do before installing FOG.

Know the linux kernel names of your network interfaces. You can see this by using the following command ip a s Identify the name of your business network interface and your imaging network interface. Document these names. Make sure your imaging network interface is configured for a static IP address. FOG does not like having the imaging network interface IP address changing once FOG is installed. Make sure your business network interface has a default route defined so that it can get to the internet. Confirm that your fog server has internet access. Make sure your imaging network interface does not have a default route defined.

Now use the git method to download the installer files onto your FOG server.

Install FOG. During the installation process you will be prompted for the linux name of your imaging network interface. Key that in when requested. You will also be prompted to if you want to install a dhcp server. Answer yes to this. The fog installer will only bind the dhcp server to the imaging network interface leaving your business network interface alone during the installation of FOG. There will be no conflicts on the business side since fog will only focus on the interface you said that is your imaging network.

@brakcounty said in Can a FOG Server setup as a Storage Node serve tftp files?:

I could always do a mysqldump export and import from the primary fog server to the secondary right?

Sure thing!

@yeet See if the bios has a setting called mac passthru or something similar. That will passthru the built in mac address of the mobile device to make the network adapter generic and the computer unique.

Doesn’t secure boot use unique keys? Have you been able to boot with secure boot enabled on machines that you deployed the image to?

@george1421 The USB ipxe boot method works perfectly, from a USB drive. The idea is to somehow make that ipxe process boot BEFORE Windows on the hard drive itself instead of the usb drive, and have a countdown to boot from first hardrive. This way I can set a deploy or capture task remotely and it would work. As for specifying the IP address, I already did. Ipxe sees the FOG server on the same vlan, but on a different vlan ipxe asks for the FOG server address.

@sebastian-roth I need to get back into those docs. Things have been just so crazy lately. When you have something working let me know and we’ll get it documented.

@sebastian-roth I already try snappin on Windows and it’s working. The client is install with the last version and my fog version is 1.5.9.
I tried to use Fog’s snappin on debian host but and it’s going well but I think that my command are not good. i tried with dpkg -i and /bin/bash. The client is downloading and rebooting the PC but I can’t find the program

463e11a5-6457-4538-a9ab-7b062651629a-image.png

@turtle331 I would like to get a solution for the installer error 😕

@brakcounty I don’t have access to my production fog server at the moment, but I’m wondering if the history table keeps track of “deploy image” imaging…

This bit probably won’t help you retrospectively, but in my environment we don’t register the target computers with FOG, we use the “Deploy image” route. We do use MDT to build our golden image though. In MDT we have a task sequence that creates a registry key with the build date the golden image is created because we typically rebuild our golden image once a quarter. With a PS query we can query AD and the target computers to find out the unique build date of all of the deployed images. In a way we could back into the number you are seeking.

So the question for you is… is there something unique that would identify the target computer as being deployed by FOG? Some unique software or registry setting that would say this image was built by our golden image deployment environment?

From a FOG perspective, once you deploy an image via the “Deploy image” iPXE menu FOG forgets the target computer ever existed. The question in my mind is of the history table keeps any lingering memories of the target computer’s mac address or such.

@yeet Good you have found FOG’s cron scheduled taskings. That’s the way to go for what you are asked to do.

@brakcounty That is defined in the web ui. That is the default user account you login as the admin. If you create another user account on your fog server you can use that for the iPXE menu instead of fog

Got it. Script works. Thanks!

@junkhacker I built an ipxe image using the fog’s kernels and files and made them into a vISO then mounted it to my vm. Boot from it, then normally it would load ipxe and eventually the fog menu. since I updated vbox it stopped working. yeah I’ll have to play with it.

Wait nevermind I figured it out. I enabled the “Hide Menu” option under Fog Configuration>iPXE General Configuration>Menu Hide/No Menu settings. Pressing ESC after entering the FOG tftp server IP shows the login menu. Perfect!

@astrugatch said in Script to detect and repair AD Biding:

Is that separate from the cert that is used for HTTPS? Do I need to generate a new cert or does that come from the install as long as it is recent?

It’s separate from the cert used for HTTPS. Nothing you need to mess with. It’s a code siging certificate and it’s bundled into the fog-client. So if you use a recent one you are good to go.

@nick the client communicates entirely with web based services on the fog server. in fact, if you know what to put in the url bar you can do most (maybe all, i can’t remember) of the call/response in a browser to see what gets returned when the client makes requests. which is something we do when troubleshooting.

@OmegaXis While I have not tried it myself I would think it’s not a big deal. Start reading up on bash scripting and start with simple scripts like this one:

#!/bin/bash # my installer script APT_GET_PATH=$(command -v apt-get) [[ -z $APT_GET_PATH && -x /usr/bin/apt-get ]] && APT_GET_PATH=/usr/bin/apt-get $APT_GET_PATH -y update $APT_GET_PATH -y install -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold name-of-new-package

Instead of name-of-new-package use the package you want to install.

@george1421 @Sebastian-Roth So I modified my postdownload scripts to manually mount the correct drive if the code that was originally there didn’t do it. It is working for me so I am adding my post download scripts below in case anyone comes across this thread and finds it helpful for them. This works for me in my environment, but may not work for everyone.

I took inspiration from the getHardDisk() function in https://github.com/FOGProject/fos/blob/master/Buildroot/board/FOG/FOS/rootfs_overlay/usr/share/fog/lib/funcs.sh

The scripts are a bit of a mess but working

fog.postdownload

#!/bin/bash ## This file serves as a starting point to call your custom postimaging scripts. ## <SCRIPTNAME> should be changed to the script you're planning to use. ## Syntax of post download scripts are #. ${postdownpath}<SCRIPTNAME> clearScreen; dots "Running post download scripts." mkdir /ntfs &>/dev/null ntfs-3g -o force,rw $part /ntfs echo "Mounting Device"; if [ "$?" = 0 ]; then if [ ! -d "/ntfs/Windows" ]; then . ${postdownpath}mountLargestPartition fi echo "Done" debugPause . ${postdownpath}getMachineModel . ${postdownpath}getPlatformVersion . ${postdownpath}fog.drivers . ${postdownpath}fog.unattend if [ -z "$auditMode" ]; then . ${postdownpath}fog.bcu fi echo "Unmounting Device"; umount /ntfs; debugPause else echo "Failed to mount device"; sleep 30; debugPause fi

mountLargestPartition

#!/bin/bash dots "Running the manual mount script" drive=$(lsblk -dpno KNAME -I 3,8,9,179,202,253,259 | uniq | sort -V) driveCleaned=${drive//'/dev/'/} #Remove `/dev/` from variable partition="" partSize=0 # Get the largest partition while IFS= read -r line; do tempPartSize=$(blockdev --getsize64 /dev/$line) if [ $tempPartSize -gt $partSize ]; then partSize=$tempPartSize partition="/dev/$line" fi done < <(ls /dev | grep -E "${driveCleaned}[a-zA-Z0-9]+") umount /ntfs &> /dev/null ntfs-3g -o force,rw $partition /ntfs

getMachineModel

#!/bin/bash dots "Retrieving Machine Model" machine=$(dmidecode -s system-product-name) # Gets machine model machine="${machine// /_}" # Replace spaces with underscores echo "${machine}" debugPause

getPlatformVersion

#!/bin/bash dots "Retrieving Platform Version from Registry" # Create a registry file to be able to search the ReleaseId from # reged -x gives out an abort error message but from all my testing it still works. reged -x /ntfs/Windows/System32/config/SOFTWARE HKEY_LOCAL_MACHINE\\SOFTWARE \\ /out.reg &> /dev/null || true if [ -f /out.reg ] then PlatformVersion=$(cat /out.reg | grep 'ReleaseId') PlatformVersion=${PlatformVersion:13:4} # Grab only actual the ReleaseId. Full text looks like "ReleaseId"="1909" echo "${PlatformVersion}" else echo "No registry file found." debugPause dots "Retrieving Platform Version from PlatformVersion.rek file" if [ -f "/ntfs/Windows/PlatformVersion.rek" ] then PlatformVersion=$(<"/ntfs/Windows/PlatformVersion.rek") echo "${PlatformVersion}" debugPause else echo "No platform version file found." debugPause fi fi

fog.drivers

#!/bin/bash dots "Preparing Drivers" mkdir /ntfs/Drivers &>/dev/null; echo "In Progress" dots "Adding drivers to driver path" cp -ar "/images/drivers/${machine}/${PlatformVersion}/" /ntfs/Drivers if [ "$?" = 0 ]; then echo "Done" else echo "Failed!" fi debugPause regfile="/ntfs/Windows/System32/config/SOFTWARE" echo "regfile ${regfile}" key="\Microsoft\Windows\CurrentVersion\DevicePath" echo "key ${key}" devpath="%SystemRoot%\inf;%SystemDrive%\Drivers" echo "devpath ${devpath}" reged -e “$regfile” &>/dev/null <<EOFREG ed $key $devpath q y EOFREG echo “Drivers done.”

fog.unattend

#!/bin/bash dots "Searching for Platform Version" # If $PlatformVersion is not null/empty if [ -n "$PlatformVersion" ]; then echo "Found" debugPause dots "Removing old unattend file" rm -f /ntfs/Windows/Panther/*nattend.xml if [ "$?" = 0 ]; then echo "Done" else echo "Failed to remove file!" echo "Aborting fog.unattend" debugPause sleep 60 return fi debugPause dots "Checking image mode" if [ -n "$auditMode" ] && [ "$auditMode" -eq 1 ]; then echo "AUDIT" debugPause dots "Copying audit mode unattend file" cp "/images/unattends/UnattendAuditMode.xml" "/ntfs/Windows/Panther/Unattend.xml" if [ "$?" = 0 ]; then echo "Done" else echo "Failed!" fi debugPause else echo "OOBE" debugPause dots "Copying unattend file with driver path" cp "/images/unattends/UnattendWithDriverPath.xml" "/ntfs/Windows/Panther/Unattend.xml" if [ "$?" = 0 ]; then echo "Done" else echo "Failed!" fi debugPause fi else echo "No valid Platform Version." echo "Skipping unattend." debugPause fi

fog.bcu

#!/bin/bash dots "Copying BIOS change script" if [ -f "/images/drivers/CMSL-BIOS_Change.ps1" ] then cp "/images/drivers/CMSL-BIOS_Change.ps1" "/ntfs/Drivers" echo "Done" debugPause else echo " Failed! Could not find bios change script." debugPause sleep 60 fi echo "fog.bcu done." debugPause