Version 1.5.10.1629
Environment - Dell Poweredge server running Alma Linux 9.5

Not to dredge up an old forum post, but I experienced this same error after migrating from an old CentOS server to newer hardware and Alma Linux. (What apparently many are moving to now).

For me the issue seemed to be related to trying to pull an image from a laptop that had the previous client on it. I have 2 computers that I use as dedicated imaging devices, 1 laptop and 1 desktop. I uninstalled the old FOG client, but when installing the new client and attempting to point it to the server, I got the CA Certificate error mentioned on the “Pinning” stage of the install. I tried to find an old cert on the device itself, with no luck.

What I ended up attempting after doing a little digging was to add back the following Windows firewall rules. I did that, and it seemed to kick over immediately and installed on the very next try. I am unsure if this is coincidence or if the firewall rules truly needed to be on the device before installing. But it worked after that and I now have a successfully pulled base image like I utilized on the previous server. The rules I used in an elevated command prompt are below. Perhaps someone from the FOG community can comment on the accuracy of my firewall rules? Good luck and hope this helps someone in need!

netsh advfirewall firewall add rule name=“Fog Client” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGService.exe”
netsh advfirewall firewall add rule name=“Fog Shutdown” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGShutdownGUI.exe”
netsh advfirewall firewall add rule name=“Fog Tray” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGTray.exe”
netsh advfirewall firewall add rule name=“Fog Update Helper” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUpdateHelper.exe”
netsh advfirewall firewall add rule name=“Fog Update Waiter” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUpdateWaiter.exe”
netsh advfirewall firewall add rule name=“Fog User Service” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGUserService.exe”

@alexamore90 Lets try to unpack this.

You have 3 ESXi servers connected to an unmanaged switch.

This part is a bit unclear. After deploying on a few pcs the speed dropps to 900mb/min (watch your unit of measure). Normally its up to 22GB/min (again assuming you are getting this number from partclone).

After deploying to a few PCs the speed drops. Is this simultaneous deployments or consecutive deployments the speed drops?

Unmanaged switch: So this isn’t an enterprise class switch. You may have issues with throughput on the switch itself. The aciscs might not be fast enough for the amount of data your are trying to push through. Look at the throughput listed in the technical documentation for the switch.

You didn’t mention the uplink speed from the ESXi servers to this switch. On a well managed 1GbE network you should get around 6GB/min throughput. On a well managed 10GbE network I’ve seen 13-15GB/min. So your 22GB/min seems a bit higher than expected. I can say with a physical FOG server connected via 1GbE link, I can saturate that 1GbE link with 3 concurrent image deployments. When that happens the error rate increases and the throughput drops off quote a bit.

The other thing if you are trying to do concurrent deployments with these 3 FOG servers, make sure the drives on ESXi are SSD or NVME drives and not spinning disks for performance reasons.

In the end I don’t think this is a FOG server issue specifically, rather something in the environment that is causing the speed issue.

Just checking in here to Mark this as SOLVED. I had added the dev branch under a different folder. So the mix up was between the chair and the keyboard. Performed @Tom-Elliott Recommendations and reinstalled from my primary install and it is now working. trying to pxe boot MacBookPro’s. That’s another story, for another thread.

@Tom-Elliott

Ok thanks @Tom-Elliott - that helped me. I had a script that was failing and trying to find logs for it was difficult to get a location that it could write to, that I could find after the deployment, and i couldn’t see if it was erroring or whatever… running in deploy debug was really helpful. Thanks.

@ALV_SUPECOLES This seems to be similar to this thread: https://forums.fogproject.org/topic/17759/ipxe-initialising-devices

In this case uefi firmware was updated then iPXE stops at initializing devices. If compiling and installing the latest version of iPXE doesn’t solve the problem then we will have to wait for either iPXE developers or Lenovo to fix the problem. https://forums.fogproject.org/topic/15826/updating-compiling-the-latest-version-of-ipxe

@Tom-Elliott Thank you Tom. I change the UUID’s by the devices names on the /etc/fstab on the “golden” machine before I capture a new image and I redeploy it, but apparently it doesn’t change anything

ok, got it.

My storage pool had the other IP address, once I changed the IP of the storage pool to same subnet has the machine I am trying to clone, it went smoothly.

It is now copying at 257MB/min… is that good ?

@george1421 Gotcha. Thanks for the reply. I’ll post a picture of the error when I’m able to get back to testing next week.

@Tom-Elliott

Yeah, this was my suspicion. I see both sides of it too. Sounds like I’ll have to either super simplify some of my install scripts and make some sacrifices or figure out another solution.

I appriciate the response and confirmation!

This thread is quite old. Just here to mark it solved. I did manage to set my isp’s router as the dhcp server and successfully captured an image.
Thanks for all your suggestions and help.

@Tom-Elliott said in Capture UEFI image on hyper-v VM:

6.1.89

Thanks, this worked for me.

When tasking a host, I’d get the same as @Baessens (Hyper-V).

I went to kernel update and installed 6.1.89 as per Tom’s suggestion and I was able to get past and into image deployment!

@Tom-Elliott
I could send you any log-info you guide me.
Too bad no one could help this problem.
I had so time consuming setting up this great project.
Do you might now anyone else i could send a message maybe?A remote session somehow?
Thanks for the effort anyway.

I had a problem when capturing an image when the computer was in legacy mode, when it was in UEFI mode everything worked. Then I reinstalled FOG on PROXMOX and I didn’t check Legacy mode anymore, but now I just tested imaging in legacy mode and everything works. That’s why I thought it was somehow dependent on whether fog was installed in UEFI/Legacy mode. Topic to close then.

@Tom-Elliott Thanks for the clarification, but please let me know if I can at least somehow avoid resizing the current partitions (especially boot partition), such as by checking Multiple Partition Image - Single Disk (Not Resizable) - (2)?

Hello,
I have a prod server and a test server
To differentiate them, I would lid like to change the default “blue theme” to a green theme.
Which lines should I modifi in de fog.css files ?

Hello, it looks something is wrong with you backend.
Are you able to open from the browser:

http://192.168.1.22/fog/service/ipxe/boot.php http://192.168.1.22/fog/service/ipxe/bzImage

?

@kentasmith Try changing your DHCP option 67 to another one of the boot files available (link below). We had this error and this resolved it. Think changing it to ipxe.kpxe instead of undionly.kpxe helped.

https://docs.fogproject.org/en/latest/installation/network-setup/dhcp-server-settings/#option-67

@george1421 said in tftp client targetting the wrong server [dhcp relay, kea, option 66]:

@nec Good find, but I would also say that you are missing the boot-file (or whatever its called) at the pool level. That is the bootp part of the pxe booting. When you look at the pcap from the witness computer on the same subnet as the pxe booting computer. You should see both sets of values set.

OK, I get that, though I must admit that the config file I’ve shown here is sufficient and working in that particular context.

I have no idea what Kea dhcp server is but the config file looks similar to the linux standard ISC-DHCP dhcp server.

ISC started the development of Kea in 2014, ten years ago, with the objective to replace the venerable ISC-DHCPD.
As stated here, ISC has set the end-of-life of ISC-DHCPD in 2022.

(On a personal POV, it broke my heart)

@kamburta
Tom,
Sorry to take your time, you can convert from https to http by changing the information in /opt/fog/.fogsettings and running the installation again.