I’m having similar issues on a newly created Windows 11 24H2 FOG image. (Please note that the sysprep answer file I created is bypassing the Secure Boot check allowing FOG to pxeboot from the VM for capture). Once I bring the image down on a physical device and try to encrypt the drive I get the identical error shown above. If I go into the BIOS and enable Secure Boot the device begins encrypting automatically after a restart. NOTE: The drive will fully encrypt and the recovery key is populated successfully in Active Directory. I was feeling confident until I restarted again, then got a BSOD (unrecoverable). Windows 10/11 without secure boot enabled at the time of installation/imaging does not like having secure boot suddenly enabled.
So, if my thinking is correct this has something to do with secure boot, or more precisely the act of bypassing the secure boot check during Windows setup that was done in the sysprep answer file.
FOG can’t pxe boot on devices with secure boot enabled, but those same machines can’t be encrypted without secure boot and enabling secure boot after imaging only ends in a BSOD (unrecoverable).
FOG 1.5.10 on Ubuntu 2204

@nathan67 @lebrun78

When I configured the snapin with my example script that installs the FogApi Module and runs the universal command with the snapin setup with “powershell x64” like this

a1465243-07f4-4295-a707-7b295fd19e15-image.png

The snapin worked as expected and the host boots to pxe. I only tested this snapin method on a VM so far but I imagine it will work beyond that.

@george1421 oh, that will be our best alternative for now, sure 😉 Anyway I was just trying to think in some possible feature FOG client could implement regarding this, maybe I’ll be willing in the future to contribute to the project 😊 though not sure right now if Suspend-Bitlocker will require some kind of authentication 🤔

@Eliseu
this ip 192.168.0.17 is from the virtual machine that is trying to boot into the pxe, the ip 192.168.0.16 is the fog server

@JJ-Fullmer Thank you for the suggestion! I’m still new to creating GPO’s so I’ll have to figure out how to do that one. Doesn’t seem like it should be too hard. Thank you!

@mentaluproar sadly, due to the windows updates previously mentioned, which are actually fully enforced in the 2024-08 updates, a domain admin account is pretty much required to join the domain in an automated fashion. Microsoft gives some guidance on creating policies to allow a least privileged account but I haven’t been able to get that to work with fog. Granted, as long as your aren’t granting access to the fog gui to non privileged users, saving those creds in fog is safe and secured.

I’ve found myself in this situation where many of my hosts are stuck in this 0.11.16 version and I was assuming they would eventually update themselves, but now I see they won’t.
I’m assuming there is no way to force update them, right?
I am managing a whole building with hundreds of computers, so it would be helpful to have a way of knowing which of my hosts have this old client and need manual updating, and which ones are already updated.
Is there any log or exported info where fog server could show which client version its hosts are using to sync with the server? something like how the fog client shows the fog server version that it is connecting to, but the other way around.

@HorizonG said in FOG Golden Image, Sysprep and unattend post install:

’d also try renaming the post as explained:
with the command: sed -i “/ComputerName/s/*/$hostname/g” $unattend >/dev/null 2>&1

The variable $hostname comes from FOG, the variable $unattend must come from your script to define the location of the unattend file on the target hard drive.

Something to know, If you are questioning if each script is being called, place an echo some text at the top of each script. This way you can see each script being called.

One other tip I use for debugging post install scripts is to run a deployment in debug mode. Schedule a deployment, but before you hit the schedule task button tick the debug checkbox. Now schedule the task. PXE boot the target computer you will be met with several screens of text that you need to clear with the enter key. This will drop you at the fos linux command prompt. Now key in fog to start single stepping through the deployment. At the end of the image push you should see the post install scripts executing. If you use the debugPause; command at certain locations in your script you can stop the execution and wait to press enter. If you were to hit the ctrl-c key you can exit the deploy process. What this will do is give you the exact environment where your script is running. You can try different commands or fix the post deployment scripts. If you enter the command fog again you can restart the deployment process again without rebooting.

One last tip is that when you are interacting with the deployment process you are executing on screen 1, if you need command shell access you can press alt-f2 to go screen 2 run some comands and then pop back to screen 1 with alt-f1 to continue your script.

The pather location is the location where microsoft recommends you place the unattend.xml file, because it will look for the file there first. Where you get things confused is if you have an unattend.xml file in both locations because it will aways use the pather location first.

@elchapulin remove hibernation file (shown hidden files) or use sysprep
FOG won’t run with those on the system.

@sweeperdave So a machine of the same make model (and roll out) works perfectly fine, but this one machine has an issue?

(Not in windows of course, but just trying to understand the issue.) I see @fogcloud has written, and I apologize for missing this sooner.

I suppose “details” are what we need to potentially be able to help.

If suddenly ALL of the same make model (equipment roll out) are acting up, I would have to ask:

“Did you update kernels recently?” but if that’s not the case we are pretty sure it’s limited to this one machine.

At that point, I would say take a known working system, look at the bios configuration and see if there’s anything different in this strangly acting system. (If I had to guess it’s related to VTx technology enabled or something like that on this machine vs the other machines.)

Be cognizant of BIOS/Hardware Firmware versions and what not as well as those can also play a role in the overall operation of the device. Since replacing the drive and testing the same machine produces the same problem I’m leaning more specifically to the BIOS itself here.

This is just my experience.

If everythign else is effectively 1:1 from another, then this could just really be a faulty machine that only presents itself in the imaging process.

@zguo There are two things I can think of to create the initial error message.

You have the fog client installed and the services hasn’t been disabled before image capture. The fog client is starting to do its action before windows is fully installed. You have a driver install that is forcing a spontaneous (all of a sudden) reboot of the computer before windows is installed.

I’m going to do a new install so hopefully all goes well.

Mat

@JJ-Fullmer

Hello,

My problem is solved, it was related to the lack of loading of NVMe drivers at Windows startup.
I made my image on a workstation with NVMe disks instead of sata disks, which gets around the problem.

@Joe-Gill
I work in particular environment : a school.

All we install is use for a very short period (not more than 2 weeks) , So I don’t need to SysPrep for instance.
Nearly the same for our software that are pre-installed in our images as they usually are free and for those which are under trial license it depends from a software to another.

So I’m not using FOG in a “REAL” production environment.

@george1421 Perfect, thank you very much for all of your explanations!

Paolo

@Tom-Elliott Hello, thank you for your response. Very well, if the error indeed comes from the installer and not the client, I will focus my investigation on the Citrix error codes. I have started my research, but so far I haven’t come across this particular code as it occurs during the installation.

@enginbey8108

this is my file which i use:

<!--************************************************* Windows 10 Answer File Generator Created using Windows AFG found at: ;http://www.windowsafg.com   Installation Notes Location: Notes: Enter your comments here... **************************************************--> <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="windowsPE"> <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SetupUILanguage> <UILanguage>de-DE</UILanguage> </SetupUILanguage> <InputLocale>0407:00000407</InputLocale> <SystemLocale>de-DE</SystemLocale> <UILanguage>de-DE</UILanguage> <UILanguageFallback>de-DE</UILanguageFallback> <UserLocale>de-DE</UserLocale> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>cmd /c C:\Windows\Setup\scripts\UserFirstLogon.cmd</CommandLine> <Description>Description_of_command2</Description> <Order>1</Order> </SynchronousCommand> </FirstLogonCommands> </component> <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DiskConfiguration> <Disk wcm:action="add"> <DiskID>0</DiskID> <WillWipeDisk>true</WillWipeDisk> <CreatePartitions> <!-- Windows RE Tools partition --> <CreatePartition wcm:action="add"> <Order>1</Order> <Type>Primary</Type> <Size>300</Size> </CreatePartition> <!-- System partition (ESP) --> <CreatePartition wcm:action="add"> <Order>2</Order> <Type>EFI</Type> <Size>100</Size> </CreatePartition> <!-- Microsoft reserved partition (MSR) --> <CreatePartition wcm:action="add"> <Order>3</Order> <Type>MSR</Type> <Size>128</Size> </CreatePartition> <!-- Windows partition --> <CreatePartition wcm:action="add"> <Order>4</Order> <Type>Primary</Type> <Extend>true</Extend> </CreatePartition> </CreatePartitions> <ModifyPartitions> <!-- Windows RE Tools partition --> <ModifyPartition wcm:action="add"> <Order>1</Order> <PartitionID>1</PartitionID> <Label>WINRE</Label> <Format>NTFS</Format> <TypeID>DE94BBA4-06D1-4D40-A16A-BFD50179D6AC</TypeID> </ModifyPartition> <!-- System partition (ESP) --> <ModifyPartition wcm:action="add"> <Order>2</Order> <PartitionID>2</PartitionID> <Label>System</Label> <Format>FAT32</Format> </ModifyPartition> <!-- MSR partition does not need to be modified --> <ModifyPartition wcm:action="add"> <Order>3</Order> <PartitionID>3</PartitionID> </ModifyPartition> <!-- Windows partition --> <ModifyPartition wcm:action="add"> <Order>4</Order> <PartitionID>4</PartitionID> <Label>OS</Label> <Letter>C</Letter> <Format>NTFS</Format> </ModifyPartition> </ModifyPartitions> </Disk> </DiskConfiguration> <ImageInstall> <OSImage> <InstallTo> <DiskID>0</DiskID> <PartitionID>4</PartitionID> </InstallTo> <InstallToAvailablePartition>false</InstallToAvailablePartition> </OSImage> </ImageInstall> <UserData> <ProductKey> <!-- Do not uncomment the Key element if you are using trial ISOs --> <!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs --> <Key></Key> <WillShowUI>Never</WillShowUI> </ProductKey> <AcceptEula>true</AcceptEula> <FullName>administrator</FullName> <Organization></Organization> </UserData> </component> </settings> <settings pass="offlineServicing"> <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DriverPaths> <PathAndCredentials wcm:action="add" wcm:keyValue="1"> <Path>C:\Drivers</Path> </PathAndCredentials> </DriverPaths> <EnableLUA>false</EnableLUA> </component> </settings> <settings pass="generalize"> <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipRearm>1</SkipRearm> </component> </settings> <settings pass="specialize"> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>0407:00000407</InputLocale> <SystemLocale>de-DE</SystemLocale> <UILanguage>de-DE</UILanguage> <UILanguageFallback>de-DE</UILanguageFallback> <UserLocale>de-DE</UserLocale> </component> <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipAutoActivation>true</SkipAutoActivation> </component> <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <CEIPEnabled>0</CEIPEnabled> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <CopyProfile>true</CopyProfile> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <AutoLogon> <Password> <Value>010Filer</Value> <PlainText>true</PlainText> </Password> <Enabled>true</Enabled> <LogonCount>1</LogonCount> <Username>administrator</Username> </AutoLogon> <OOBE> <HideEULAPage>true</HideEULAPage> <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <NetworkLocation>Work</NetworkLocation> <SkipUserOOBE>true</SkipUserOOBE> <SkipMachineOOBE>true</SkipMachineOOBE> <ProtectYourPC>1</ProtectYourPC> </OOBE> <UserAccounts> <LocalAccounts> <LocalAccount wcm:action="add"> <Password> <Value>Start123!</Value> <PlainText>true</PlainText> </Password> <Description></Description> <DisplayName>administrator</DisplayName> <Group>Administrators</Group> <Name>administrator</Name> </LocalAccount> </LocalAccounts> </UserAccounts> <RegisteredOrganization></RegisteredOrganization> <RegisteredOwner>administrator</RegisteredOwner> <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <Description>Control Panel View</Description> <Order>1</Order> <CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v StartupPage /t REG_DWORD /d 1 /f</CommandLine> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <Order>2</Order> <Description>Control Panel Icon Size</Description> <RequiresUserInput>false</RequiresUserInput> <CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v AllItemsIconView /t REG_DWORD /d 0 /f</CommandLine> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <Order>3</Order> <RequiresUserInput>false</RequiresUserInput> <CommandLine>cmd /C wmic useraccount where name="administrator" set PasswordExpires=false</CommandLine> <Description>Password Never Expires</Description> </SynchronousCommand> </FirstLogonCommands> <TimeZone>W. Europe Standard Time</TimeZone> </component> </settings> </unattend>

The default password is “Start123!” you can change it. Remember you have to use StartScript. the first Login will be automaticly after that you should put the password

@tahitiju Does that mean this worked?

Re: rsync the drivers with the image get no space left on device

Ok i found the Error I edited my Postscripts. thanks @george1421 🙂

https://forums.fogproject.org/topic/11126/using-fog-postinstall-scripts-for-windows-driver-injection-2017-ed/4?_=1711345912303

i can mark this topic as solved 🙂