Windows 7 Image
-
@imagingmaster21 said in Windows 7 Image:
The machines using the image will be using BitLocker Encryption.
FOG cannot image machines with bitlocker encryption except with RAW images, which is terribly slow, inefficient, and the worst way to image.
Here’s the best practices:
- Always use resizable images if you can.
- Use ZSTD compression with a setting optimized for your network:server load (this is unique to your environment, you have to find the sweet spot).
- Turn off bitlocker in your image, re-enable after image deployment via group policy or a snapin or something.
-
I have BitLocker turned off on the machine I am pulling the image from. I have it go through group policy after imaging. Are these settings right below:
-
@imagingmaster21 said in Windows 7 Image:
Are these settings right below:
That ZSTD compression rate is too low. Bump it to 9 or 11. Everything else looks good.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
Daily Clean Installation Results:
https://fogtesting.fogproject.us/
FOG Reporting:
https://fog-external-reporting-results.fogproject.us/ -
@wayne-workman
Would that cause it to get stuck on 'resizing file system? -
@imagingmaster21 Nope. But an extremely fragmented disk will cause resizing to take a very long time. The more fragmented, the longer it takes. Because resizing literally moves all the in-use data on a partition to the beginning of the partition so that it can then safely shrink the partition’s free space down.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
Daily Clean Installation Results:
https://fogtesting.fogproject.us/
FOG Reporting:
https://fog-external-reporting-results.fogproject.us/ -
@wayne-workman
That make sense. I just captured it with the settings in the screenshot. I will see how it goes. If its no good I’ll change it to 9 or 11. -
I spent a few days and tried all this. And it still does not work. Our old imaging solution was Ghost. I pulled a image off of that and made some modifications to it for FOG and pulled it with these recommended settings and it didn’t work. But if you image with Ghost it works perfect for Bitlocker via GP. I compared the volume/partition settings and everything is exactly the same.
Any ideas? @Wayne-Workman
-
@imagingmaster21 You’re saying Ghost can do BitLocked partitions in resizeable mode?
I’d suggest using non-resizable image type in FOG if you need to stick with BitLocker. This way the image will be captured as RAW on the BitLocked partition but that’s fine. Just needs more space in the server to store the image.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@sebastian-roth said in Windows 7 Image:
You’re saying Ghost can do BitLocked partitions in resizeable mode?
It can’t. Since Ghost is a file-level cloning solution (as opposed to an imaging solution), I question if it can handle bitlocker at all.
-
I tried both resizable and not resizable and no luck.
-
@imagingmaster21 said in Windows 7 Image:
I tried both resizable and not resizable and no luck.
This is not of much help. We would like to give you a hand with this but need more information on what exactly goes wrong. Please try non-resizable again and take a picture of the error, post that here.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@sebastian-roth
Think I found the issue in the BIOS:
If it’s FAT32 (so UEFI boot) go to BIOS and turn off secure boot but leave in UEFI mode. Enable CSM support. If it’s FAT32 (so UEFI boot) go to BIOS and turn off secure boot but leave in UEFI mode. Enable CSM support.I am building a image from scratch and will try it and will let you know once I am able to test it.
-
@imagingmaster21 I don’t see why any of the things you just posted (UEFI boot, secure boot, CSM) has anything to do with an imaging problem (be it resizable or non-resizable). If you want proper help you better post pictures of errors you see on screen.
And by the way - to use FOG you need to turn off secure boot anyway. I haven’t seen anyone who is able to do iPXE in secure boot yet (not saying this cannot be done but we don’t provide signed binaries for that to work!).
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@sebastian-roth
I am in the process of testing that image on the first machine. With those settings UEFI and CSM enabled encryption worked on the image I built from scratch. So I rebuilt it and pulled it on FOG. I am imaging it on a machine right now to test out to see if it will encrypt per GP. And yes secure boot is turned off during the imaging process, while UEFI and CSM is on. -
@sebastian-roth
Below is the error that started all this.
-
@imagingmaster21 Based on https://support.microsoft.com/en-us/help/929834/error-message-when-you-try-to-run-the-bitlocker-drive-encryption-progr we now have some more insight on what’s going on.
By default, FOG removes the pagefile and hibernation file. Because the hibernation file is removed, the path in the BCD is incorrect and Bitlocker refuses to activate.
So, disable removing pagefile and hibernation under FOG Configuration -> FOG Settings -> General -> CAPTUREIGNOREPAGEHIBER (uncheck this).
Then you have to recapture the image so the hibernation file is included. You’re using Windows 7 and thus don’t have to worry abouy hybrid boot (as opposed to Windows 8 and newer where you have to disable Fast Startup in power options)
-
@quazz
Thanks that fixed the issue!
