Active Directory Join Failing

Tom Elliott · Apr 5, 2018, 6:07 PM

I’m not sure i understand what the bug is.

Is the Domain Password (not legacy) encrypted or decrypted?

1.5.0 the auto-encrypted element of the password was removed, though encrypted passwords should still work. I’m not aware of any problems happening with them currently.

x23piracy · Apr 5, 2018, 8:02 PM

@tom-elliott from what i can say is that with some RC something changed regarding to host settings, one day i mentioned that the password for domain join was empty. After filling it again it won’t be shown as encrypted. Afai remember in the past it was shown encrypted regardsless it was entered plain or not.

I don’t know if this is related to that problem but after i filled our ad password again it was working like expected even when not showed encrypted in the webif.

Regards X23

Tom Elliott · Apr 5, 2018, 11:07 PM

@x23piracy right in the past the field was encrypted but how it was stored defeated the purpose of encrypting it in the first place.

jeffscott · Apr 23, 2018, 7:21 PM

Well, I upgraded to v1.5.2 and I’m still getting the same problem. I manually joined one client using the same credentials I have configured in FOG just to confirm my sanity in that I had the correct username/password and it was successful.

Account is getting locked out on the Domain so I still know it is passing the correct username… Evidently, it is not passing the correct password…

Wayne Workman · Apr 24, 2018, 5:31 PM

@jeffscott said in Active Directory Join Failing:

Evidently, it is not passing the correct password…

Correct. Try to reset the user/pass via the web gui to what it is supposed to be and see if the issue persists. If it persists, let us know so we can continue to troubleshoot this with you.

jeffscott · Apr 25, 2018, 12:13 PM

@wayne-workman

Yes, I’ve tried that several times. Even tried using the Domain Admin…

Wayne Workman · Apr 25, 2018, 1:26 PM

@Joe-Schmitt what are your thoughts on this?

Joe Schmitt · Apr 25, 2018, 4:08 PM

@jeffscott the quickest way to see what’s going on is to do the following steps on a problematic machine:

Open an administrative CMD, and run net stop fogservice
Navigate to your FOG server’s web portal, select the host you are working on and perform these steps:
- Press Reset Encryption Data if its an option
Download our Debugger.exe and run it
The Debugger will open a console that has a fog: prompt, please enter these commands, pressing enter after each one (replace {server-ip} with your actual FOG server IP):
- middleware configuration server http://{server-ip}/fog
- middleware authentication handshake
- dump cycle save

The debugger should point you to a FOGCycle.txt file. This contains all the information the server tells the client, completely decrypted. Can you make sure the hostnamechanger section has the correct active directory login/OU information? You can then hopefully debug the problem better and identify what credential the client is receiving.

To clean up:

Close the debugger
click Reset Encryption Data again on the host in the gui
start back up the fog service if you want

@Moderators feel free to copy & paste these steps for people with similair issues in the future. The steps shouldn’t change in the foreseeable future.

jeffscott · Apr 25, 2018, 5:37 PM

@joe-schmitt

OK, I performed that procedure and I can see the password that it is passing is no where near correct…

Looks like it is an encrypted version??? (I can’t even tell what one of the characters is)

Joe Schmitt · Apr 25, 2018, 11:01 PM

@Tom-Elliott it seems the server is not sending the password correct.

Tom Elliott · Apr 26, 2018, 2:15 AM

Where have you changed the Password?

jeffscott · Apr 26, 2018, 2:15 AM

@tom-elliott

2 Places:

Initially in FOG Configuration, FOG System Settings, Active Directory Defaults

&

Subsequently re-entered it in Host Management, Active Directory for the Host I’m testing with

Entering the password in the “Domain Password” Field. Leaving “Domain Password Legacy” field blank

Tom Elliott · Apr 26, 2018, 4:44 AM

@jeffscott just to clarify, you’re using the plaintext password in the non legacy password field? Maybe we can remote tomorrow so I can see what’s going on?

jeffscott · Apr 30, 2018, 6:43 PM

@tom-elliott

Hey Tom,

Sorry, I was away for a few days…

Yes, I’m using the non-legacy password field. Yes, I’d be willing to do a remote session.

Thanks,

Jeff

jeffscott · Jun 1, 2018, 2:56 PM

Hey Tom,

I’m just now coming back around to this…

Any updates on this?

Thanks,

Jeff

Tom Elliott · Jun 1, 2018, 2:56 PM

@jeffscott I’m willing whenever you’re able. Maybe this afternoon? (I’m on EDT)

jeffscott · Jun 4, 2018, 5:33 PM

@tom-elliott

Ugh…

We keep missing each other. How do you want to go about connecting?

jeffscott · Jun 14, 2018, 12:31 PM

@tom-elliott

Any chance we can revisit this?

Sebastian Roth · Nov 17, 2018, 4:32 PM

@jeffscott Hey, I hope you are still around in the forums. I just looked into an issue that sounds very similar to what you have. See here: https://forums.fogproject.org/topic/12407/active-direcory-join-fail-bad-password-1-5-4

Just found your post here by accident and thought this might be along the same lines. Can you confirm your password starts with a special character that might cause this issue?! I really hope to figure this out but I’m still unable to replicate the issue from the information I have so far.

x23piracy · Nov 17, 2018, 4:32 PM

@Sebastian-Roth FYI, i am using 1.5.4 with a ad join password starting with % (percent sign) in production.

Active Directory Join Failing

195

12.0k

17.3k

155.2k