Active Directory Join Failing
-
@Joe-Schmitt what are your thoughts on this?
-
@jeffscott the quickest way to see what’s going on is to do the following steps on a problematic machine:
- Open an administrative CMD, and run
net stop fogservice - Navigate to your FOG server’s web portal, select the host you are working on and perform these steps:
- Press
Reset Encryption Dataif its an option
- Press
- Download our Debugger.exe and run it
- The Debugger will open a console that has a
fog:prompt, please enter these commands, pressing enter after each one (replace{server-ip}with your actual FOG server IP):middleware configuration server http://{server-ip}/fogmiddleware authentication handshakedump cycle save
The debugger should point you to a
FOGCycle.txtfile. This contains all the information the server tells the client, completely decrypted. Can you make sure thehostnamechangersection has the correct active directory login/OU information? You can then hopefully debug the problem better and identify what credential the client is receiving.To clean up:
- Close the debugger
- click
Reset Encryption Dataagain on the host in the gui - start back up the fog service if you want
@Moderators feel free to copy & paste these steps for people with similair issues in the future. The steps shouldn’t change in the foreseeable future.
- Open an administrative CMD, and run
-
OK, I performed that procedure and I can see the password that it is passing is no where near correct…
Looks like it is an encrypted version??? (I can’t even tell what one of the characters is)
-
@Tom-Elliott it seems the server is not sending the password correct.
-
Where have you changed the Password?
-
2 Places:
Initially in FOG Configuration, FOG System Settings, Active Directory Defaults
&
Subsequently re-entered it in Host Management, Active Directory for the Host I’m testing with
Entering the password in the “Domain Password” Field. Leaving “Domain Password Legacy” field blank
-
@jeffscott just to clarify, you’re using the plaintext password in the non legacy password field? Maybe we can remote tomorrow so I can see what’s going on?
-
Hey Tom,
Sorry, I was away for a few days…
Yes, I’m using the non-legacy password field. Yes, I’d be willing to do a remote session.
Thanks,
Jeff
-
Hey Tom,
I’m just now coming back around to this…
Any updates on this?
Thanks,
Jeff
-
@jeffscott I’m willing whenever you’re able. Maybe this afternoon? (I’m on EDT)
-
-
Any chance we can revisit this?
-
@jeffscott Hey, I hope you are still around in the forums. I just looked into an issue that sounds very similar to what you have. See here: https://forums.fogproject.org/topic/12407/active-direcory-join-fail-bad-password-1-5-4
Just found your post here by accident and thought this might be along the same lines. Can you confirm your password starts with a special character that might cause this issue?! I really hope to figure this out but I’m still unable to replicate the issue from the information I have so far.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Sebastian-Roth FYI, i am using 1.5.4 with a ad join password starting with % (percent sign) in production.
-
@x23piracy Thanks, that’s good to know. Although I guess it might be that
$special case causing the issue for the other users as it is used for variables in PHP, as line end in regular expressions such things.
