Active Directory after image deployment not working.
-
Hello, everyone, I am having an issue with my computers joining active directory after being done with the image. It does not join at all. I have checked my AD settings on FOG everything looks to be right I also used FOGCrypt for the password. I also have FOG Client installed on the images.
AD DEFAULT DOMAINNAME - domain name
AD DEFAULT OU - OU=Imaged,DC=haw,DC=k,12DC=nj,DC=us
AD DEFAULT USER- ADuser
AD DEFAULT PASSWORD ••••••••••••••••••••••••••••••••
AD DEFAULT PASSWORD LEGACY
ENFORCE HOST CHANGES CHECKED OFF -
@JimmyJ0516 What version of FOG server and fog-client do you use? FOGcrypt was only used with old clients.
Please take a look at the fog-client log and post full output here. -
I am running the FOG server version 1.5.4 I am not sure what version of Client I am using I installed it on the image like 3 months ago. I also went to C:\Program Files (x86)\ FOG but all that is in that folder are .tmp files
-
@JimmyJ0516 said in Active Directory after image deployment not working.:
I also went to C:\Program Files (x86)\ FOG but all that is in that folder are .tmp files
You mean there is no proper installation there, like exe files or such? Possibly the log is in C:\fog.log
Here you find a great post explaining how to properly debug AD join problems: https://forums.fogproject.org/post/111401
-
Have you made sure the Fog Client is running? You can check that in the fog log file. If it’s not, open an elevated command prompt and run “net start fogservice”. When I first installed the fog service I had to whitelist it in our antivirus.
Also, I haven’t tested it any other way, but when I put in my username on my server, I put it in as Domain\Username. I also put the same password in under legacy password.
-
Is the domain information you put at the top a copy and paste from your config? Because I see a comma misplaced.
AD DEFAULT OU - OU=Imaged,DC=haw,DC=k,12DC=nj,DC=us
should read
AD DEFAULT OU - OU=Imaged,DC=haw,DC=k12,DC=nj,DC=us
-
@astrugatch yes this is what I currently have on the active directory config.
OU=Imaged,DC=hawthorne,DC=k12,DC=nj,DC=us
-
@astrugatch Ok so I found the issue. I recently changed the IP address of my FOG Server so I reinstalled the FOG Client software on a PC and during setup put my new IP and it now works. I just need new images with the correct IP on the fog client software.
-
@JimmyJ0516
Do yourself a favor and create a DNS record for your FOG server. That way if you ever change the IP of your server all it takes is updating the record to move all your clients over. -
@astrugatch On the one hand side this is a great idea! You just need to keep in mind that if you install FOG with HTTPS the generated certificate will have the IP address as common name (CN) and the current FOG client is not happy connecting to the hostname then. Just something I stumbled upon recently and thought I might share this here just in case.
-
@Sebastian-Roth
Good to know. I’m using FOG with HTTP so it hasn’t been an issue (I’ve moved it several times as virtual environments shifted). It might be worth looking into adding a feature in the installer to ask for the DNS name of the machine so it can generate the cert with that as the CN rather than the machine’s IP. -
@astrugatch When it asks for the IP Address, I believe it validates that it is actually an IP (from the FOG Installer.)
That said, a neat trick you can do, however, is one the
/opt/fog/.fogsettings
is generated, modify theipaddress="<ip>"
line to use your hostname. It should use that information for the public certificate generation. -
If I change that setting how do I force it to generate a new cert? Do I just run the installer again?
-
@astrugatch Yes, as it’s signed by the CA, it shouldn’t have any issues. Though you may need to have it initially recreate the private cert as it likely created it using the IP. Just a good to know thing for the future. (Particularly on fresh installs.) It would mean, however, that you’d have to update all your clients which could prove problematic in general.
Could be simpler just to remove the IP checking during fresh install. Or, maybe we could add a Hostname item as an inline option (or add to the /opt/fog/.fogsettings file of course) the builds a cert using the IP and allows an alternate name within the cert using the hostname.
Of course this is just thoughts being spewed out sorry.
-
-
I can always deploy a new client via GroupPolicy so that doesn’t scare me from making the change. I’ll probably hold off for now only because it’s not a huge issue to stay on http for me.
I think adding a hostname item would be great and it would make FOG much more portable and secure to make https the default
-
@Sebastian-Roth
I saw the change in GitHub but didn’t dig too deep. If you fill out these values during a clean setup does it make default FOG to https? -
@astrugatch said in Active Directory after image deployment not working.:
If you fill out these values during a clean setup does it make default FOG to https?
What do you mean by that? What values? Clean setup?
-
If I am installing FOG for the first time (as opposed to upgrading) and I enter the DNS name as part of the new installer and having the CA generate a cert with the DNS/hostname does HTTPS become the default.
-
@astrugatch said in Active Directory after image deployment not working.:
If I am installing FOG for the first time (as opposed to upgrading) and I enter the DNS name as part of the new installer and having the CA generate a cert with the DNS/hostname does HTTPS become the default.
Ahh, now I get you. No haven’t changed the default to be HTTPS as it would involve compiling the iPXE binaries as well. Think that is the next step. I will consider removing the iPXE binaries from the repo and simply rely on compiling them on each install altogether. iPXE code is usually fairly stable. What do you think @Tom-Elliott ?