Fog server image move to another server Client problem
-
Hi guys,
I have fog1 server sysprepped image which has been deployed to a number of machines. Active Directory binding is working using the FOG Client and everything is working fine.I have setup fog2 server at another location, copied the image from fog1 and imported the record into the images table.
I can see it in fog2 and I am able to deploy it, however the AD join is now not working.Are there any extra steps I should take, like a install certificate?
Will go back to troubleshoot on Monday but just need some input if possible
Thanks in advance
Ubuntu 16.04 and fog 1.5.5
-
@Pikmin said:
Are there any extra steps I should take, like a install certificate?
Yeah you probably hit the nail on the head with that. When you install the fog-client (guess you have that in your sysprepped image, right?) it pulls the certificate from the FOG server (we call that process pinning). Now when you setup a new FOG server it has a new/different certificate and the client will need to be pinned to that.
I am not an expert on the Windows side of things but I think that most people deploy the fog-client (silent install) via GPO or sysprep scripts. @george1421 and others can tell you I am sure.
-
TBH, probably the easiest solution here would be to copy the FOG certificate from fog server #1 and replace the certificate on fog server #2 with that of server #1, then reboot fog server #2. This will of course break any fog clients that initially connected to fog server 2 for its certificate but will make all hosts that connected to fog server #1 be happy connecting to fog server #2.
I don’t see this as a security risk if both fog server 1 and 2 are in the same organization. If they were at difference companies with different security domains I might take a different approach.
The other way to go about it is to use a tool like PDQ Deploy to uninstall the current fog client, clean up what ever was needed and then reinstall the fog client pointing the client to the fog server #2
-
Thanks for your help guys, appreciate it.
Yeah it’s one school, two campuses so shouldn’t be an issue.
As for the location of the certificate, is it under :/var/www/html/fog/management/other/ssl
or /opt/fog/snapins/ssl or the ca.cert.pem in other -
@Pikmin Here is a list of files you’d need to copy over (don’t just overwrite but backup or move the ones on FOG server #2 before, just in case):
/opt/fog/snapins/ssl/CA/.fogCA.key /opt/fog/snapins/ssl/CA/.fogCA.pem /opt/fog/snapins/ssl/.srvprivate.key /var/www/html/fog/management/other/ssl/srvpublic.crt /var/www/html/fog/management/other/ca.cert.pem /var/www/html/fog/management/other/ca.cert.derHint: The later two are copies of the first file - CA cert - available to the clients in two different formats, you definitely need those in place if you add new fog-clients later on.
-
Related article for future readers: https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG
-
@Sebastian-Roth Thank you kindly,
I googled but couldn’t find the article that Wayne linked, I’m just bad.I will report back when I try it, forgot Monday is Australia Day, so no work
-
SOLVED
Thanks guys, once the certificates were copied to the fog2 server, AD join started workingYay