Fog Client fails to join AD Domain with error 1326
-
Hi guys,
I’ve been trying to setup my image for a deploy and I’ve having issues with the hostname changer AD join. After installing the client on a fresh copy of Windows 10 the Fog client authenticates and succeeds in renaming the host but fails to login to my AD server with the bad username or password error. I’ve double and tripled checked the password for the AD join and it is correct in the Fog GUI.
I’ve followed the directions here to get the FOGCycle.txt output from the debugger, which shoes the password being used to not be correct, it looks like it’s not being decrypted when it reaches the client.
This is on a fresh copy of Windows 10 Build 10240 running in HyperV, Ubuntu Server 18.04.02, and Fog 1.5.7.
Thanks in advance!
------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 8/10/2019 12:27 PM Client-Info Version: 0.11.16 8/10/2019 12:27 PM Client-Info OS: Windows 8/10/2019 12:27 PM Middleware::Authentication Waiting for authentication timeout to pass 8/10/2019 12:27 PM Middleware::Communication Download: http://10.2.2.5/fog/management/other/ssl/srvpublic.crt 8/10/2019 12:27 PM Data::RSA FOG Server CA cert found 8/10/2019 12:27 PM Middleware::Authentication Cert OK 8/10/2019 12:27 PM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before 8/10/2019 12:27 PM Middleware::Authentication ERROR: Could not get security token 8/10/2019 12:27 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'. 8/10/2019 12:27 PM Middleware::Communication POST URL: http://10.2.2.5/fog/management/index.php?sub=requestClientInfo&authorize&newService 8/10/2019 12:27 PM Middleware::Response Success 8/10/2019 12:27 PM Middleware::Authentication Authenticated 8/10/2019 12:27 PM Middleware::Communication URL: http://10.2.2.5/fog/management/index.php?sub=requestClientInfo&configure&newService&json 8/10/2019 12:27 PM Middleware::Response Success 8/10/2019 12:27 PM Middleware::Communication URL: http://10.2.2.5/fog/management/index.php?sub=requestClientInfo&mac=00:15:5D:02:1D:04||00:00:00:00:00:00:00:E0&newService&json 8/10/2019 12:27 PM Middleware::Response Success 8/10/2019 12:27 PM Middleware::Communication URL: http://10.2.2.5/fog/service/getversion.php?clientver&newService&json 8/10/2019 12:27 PM Middleware::Communication URL: http://10.2.2.5/fog/service/getversion.php?newService&json 8/10/2019 12:27 PM Service Creating user agent cache 8/10/2019 12:27 PM Middleware::Response Invalid time 8/10/2019 12:27 PM Middleware::Response No Printers 8/10/2019 12:27 PM Middleware::Response Module is disabled globally on the FOG server 8/10/2019 12:27 PM Service Initializing modulesHostname Changer
------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 8/10/2019 12:27 PM Client-Info Client Version: 0.11.16 8/10/2019 12:27 PM Client-Info Client OS: Windows 8/10/2019 12:27 PM Client-Info Server Version: 1.5.7 8/10/2019 12:27 PM Middleware::Response Success 8/10/2019 12:27 PM HostnameChanger Checking Hostname 8/10/2019 12:27 PM HostnameChanger Hostname is correct 8/10/2019 12:27 PM HostnameChanger Attempting to join domain 8/10/2019 12:27 PM HostnameChanger Logon failure: unknown username or bad password, code = 1326 ------------------------------------------------------------------------------ -
Hostname changer and ad join is set per host. The global setting only impacts default when applying to a group or host.
-
Sorry, should have specified. I set the AD password on the specific host as well.
-
@ians said in Fog Client fails to join AD Domain with error 1326:
unknown username or bad password
The error is pretty clear. How do you set the password in the Web UI? In clear text or crypted?
-
@Sebastian-Roth I entered it as plain text since I’m using Fog 1.3+, was this the correct way?
-
@ians said in Fog Client fails to join AD Domain with error 1326:
This is on a fresh copy of Windows 10 Build 10240 running in HyperV, Ubuntu Server 18.04.02, and Fog 1.5.7.
and
I entered it as plain text since I’m using Fog 1.3+, was this the correct way?
Doesn’t make sense. Please clarify!
-
@Sebastian-Roth Sorry, I guess since I’ve been working with it all week it’s more clear in my head than it actually is:P
I’ve got FOG server running on Ubuntu 18.04 in HyperV
Then I’ve got the FOG( client running on Windows 10 10240, also running in HyperV but also deployed to about 25 physical machines as well now. All the machines that I’m running it on have been sysprepped and then deployed via FOG.FOG config side I’ve inputted my AD info to drop the computer into an OU utilizing my domain admin login and password entered in plain text via the web portal.
Hopefully, this clears things up and thanks in advance for any help!
-
@ians What I was referring to are the two different version numbers of FOG you posted!! Now that I read it again I see that I might have overlooked the
+sign. So you meant “using plain text password because I run FOG newer than 1.3.0” right?Well, that’s definitely correct to use plain text on FOG 1.5.7.
Still the error message is pretty clear. Please search the forums. There are numerous topics on the “unknown username or bad password, code = 1326” error and I think most cases were solved by correcting the credentials.
There was one user stating that special characters in the password cause an issue but I wasn’t able to reproduce the issue myself: https://forums.fogproject.org/topic/12407/active-direcory-join-fail-bad-password-1-5-4
And here is another one who had issues with a sysprepped installation: https://forums.fogproject.org/topic/9256/computers-not-joining-our-domain-during-sysprep
Read through this and double check the credentials in the places mentioned by Wayne in this topic!!
-
@Sebastian-Roth Thanks for the suggestions, I hadn’t even thought of the possibility that it could be the special characters in the password. I went ahead and created a new domain admin account and used only letters and it worked!
I’ll need to do some more testing to see if it was truly the special characters causing the issue or if creating a new account triggered something else.
I’m sure this is mentioned somewhere but what takes precedence in the AD settings, or settings in general actually? There are the defaults, which seem to be just like an autofill, then group level settings then finally per-host settings. If the group to host settings are different which one takes precedence? Specifically, for the AD stuff. Trying to figure out if I need to change each machine individually.
Edit: Updating the settings on my groups also updated the settings on my hosts, yay!
Thanks for taking the time to help me!
-
@ians said in Fog Client fails to join AD Domain with error 1326:
I hadn’t even thought of the possibility that it could be the special characters in the password. I went ahead and created a new domain admin account and used only letters and it worked!
Ohhh, do we actually have a special character issue?!
Updating the settings on my groups also updated the settings on my hosts, yay!
So this sounds like you were able to get things right and domain join on the client worked? Shall we mark this solved?
About the group settings you want to use the forum search and ask it for “persistent groups”. My guess is that you are expecting something from FOG’s group capabilities that it doesn’t have.
-
@Sebastian-Roth I don’t want to say definitely that there is a character issue since it could have been a whole host of other things that changing the domain account and password fixed. I’ll try to give it a test when I get some more free time in the next week or so to see if that’s really the issue.
Thanks for all your help!