HostnameChanger question

chunter2

@Sebastian-Roth Would it be possible to get a dll with logging showing which of the following is failing? And maybe the return value of the ones that aren’t?

                using (var domain = Domain.GetComputerDomain())
                {
                    var currentIP = Dns.GetHostAddresses(domain.Name);
                    var targetIP = Dns.GetHostAddresses(idealDomain);

                    return (currentIP.Intersect(targetIP).Any());
                }

Sebastian Roth

@chunter2 Will do so in a few hours.

chunter2

@Sebastian-Roth I was actually able to compile that dll myself. Looks like it’s throwing on the GetComputerDomain() line in both cases. Trying to join the domain and after I manually join the domain. So I don’t think that’s the problem. It’s failing on the NetJoinDomain() function. I think I need to print out the variables to see if they’re the same for a good image and a bad one.

chunter2

@Sebastian-Roth I decided to remove the client and re-install it on this machine and now I get a different error in the fog log. It keeps looping on this.

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 13/09/2019 3:06 PM Client-Info Version: 0.11.16
 13/09/2019 3:06 PM Client-Info OS:      Windows
 13/09/2019 3:06 PM Middleware::Authentication Waiting for authentication timeout to pass
 13/09/2019 3:08 PM Middleware::Communication Download: http://xxx.xxx.xxx.xxx/fog/management/other/ssl/srvpublic.crt
 13/09/2019 3:08 PM Data::RSA FOG Server CA cert found
 13/09/2019 3:08 PM Middleware::Authentication Cert OK
 13/09/2019 3:08 PM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
 13/09/2019 3:08 PM Middleware::Authentication ERROR: Could not get security token
 13/09/2019 3:08 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
 13/09/2019 3:08 PM Middleware::Communication POST URL: http://xxx.xxx.xxx.xxx/fog/management/index.php?sub=requestClientInfo&authorize&newService
 13/09/2019 3:08 PM Middleware::Response Invalid security token

I’m wondering if maybe this is the real problem. Do you know what this means?

Thanks

Sebastian Roth

@chunter2 Yes, you need to click the “Reset Encryption Data” button in this host’s settings on the web UI!

chunter2

@Sebastian-Roth Thanks for that info. Took me a while to realize where the button was. Not like it’s not big enough.

Here’s what I’ve found so far. On a good image or bad image whether I’m joined to the domain or not IsJoindToDomain() always throws on the using (var domain = Domain.GetComputerDomain()) line. Not sure what the purpose of that is but I’m running an NT4 domain, not an AD domain so it could be for that. Because this function fails the client is always calling NetJoinDomain() on every loop.

On a good image that’s disconnected from the domain the first call to DomainWrapper() always fails. I think it’s because my ADOU is always empty. Again something with an NT4 domain? The return value is 50 so then DomainWrapper() is called again with false set. And then it connects.

On a bad image that’s disconnected from the domain the first call to DomainWrapper() fails with a 1219 and then doesn’t try again. I tried adding 1219 to the switch to call again with false set but it fails with a 1219 as well. Not sure what to try next.

Thanks

Sebastian Roth

@chunter2 said in HostnameChanger question:

On a good image or bad image whether I’m joined to the domain or not IsJoindToDomain() always throws on the using (var domain = Domain.GetComputerDomain()) line. Not sure what the purpose of that is but I’m running an NT4 domain, not an AD domain so it could be for that. Because this function fails the client is always calling NetJoinDomain() on every loop.

As mentioned before this is known and documented in more details in a github issue.

On a good image that’s disconnected from the domain the first call to DomainWrapper() always fails. I think it’s because my ADOU is always empty. Again something with an NT4 domain? The return value is 50 so then DomainWrapper() is called again with false set. And then it connects.

On a bad image that’s disconnected from the domain the first call to DomainWrapper() fails with a 1219 and then doesn’t try again. I tried adding 1219 to the switch to call again with false set but it fails with a 1219 as well. Not sure what to try next.

Ok so the bad image/client seems to persistently return with the 1219 error. But on the other hand you seem to be able to manually join the domain.

Let’s see if we can manually get this right with the fog-client. Start the problem host, open two command shells, one as normal user and one as Administrator:

Admin cmd:

net stop FOGService

User cmd:

net session
net use
net use * /d /y

Admin cmd:

net session
net use
net use * /d /y
net stop lanmanworkstation
net start lanmanworkstation
net start netlogon
net start sessionenv
net start FOGService 

Take a picture of what you get from the commands net session and net use in both cmd shells. Now watch the fog-client log and see if it still returns error 1219.

Sebastian Roth

@chunter2 And if that doesn’t help we can still go ahead and capture network packets on your Samba server or enable debug logging to see if the client opens another SMB connection.

chunter2

@Sebastian-Roth All the net use and net session commands return “There are no entries in the list”. So there’s nothing to delete. I’m connected using RDP on all these machines (good and bad images) so I can’t stop the lanmanworkstation service. If I run net use or net session on a good image I get the same message. I think network packets and debug logging on the samba server makes sense to try next. I’ll have to look into that.

Sebastian Roth

@chunter2 Ok, then let’s go ahead. Install tcpdump on your Samba server and get the bad unjoined imaged host ready. Don’t start it yet. Now run this command on your server and let it sit there: tcpdump -i eth0 -w /tmp/netdump.pcap host x.x.x.x

Put in the correct host IP and your server network Interface if it’s not eth0.

Boot the host and wait for 10 minutes. Then stop tcpdump by pressing Ctrl+c. Copy the generated file over to another system, upload and post a Link here.

Sebastian Roth

The PCAP revealed that there were some left overs from an old software that would open an application on a public network share on boot up of that system. Removing that stuff fixed the issue and fog-client domain join works perfectly fine now again.