Hostnamechanger: Padding is invalid and cannot be removed.
-
Hello.
I’ve had FOG for years, and it has worked almost flawlessly.
Yesterday I prepared a new image for school, and I uploaded it, and downloaded it, just to check everything.
I always make sure everything works before I start massdeployment of images to schoolcomputers.
And I’ve always used hostname changer to change machinename and join domain.
When I tried it today, hostnamechanger changed the name, rebooted, and when I expected it to join domain, it did nothing.
I checked the log files, and here it is:26/05/2016 09:48 FOG::HostnameChanger AD mode requested, confirming settings. 26/05/2016 09:48 FOG::HostnameChanger Padding is invalid and cannot be removed. 26/05/2016 09:48 FOG::HostnameChanger at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing) at System.IO.Stream.Close() at FOG.FOGCrypt.decrypt(Byte[] cipherData, Byte[] Key, Byte[] IV) at FOG.FOGCrypt.decrypt(Byte[] cipherData, String Password) at FOG.FOGCrypt.decryptHex(String hex) at FOG.HostNameChanger.changeHostName()I’ve googled it, but didn’t find a real answer.
I’ve checked AD settings in FOG, the password is encrypted with fogcrypt.
The FOG Client was downloaded and installed from my FOG-servers web-based GUI. (Also tried to reinstall it, with no luck)
I have never had this problem before, and no the password of my admin account has not changed since.Info: The FOG-server runs on Centos 6.something. FOG is version 1.2.0
Please help
-
Are you using the default encryption key, or did you custom set one?
-
@Jbob I am using the default one.
-
@Jbob Hmm. I have also tried on 0.32-fogserver now, and I got the same result. I uninstalled and deleted the 1.2 client of course, and installed the 0.32 client from the 0-32servers webGUI. Still same problem, so it has to do something with my image.
You have any idea what it might be? -
It sounds like the encrypted AD password got changed by accident. Try redoing fogcrypt on it and using that output.
-
@Joe-Schmitt I can try. I’ve heard you get different results based on wether you use fogcrypt on a windows or linux. Is that true?
-
@Joe-Schmitt Okay so I fixed the initial issue with copying over the HostNameChanger.dll from an old image. Now I’m facing a new issue.
The log file now says this:30.05.2016 09:25 FOG::HostnameChanger Attempting to connect to fog server... 30.05.2016 09:25 FOG::HostnameChanger Module is active... 30.05.2016 09:25 FOG::HostnameChanger AD mode requested, confirming settings. 30.05.2016 09:25 FOG::HostnameChanger Hostname is up to date 30.05.2016 09:25 FOG::HostnameChanger Attempting to join domain if not already a member.... 30.05.2016 09:25 FOG::HostnameChanger netdom output: 30.05.2016 09:25 FOG::PrinterManager Module is active...It’s progress I guess, but it still wont join domain.
netdom.exe is located under c:\windows\system32 and the path is correct in config.ini
What now? -
@WourN said in Hostnamechanger: Padding is invalid and cannot be removed.:
@Joe-Schmitt I can try. I’ve heard you get different results based on wether you use fogcrypt on a windows or linux. Is that true?
I would always recommend running fog crypt on a windows system.
-
What version of windows are you trying to join? The legacy client doesn’t work with win10.
-
I also ran into this issue when trying to join a Windows 10 machine to the domain. The HostnameChanger will still change the PC name but only if you only try to change the PC name off domain.
The issue is with the System.Security.Cryptography.Rinjdael Class. I am assuming they changed the default padding method in windows 10 and this causes issues because windows can no longer decrypt the encrypted AD password due to non congruent padding.
*As a side note, passwords encrypted using FOGCrypt on Windows 10 will still work to join Windows 10 machines to domain, but then you will not be able to join any machine below Windows 10.
To solve the issue I went into the code and specified a padding method in both the HostnameChanger and FOGCrypt.
It is quite simple
private byte[] encrypt(byte[] clearData, byte[] Key, byte[] IV) { MemoryStream ms = new MemoryStream(); Rijndael alg = Rijndael.Create(); alg.Padding = PaddingMode.Zeros; //(Added for cross windows compatability) alg.Key = Key; alg.IV = IV; CryptoStream cs = new CryptoStream(ms, alg.CreateEncryptor(), CryptoStreamMode.Write); cs.Write(clearData, 0, clearData.Length); cs.Close(); byte[] encryptedData = ms.ToArray(); return encryptedData; } private byte[] decrypt(byte[] cipherData, byte[] Key, byte[] IV) { MemoryStream ms = new MemoryStream(); Rijndael alg = Rijndael.Create(); alg.Padding = PaddingMode.Zeros; //(Added for cross windows compatability) alg.Key = Key; alg.IV = IV; CryptoStream cs = new CryptoStream(ms, alg.CreateDecryptor(), CryptoStreamMode.Write); cs.Write(cipherData, 0, cipherData.Length); cs.Close(); byte[] decryptedData = ms.ToArray(); return decryptedData; }Do the same in FOGCrypt, re-encrypt your password, and presto. Windows 10, 8, 8.1, 7, etc, all join domains properly.
I hope this helps people.
Lonnie -
@lonnie776 while I am glad that youve taken the steps to find and correct a problem, I feel you may want to look at the latest fog has to offer. First we’ve, and by we I mean @Joe-Schmitt , rewritten the fog client and it is much more secure and less resource intensive on the server. As an overall result the client is much faster than the old client and has many more features to work with. I’d highly recommend updating and using this new client for any system.
