Active Directory join fails
-
Hi
I found a lot of topics with that title, but none solved my problem.I’m using Fog trunk 7965, Windows 8.1 clients and do sysprep before upload.
First I tried to define an OU and the join failed. I guess it was because of the spaces in the OUs name. So I left the OU empty, but it still fails.
This is the fog.log file on the client:06.06.2016 10:50 Main Overriding exception handling 06.06.2016 10:50 Main Bootstrapping Zazzles 06.06.2016 10:50 Controller Initialize 06.06.2016 10:50 Entry Creating obj 06.06.2016 10:50 Controller Start 06.06.2016 10:50 Service Starting service 06.06.2016 10:50 Bus Became bus server 06.06.2016 10:50 Bus { "self": true, "channel": "Status", "data": "{\r\n \"action\": \"load\"\r\n}" } 06.06.2016 10:50 Bus Emmiting message on channel: Status ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 10:50 Client-Info Version: 0.10.6 06.06.2016 10:50 Client-Info OS: Windows 06.06.2016 10:50 Middleware::Authentication Waiting for authentication timeout to pass 06.06.2016 10:50 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt 06.06.2016 10:50 Data::RSA FOG Server CA cert found 06.06.2016 10:50 Middleware::Authentication Cert OK 06.06.2016 10:50 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService 06.06.2016 10:50 Middleware::Response Invalid security token ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 10:50 Client-Info Version: 0.10.6 06.06.2016 10:50 Client-Info OS: Windows 06.06.2016 10:50 Middleware::Authentication Waiting for authentication timeout to pass 06.06.2016 10:52 Main Overriding exception handling 06.06.2016 10:52 Main Bootstrapping Zazzles 06.06.2016 10:52 Controller Initialize 06.06.2016 10:52 Entry Creating obj 06.06.2016 10:52 Controller Start 06.06.2016 10:52 Service Starting service 06.06.2016 10:53 Bus Became bus server 06.06.2016 10:53 Bus { "self": true, "channel": "Status", "data": "{\r\n \"action\": \"load\"\r\n}" } 06.06.2016 10:53 Bus Emmiting message on channel: Status ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 10:53 Client-Info Version: 0.10.6 06.06.2016 10:53 Client-Info OS: Windows 06.06.2016 10:53 Middleware::Authentication Waiting for authentication timeout to pass 06.06.2016 10:53 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt 06.06.2016 10:53 Data::RSA FOG Server CA cert found 06.06.2016 10:53 Middleware::Authentication Cert OK 06.06.2016 10:53 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService 06.06.2016 10:53 Middleware::Response Invalid security tokenBecause it says somthing about Invalid security token I’ve tried this:
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";Also I’ve created the c:\windows\setup\scripts\SetupComplete.cmd with this content and deactivated the Fog-Service before sysprep.
sc config FOGService start= auto net start FOGServiceSometimes the fog.log also says something about Hostnamechanger couldn’t make change because enforcement is not active and users are logged in, but that’s not true. Also after a restart nothing changes. The hostanmechanger module is activated in service and service settings in fog.
-
Did you stop FOGService before sysprep? I was dealing with that until I noticed that sysprepping the service was an error.
-
Yes. as i wrote.
@jhuesser said in Active Directory join fails:
Also I’ve created the c:\windows\setup\scripts\afterSetup.cmd with this content and deactivated the Fog-Service before sysprep.
sc config FOGService start= auto net start FOGService -
@jhuesser Not 100% but I believe the script file needs to be called SetupComplete.cmd
-
@Quazz oh, yes thank you, this is i typo. called it SetupComplete.cmd on the system and it works fine (enables the service after setup).
-
Ok, marking this solved. Thanks @Quazz for finding this.
-
@Sebastian-Roth no this is not solved. It was a typo i nthis post, but correct on the system.
-
@jhuesser The error says invalid security token. Step one is to ensure the time is set, correct, in the same time zone, and syncronized on 1. The fog server, 2. The domain controller(s), and 3. on the hosts you’re trying to join.
After verifying that, you can try to “reset encryption” for the problematic host and see if that fixes it.
Note that simply clicking the “reset encryption” button when time is not synchronized will not fix your issue.
-
@Wayne-Workman thank you for your answer. Selected mit timezone in FOG_TZ_INFO.
The commanddatedisplays the correct time in the shell. DC is also fine, Client too. The logfile looks like this now:It says
06.06.2016 16:08 HostnameChanger Users still logged in and enforce is disabled, delaying any further actionsBut still, after a reboot it doesn’t do anything. Also i set the tick in FOG_ENFORCE_HOST_CHANGES and on the host settings at Make changes even when users are logged on?
So it should do the steps, even if a user is logged on, shouldn’t it?
-
@jhuesser Yes. The last thing to check is to ensure all the client services are enabled for the problematic host.
Can you post the entire log file?
-
@Wayne-Workman hmm are you unable to open it? posted it here and works for me
@jhuesser said in Active Directory join fails:
It’s to big to embeed it as plain text.
-
@jhuesser I can read that one, I must have just overlooked the other.
The user tracker area says invalid time:
06.06.2016 16:08 Middleware::Response Invalid timeI wonder if that has anything to do with it?
-
What happens if you update?
-
@Wayne-Workman hmm true, didn’t saw that. but the histogram on the fog start page shows the correct time. I don’t know where this error comes from…
-
@Tom-Elliott You mean updating fog to the latest trunk? will try that, but first make a backup.
-
@Tom-Elliott So now I’m on trunk 7981.
Still doesn’t work. This is my logfile:
06.06.2016 17:24 Main Overriding exception handling 06.06.2016 17:24 Main Bootstrapping Zazzles 06.06.2016 17:24 Controller Initialize 06.06.2016 17:24 Entry Creating obj 06.06.2016 17:24 Controller Start 06.06.2016 17:24 Service Starting service 06.06.2016 17:24 Bus Became bus server 06.06.2016 17:24 Bus { "self": true, "channel": "Status", "data": "{\r\n \"action\": \"load\"\r\n}" } 06.06.2016 17:24 Bus Emmiting message on channel: Status ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 17:24 Client-Info Version: 0.10.6 06.06.2016 17:24 Client-Info OS: Windows 06.06.2016 17:24 Middleware::Authentication Waiting for authentication timeout to pass 06.06.2016 17:24 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt 06.06.2016 17:24 Data::RSA FOG Server CA cert found 06.06.2016 17:24 Middleware::Authentication Cert OK 06.06.2016 17:24 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService 06.06.2016 17:24 Middleware::Response Invalid security token ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 17:24 Client-Info Version: 0.10.6 06.06.2016 17:24 Client-Info OS: Windows 06.06.2016 17:24 Middleware::Authentication Waiting for authentication timeout to pass 06.06.2016 17:26 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt 06.06.2016 17:26 Data::RSA FOG Server CA cert found 06.06.2016 17:26 Middleware::Authentication Cert OK 06.06.2016 17:26 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService 06.06.2016 17:26 Middleware::Response Invalid security token ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 17:26 Client-Info Version: 0.10.6 06.06.2016 17:26 Client-Info OS: Windows 06.06.2016 17:26 Middleware::Authentication Waiting for authentication timeout to pass 06.06.2016 17:28 Main Overriding exception handling 06.06.2016 17:28 Main Bootstrapping Zazzles 06.06.2016 17:28 Controller Initialize 06.06.2016 17:28 Entry Creating obj 06.06.2016 17:28 Controller Start 06.06.2016 17:28 Service Starting service 06.06.2016 17:28 Bus Became bus server 06.06.2016 17:28 Bus { "self": true, "channel": "Status", "data": "{\r\n \"action\": \"load\"\r\n}" } 06.06.2016 17:28 Bus Emmiting message on channel: Status ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 17:28 Client-Info Version: 0.10.6 06.06.2016 17:28 Client-Info OS: Windows 06.06.2016 17:28 Middleware::Authentication Waiting for authentication timeout to pass 06.06.2016 17:28 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt 06.06.2016 17:28 Data::RSA FOG Server CA cert found 06.06.2016 17:28 Middleware::Authentication Cert OK 06.06.2016 17:28 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService 06.06.2016 17:28 Middleware::Response Invalid security token ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 17:28 Client-Info Version: 0.10.6 06.06.2016 17:28 Client-Info OS: Windows 06.06.2016 17:28 Middleware::Authentication Waiting for authentication timeout to pass 06.06.2016 17:30 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt 06.06.2016 17:30 Data::RSA FOG Server CA cert found 06.06.2016 17:30 Middleware::Authentication Cert OK 06.06.2016 17:30 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService 06.06.2016 17:30 Middleware::Response Invalid security token ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 06.06.2016 17:30 Client-Info Version: 0.10.6 06.06.2016 17:30 Client-Info OS: Windows 06.06.2016 17:30 Middleware::Authentication Waiting for authentication timeout to passNow I have this again:
06.06.2016 17:30 Middleware::Response Invalid security token -
@jhuesser said in Active Directory join fails:
06.06.2016 17:24 Client-Info Version: 0.10.6
06.06.2016 17:24 Client-Info OS: Windows
06.06.2016 17:24 Middleware::Authentication Waiting for authentication timeout to pass
06.06.2016 17:24 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
06.06.2016 17:24 Data::RSA FOG Server CA cert found
06.06.2016 17:24 Middleware::Authentication Cert OK
06.06.2016 17:24 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
06.06.2016 17:24 Middleware::Response Invalid security token06.06.2016 17:24 Client-Info Version: 0.10.6
06.06.2016 17:24 Client-Info OS: Windows
06.06.2016 17:24 Middleware::Authentication Waiting for authentication timeout to pass
06.06.2016 17:24 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
06.06.2016 17:24 Data::RSA FOG Server CA cert found
06.06.2016 17:24 Middleware::Authentication Cert OK
06.06.2016 17:24 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
06.06.2016 17:24 Middleware::Response Invalid security tokenAlso, I notice the time, is it actually 17:24 there?
-
@Tom-Elliott Hmmm i just deployed it. I recived the “Image Task Completed”-Mail at 17:21 and then logged in. So I guess 17:24 could be true. Now it’s 17:34 local time.
-
@jhuesser Can you reset the encryption data on this host?
-
@Tom-Elliott like this?
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";
