Active Directory join fails

jhuesser · Jun 6, 2016, 6:59 AM

Hi
I found a lot of topics with that title, but none solved my problem.

I’m using Fog trunk 7965, Windows 8.1 clients and do sysprep before upload.

First I tried to define an OU and the join failed. I guess it was because of the spaces in the OUs name. So I left the OU empty, but it still fails.
This is the fog.log file on the client:

 06.06.2016 10:50 Main Overriding exception handling
 06.06.2016 10:50 Main Bootstrapping Zazzles
 06.06.2016 10:50 Controller Initialize
 06.06.2016 10:50 Entry Creating obj
 06.06.2016 10:50 Controller Start

 06.06.2016 10:50 Service Starting service
 06.06.2016 10:50 Bus Became bus server
 06.06.2016 10:50 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\r\n  \"action\": \"load\"\r\n}"
}
 06.06.2016 10:50 Bus Emmiting message on channel: Status

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 10:50 Client-Info Version: 0.10.6
 06.06.2016 10:50 Client-Info OS:      Windows
 06.06.2016 10:50 Middleware::Authentication Waiting for authentication timeout to pass
 06.06.2016 10:50 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
 06.06.2016 10:50 Data::RSA FOG Server CA cert found
 06.06.2016 10:50 Middleware::Authentication Cert OK
 06.06.2016 10:50 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
 06.06.2016 10:50 Middleware::Response Invalid security token

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 10:50 Client-Info Version: 0.10.6
 06.06.2016 10:50 Client-Info OS:      Windows
 06.06.2016 10:50 Middleware::Authentication Waiting for authentication timeout to pass
 06.06.2016 10:52 Main Overriding exception handling
 06.06.2016 10:52 Main Bootstrapping Zazzles
 06.06.2016 10:52 Controller Initialize
 06.06.2016 10:52 Entry Creating obj
 06.06.2016 10:52 Controller Start

 06.06.2016 10:52 Service Starting service
 06.06.2016 10:53 Bus Became bus server
 06.06.2016 10:53 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\r\n  \"action\": \"load\"\r\n}"
}
 06.06.2016 10:53 Bus Emmiting message on channel: Status

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 10:53 Client-Info Version: 0.10.6
 06.06.2016 10:53 Client-Info OS:      Windows
 06.06.2016 10:53 Middleware::Authentication Waiting for authentication timeout to pass
 06.06.2016 10:53 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
 06.06.2016 10:53 Data::RSA FOG Server CA cert found
 06.06.2016 10:53 Middleware::Authentication Cert OK
 06.06.2016 10:53 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
 06.06.2016 10:53 Middleware::Response Invalid security token

Because it says somthing about Invalid security token I’ve tried this:

UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";

Also I’ve created the c:\windows\setup\scripts\SetupComplete.cmd with this content and deactivated the Fog-Service before sysprep.

sc config FOGService start= auto
net start FOGService

Sometimes the fog.log also says something about Hostnamechanger couldn’t make change because enforcement is not active and users are logged in, but that’s not true. Also after a restart nothing changes. The hostanmechanger module is activated in service and service settings in fog.

URfog · Jun 6, 2016, 9:30 AM

Did you stop FOGService before sysprep? I was dealing with that until I noticed that sysprepping the service was an error.

jhuesser · Jun 6, 2016, 9:36 AM

Yes. as i wrote.

@jhuesser said in Active Directory join fails:

Also I’ve created the c:\windows\setup\scripts\afterSetup.cmd with this content and deactivated the Fog-Service before sysprep.
sc config FOGService start= auto
net start FOGService

Quazz · Jun 6, 2016, 12:46 PM

@jhuesser Not 100% but I believe the script file needs to be called SetupComplete.cmd

jhuesser · Jun 6, 2016, 12:52 PM

@Quazz oh, yes thank you, this is i typo. called it SetupComplete.cmd on the system and it works fine (enables the service after setup).

Sebastian Roth · Jun 6, 2016, 1:04 PM

Ok, marking this solved. Thanks @Quazz for finding this.

jhuesser · Jun 6, 2016, 1:06 PM

@Sebastian-Roth no this is not solved. It was a typo i nthis post, but correct on the system.

Wayne Workman · Jun 6, 2016, 1:41 PM

@jhuesser The error says invalid security token. Step one is to ensure the time is set, correct, in the same time zone, and syncronized on 1. The fog server, 2. The domain controller(s), and 3. on the hosts you’re trying to join.

After verifying that, you can try to “reset encryption” for the problematic host and see if that fixes it.

Note that simply clicking the “reset encryption” button when time is not synchronized will not fix your issue.

jhuesser · Jun 6, 2016, 2:17 PM

@Wayne-Workman thank you for your answer. Selected mit timezone in FOG_TZ_INFO.
The command date displays the correct time in the shell. DC is also fine, Client too. The logfile looks like this now:

0_1465222630314_fog.log

It says

 06.06.2016 16:08 HostnameChanger Users still logged in and enforce is disabled, delaying any further actions

But still, after a reboot it doesn’t do anything. Also i set the tick in FOG_ENFORCE_HOST_CHANGES and on the host settings at Make changes even when users are logged on?

So it should do the steps, even if a user is logged on, shouldn’t it?

Wayne Workman · Jun 6, 2016, 2:39 PM

@jhuesser Yes. The last thing to check is to ensure all the client services are enabled for the problematic host.

Can you post the entire log file?

jhuesser · Jun 6, 2016, 2:42 PM

@Wayne-Workman hmm are you unable to open it? posted it here and works for me

@jhuesser said in Active Directory join fails:

0_1465222630314_fog.log

It’s to big to embeed it as plain text.

Wayne Workman · Jun 6, 2016, 2:47 PM

@jhuesser I can read that one, I must have just overlooked the other.

The user tracker area says invalid time:
06.06.2016 16:08 Middleware::Response Invalid time

I wonder if that has anything to do with it?

Tom Elliott · Jun 6, 2016, 2:59 PM

What happens if you update?

jhuesser · Jun 6, 2016, 3:01 PM

@Wayne-Workman hmm true, didn’t saw that. but the histogram on the fog start page shows the correct time. I don’t know where this error comes from…

jhuesser · Jun 6, 2016, 3:07 PM

@Tom-Elliott You mean updating fog to the latest trunk? will try that, but first make a backup.

jhuesser · Jun 6, 2016, 3:32 PM

@Tom-Elliott So now I’m on trunk 7981.

Still doesn’t work. This is my logfile:

 06.06.2016 17:24 Main Overriding exception handling
 06.06.2016 17:24 Main Bootstrapping Zazzles
 06.06.2016 17:24 Controller Initialize
 06.06.2016 17:24 Entry Creating obj
 06.06.2016 17:24 Controller Start

 06.06.2016 17:24 Service Starting service
 06.06.2016 17:24 Bus Became bus server
 06.06.2016 17:24 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\r\n  \"action\": \"load\"\r\n}"
}
 06.06.2016 17:24 Bus Emmiting message on channel: Status

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 17:24 Client-Info Version: 0.10.6
 06.06.2016 17:24 Client-Info OS:      Windows
 06.06.2016 17:24 Middleware::Authentication Waiting for authentication timeout to pass
 06.06.2016 17:24 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
 06.06.2016 17:24 Data::RSA FOG Server CA cert found
 06.06.2016 17:24 Middleware::Authentication Cert OK
 06.06.2016 17:24 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
 06.06.2016 17:24 Middleware::Response Invalid security token

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 17:24 Client-Info Version: 0.10.6
 06.06.2016 17:24 Client-Info OS:      Windows
 06.06.2016 17:24 Middleware::Authentication Waiting for authentication timeout to pass
 06.06.2016 17:26 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
 06.06.2016 17:26 Data::RSA FOG Server CA cert found
 06.06.2016 17:26 Middleware::Authentication Cert OK
 06.06.2016 17:26 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
 06.06.2016 17:26 Middleware::Response Invalid security token

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 17:26 Client-Info Version: 0.10.6
 06.06.2016 17:26 Client-Info OS:      Windows
 06.06.2016 17:26 Middleware::Authentication Waiting for authentication timeout to pass
 06.06.2016 17:28 Main Overriding exception handling
 06.06.2016 17:28 Main Bootstrapping Zazzles
 06.06.2016 17:28 Controller Initialize
 06.06.2016 17:28 Entry Creating obj
 06.06.2016 17:28 Controller Start

 06.06.2016 17:28 Service Starting service
 06.06.2016 17:28 Bus Became bus server
 06.06.2016 17:28 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\r\n  \"action\": \"load\"\r\n}"
}
 06.06.2016 17:28 Bus Emmiting message on channel: Status

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 17:28 Client-Info Version: 0.10.6
 06.06.2016 17:28 Client-Info OS:      Windows
 06.06.2016 17:28 Middleware::Authentication Waiting for authentication timeout to pass
 06.06.2016 17:28 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
 06.06.2016 17:28 Data::RSA FOG Server CA cert found
 06.06.2016 17:28 Middleware::Authentication Cert OK
 06.06.2016 17:28 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
 06.06.2016 17:28 Middleware::Response Invalid security token

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 17:28 Client-Info Version: 0.10.6
 06.06.2016 17:28 Client-Info OS:      Windows
 06.06.2016 17:28 Middleware::Authentication Waiting for authentication timeout to pass
 06.06.2016 17:30 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
 06.06.2016 17:30 Data::RSA FOG Server CA cert found
 06.06.2016 17:30 Middleware::Authentication Cert OK
 06.06.2016 17:30 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
 06.06.2016 17:30 Middleware::Response Invalid security token

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 06.06.2016 17:30 Client-Info Version: 0.10.6
 06.06.2016 17:30 Client-Info OS:      Windows
 06.06.2016 17:30 Middleware::Authentication Waiting for authentication timeout to pass

Now I have this again:

 06.06.2016 17:30 Middleware::Response Invalid security token

Tom Elliott · Jun 6, 2016, 3:33 PM

@jhuesser said in Active Directory join fails:

06.06.2016 17:24 Client-Info Version: 0.10.6
06.06.2016 17:24 Client-Info OS: Windows
06.06.2016 17:24 Middleware::Authentication Waiting for authentication timeout to pass
06.06.2016 17:24 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
06.06.2016 17:24 Data::RSA FOG Server CA cert found
06.06.2016 17:24 Middleware::Authentication Cert OK
06.06.2016 17:24 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
06.06.2016 17:24 Middleware::Response Invalid security token

06.06.2016 17:24 Client-Info Version: 0.10.6
06.06.2016 17:24 Client-Info OS: Windows
06.06.2016 17:24 Middleware::Authentication Waiting for authentication timeout to pass
06.06.2016 17:24 Middleware::Communication Download: http://10.20.2.60/fog/management/other/ssl/srvpublic.crt
06.06.2016 17:24 Data::RSA FOG Server CA cert found
06.06.2016 17:24 Middleware::Authentication Cert OK
06.06.2016 17:24 Middleware::Communication POST URL: http://10.20.2.60/fog/management/index.php?sub=requestClientInfo&authorize&newService
06.06.2016 17:24 Middleware::Response Invalid security token

Also, I notice the time, is it actually 17:24 there?

jhuesser · Jun 6, 2016, 3:35 PM

@Tom-Elliott Hmmm i just deployed it. I recived the “Image Task Completed”-Mail at 17:21 and then logged in. So I guess 17:24 could be true. Now it’s 17:34 local time.

Tom Elliott · Jun 6, 2016, 3:35 PM

@jhuesser Can you reset the encryption data on this host?

jhuesser · Jun 6, 2016, 9:38 AM

@Tom-Elliott like this?

UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";

Active Directory join fails

172

12.0k

17.3k

155.2k