Windows 10 Domain Issue

Towndrunk

@Joe-Schmitt I did update to trunk. The version that I’m running right now has the option for a Windows 10 image. I’m able to capture and deploy a Windows 10 image using those settings. I just can’t get it to join the domain.

Tom Elliott

@Towndrunk I feel a need to clarify.

Windows 10 and Legacy Client will not work automatically, but it can work.

In the Windows 10 Image, get the RSAT Tools and enable (Follow this path)
Remote Server Administration Tools->Role Administration Tools->AD DS And AD LDS Tools->AD DS Tools->AD DS Snapin-ins and Command-line Tools

You don’t need anything else installed/enabled in RSAT for Domain joining to work on Windows 10 with the legacy client. However, I would not recommend using this as a means as it does enable the system to have relatively easy enabled access to actually look at and manage your Domain Controller from any system in your environment that has received this image. It will work, but it’s just easier to switch to the new client.

Tom Elliott

@Towndrunk The client is not FOG itself. The client is a separate file that you must install on the system images. FOG’s GUI having “Windows 10” in the list is only relevant to the image it’s referencing, it has nothing to do with the FOG Client software.

Wayne Workman

@Tom-Elliott @Towndrunk OR install the new client on your image.
https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#The_Different_Installers

There are two different clients. Legacy client and new client. You need the new client.

Updating to trunk does not mean all your images have the new client. Your images remain unchanged, in fact. You have to update them. Remove the old client, install the new client, re-capture and everything will work.

Towndrunk

@Tom-Elliott OK, I think I understand. Once I updated to Trunk, I went to “Service Configuration” and under “Client Management” and installed the new client from there before I made a new image. Looking at both the PC I made captured the image from, and the PC I deployed it to, they are both running FOG Service v 0.11.3

Is that the Client that you are talking about?

Joe Schmitt

Please upload the fog.log from one of your problem hosts here. (Usually c:\fog.log).

Towndrunk

@Joe-Schmitt This is the log file from a PC that I just tried to deploy to. Windows 10 works fine, but not on the domain like in the past with Windows 7. I’m sure I have something wrong. I see the following in the log, but from that same PC right now I can reach the DC. Not sure what I have wrong.

7/14/2016 2:36 PM Client-Info Client Version: 0.11.3
7/14/2016 2:36 PM Client-Info Client OS: Windows
7/14/2016 2:36 PM Client-Info Server Version: 8537
7/14/2016 2:36 PM Middleware::Response Success
7/14/2016 2:36 PM HostnameChanger Checking Hostname
7/14/2016 2:36 PM HostnameChanger Hostname is correct
7/14/2016 2:36 PM HostnameChanger Attempting to join active directory
7/14/2016 2:36 PM HostnameChanger The specified domain either does not exist or could not be contacted, code = 1355

0_1468597067288_fog.log

Tom Elliott

Based on the error I’m seeing:

https://social.technet.microsoft.com/Forums/en-US/6407eba2-58ac-4b07-9cf5-bddcffdcf19c/error-1355-the-specified-domain-either-does-not-exists-etc?forum=identitylifecyclemanager

It sounds like it just can’t find your domain so it cannot connect to the domain.

Towndrunk

@Tom-Elliott I wasn’t sure if that had something to do with the settings or something else. Once the PC boots after the image is deployed, and I log in, I can add it to the domain manually with the same credentials/information I entered into FOG.

Wayne Workman

@Towndrunk In the AD settings in FOG, are you using the FQDN or a sloppy name?

Towndrunk

@Wayne-Workman I’m using the FQDN, Ottawacc.local I have tried it both ways, and in all three locations. . . Settings, Group, and Host settings.

Wayne Workman

@Towndrunk Try loosing the .local part.

Towndrunk

@Wayne-Workman I will try it again now, with just Ottawacc. Is there one setting that overrides the other? If I am going to use this for every computer, would it be best to put it in the FOG Settings, or the Group Settings?

Wayne Workman

@Towndrunk said in Windows 10 Domain Issue:

Is there one setting that overrides the other?

Not sure what you’re referring to.

If I am going to use this for every computer, would it be best to put it in the FOG Settings, or the Group Settings?

First in FOG Settings, then use groups to apply the defaults. When it’s in FOG Settings, inside groups when you check the join domain checkbox - and the fields are already cleared - it’ll populate with the defaults you have in FOG Settings.

Also - just putting these things in FOG Settings ONLY will not automatically change settings on hosts. You have to tell fog to do this. This allows FOG to manage domain joining settings on a per-host basis. At my work, we have one fog server that joins computers to 2 different domains.

Towndrunk

I think I found the issue. I had the settings in the Default FOG Settings, and had the “Join Domain after image task” checked in the Group, but there was no information in the settings. I unchecked it, and checked it again, and it populated with the data from the FOG Settings. It is now working like it should. Using Ottawacc.local. Thanks for the help.

fry_p

@Towndrunk said in Windows 10 Domain Issue:

I think I found the issue. I had the settings in the Default FOG Settings, and had the “Join Domain after image task” checked in the Group, but there was no information in the settings. I unchecked it, and checked it again, and it populated with the data from the FOG Settings. It is now working like it should. Using Ottawacc.local. Thanks for the help.

@Tom-Elliott , just a heads up, remember I had that same issue in the past with the same workaround? Since I did my batch adding all hosts to one group to check and uncheck the join box, I haven’t had any issues.

Wayne Workman

@fry_p I wouldn’t call it a work around. This is how it’s done in fog. You set AD settings per-host or with groups.

fry_p

@Wayne-Workman Then what is the point of having the defaults set? I have entered the AD defaults into fog configuration and have hostname changer enabled globally, should it not propagate to all hosts? When I then went to a host, the box is checked for domain join, but as @Towndrunk said, the AD info is blank until you uncheck then recheck. It’s not an issue any more for me though, just confused is all.

Wayne Workman

@fry_p Our big fog system manages computers that are on different domains. If the global defaults automatically cascaded to all hosts - we’d stop using the FOG Client and FOG for domain joining - because it’d cause a complete disaster. It’d probably upset enough people that we might even stop using fog altogether.

I’ve asked @Tom-Elliott to respond as well.

Tom Elliott

The way groups work is not a simple feat. The ideology of Groups are indeed overly simplistic, but that simplicity is one of the more powerful aspects, I think, of FOG.

A host is not refined to a single group. The ideology of what groups in fog does is basically a simpler means to associate a common configuration to all hosts within that group. This means you don’t (or shouldn’t) have to make those associations to all hosts in a “one at a time” kind of layout. This is where the “simplicity” of group’s come in.

However, the more complex bits of groups is that you can associate a specific set of things to all hosts and “cascade” through different groups only affecting the hosts within that group.

Why is this useful? As @Wayne-Workman said, the whole ideology of FOG is to be highly configurable to your needs. Is it perfect, not by any means, but this does mean you can associate Host settings (Kernel, KernelArgs, Boot types, etc…) dependent on the group you’re updating.

The way settings get displayed into groups is based on the basis that ALL hosts of that group have the exact same setting. This is on a per group element. For example, the kernel field will only display the kernel assigned (though I suppose I could add it to the group table as well) so long as all hosts in the group have the same kernel defined. Same for image association, kernel args, service settings, and active directory.

This means if you see a “blank field” it could be one of two states, either all hosts don’t have a setting for this field, or all hosts are not defined with the same information for that relevant field. This is intentional though. If we made all groups make changes to a host when they entered, at which group (when a host is assigned to multiple groups) should the host use it’s information?

Multigroup hosts is nice in that you can define a common setting for all hosts in one group, and apply another group layout of settings to all hosts in the other, while the “same hosts in both groups” group applies only the new information to the host.

For example, in a school you have Students and Teachers. In the labs, you may likely have a teacher system and the student systems.

If you have all clients of the lab in the same “lab” group and make changes, and you have the teacher in another group and just need to add a printer, you can do so without much trouble.

Yes you could still perform this same effect with a prewritten setting, but in the case of Active directory, (let’s just say your two labs are to two different domains) which group should be the one your client decides to use?

I’m sure I could go on for days, but I think this/these answers should suffice.

Yes, you can get the group to show the common settings so you’re aware, but you can also achieve what you’re looking for thanks to @george1421.

Here is the link: https://forums.fogproject.org/topic/6902/fog-1-3-persistent-groups

I don’t plan on adding this, but the beauty of the trigger that george created is that it is not needed for EVERY group you create, rather it’s a once and done kind of thing. Sure it could use some refinement, but this should achieve what you’re looking for. Again, though, it all depends on how you want to use the group system.