Windows 10 Domain Issue
-
@Tom-Elliott OK, I think I understand. Once I updated to Trunk, I went to “Service Configuration” and under “Client Management” and installed the new client from there before I made a new image. Looking at both the PC I made captured the image from, and the PC I deployed it to, they are both running FOG Service v 0.11.3
Is that the Client that you are talking about?
-
Please upload the fog.log from one of your problem hosts here. (Usually c:\fog.log).
-
@Joe-Schmitt This is the log file from a PC that I just tried to deploy to. Windows 10 works fine, but not on the domain like in the past with Windows 7. I’m sure I have something wrong. I see the following in the log, but from that same PC right now I can reach the DC. Not sure what I have wrong.
7/14/2016 2:36 PM Client-Info Client Version: 0.11.3
7/14/2016 2:36 PM Client-Info Client OS: Windows
7/14/2016 2:36 PM Client-Info Server Version: 8537
7/14/2016 2:36 PM Middleware::Response Success
7/14/2016 2:36 PM HostnameChanger Checking Hostname
7/14/2016 2:36 PM HostnameChanger Hostname is correct
7/14/2016 2:36 PM HostnameChanger Attempting to join active directory
7/14/2016 2:36 PM HostnameChanger The specified domain either does not exist or could not be contacted, code = 1355 -
Based on the error I’m seeing:
It sounds like it just can’t find your domain so it cannot connect to the domain.
-
@Tom-Elliott I wasn’t sure if that had something to do with the settings or something else. Once the PC boots after the image is deployed, and I log in, I can add it to the domain manually with the same credentials/information I entered into FOG.
-
@Towndrunk In the AD settings in FOG, are you using the FQDN or a sloppy name?
-
@Wayne-Workman I’m using the FQDN, Ottawacc.local I have tried it both ways, and in all three locations. . . Settings, Group, and Host settings.
-
@Towndrunk Try loosing the .local part.
-
@Wayne-Workman I will try it again now, with just Ottawacc. Is there one setting that overrides the other? If I am going to use this for every computer, would it be best to put it in the FOG Settings, or the Group Settings?
-
@Towndrunk said in Windows 10 Domain Issue:
Is there one setting that overrides the other?
Not sure what you’re referring to.
If I am going to use this for every computer, would it be best to put it in the FOG Settings, or the Group Settings?
First in FOG Settings, then use groups to apply the defaults. When it’s in FOG Settings, inside groups when you check the join domain checkbox - and the fields are already cleared - it’ll populate with the defaults you have in FOG Settings.
Also - just putting these things in FOG Settings ONLY will not automatically change settings on hosts. You have to tell fog to do this. This allows FOG to manage domain joining settings on a per-host basis. At my work, we have one fog server that joins computers to 2 different domains.
-
I think I found the issue. I had the settings in the Default FOG Settings, and had the “Join Domain after image task” checked in the Group, but there was no information in the settings. I unchecked it, and checked it again, and it populated with the data from the FOG Settings. It is now working like it should. Using Ottawacc.local. Thanks for the help.
-
@Towndrunk said in Windows 10 Domain Issue:
I think I found the issue. I had the settings in the Default FOG Settings, and had the “Join Domain after image task” checked in the Group, but there was no information in the settings. I unchecked it, and checked it again, and it populated with the data from the FOG Settings. It is now working like it should. Using Ottawacc.local. Thanks for the help.
@Tom-Elliott , just a heads up, remember I had that same issue in the past with the same workaround? Since I did my batch adding all hosts to one group to check and uncheck the join box, I haven’t had any issues.
-
@fry_p I wouldn’t call it a work around. This is how it’s done in fog. You set AD settings per-host or with groups.
-
@Wayne-Workman Then what is the point of having the defaults set? I have entered the AD defaults into fog configuration and have hostname changer enabled globally, should it not propagate to all hosts? When I then went to a host, the box is checked for domain join, but as @Towndrunk said, the AD info is blank until you uncheck then recheck. It’s not an issue any more for me though, just confused is all.
-
@fry_p Our big fog system manages computers that are on different domains. If the global defaults automatically cascaded to all hosts - we’d stop using the FOG Client and FOG for domain joining - because it’d cause a complete disaster. It’d probably upset enough people that we might even stop using fog altogether.
I’ve asked @Tom-Elliott to respond as well.
-
The way groups work is not a simple feat. The ideology of Groups are indeed overly simplistic, but that simplicity is one of the more powerful aspects, I think, of FOG.
A host is not refined to a single group. The ideology of what groups in fog does is basically a simpler means to associate a common configuration to all hosts within that group. This means you don’t (or shouldn’t) have to make those associations to all hosts in a “one at a time” kind of layout. This is where the “simplicity” of group’s come in.
However, the more complex bits of groups is that you can associate a specific set of things to all hosts and “cascade” through different groups only affecting the hosts within that group.
Why is this useful? As @Wayne-Workman said, the whole ideology of FOG is to be highly configurable to your needs. Is it perfect, not by any means, but this does mean you can associate Host settings (Kernel, KernelArgs, Boot types, etc…) dependent on the group you’re updating.
The way settings get displayed into groups is based on the basis that ALL hosts of that group have the exact same setting. This is on a per group element. For example, the kernel field will only display the kernel assigned (though I suppose I could add it to the group table as well) so long as all hosts in the group have the same kernel defined. Same for image association, kernel args, service settings, and active directory.
This means if you see a “blank field” it could be one of two states, either all hosts don’t have a setting for this field, or all hosts are not defined with the same information for that relevant field. This is intentional though. If we made all groups make changes to a host when they entered, at which group (when a host is assigned to multiple groups) should the host use it’s information?
Multigroup hosts is nice in that you can define a common setting for all hosts in one group, and apply another group layout of settings to all hosts in the other, while the “same hosts in both groups” group applies only the new information to the host.
For example, in a school you have Students and Teachers. In the labs, you may likely have a teacher system and the student systems.
If you have all clients of the lab in the same “lab” group and make changes, and you have the teacher in another group and just need to add a printer, you can do so without much trouble.
Yes you could still perform this same effect with a prewritten setting, but in the case of Active directory, (let’s just say your two labs are to two different domains) which group should be the one your client decides to use?
I’m sure I could go on for days, but I think this/these answers should suffice.
Yes, you can get the group to show the common settings so you’re aware, but you can also achieve what you’re looking for thanks to @george1421.
Here is the link: https://forums.fogproject.org/topic/6902/fog-1-3-persistent-groups
I don’t plan on adding this, but the beauty of the trigger that george created is that it is not needed for EVERY group you create, rather it’s a once and done kind of thing. Sure it could use some refinement, but this should achieve what you’re looking for. Again, though, it all depends on how you want to use the group system.
-
I know that this is marked as solved, but I wanted to see if I could follow up on this.
I have been adding a few computers for one department as a test so I can get my process down and I have ran into an issue. I have the computers added to the domain via FOG, however I was always logging in local to set things up before the user got the computer. Now that I was ready I logged into the domain for the first time and every computer has a domain trust relationship. When I go into AD and search the entire directory for those computers they aren’t there. I left all the Organization Unit information blank so that they would default to the Computers OU.
-
Another odd thing that I just found out, is that I can’t remove it from the domain either. I was just going to remove it from the domain, and add it back to see if it would establish the connection, and once I remove it and reboot, it comes right back on the domain. Is that a function of the FOG Client?
-
@Towndrunk Joining domain is a function of the FOG client. Of note, your image, with the fog client installed, should NOT be joined to the domain prior.
-
I guess I wouldn’t worry about looking at this since it is solved.
I imaged a computer that was activated and on the domain. After applying that imaged to another computer it says that is on the domain when I log in locally, however there is no trust relationship. Once I remove the PC from the domain, and reboot, it is added back to the domain and I’m able to log into the domain. It only does this if I remove it, not if I just reboot.
Once I log into the domain, I see that Windows is no longer activated, and it will not active with the same VLK that is in the computer I made the image from. I’m not sure what is going on, but I loaded an image from the Default Lenovo Windows 7 that we updated to Windows 10, and it activated with no issues. Not sure why it is a problem on the VLK. We are just going to use the other image and see what happens.
Is this normal, or just an issue with Windows 10? I used FOG with Windows 7 for years with no issues ever. Now it seems as though I can’t get anything to work together. Thanks for taking a look at this.