Windows 10 Domain Issue
-
@Wayne-Workman Then what is the point of having the defaults set? I have entered the AD defaults into fog configuration and have hostname changer enabled globally, should it not propagate to all hosts? When I then went to a host, the box is checked for domain join, but as @Towndrunk said, the AD info is blank until you uncheck then recheck. It’s not an issue any more for me though, just confused is all.
-
@fry_p Our big fog system manages computers that are on different domains. If the global defaults automatically cascaded to all hosts - we’d stop using the FOG Client and FOG for domain joining - because it’d cause a complete disaster. It’d probably upset enough people that we might even stop using fog altogether.
I’ve asked @Tom-Elliott to respond as well.
-
The way groups work is not a simple feat. The ideology of Groups are indeed overly simplistic, but that simplicity is one of the more powerful aspects, I think, of FOG.
A host is not refined to a single group. The ideology of what groups in fog does is basically a simpler means to associate a common configuration to all hosts within that group. This means you don’t (or shouldn’t) have to make those associations to all hosts in a “one at a time” kind of layout. This is where the “simplicity” of group’s come in.
However, the more complex bits of groups is that you can associate a specific set of things to all hosts and “cascade” through different groups only affecting the hosts within that group.
Why is this useful? As @Wayne-Workman said, the whole ideology of FOG is to be highly configurable to your needs. Is it perfect, not by any means, but this does mean you can associate Host settings (Kernel, KernelArgs, Boot types, etc…) dependent on the group you’re updating.
The way settings get displayed into groups is based on the basis that ALL hosts of that group have the exact same setting. This is on a per group element. For example, the kernel field will only display the kernel assigned (though I suppose I could add it to the group table as well) so long as all hosts in the group have the same kernel defined. Same for image association, kernel args, service settings, and active directory.
This means if you see a “blank field” it could be one of two states, either all hosts don’t have a setting for this field, or all hosts are not defined with the same information for that relevant field. This is intentional though. If we made all groups make changes to a host when they entered, at which group (when a host is assigned to multiple groups) should the host use it’s information?
Multigroup hosts is nice in that you can define a common setting for all hosts in one group, and apply another group layout of settings to all hosts in the other, while the “same hosts in both groups” group applies only the new information to the host.
For example, in a school you have Students and Teachers. In the labs, you may likely have a teacher system and the student systems.
If you have all clients of the lab in the same “lab” group and make changes, and you have the teacher in another group and just need to add a printer, you can do so without much trouble.
Yes you could still perform this same effect with a prewritten setting, but in the case of Active directory, (let’s just say your two labs are to two different domains) which group should be the one your client decides to use?
I’m sure I could go on for days, but I think this/these answers should suffice.
Yes, you can get the group to show the common settings so you’re aware, but you can also achieve what you’re looking for thanks to @george1421.
Here is the link: https://forums.fogproject.org/topic/6902/fog-1-3-persistent-groups
I don’t plan on adding this, but the beauty of the trigger that george created is that it is not needed for EVERY group you create, rather it’s a once and done kind of thing. Sure it could use some refinement, but this should achieve what you’re looking for. Again, though, it all depends on how you want to use the group system.
-
I know that this is marked as solved, but I wanted to see if I could follow up on this.
I have been adding a few computers for one department as a test so I can get my process down and I have ran into an issue. I have the computers added to the domain via FOG, however I was always logging in local to set things up before the user got the computer. Now that I was ready I logged into the domain for the first time and every computer has a domain trust relationship. When I go into AD and search the entire directory for those computers they aren’t there. I left all the Organization Unit information blank so that they would default to the Computers OU.
-
Another odd thing that I just found out, is that I can’t remove it from the domain either. I was just going to remove it from the domain, and add it back to see if it would establish the connection, and once I remove it and reboot, it comes right back on the domain. Is that a function of the FOG Client?
-
@Towndrunk Joining domain is a function of the FOG client. Of note, your image, with the fog client installed, should NOT be joined to the domain prior.
-
I guess I wouldn’t worry about looking at this since it is solved.
I imaged a computer that was activated and on the domain. After applying that imaged to another computer it says that is on the domain when I log in locally, however there is no trust relationship. Once I remove the PC from the domain, and reboot, it is added back to the domain and I’m able to log into the domain. It only does this if I remove it, not if I just reboot.
Once I log into the domain, I see that Windows is no longer activated, and it will not active with the same VLK that is in the computer I made the image from. I’m not sure what is going on, but I loaded an image from the Default Lenovo Windows 7 that we updated to Windows 10, and it activated with no issues. Not sure why it is a problem on the VLK. We are just going to use the other image and see what happens.
Is this normal, or just an issue with Windows 10? I used FOG with Windows 7 for years with no issues ever. Now it seems as though I can’t get anything to work together. Thanks for taking a look at this.
-
@Tom-Elliott I made a new Image, and checked that it was not joined to the domain. I have the default credentials in the Fog Settings and made sure that the Host I was deploying the new image to was set to add to the domain. I also made sure that I ran all the updates on the FOG server and put the new client on the new Image
Once I deploy, the image works fine but it does not add to the domain. I went to the log and this is what I get. I know it can talk to the domain because if I use the same credentials I put into FOG it adds with no issues.
7/25/2016 10:01 AM FOG::HostnameChanger Attempting to join domain if not already a member…
7/25/2016 10:01 AM FOG::HostnameChanger Domain Error! (‘Unknown Error’ Code: 1326)7/25/2016 10:02 AM FOG::UserTracker Event: LOGIN for TEST-TEST-TEST\User
7/25/2016 10:02 AM FOG::UserTracker Unhandled Response from server:
7/25/2016 10:02 AM FOG::PrinterManager Failed to connect to fog server!
7/25/2016 10:02 AM FOG::PrinterManager This is typically caused by a network error!
7/25/2016 10:02 AM FOG::PrinterManager Sleeping for 1 minute. -
@Towndrunk that log indicated you are still using the legacy client.
-
It also seems to indicate a FOG version that had this broken.
What version of FOG are you running @Towndrunk?
-
I updated it on Friday before I made my new base image. After making the image I went to Service Configuration and downloaded/installed the FOG Client from there. I was assuming that was the most up to date version.
I just checked and I appear to be out of date now, but I’m running the following.
Running Version 1.3.0-RC-1
SVN Revision: 5936 -
@Towndrunk But if you updated, why is your client still using the legacy client?
While it is true the “new client” does autoupdate, that’s only if the new client is installed on the image. If you have the old fog client installed, you are not working with the new client.
-
-
I just ran the update, and then downloaded the client again to install. When I tried to install it, I received a message telling me to “Please uninstall the legacy client and re-run this installer”. I went to Programs and Features and uninstalled the FOG Service, and rebooted. When I go back in and try to run the install I get the same message.
Running Version 1.3.0-RC-2
SVN Revision: 5937 -
-
@Tom-Elliott Thanks, I found that while I was searching after I posted. I don’t have any Keys starting with 91C5D423 in that location. I was thinking the same thing, searing the registry to remove anything related to FOG Service, but I wanted to see if I was missing something first.
Is it possible that it is another entry in that same location?
-
@Towndrunk that is the exact registry key the new client uses to detect a legacy installation. If the installer reports that the legacy client is still on your system than that registry key must exist.(make sure to include the curly brace in your search). If it still doesn’t show then search the whole registry for that exact key, and if you could report your findings.
It may be in a different root folder, but the path will always contain
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
and be in the local machine root section. -
@Joe-Schmitt thanks for the response. I did a search for it and found it in another directory. The directory below is where I found it, not sure how you make it red like yours. I removed it and was able to install the new client. I’m going to do another capture and see if I get a different response.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
-
Thanks so much for the help. I would not have figured that out without your help. Once I remove the old client, updated to the new, and ran a new capture. . . I’m able to deploy with no issues now. It is adding to the domain as we had hoped now.
-
@Towndrunk said in Windows 10 Domain Issue:
I imaged a computer that was activated and on the domain. After applying that imaged to another computer it says that is on the domain when I log in locally, however there is no trust relationship.
If your image is already joined to the domain, you will have nothing but problems, and major ones at that. There is no imaging solution made by anyone that would suggest taking an image from a domain-bound computer. They all suggest exactly the opposite, take an image of an un-bound system.