Host list: connection timed out
-
Server
- FOG Version: 1.3.5
- OS: Ubuntu 16.04 LTS
Client
- Service Version: 0.11.11
- OS: Windows 7
Description
After installation all hosts were marked with a red exclamation mark with the error message: “no such device or address”. We tried to solve this by adding WINS-resolution and hostnames are now resolved properly on the server “getent hosts hostname”.
However, we now in FOG see a new error message “connection timed out”. We tried to adjust the Windows firewall following this guide: https://wiki.fogproject.org/wiki/index.php/Client_Setup#Firewall_Exceptions but it seems to be outdated since “C:\Program Files\FOG\FOGServiceConfig.exe” does not exist anymore. For which of the following EXEs do I need to add a firewall exception or is there another cause for this issue?
- FOGService.exe
- FOGTray.exe
- FOGUpdateHelper.exe
- FOGUpdateWaiter.exe
- FOGUserService.exe
Thanks for your help!
Update: our (hardware) XP-clients seem to work just fine, even without the FOG Client Service.
-
We solved by doing the following:
On the FOG-Server install Winbind:
sudo apt-get install -y winbind libnss-winbindEdit the Samba config:
# /etc/samba/smb.conf [global] ... workgroup = <domain/workgroup> ... wins server = <ipofyourwinsserver> ...Edit the nsswitch config:
# /etc/nsswitch.conf hosts: files dns winsReboot your server.
On the Windows 7 clients we had to add the following firewall rule:
netsh advfirewall firewall add rule name="FOG Service" dir=in action=allow remoteip=<ipofyourFOGserver> protocol=tcp localport=445That worked for us.
-
The FOG Client (and any of its files) have nothing to do with the “Ping”. Nor does the “Ping” have any effect on the hosts from functioning.
That said, port 445 on the Windows clients needs to be allowed. That should be all that’s needed.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
#wiki worthy
-
OK, so the status icon is a mere ping to the host -> copied that.
By port 445 being allowed on the Windows clients you mean outgoing connection. That means I do not need to allow any incoming connections anymore, right?
Wiki: We, the German Literature Archive (http://www.dla-marbach.de), would be willing to help in updating the wiki. We are introducing FOG now and document everything for ourselves anyway. However, I could not find a register button on the wiki page.
-
@alh said in Host list: connection timed out:
By port 445 being allowed on the Windows clients you mean outgoing connection.
Port 445 inbound. The fog server pings the host on port 445.
For wiki access, PM me your email address and I’ll get an account made for you.
-
@Wayne-Workman I send you the mail address.
Regarding our little issue I added to firewall rules to our Win7 clients:
- Allow incoming ICMPv4
- Allow incoming for FOGService
I can ping the clients by hostname from the FOG server but they still show up as
Connection timed out.in the host list.
And isn’t port 445 already used by a lot of system services likeNetlogon,File and Printer Sharing,Remote Service Management, etc.? -
@alh the FOG Ping service does not do a traditional ping, it uses port 445.
-
@Tom-Elliott Is this the same port for linux, like ubuntu 16.04 or debian 8? I also have the connection time out issue in the host menue.
If i enable the ufw firewall on ubutu and allow the port 445, the status changes from “connection timeout” to “connection refused”
I allowed these ports. (22 for ssh, 445 for the fog ping)
To Action From -- ------ ---- 22 ALLOW IN Anywhere 445 ALLOW IN Anywhere 22 (v6) ALLOW IN Anywhere (v6) 445 (v6) ALLOW IN Anywhere (v6) ``` -
@justeverything FOG uses port 445 to do ping.
Yes, it’s the same port number regardless of OS. How that port responds on different OS’ I cannot say.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott do you have any idea what I can try to fix this except opening the port on the host?
-
@justeverything If the port isn’t open on the host then it can’t communicate, simple as that, to be honest. It’s like trying to call someone who put everyone on a blocklist.
-
Or more accurately, it’s like calling a number that’s been removed from use. You could re-apply it relatively easily, but if you’re shying away from keeping it available for whatever reason, NO ONE will be able to call it to begin with.
-
@Tom-Elliott So to be clear here, this isn’t a traditional ICMP ping which is on the OSI layer 3 (IP) but instead a layer 4 port level connection test.
That is interesting idea. It would also be interesting to know how a linux or any other non-windows box would respond (assuming that samba was not loaded on a windows machine). To the connect request to port 445. I could see the device sending a nak back to the FOG server. Which I would guess is also a success response too.
-
@george1421 It’s a NetBIOS port (number 445) by default. As for if it’s usable or not on linux, well I don’t know. To be fair, I followed what was already in place, just neatened up the code base.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott Not throwing shade as the young folks would say on this. Its just a different concept and something we should be aware of if we are expecting an icmp ping. I just did a quick check at my office and I have linux machines that have samba and no samba installed so I can confirm / test if they respond as a windows machine does to a port level ping.
I have a meeting in a few minutes and will test afterwards.
-
If you don’t want to enable the port, you don’t have to. Understand the “ping” status is just a nicety and has no bearing on actual availability of a machine or any functionality of how FOG will operate.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott yes, I can confirm this - I don’t have to enable the ports, but I want to.
I like this feature very much and it would be sad If I won’t be able to use it. The problem with my setup is that it says “connection refused” although I enabled the port 445 both on the server and the host via ufw firewall.
Server OS is the latest debian 8 and Client OS is the latest Ubuntu 16.04
Maybe anyone has some ideas. Thanks in advance. :)) -
-
@justeverything I guess I would ask the question" If you open a command prompt on the linux server can you ping (icmp) the windows computer by is short name (or the name registered in fog)?
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
-
during testing I did find that the udp probe to hosts would aways return a success, even if the host didn’t exist (not a very successful test). This was using the netcat [nc] utility. The command used was
nc -zuvv <ip_addr> 445When I changed to use the tcp port then the answers were more in line with an icmp ping.
command usenc -zvv <ip_addr> 445- For a windows host answer was: Connection to <ip_addr> 445 port [tcp/microsoft-ds] succedded!
- For a linux host with samba installed: Connection to <ip_addr> 445 port [tcp/microsoft-ds] succedded!
- For a linux host without samba or anything listening on port 445: Connection to <ip_addr> 445 port (tcp) failed: No route to host.
For a host that doesn’t exist: Connection to <ip_addr> 445 port (tcp) failed: No route to host. (after about 5 sec timeout)
Does the selecting port ping work, yes as long as its a tcp connection attempt.
Why was that selected over an icmp ping, only the programmers of the past know.
