• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Image upload & deploy taking a long time

Scheduled Pinned Locked Moved Solved
FOG Problems
10
64
31.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    george1421 Moderator @Brad Schumann
    last edited by george1421 Sep 28, 2017, 9:00 AM Sep 28, 2017, 2:59 PM

    @brad-schumann Dind, ding, ding we have our answer.

    Bitlocker encrypted drive == raw data file to fog.

    Bitlocker needs to be activated after the target system has been created not before its captured.

    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

    B 1 Reply Last reply Sep 28, 2017, 6:11 PM Reply Quote 0
    • B
      Brad Schumann @george1421
      last edited by Sep 28, 2017, 6:11 PM

      @george1421 But we don’t activate/use Bitlocker…
      0_1506622282318_bitlocker.PNG

      T 1 Reply Last reply Sep 28, 2017, 6:37 PM Reply Quote 0
      • T
        THEMCV @Brad Schumann
        last edited by THEMCV Sep 28, 2017, 12:42 PM Sep 28, 2017, 6:37 PM

        @brad-schumann Try this, I ran into this on Surface’s.

        Open command prompt as admin.

        manage-bde -off 😄

        manage-bde -status 😄

        Fingers crossed that it will fix it. In my case, Windows was by default encrypting the free space which caused issues.

        X W 2 Replies Last reply Sep 28, 2017, 7:42 PM Reply Quote 4
        • S
          Sebastian Roth Moderator
          last edited by Sep 28, 2017, 7:26 PM

          OMG!!! Thank god we figured this out. I thought I was lost in this.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 2
          • X
            x23piracy @THEMCV
            last edited by Wayne Workman Sep 28, 2017, 7:14 PM Sep 28, 2017, 7:42 PM

            @themcv said in Image upload & deploy taking a long time:

            @brad-schumann Try this, I ran into this on Surface’s.

            Open command prompt as admin.

            manage-bde -off 😄

            manage-bde -status 😄

            Fingers crossed that it will fix it. In my case, Windows was by default encrypting the free space which caused issues.

            @Wayne-Workman #wiki worthy!

            ║▌║█║▌│║▌║▌█

            1 Reply Last reply Reply Quote 4
            • T
              THEMCV
              last edited by Sep 28, 2017, 7:46 PM

              @Sebastian-Roth Glad I could help. Yeah, I hate that Windows gives you the option to “Turn On Bitlocker”, but don’t tell you that the free space is encrypted. I am not sure if this is a something with the latest update/service pack for Windows 10, but I know that I’ve only seen it on Surface’s so far. I haven’t made an image for the latest Windows 10 so we’ll see. 🙂

              @x23piracy You’re too kind. 😉

              B 1 Reply Last reply Sep 28, 2017, 8:38 PM Reply Quote 3
              • B
                Brad Schumann @THEMCV
                last edited by Sep 28, 2017, 8:38 PM

                @themcv @Sebastian-Roth That is looking to be the fix… The on server size now shows ~48GB and only took 15min to upload to the server. I am deploying the image to another laptop and the ETA is 12min. Thank you for your help. FYI, we build our images from scratch with Win10 download from Microsoft with a SA agreement so it must be a built in thing 😞 .

                1 Reply Last reply Reply Quote 1
                • W
                  Wayne Workman
                  last edited by Sep 29, 2017, 1:19 AM

                  @THEMCV @Sebastian-Roth @george1421 I need to clairify because I’ve not been following this thread and don’t really understand fully the problem or solution.

                  I understand the hardware is: Dell latitude 5580 laptop & Surface Pro

                  FOG was taking an image as RAW for some reason? Why?
                  @THEMCV What does the answer you posted do to fix it?
                  Might other hardware models have this problem?
                  What’s the best way to word the problem?

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                  Daily Clean Installation Results:
                  https://fogtesting.fogproject.us/
                  FOG Reporting:
                  https://fog-external-reporting-results.fogproject.us/

                  T 2 Replies Last reply Sep 29, 2017, 1:29 AM Reply Quote 0
                  • T
                    THEMCV @Wayne Workman
                    last edited by Sep 29, 2017, 1:29 AM

                    @wayne-workman The problem is Microsoft is pushing for more BitLocker, so while it is technically off, it is encrypting the free space on the drive causing FOG to want to make it a raw image. I don’t know if this is just on pre installs or with the latest version of Windows, but I ran into this with the latest Surface Pro.

                    X 1 Reply Last reply Sep 29, 2017, 6:58 AM Reply Quote 0
                    • T
                      THEMCV @Wayne Workman
                      last edited by Sep 29, 2017, 1:32 AM

                      @wayne-workman manage-bde -status shows if BitLocker is encrypting the free space and -off starts the decryption process

                      1 Reply Last reply Reply Quote 0
                      • S
                        Sebastian Roth Moderator
                        last edited by Sebastian Roth Sep 28, 2017, 11:07 PM Sep 29, 2017, 5:03 AM

                        Though this is fixed I wanted to look into this a bit more to understand why this has happened and if we can do something about it to detect this. I am not sure if I can confirm the “free space encrypted” information. Reading this it sounds as if BitLocker was in a state of already encrypted (full disk) but not “activated” (whatever that means):

                        Waiting for Activation - BitLocker is enabled with a clear protector key and requires further action to be fully protected.

                        Though I am still not sure if and how we would be able to detect this. Oh wow, reading about this I just found out that you can actually mount bitlocker partitions from linux. Shall we add this to FOG?!? Well, we would need to ask people if they want to clone fast but have an unencrypted clone (mount bitlocked drive and do a file-aware cloning) or slow and have it encrypted on the destination. I don’t think we will be able to generate a fast and also encrypted target. So I reckon it’s not worth adding this feature at all.

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        G 1 Reply Last reply Sep 29, 2017, 10:03 AM Reply Quote 0
                        • X
                          x23piracy @THEMCV
                          last edited by Sep 29, 2017, 6:58 AM

                          @themcv afaik this is only enabled in the preinstall of the os the surface is shipped with (recovery).
                          I never saw that problem with my own images.

                          Regards X23

                          ║▌║█║▌│║▌║▌█

                          1 Reply Last reply Reply Quote 1
                          • T
                            Taspharel
                            last edited by Sep 29, 2017, 7:43 AM

                            Same here, working with a clean Windows 10 1703 Professional Version, no such problems.

                            1 Reply Last reply Reply Quote 2
                            • G
                              george1421 Moderator @Sebastian Roth
                              last edited by Sep 29, 2017, 10:03 AM

                              @sebastian-roth I would wonder if a cloned bitlocker drive (copied in block mode) would be even usable. If it was usable someone who wanted access to the data could just clone the drive and access the data on a different computer. Also on the second computer the tpm chip would be different so in theory the cloned image shouldn’t boot. Again would good would encryption be if a second computer could just access the drive?

                              I also question the value of encrypting only the free space. I can’t see any value at all for that, other than someone couldn’t access any data files that were erased.

                              I haven’t seen this issue before either, but we always build our reference images on virtual machines that don’t have access to a tpm chip.

                              In a way FOG IS already detecting this drive state, it knows its not a readable NT formatted drive and it switches to raw mode. We would just have to understand what FOG was seeing in this instance to see if we could identify the drive being protected by bit locker and notify the IT admin. That notification could also present the commands kindly provided by @THEMCV so the IT admin would know how to fix the issue.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                              1 Reply Last reply Reply Quote 0
                              • Q
                                Quazz Moderator
                                last edited by Sep 29, 2017, 10:41 AM

                                As far as I understand, by default in Surface Pro images, Bitlocker encryption exists, but if you ‘turn it off’, what actually happens is that it simply grants access to everyone. The drive will appear ‘not valid NTFS’ to most tools as a consequence, of course, but it should work.

                                G 1 Reply Last reply Sep 29, 2017, 11:27 AM Reply Quote 0
                                • G
                                  george1421 Moderator @Quazz
                                  last edited by george1421 Sep 29, 2017, 5:28 AM Sep 29, 2017, 11:27 AM

                                  @quazz So should that be added to a KB somewhere? i.e. if you have a surface pro, before you sysprep run these commands to remove bit locker so it can be cloned by FOG? Like in the FOG Client section similar to the requirements we have for the FOG Client Service? It is a prep step that is required to be successfully cloned by fog.

                                  General question: Is this “condition” isolated to only MS Surface or is it any OEM installed Win10?

                                  (I have no clue on this since I haven’t been exposed to bit locker as of now) The other part of me wonders if FOG copies that volume as RAW and since it is encrypted with Bit Locker, is that unused space even usable on the cloned system? The TPM chip key would be different so I would assume the encrypted bits would be inaccessible on the new system.

                                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                  Q 1 Reply Last reply Sep 29, 2017, 11:29 AM Reply Quote 0
                                  • Q
                                    Quazz Moderator @george1421
                                    last edited by Sep 29, 2017, 11:29 AM

                                    @george1421 It will probably depend on the vendor whether it’s enabled in their image or not. You can expect it on every Microsoft device at least.

                                    I don’t think bitlocker encrypts just empty space or anything, simply the entire volume. But if bitlocker is ‘off’ then it doesn’t check with TPM chip. You’ll likely only run into issues when you try to enable it since the bitlocker key won’t match the TPM chip.

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      Sebastian Roth Moderator
                                      last edited by Sep 30, 2017, 8:52 AM

                                      I just had a quick look at the dislocker code and figured that it’s fairly simple to detect a bitlocker partition. For those interested, see here and here. Should be fairly simple to add some detection code to our inits. I’ve got that on my (long) list of things to do… 🙂

                                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                      Wayne WorkmanW 1 Reply Last reply Oct 1, 2017, 3:39 PM Reply Quote 3
                                      • Wayne WorkmanW
                                        Wayne Workman @Sebastian Roth
                                        last edited by Oct 1, 2017, 3:39 PM

                                        @sebastian-roth said in Image upload & deploy taking a long time:

                                        I just had a quick look at the dislocker code and figured that it’s fairly simple to detect a bitlocker partition. For those interested, see here and here. Should be fairly simple to add some detection code to our inits. I’ve got that on my (long) list of things to do… 🙂

                                        I think if we could at minimum accomplish detecting if a disk is a bitlocker partition or not would be a large advancement - if the inits detect it, they can throw a fat error saying “Please turn off bitlocker in the OS, use this command to do it: blah, Then try to capture again”

                                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                        Daily Clean Installation Results:
                                        https://fogtesting.fogproject.us/
                                        FOG Reporting:
                                        https://fog-external-reporting-results.fogproject.us/

                                        1 Reply Last reply Reply Quote 1
                                        • S
                                          Sebastian Roth Moderator
                                          last edited by Oct 27, 2017, 3:34 PM

                                          @Brad-Schumann @george1421 @Quazz @Taspharel @THEMCV @Wayne-Workman @x23piracy Bitlocker detection has been added to the code (currently being reviewed). Is anyone able and keen to test?

                                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                          THEMCVT 1 Reply Last reply Oct 27, 2017, 6:40 PM Reply Quote 1
                                          • 1
                                          • 2
                                          • 3
                                          • 4
                                          • 3 / 4
                                          • First post
                                            Last post

                                          219

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project