Active Directory Join Failing



  • Hello all,

    Can’t seem to get my clients to join AD…

    FOG Server Version: 1.5.0-RC-13
    FOG Client Version: 0.11.15 (Upgraded after having same problems with 0.11.14 that came with 1.5.0-RC-13)
    Host is Windows 10 1709 Education Edition

    FOG Active Directory Tab for Host:

    Domain Name: domain.lan
    Org Unit: blank
    Domain Username: SF
    Domain Password: Entered and manually confirmed correct
    Domain Password Legacy: Left Blank (However, I tried by using FOGCrypt on that as well, no luck)

    FOG.log on host is showing:

    HostnameChanger Logon failure: unknown username or bad password, code = 1326

    SF account is getting locked on domain. And Security Event Log on DC is showing bad password. (So at least I know the FOG Client is passing the correct username)

    Any ideas?

    Thanks,

    Jeff


  • Senior Developer

    Where have you changed the Password?


  • Senior Developer

    @Tom-Elliott it seems the server is not sending the password correct.



  • @joe-schmitt

    OK, I performed that procedure and I can see the password that it is passing is no where near correct…

    Looks like it is an encrypted version??? (I can’t even tell what one of the characters is)


  • Senior Developer

    @jeffscott the quickest way to see what’s going on is to do the following steps on a problematic machine:

    • Open an administrative CMD, and run net stop fogservice
    • Navigate to your FOG server’s web portal, select the host you are working on and perform these steps:
      • Press Reset Encryption Data if its an option
    • Download our Debugger.exe and run it
    • The Debugger will open a console that has a fog: prompt, please enter these commands, pressing enter after each one (replace {server-ip} with your actual FOG server IP):
      • middleware configuration server http://{server-ip}/fog
      • middleware authentication handshake
      • dump cycle save

    The debugger should point you to a FOGCycle.txt file. This contains all the information the server tells the client, completely decrypted. Can you make sure the hostnamechanger section has the correct active directory login/OU information? You can then hopefully debug the problem better and identify what credential the client is receiving.

    To clean up:

    • Close the debugger
    • click Reset Encryption Data again on the host in the gui
    • start back up the fog service if you want

    @Moderators feel free to copy & paste these steps for people with similair issues in the future. The steps shouldn’t change in the foreseeable future.



  • @Joe-Schmitt what are your thoughts on this?



  • @wayne-workman

    Yes, I’ve tried that several times. Even tried using the Domain Admin…



  • @jeffscott said in Active Directory Join Failing:

    Evidently, it is not passing the correct password…

    Correct. Try to reset the user/pass via the web gui to what it is supposed to be and see if the issue persists. If it persists, let us know so we can continue to troubleshoot this with you.



  • Well, I upgraded to v1.5.2 and I’m still getting the same problem. I manually joined one client using the same credentials I have configured in FOG just to confirm my sanity in that I had the correct username/password and it was successful.

    Account is getting locked out on the Domain so I still know it is passing the correct username… Evidently, it is not passing the correct password…


  • Senior Developer

    @x23piracy right in the past the field was encrypted but how it was stored defeated the purpose of encrypting it in the first place.



  • @tom-elliott from what i can say is that with some RC something changed regarding to host settings, one day i mentioned that the password for domain join was empty. After filling it again it won’t be shown as encrypted. Afai remember in the past it was shown encrypted regardsless it was entered plain or not.

    I don’t know if this is related to that problem but after i filled our ad password again it was working like expected even when not showed encrypted in the webif.

    Regards X23


  • Senior Developer

    I’m not sure i understand what the bug is.

    Is the Domain Password (not legacy) encrypted or decrypted?

    1.5.0 the auto-encrypted element of the password was removed, though encrypted passwords should still work. I’m not aware of any problems happening with them currently.



  • @jeffscott There is a bug related to this that is present in the 1.5.0 release. You are using 1.5 RC 13, so I am not sure if the bug was present in that RC or not, but it’s likely that it is. 1.5.1 should be released in a week or so. My recommendation is to sit tight until 1.5.1 is released - and once released, update to it.


 

444
Online

41.3k
Users

11.6k
Topics

110.9k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.