Active Directory Join Failing
-
@x23piracy right in the past the field was encrypted but how it was stored defeated the purpose of encrypting it in the first place.
-
Well, I upgraded to v1.5.2 and I’m still getting the same problem. I manually joined one client using the same credentials I have configured in FOG just to confirm my sanity in that I had the correct username/password and it was successful.
Account is getting locked out on the Domain so I still know it is passing the correct username… Evidently, it is not passing the correct password…
-
@jeffscott said in Active Directory Join Failing:
Evidently, it is not passing the correct password…
Correct. Try to reset the user/pass via the web gui to what it is supposed to be and see if the issue persists. If it persists, let us know so we can continue to troubleshoot this with you.
-
Yes, I’ve tried that several times. Even tried using the Domain Admin…
-
@Joe-Schmitt what are your thoughts on this?
-
@jeffscott the quickest way to see what’s going on is to do the following steps on a problematic machine:
- Open an administrative CMD, and run
net stop fogservice
- Navigate to your FOG server’s web portal, select the host you are working on and perform these steps:
- Press
Reset Encryption Data
if its an option
- Press
- Download our Debugger.exe and run it
- The Debugger will open a console that has a
fog:
prompt, please enter these commands, pressing enter after each one (replace{server-ip}
with your actual FOG server IP):middleware configuration server http://{server-ip}/fog
middleware authentication handshake
dump cycle save
The debugger should point you to a
FOGCycle.txt
file. This contains all the information the server tells the client, completely decrypted. Can you make sure thehostnamechanger
section has the correct active directory login/OU information? You can then hopefully debug the problem better and identify what credential the client is receiving.To clean up:
- Close the debugger
- click
Reset Encryption Data
again on the host in the gui - start back up the fog service if you want
@Moderators feel free to copy & paste these steps for people with similair issues in the future. The steps shouldn’t change in the foreseeable future.
- Open an administrative CMD, and run
-
OK, I performed that procedure and I can see the password that it is passing is no where near correct…
Looks like it is an encrypted version??? (I can’t even tell what one of the characters is)
-
@Tom-Elliott it seems the server is not sending the password correct.
-
Where have you changed the Password?
-
2 Places:
Initially in FOG Configuration, FOG System Settings, Active Directory Defaults
&
Subsequently re-entered it in Host Management, Active Directory for the Host I’m testing with
Entering the password in the “Domain Password” Field. Leaving “Domain Password Legacy” field blank
-
@jeffscott just to clarify, you’re using the plaintext password in the non legacy password field? Maybe we can remote tomorrow so I can see what’s going on?
-
Hey Tom,
Sorry, I was away for a few days…
Yes, I’m using the non-legacy password field. Yes, I’d be willing to do a remote session.
Thanks,
Jeff
-
Hey Tom,
I’m just now coming back around to this…
Any updates on this?
Thanks,
Jeff
-
@jeffscott I’m willing whenever you’re able. Maybe this afternoon? (I’m on EDT)
-
-
Any chance we can revisit this?
-
@jeffscott Hey, I hope you are still around in the forums. I just looked into an issue that sounds very similar to what you have. See here: https://forums.fogproject.org/topic/12407/active-direcory-join-fail-bad-password-1-5-4
Just found your post here by accident and thought this might be along the same lines. Can you confirm your password starts with a special character that might cause this issue?! I really hope to figure this out but I’m still unable to replicate the issue from the information I have so far.
-
@Sebastian-Roth FYI, i am using 1.5.4 with a ad join password starting with % (percent sign) in production.
-
@x23piracy Thanks, that’s good to know. Although I guess it might be that
$
special case causing the issue for the other users as it is used for variables in PHP, as line end in regular expressions such things.