Active Directory after image deployment not working.

  • Hello, everyone, I am having an issue with my computers joining active directory after being done with the image. It does not join at all. I have checked my AD settings on FOG everything looks to be right I also used FOGCrypt for the password. I also have FOG Client installed on the images.

    AD DEFAULT DOMAINNAME - domain name
    AD DEFAULT OU - OU=Imaged,DC=haw,DC=k,12DC=nj,DC=us
    AD DEFAULT PASSWORD ••••••••••••••••••••••••••••••••

  • @Tom-Elliott

    I can always deploy a new client via GroupPolicy so that doesn’t scare me from making the change. I’ll probably hold off for now only because it’s not a huge issue to stay on http for me.

    I think adding a hostname item would be great and it would make FOG much more portable and secure to make https the default

  • Developer

  • Senior Developer

    @astrugatch Yes, as it’s signed by the CA, it shouldn’t have any issues. Though you may need to have it initially recreate the private cert as it likely created it using the IP. Just a good to know thing for the future. (Particularly on fresh installs.) It would mean, however, that you’d have to update all your clients which could prove problematic in general.

    Could be simpler just to remove the IP checking during fresh install. Or, maybe we could add a Hostname item as an inline option (or add to the /opt/fog/.fogsettings file of course) the builds a cert using the IP and allows an alternate name within the cert using the hostname.

    Of course this is just thoughts being spewed out sorry.

  • @Tom-Elliott

    If I change that setting how do I force it to generate a new cert? Do I just run the installer again?

  • Senior Developer

    @astrugatch When it asks for the IP Address, I believe it validates that it is actually an IP (from the FOG Installer.)

    That said, a neat trick you can do, however, is one the /opt/fog/.fogsettings is generated, modify the ipaddress="<ip>" line to use your hostname. It should use that information for the public certificate generation.

  • @Sebastian-Roth
    Good to know. I’m using FOG with HTTP so it hasn’t been an issue (I’ve moved it several times as virtual environments shifted). It might be worth looking into adding a feature in the installer to ask for the DNS name of the machine so it can generate the cert with that as the CN rather than the machine’s IP.

  • Developer

    @astrugatch On the one hand side this is a great idea! You just need to keep in mind that if you install FOG with HTTPS the generated certificate will have the IP address as common name (CN) and the current FOG client is not happy connecting to the hostname then. Just something I stumbled upon recently and thought I might share this here just in case.

  • @JimmyJ0516
    Do yourself a favor and create a DNS record for your FOG server. That way if you ever change the IP of your server all it takes is updating the record to move all your clients over.

  • @astrugatch Ok so I found the issue. I recently changed the IP address of my FOG Server so I reinstalled the FOG Client software on a PC and during setup put my new IP and it now works. I just need new images with the correct IP on the fog client software.

  • @astrugatch yes this is what I currently have on the active directory config.


  • Is the domain information you put at the top a copy and paste from your config? Because I see a comma misplaced.

    AD DEFAULT OU	- OU=Imaged,DC=haw,DC=k,12DC=nj,DC=us

    should read

    AD DEFAULT OU	- OU=Imaged,DC=haw,DC=k12,DC=nj,DC=us

  • Have you made sure the Fog Client is running? You can check that in the fog log file. If it’s not, open an elevated command prompt and run “net start fogservice”. When I first installed the fog service I had to whitelist it in our antivirus.

    Also, I haven’t tested it any other way, but when I put in my username on my server, I put it in as Domain\Username. I also put the same password in under legacy password.

  • Developer

    @JimmyJ0516 said in Active Directory after image deployment not working.:

    I also went to C:\Program Files (x86)\ FOG but all that is in that folder are .tmp files

    You mean there is no proper installation there, like exe files or such? Possibly the log is in C:\fog.log

    Here you find a great post explaining how to properly debug AD join problems:

  • I am running the FOG server version 1.5.4 I am not sure what version of Client I am using I installed it on the image like 3 months ago. I also went to C:\Program Files (x86)\ FOG but all that is in that folder are .tmp files

  • Developer

    @JimmyJ0516 What version of FOG server and fog-client do you use? FOGcrypt was only used with old clients.
    Please take a look at the fog-client log and post full output here.