Fog server image move to another server Client problem



  • Hi guys,
    I have fog1 server sysprepped image which has been deployed to a number of machines. Active Directory binding is working using the FOG Client and everything is working fine.

    I have setup fog2 server at another location, copied the image from fog1 and imported the record into the images table.
    I can see it in fog2 and I am able to deploy it, however the AD join is now not working.

    Are there any extra steps I should take, like a install certificate?

    Will go back to troubleshoot on Monday but just need some input if possible

    Thanks in advance

    Ubuntu 16.04 and fog 1.5.5



  • SOLVED
    Thanks guys, once the certificates were copied to the fog2 server, AD join started working

    Yay :)



  • @Sebastian-Roth Thank you kindly,
    I googled but couldn’t find the article that Wayne linked, I’m just bad.

    I will report back when I try it, forgot Monday is Australia Day, so no work :)




  • Developer

    @Pikmin Here is a list of files you’d need to copy over (don’t just overwrite but backup or move the ones on FOG server #2 before, just in case):

    /opt/fog/snapins/ssl/CA/.fogCA.key
    /opt/fog/snapins/ssl/CA/.fogCA.pem
    /opt/fog/snapins/ssl/.srvprivate.key
    /var/www/html/fog/management/other/ssl/srvpublic.crt
    /var/www/html/fog/management/other/ca.cert.pem
    /var/www/html/fog/management/other/ca.cert.der
    

    Hint: The later two are copies of the first file - CA cert - available to the clients in two different formats, you definitely need those in place if you add new fog-clients later on.



  • Thanks for your help guys, appreciate it.
    Yeah it’s one school, two campuses so shouldn’t be an issue.
    As for the location of the certificate, is it under :/var/www/html/fog/management/other/ssl
    or /opt/fog/snapins/ssl or the ca.cert.pem in other


  • Moderator

    TBH, probably the easiest solution here would be to copy the FOG certificate from fog server #1 and replace the certificate on fog server #2 with that of server #1, then reboot fog server #2. This will of course break any fog clients that initially connected to fog server 2 for its certificate but will make all hosts that connected to fog server #1 be happy connecting to fog server #2.

    I don’t see this as a security risk if both fog server 1 and 2 are in the same organization. If they were at difference companies with different security domains I might take a different approach.

    The other way to go about it is to use a tool like PDQ Deploy to uninstall the current fog client, clean up what ever was needed and then reinstall the fog client pointing the client to the fog server #2


  • Developer

    @Pikmin said:

    Are there any extra steps I should take, like a install certificate?

    Yeah you probably hit the nail on the head with that. When you install the fog-client (guess you have that in your sysprepped image, right?) it pulls the certificate from the FOG server (we call that process pinning). Now when you setup a new FOG server it has a new/different certificate and the client will need to be pinned to that.

    I am not an expert on the Windows side of things but I think that most people deploy the fog-client (silent install) via GPO or sysprep scripts. @george1421 and others can tell you I am sure.


Log in to reply
 

363
Online

5.7k
Users

13.0k
Topics

122.0k
Posts