Issue joining domain & activating Windows after deployment

  • An earlier Windows 10 image I created worked as expected; FOG deployed the image, Windows booted and stretched its legs, it joined the domain and then restarted, so I could use my domain account the first time I logged in. Lately, the images I’m pushing out sit forever at the local administrator login. When I log in as the local admin, I see the command prompt open, and SetupComplete run. Shortly after that, FOG says it wants to restart the computer, after which I’m joined to the domain and Windows is activated.

    Also, every subsequent login displays the SetupComplete window. Thoughts on what’s up here? Here’s the script:

    sc config FOGService start= auto

    :: Check

    IF EXIST C:\Windows\Setup\scripts\fin.txt goto END


    shutdown -t 0 -r

    :: END

  • Testers

    @ckasdf This is very strange you are getting an “Access is denied” because setupcomplete.cmd runs in the local system permission context. This is indeed the issue I think. So in my eyes, the hostname changer in the fog service is running fine, but the service is failing to start with the setupcomplete.cmd script thus causing your issue. The screenshots that I asked for pretty much mirror my setup.

    So unfortunately I myself cannot recommend anything but to rebuild the image as it seems the local system account is borked. @Sebastian-Roth @Wayne-Workman @george1421 may have other ideas because they are actual wizards.

  • Yesterday, I deployed 3 identical laptops with the same image I’ve been working with in this post. Two of them exhibited what I describe, sitting at the local admin login without the ability to sign into the domain. One of them, however, actually worked as expected and allowed me to sign in for the first time using my domain credentials.

    On all of them, each time I logged in, a command prompt would briefly pop up, displaying the following:

    C:\Windows\SysWOW64>sc config FOGService start= auto
    [SC] OpenService FAILED 5:
    Access is denied.

    It then would proceed to shut down based on the second line of SetupComplete. I had to delete the file from C:\Windows\Setup\Scripts of each computer in order to stop them from shutting down.

  • I have attached a screenshot of the Host Module Config page.

    Client settings > Task Reboot

    • [ √ ] Task Reboot Enabled?
    • [ √ ] Task Reboot Enabled as default?

    Fog configuration > FOG Client - Task Reboot

    • [    ] TASK FORCE REBOOT

  • Testers

    @ckasdf Please do the following for me. Log into the FOG web gui and search for the host. Select the host and click the “Service settings” tab. Please take a screenshot of this so I may compare to my setup.

    Please also, while in the web gui, click on the three gears icon (Client settings) and pick the task reboot tab. Please let us know which boxes are ticked.

    Finally, please click on the wrench (FOG Configuration) and click on FOG Settings on the left column. Scroll down to the FOG Client - Task reboot heading and click on it. Please let us know what is checked there.

  • Testers

    @ckasdf I realized I was only looking at the beginning of the log and replied before I read enough. So it looks like it is authenticating properly as of 5/9. Let me look for a few moments, but chances are you followed proper protocol when you migrated.

  • Testers

    @ckasdf I am seeing some authentication issues in the log. If you did migrate from an old server to a new one, please take a look at this article from the wiki
    I believe you can follow the first set of instructions (copying the ssl directory from the old server to the new one and rerunning the installer). I would strongly advise against recreating the CA (second set of instructions in this part of the article) because it will essentially break all existing fog client installations.
    If you do not have access to the old server, I think someone else may have to help as that is beyond my knowledge.

  • Attached log: fog.txt

    Totally right, fry_p, I’d forgotten that step. One recurring theme that might point to an issue is this quote: “Response Module is disabled globally on the FOG server.”

    I’ve looked around at the FOG web console, and I’m not seeing any buttons, switches, or knobs for Modules, let alone the Response Module.

    Looking up that warning, Frank in this thread inferred that he fixed his issue by restarting an agent, but I’m not sure what agent that is.

    Critchleyb in this thread mentioned that they migrated hosts from an old server, which I had done; is there a step I may be missing?

  • Testers

    @fry_p said in Issue joining domain & activating Windows after deployment:

    If all else fails, please post the contents of your fog.log from a pc that is not automatically rebooting.

    Doing this will help our friends diagnose the issue. You can find it either at C:\fog.log or at C:\Program Files (x86)\FOG\fog.log depending on where you chose when you installed the client.

  • @fry_p I originally only had the two lines you quoted in the setupcomplete file. I had some issues with that, so I tried setting it up so that it would only run once. I couldn’t remember the specifics, so I tried it again.

    After mirroring what you quoted in SetupComplete and deploying, this happened:

    • Image deployed, system restarted
    • After getting to the login, it restarted again
    • I was presented with the local admin login
    • I waited, but it never restarted again to join the domain
    • I logged in, and after the account was set up, it restarted
    • I logged in again, and very soon it restarted again
    • Every time it restarted, right after the command window opened
    • I edited SetupComplete to remove the shutdown line (leaving sc config…) and restarted
    • I logged in again; it didn’t restart, but the FOG Client hasn’t tried to join the domain
    • The FOG Service is enabled and running

  • Testers

    Since setupcomplete is running after the image, I am assuming this was not an OEM version of windows as it wouldn’t automatically run at all. It seems to be hanging on part of it. My recommendation is to start simple. According to the wiki, the setupcomplete.cmd file should contain the following:

    sc config FOGService start= auto
    shutdown -t 0 -r

    I see you have some customization for your environment in your current one. I would omit those for testing.

    Please also try to reset the encryption data on the host. This can be done from the host management page on a yellowish button at the top.

    If all else fails, please post the contents of your fog.log from a pc that is not automatically rebooting.

Log in to reply