Imaging a domain controller



  • I have a server 2012 domain controller that I am trying to capture an image of and when I capture the image in a virtual environment and deploy it back to a virtual machine it lets me log in and everything works like it should. When I try to deploy the image to a physical laptop that I used to capture the image from it will not allow me to log in I get this message. “The security database on the server does not have a computer account for this workstation trust relationship”. In the past we would use ghost32 to capture our images and I never had issues like this before. I have even tried doing a raw image with the no luck.


  • Moderator

    @ArmyHack said in Imaging a domain controller:

    Could you explain how to capture a save state system?

    This is my words for using FOG to backup your target system and restore it at some future time. FOG is not really intended to be a backup system. It can do it but its not the focus of FOG. If you don’t want fog changing bits in the target system don’t install the fog client on the target computer. Also Sebastian also mentioned to me that there is a setting in FOG Configuration -> FOG Settings -> General Settings called CHANGE HOSTNAME EARLY will also rename the target system during imaging.

    If you want to leave the fog client installed on your target computer (for reasons like pushing out applications post OSD), under the Client Settings menu you can configure what the FOG Client software can and can’t do.



  • @george1421 said in Imaging a domain controller:

    If you are creating a save state system, I would recommend that your client systems not use the FOG client so any fog server actions wouldn’t change the state of the machine post imaging. The fog client is only needed for post install management of the target computers. It has nothing to do with imaging with FOG.

    Could you explain how to capture a save state system? Currently what I am doing is replacing the hard drive in my “image computer” the one that I use to capture the image. create a new image on the fog server, associate the image with the image computer then select capture. once this is done I replace the hard drive with the next image and repeat is this the correct procedure?


  • Moderator

    @ArmyHack said in Imaging a domain controller:

    Another question is it ok to use a single computer to capture all the images? I have a laptop that I am using to switch out hard drives and capture each image from

    Yes you can do this, you will need to manage the host image definitions and change them up for each system you want to deploy. Really the action is not much different than sharing a usb network adapter between multiple computers. That ethernet adapter and mac address is what FOG uses to identify the target system. In your case you are sharing the same hardware among several hard disks. Its possible you will just have to manage the image associations manually.


  • Moderator

    @ArmyHack said in Imaging a domain controller:

    am trying to capture an image of a Redhat Linux 6.9 computer and I have tried single disk resizeable and multiple partition image and both create and image but when restoring after it is complete it will not boot. It just goes to a black screen and blinks

    As Sebastian posted if the disk is LVM based then FOG can only image the entire lvm volume and can’t compress it. You really have 2 choices that won’t impact the target system.

    1. Rebuild your centos 6.9 system and use traditional partitions and not LVM volumes.
    2. Keep your current build and use single disk non-resizable capture format.

  • Moderator

    @ArmyHack said in Imaging a domain controller:

    I think what happened was for some reason the domain controller was getting renamed, does FOG rename the computer automatically to the name of the image that I capture.

    This was my initial reaction when I first read your post, and why I asked how you were using FOG. My thought was if the computer was connected to AD (as a DC might be) and the system name was changed during imaging I could understand why its saying the system doesn’t have an account on the domain.

    Now to your question: IF the fog client is installed AND the feature is enabled in FOG, AND the system name was changed (as in coming from a vm and going to a phy machine) then that would cause the issue.

    That would also possibly explain why rebuilding the FOG server, things would magically start working. The previously captured images with the fog client installed would be tattooed to the previous FOG server’s certificate. Rebuilding the FOG server would create a new certificate making the fog client and server not agree to talk. This would cause the fog client to ignore the system rename instructions from the FOG server.

    If you are creating a save state system, I would recommend that your client systems not use the FOG client so any fog server actions wouldn’t change the state of the machine post imaging. The fog client is only needed for post install management of the target computers. It has nothing to do with imaging with FOG.


  • Senior Developer

    This post is deleted!


  • Another question is it ok to use a single computer to capture all the images? I have a laptop that I am using to switch out hard drives and capture each image from. In our environment, we do not always have dedicated computers that will always be the same thing. We have multiple simulations that we run for the military and have limited hardware so one day the computer is a domain controller the next day it could be a Linux server. This is why I am creating images so when we are tasked to go train the military depending on what we will be doing I can set the computers up for that purpose. Does this make sense? Only a couple of my images will be deployed to multiple computers and those images will be Windows 10 with sysprep ran before it is imaged.



  • Is there a way to turn off the renaming of the computers? I don’t think anything special about the linux image it captures fine with ghost32. I am running a filesystem check maybe something got messed up.


  • Senior Developer

    @ArmyHack said in Imaging a domain controller:

    I think what happened was for some reason the domain controller was getting renamed, does FOG rename the computer automatically to the name of the image that I capture.

    Yes it does! We have a fog-client that does the client management but renaming is also done directly after deploying the image by adjusting registry keys on the Windows partition.

    Also, I am trying to capture an image of a Redhat Linux 6.9 computer and I have tried single disk resizeable and multiple partition image and both create and image but when restoring after it is complete it will not boot. It just goes to a black screen and blinks.

    Was the install setup made with LVM or encrypted home or something special? If you don’t need to deploy to a smaller size disk I would capture as non-resizable in most cases.



  • I rebuilt the FOG server again and was able to successfully capture the Image of the domain controller and push it back down without issues. Also I did the same for a win10 computer. I think what happened was for some reason the domain controller was getting renamed, does FOG rename the computer automatically to the name of the image that I capture. Also, I am trying to capture an image of a Redhat Linux 6.9 computer and I have tried single disk resizeable and multiple partition image and both create and image but when restoring after it is complete it will not boot. It just goes to a black screen and blinks.


  • Moderator

    @ArmyHack so we need to make the distinction of working vs not with these situations.

    I’m building a truth table below.

    virtual computer (capture) -> virtual computer (deploy) = success
    virtual computer (capture) -> physical computer (deploy) = fail
    physical computer (capture) -> physical computer (deploy) =??

    Its possible that you don’t have the necessary drivers on the virtual machine to make the physical deployed machine fully functional.

    On a side note, its always been my impression that its bad luck to backup and restore a domain controller into a working domain this way. The domain sequence numbers will get messed up this way when an old image is restored into the environment.



  • I am using FOG as a backup for the domain controller. also the domain controller we have is used on a laptop and shipped to sites where we setup an environment for simulations. My intent is to use this just in case during shipping or even at the event something went wrong with a hard drive i could push the image back to the laptop and continue work. We have done this with ghost32 for years. I am also in the process of capturing images of all the machines that we use in our simulation its about 20-30 computers and we will use these images on different laptops often.


  • Moderator

    Are you using FOG as a backup server for DR reasons or do you plan on deploying this single 2012 image to many computers? I see a few flaws in your process if you are going to send that single 2012 server image to multiple systems. But lets first find out how you are going to use it.

    BTW This isn’t specifically a FOG issue, but more of a windows issue. FOG is properly deploying the image to the target computer. It just may not be doing what you want and how you want it.


Log in to reply
 

283
Online

7.4k
Users

14.5k
Topics

136.5k
Posts