FOG update broke rEFInd exit
-
If the newer versions of refind > 0.11.0 don’t work, roll back to 0.11.0. This version of refind shipped with FOG for many years. I’m not saying this version works better, but if you upgraded 1.5.4 (which was probably shipped 0.11.0) that may indicate the change.
I’m suspecting the latest version of refind is having an issue initalizing the updated firmware. The FOG Project is at the mercy of the rEFInd project to solve this issue.
-
Thank you for the reply.
I have not been in the office until today so will try it and reply. -
@george1421 Hello, I just reverted it back to version 0.11.0 but sadly I’m still having the same issue.
Any other ideas to try out?
-
@rodluz said in FOG update broke rEFInd exit:
@george1421 Hello, I just reverted it back to version 0.11.0 but sadly I’m still having the same issue.
get stuck at a
rEFInd Initializing...
screen. All those computers were working fine with FOG and rEFInd before upgrading to 1.5.8.Well if it is doing the same thing on refind 0.11.0 then its probably not the upgrade from 1.5.4 to 1.5.8 that at fault.
Doing some googling around I found two things.
https://forums.fogproject.org/topic/14189/fog-1-5-7-uefi-refind-boot-to-win-10/4
Sounds very similar to yours and the OP made some updates to the refind.conf file to get past the error where it stops.
I also found this post where the OP said the version of refind that came with FOG 1.5.5 worked.
ref: https://sourceforge.net/p/refind/discussion/general/thread/118a5b35c2/
FOG 1.5.5 tarball
ref: https://github.com/FOGProject/fogproject/archive/1.5.5.tar.gzOpen this with 7zip or unzip it and in packages/web/fog/service/ipxe directory you will find the version of refind that shipped with FOG 1.5.5
-
@george1421 Hello again. Thank you for your help.
I tried both suggestions and sadly still no luck.I decided to install FOG 1.5.5 using a clean Ubuntu install on another computer just to see what happens. When changing the DHCP to use the IP of the fresh install machine, the
rEFInd Initializing...
screen goes away after 3 seconds (how it should work). Since that worked, I used the refind.conf and refind.efi files and copied them to my FOG server running 1.5.8 and it still didn’t work.Then, I installed FOG 1.5.8 to see if I get the same issue on the clean machine and I do. The
rEFInd Initializing...
screen doesn’t go away.I then replaced all the files in
/var/www/fog/service/ipxe/
to use the ones from the 1.5.5 install and it still didn’t work but I saw an error saying that it was looking for arefind_x64.efi
file. I renamed therefind.efi
torefind_x64.efi
and it now works.Since that worked, I did the exact same thing on my production FOG server (using the files from the clean install computer that did work) and I am still stuck on the same screen.
Other than reinstalling the OS and FOG on my server, what else could I try to check since I guess the issue isn’t the actual refind.efi or refind.conf files?
EDIT:
Could it have to do with some authentication issue? -
@george1421 Hello once again.
I have decided to just recreate my imaging server. I was able to get newer hardware so now is probably the best time.Would you be able to guide me in the right direction (with links) on how to setup my new server with FOG correctly and move over hosts, groups, images, and snapins?
Thank you again for all your help!
-
@rodluz There are two wiki pages that will help you with the migration steps.
https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG
and
https://wiki.fogproject.org/wiki/index.php?title=Migrate_images_manually
-
@george1421 Hello once again!
I just finished setting up my new FOG server following the links that you provided.I am getting a
RSA ERROR: Certificate validation failed
on the computer I am using to test snapins. Also, the host’s status is unknown for all my computers. What would be the best way to fix this issue?
My thought was to write a script to reinstall the FOG client on the computers through a GPO but maybe there is something easier to fix this?Once again thank you so much for all your help!
-
@rodluz You need to take the certificate from the old fog server and move it to the new fog server. What has happened is the first time the fog client connects with the fog server the fog client tattoos itself so that it will only take instructions from “its” fog server. This prevents rogue systems from taking over the fog client on your workstations.
I believe the certificate is in /opt/fog/ssl. Copy that certificate over to the new fog server and reboot the new fog server. Make sure you keep a backup of the original certificate on the new fog server just in case.
-
@rodluz This part is described in the wiki article George mentioned to you: https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG#If_old_server_was_FOG_1.3.0.2B
-
@Sebastian-Roth @george1421 Thank you for your reply. I did do that from the link provided before submitting my last reply.
This make me think that the issue I had with my old FOG server may have been a certificate issue.
Since I copied the ssl certificate from the old FOG server and this still doesn’t work, does this mean I just have to redeploy the fog client from the new server on all the computers?
If so, is there anything I must remove from the computer before doing that? (e.g. registry data)
Once again, thank you so much for all your help!
-
@rodluz You might need to click “Reset Encryption Data” in the host settings to let it pick up the connection to the FOG server again. I would argue that it’s a lot less work to see if we can get this fixed using the certificate (including CA and keys) from the old server instead of doing the re-deploy on all clients.
There is also a way to do the “Reset Encryption Data” for all hosts in the DB en mass when we see this is doing the trick.
Please take a look at the
fog.log
file on the client and post that log here (upload the full log of one of the clients that doesn’t work). This way we get more of an idea which part is causing the problem. -
@Sebastian-Roth Thank you so much for telling me about the
Reset Encryption Data
, that worked!If you could please let me know the way to do that for all the computers en mass, I would greatly appreciate it!
-
@rodluz Sorry, somehow I lost track of this topic! Here you go…
@jtappen The picture you posted, is this in Hosts -> edit one host’s settings -> Active Directory or in Groups -> edit group settings -> Active Directory?
If it’s the host’s settings then we can start digging deeper by looking into the database:
shell> mysql -u fogmaster -p Password: ... mysql> use fog; ... mysql> UPDATE hosts SET hostPubKey='', hostSecToken='', hostSecTime='0000-00-00 00:00:00'; ... mysql> quit
The password for the
fogmaster
database user is found in/var/www/html/fog/lib/fog/config.class.php
.