FOG update broke rEFInd exit



  • Hello,
    I updated my FOG server from 1.5.4 to 1.5.8 a couple of weeks ago to be able to image some new laptops (HP Elitebook 850 G6) that were not imaging with the older version. After some google-ing all the answers pointed to the latest version supporting that laptop’s NVMe drive.

    I installed version 1.5.8 and was able to image the laptops. However, now I have an even bigger problem. All my lab computers that have the newer version of HP’s BIOS (the one that you can use the mouse on) get stuck at a rEFInd Initializing... screen. All those computers were working fine with FOG and rEFInd before upgrading to 1.5.8. The computers with the older BIOS type work fine. I am using UEFI for all my computers so my DHCP is setup to use ipxe.efi.
    Example:
    HP EliteDesk 800 G1 - Works
    HP EliteDesk 800 G2 - Doesn’t Work

    I have googled for a couple of weeks now trying different things but still no luck. I have tried everything from these links and more (I didn’t save all the links):
    https://forums.fogproject.org/topic/10773/fog-with-uefi-refind-error-failure-booting-legacy-bios-os
    https://forums.fogproject.org/topic/14189/fog-1-5-7-uefi-refind-boot-to-win-10

    I have tried downloading the newest version of refind_x64.efi and changing the Exit to Hard Drive Type(EFI) option in FOG’s iPXE Menu Settings.

    Maybe I just didn’t type the right combination of search terms and there is already a solution for this, if so, sorry for the duplicate.

    Thanks in advance!

    TL;DL:
    Updated from 1.5.4 to 1.5.8 now computers with newer BIOS getting stuck at rEFInd Initializing....


  • Senior Developer

    @rodluz Sorry, somehow I lost track of this topic! Here you go…

    @jtappen The picture you posted, is this in Hosts -> edit one host’s settings -> Active Directory or in Groups -> edit group settings -> Active Directory?

    If it’s the host’s settings then we can start digging deeper by looking into the database:

    shell> mysql -u fogmaster -p
    Password:
    ...
    mysql> use fog;
    ...
    mysql> UPDATE hosts SET hostPubKey='', hostSecToken='', hostSecTime='0000-00-00 00:00:00';
    ...
    mysql> quit
    

    The password for the fogmaster database user is found in /var/www/html/fog/lib/fog/config.class.php.



  • @Sebastian-Roth Thank you so much for telling me about the Reset Encryption Data, that worked!

    If you could please let me know the way to do that for all the computers en mass, I would greatly appreciate it!


  • Senior Developer

    @rodluz You might need to click “Reset Encryption Data” in the host settings to let it pick up the connection to the FOG server again. I would argue that it’s a lot less work to see if we can get this fixed using the certificate (including CA and keys) from the old server instead of doing the re-deploy on all clients.

    There is also a way to do the “Reset Encryption Data” for all hosts in the DB en mass when we see this is doing the trick.

    Please take a look at the fog.log file on the client and post that log here (upload the full log of one of the clients that doesn’t work). This way we get more of an idea which part is causing the problem.



  • @Sebastian-Roth @george1421 Thank you for your reply. I did do that from the link provided before submitting my last reply.

    This make me think that the issue I had with my old FOG server may have been a certificate issue.

    Since I copied the ssl certificate from the old FOG server and this still doesn’t work, does this mean I just have to redeploy the fog client from the new server on all the computers?

    If so, is there anything I must remove from the computer before doing that? (e.g. registry data)

    Once again, thank you so much for all your help!


  • Senior Developer

    @rodluz This part is described in the wiki article George mentioned to you: https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG#If_old_server_was_FOG_1.3.0.2B


  • Moderator

    @rodluz You need to take the certificate from the old fog server and move it to the new fog server. What has happened is the first time the fog client connects with the fog server the fog client tattoos itself so that it will only take instructions from “its” fog server. This prevents rogue systems from taking over the fog client on your workstations.

    I believe the certificate is in /opt/fog/ssl. Copy that certificate over to the new fog server and reboot the new fog server. Make sure you keep a backup of the original certificate on the new fog server just in case.



  • @george1421 Hello once again!
    I just finished setting up my new FOG server following the links that you provided.

    I am getting a RSA ERROR: Certificate validation failed on the computer I am using to test snapins. Also, the host’s status is unknown for all my computers. What would be the best way to fix this issue?
    My thought was to write a script to reinstall the FOG client on the computers through a GPO but maybe there is something easier to fix this?

    Once again thank you so much for all your help!


  • Moderator



  • @george1421 Hello once again.
    I have decided to just recreate my imaging server. I was able to get newer hardware so now is probably the best time.

    Would you be able to guide me in the right direction (with links) on how to setup my new server with FOG correctly and move over hosts, groups, images, and snapins?

    Thank you again for all your help!



  • @george1421 Hello again. Thank you for your help.
    I tried both suggestions and sadly still no luck.

    I decided to install FOG 1.5.5 using a clean Ubuntu install on another computer just to see what happens. When changing the DHCP to use the IP of the fresh install machine, the rEFInd Initializing... screen goes away after 3 seconds (how it should work). Since that worked, I used the refind.conf and refind.efi files and copied them to my FOG server running 1.5.8 and it still didn’t work.

    Then, I installed FOG 1.5.8 to see if I get the same issue on the clean machine and I do. The rEFInd Initializing... screen doesn’t go away.

    I then replaced all the files in /var/www/fog/service/ipxe/ to use the ones from the 1.5.5 install and it still didn’t work but I saw an error saying that it was looking for a refind_x64.efi file. I renamed the refind.efi to refind_x64.efi and it now works.

    Since that worked, I did the exact same thing on my production FOG server (using the files from the clean install computer that did work) and I am still stuck on the same screen.

    Other than reinstalling the OS and FOG on my server, what else could I try to check since I guess the issue isn’t the actual refind.efi or refind.conf files?

    EDIT:
    Could it have to do with some authentication issue?


  • Moderator

    @rodluz said in FOG update broke rEFInd exit:

    @george1421 Hello, I just reverted it back to version 0.11.0 but sadly I’m still having the same issue.

    get stuck at a rEFInd Initializing... screen. All those computers were working fine with FOG and rEFInd before upgrading to 1.5.8.

    Well if it is doing the same thing on refind 0.11.0 then its probably not the upgrade from 1.5.4 to 1.5.8 that at fault.

    Doing some googling around I found two things.

    https://forums.fogproject.org/topic/14189/fog-1-5-7-uefi-refind-boot-to-win-10/4

    Sounds very similar to yours and the OP made some updates to the refind.conf file to get past the error where it stops.

    I also found this post where the OP said the version of refind that came with FOG 1.5.5 worked.

    ref: https://sourceforge.net/p/refind/discussion/general/thread/118a5b35c2/

    FOG 1.5.5 tarball
    ref: https://github.com/FOGProject/fogproject/archive/1.5.5.tar.gz

    Open this with 7zip or unzip it and in packages/web/fog/service/ipxe directory you will find the version of refind that shipped with FOG 1.5.5



  • @george1421 Hello, I just reverted it back to version 0.11.0 but sadly I’m still having the same issue.

    Any other ideas to try out?



  • Thank you for the reply.
    I have not been in the office until today so will try it and reply.


  • Moderator

    If the newer versions of refind > 0.11.0 don’t work, roll back to 0.11.0. This version of refind shipped with FOG for many years. I’m not saying this version works better, but if you upgraded 1.5.4 (which was probably shipped 0.11.0) that may indicate the change.

    I’m suspecting the latest version of refind is having an issue initalizing the updated firmware. The FOG Project is at the mercy of the rEFInd project to solve this issue.


Log in to reply
 

307
Online

7.5k
Users

14.6k
Topics

137.6k
Posts