Active Directory registration not working Windows 7 x64 client



  • I’m trying to image a set of new Lenovo 11E laptops we got in. Everything is working hunky-dory except for adding the machine to the domain. Our server (Ubuntu 12.04 running FOG 1.2.0) is doing a great job with all other clients (all Win 7 x86), but these never get added. In the fog log I’m seeing the following:

    [QUOTE] 8/23/2014 11:48 AM FOG::HostRegister Module is active…
    8/23/2014 11:48 AM FOG::MODDebug Module has finished work and will now exit.
    8/23/2014 11:48 AM FOG::AutoLogOut Module is active…
    8/23/2014 11:48 AM FOG::HostRegister No action was taken.
    8/23/2014 11:48 AM FOG::AutoLogOut Timeout value is Zero, disabling module.
    8/23/2014 11:48 AM FOG::HostnameChanger Attempting to connect to fog server…
    8/23/2014 11:48 AM FOG::HostnameChanger Module is active…
    8/23/2014 11:48 AM FOG::HostnameChanger Index was outside the bounds of the array.
    8/23/2014 11:48 AM FOG::HostnameChanger at FOG.HostNameChanger.changeHostName()
    8/23/2014 11:48 AM FOG::GUIWatcher Message found, attempting to notify GUI!
    8/23/2014 11:48 AM FOG::GUIWatcher The system cannot find message text for message number 0x%1 in the message file for %2
    8/23/2014 11:48 AM FOG::GUIWatcher at System.Windows.Forms.Form.UpdateLayered()
    at System.Windows.Forms.Form.set_Opacity(Double value)
    at FOG.AbstractFOGService.attemptPushToGUI()
    at FOG.GUIWatcher.startWatching()[/QUOTE]

    I have double-checked that the host has the auto-join feature checked in server’s gui as well as by inspecting the DB manually. As a last resort, since I’m uninterested in manually joining 100+ computers to the domain, I built a new FOG 1.2.0 install from scratch and still having the same issue, auto-join works on all clients but these… Any thoughts?



  • @Junkhacker, post: 43983, member: 21583 said:

    btw, the domain\user issue is changed in the dev version of the code. in the current dev version of the code, the user field is checked for a \ or @. if either of those exist, the field is sent as is. if not, the domain is a added as domain\user.

    Yes, Tom told me about that, and what you describe seems exactly the right behaviour.


  • Moderator

    @Berend de Boer, post: 43956, member: 28367 said:

    One thing to add here: note that I did run EXACTLY the same code on Linux or the Windows machine (compiled myself with Mono). Got different encryption values in both cases.

    Maybe Mono uses a different compiler or libraries for Windows and Linux?


  • Developer

    http://fogproject.org/forum/threads/new-client-progress.12136/
    the client is being rewritten from scratch.
    btw, the domain\user issue is changed in the dev version of the code. in the current dev version of the code, the user field is checked for a \ or @. if either of those exist, the field is sent as is. if not, the domain is a added as domain\user.



  • @Berend de Boer, post: 43941, member: 28367 said:

    And here’s the very very nasty deal: you will have to run FOGCrypt.exe on the SAME computer as you want to decrypt on. I did run FOGCrypt.exe on different computers (Linux in this case), and it simply does not encrypt/decrypt the same. I don’t know why.

    This may be an implementation issue in mono, maybe 32/64 bit??

    One thing to add here: note that I did run EXACTLY the same code on Linux or the Windows machine (compiled myself with Mono). Got different encryption values in both cases.



  • NetJoinDomain domain call does not like that. See my other post where I touched upon this as well: I suggest FOG always uses the unqualified name for the domain name, and no domain name in the user name, far less confusing.

    But there may be setups where a difference is required?? Not sure, but then the prepending logic must become way smarter, and the GUI should check for users who enter this wrong too.

    You can lookup the Microsoft docs for what’s allowed as value for the account name:
    [QUOTE][I]lpAccount[/I] [in]
    A pointer to a constant null-terminated character string that specifies the account name to use when connecting to the domain controller. The string must specify either a domain NetBIOS name and user account (for example, [I]REDMOND\user[/I]) or the user principal name (UPN) of the user in the form of an Internet-style login name (for example, “[EMAIL]someone@example.com[/EMAIL]”). If this parameter is [B]NULL[/B], the caller’s context is used.[/QUOTE]



  • And here’s the very very nasty deal: you will have to run FOGCrypt.exe on the SAME computer as you want to decrypt on. I did run FOGCrypt.exe on different computers (Linux in this case), and it simply does not encrypt/decrypt the same. I don’t know why.

    This may be an implementation issue in mono, maybe 32/64 bit??

    But that’s all that there was to it. Bummer, this whole thing cost me a big amount of time of getting fog up and running. I would love to contribute back some patches and knowledge. But can’t get access to the Wiki to cleanup some obsolete comments.

    And how do I propose patches? Is that against the git branch? For example the AbstractFOGService uses the wrong variable name, here’s patch:

    And I would love to be allowed to add a patch that forbids people to use a DNS domain name in the active directory settings, or forbids to use the ‘’ character in the user name, both won’t work.


  • Senior Developer

    This completely depends on your set ups environment yes there are times were having the fully qualified domain name works perfectly and there are times where it doesn’t I don’t know the specific settings that cause these issues or how to fix them but they are completely environmental



  • The error, as everyone expected, was indeed in the encryption key. Somehow there is a difference between how HostnameChange encrypts/decrypts. I put in some debug code to encrypt my password and the encrypted hex is completely different. When I enter this encrypted hex in the active domain settings, everything works. Now tracking down why HostnameChange encrypts differently from the standard FOGCrypt (recompiled that from scratch as well, same output as standard binary).



  • One thing I found out is that you cannot use the fully qualified name as domain in the active domain settings of a client. It must be in NetBios format. The reason is that the backend returns the user name as “<DOMAIN><username>” and if you have as domain “fog.example.org” you get a user name “fog.example.org\Administrator” for example, which won’t work.



  • @Tom Elliott, post: 43893, member: 7271 said:

    And your username field is not in the format domain/username?

    No, it wasn’t. The domain name is automatically appended I saw already. The problem is that the password is garbled. When I hard-code it, everything works. Narrowing down to the culprit.



  • Wow, compiliation actually works if I compile the FOGService.exe as well and copy that first. That’s great, can now do development on Linux.


  • Senior Developer

    And your username field is not in the format domain/username?



  • And to repeat, with the original HostnameChange.dll I get this:

    that’s mentioned here.



  • PS: it would be great if someone had a tip on how to compile HostnameChange.dll on Linux and produce a .dll that’s recognised. Then I could do some actual debugging!



  • OK, I had both the old dll and new dll in the directory, and it seems the service picks up both. That’s confusing. When using the new dll, I get this output (as already posted):

     16/03/2015 9:04 p.m. FOG Service Engine Version: 3
    16/03/2015 9:04 p.m. Starting all sub processes
    16/03/2015 9:04 p.m. 2 modules loaded
    16/03/2015 9:04 p.m.  * Starting FOG.HostNameChanger
    16/03/2015 9:04 p.m.  * Starting FOG.MODDebug
    16/03/2015 9:04 p.m. FOG::MODDebug Start Called
    16/03/2015 9:04 p.m. FOG::MODDebug Sleeping for 100 Seconds
    16/03/2015 9:04 p.m. FOG::HostnameChanger Starting hostname change process...
    16/03/2015 9:04 p.m. FOG::HostnameChanger Yielding to other subservices for 5 seconds.
    16/03/2015 9:04 p.m. FOG::HostnameChanger Attempting to connect to fog server...
    16/03/2015 9:04 p.m. FOG::HostnameChanger Module is active...
    16/03/2015 9:04 p.m. FOG::HostnameChanger AD mode requested, confirming settings.
    16/03/2015 9:04 p.m. FOG::HostnameChanger Padding is invalid and cannot be removed.
    16/03/2015 9:04 p.m. FOG::HostnameChanger    at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte
    [] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode,
    Boolean fLast)
      at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset,
    Int32 inputCount)
      at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
      at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
      at System.IO.Stream.Close()
      at FOG.FOGCrypt.decrypt(Byte[] cipherData, Byte[] Key, Byte[] IV)
      at FOG.FOGCrypt.decrypt(Byte[] cipherData, String Password)
      at FOG.FOGCrypt.decryptHex(String hex)
      at FOG.HostNameChanger.changeHostName()
    

    I’ve tried to fire up MonoDevelop, an IDE on Linux and to recompile this, but it seems my dll is not recognised unfortunately.



  • from here in this thread.


  • Senior Developer

    Which new one are you referring to?

    The one from the github fogproject repo? Or the one from the fogservice repo?



  • @Tom Elliott, post: 42287, member: 7271 said:

    Look them up and you may have a better/clearer answer. The error codes you see are not FOG generated

    Yep, they are generated by the old HostnameChanger. But the new one says this:

    16/02/2015 2:41 p.m. FOG::HostnameChanger Padding is invalid and cannot be removed.
    16/02/2015 2:41 p.m. FOG::HostnameChanger    at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte
    [] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode,
    Boolean fLast)
      at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset,
    Int32 inputCount)
    
    

    As this is a different error message, does that mean that perhaps the encryption key of the new HostnameChanger is not the default one?

    The old dll error message may seem to indicate I really have a problem with username/password, and I’ll check that again.


  • Testers

    The error codes appear to be as per http://www.hiteksoftware.com/knowledge/articles/049.htm
    %(#000000]1326 Logon failure)[
    1791 A remote procedure call is already in progress for this thread.]


Log in to reply
 

426
Online

38715
Users

10543
Topics

99813
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.