Active directory Join issue
-
With Fog 6038 in the management console, Fog Configuration>Fog Settings> Active Directory I see that the plain text password gets automatically encrypted. Is Fogcrypt obsolete? It is still available via download @x.x.x.x/fog/client
Also I noticed in Group Management>Active Directory, as well as Host Management>Active Directory the auto generated encryption hashes are different. Will that be an issue when it comes time to attempt to auto join to AD? -
@Tom-Elliott
AHHHHHHHH!!! You are so right, what was I thinking, I apologize. I will update the status after this image is complete. Maybe I can replicate the error? LOL hopefully not in my case. And yes I have been reading these forums for weeks now and you are basically on almost every Fog post Thanks for chiming in. -
@anthonyglamis Fogcrypt is essentially obsolete, yes. You can still put the fogcrypt output into the legacy input but I find the new auto-encrypt to work better. But yes I’m pretty sure that the fogcrypt tool is still there
I hadn’t noticed that the hashes were different before, so I checked mine and they are different. I haven’t had any problems though, so I would say it shouldn’t be an issue.
-
@anthonyglamis So what is the current status? Did the new image upload and download successfully? Is AD working like magic with the new version?
-
@Arrowhead-IT @Tom-Elliott
OK image upload completed, I attempted to deploy to another Lenovo E431 and same error. I looked in the /images directory and sure enough there is no d1.mbr in my Lenovo E431 directory. I am showing the other 2 images I captured which are a Dell 3450, and a Lenovo E430 and they both have the d1.mbr file.
Not sure if this helps but when creating the image in Image Management I selected Multiple Image Partition #2 and in Partition I selected #1
I created those images in the previous fog version so is this a bug or am I not capturing the image correctly?
Also I deleted those images (Dell3450, LenovoE430) however they are still on my linux box, can I get those back into the fog server? -
@anthonyglamis Multiple image partition should be fine, but the “Partition” selection I’m guessing you’re wanting “All”. I don’t know though.
-
@Tom-Elliott Any idea why the d1.mbr file is not being captured in the process?
-
@anthonyglamis I need to look further, but I’m pretty sure we don’t need the mbr for specific partitions. Meaning, if you tell it to use only partition 1, it doesn’t need the mbr because it’s only using one partition that is assumed (I’m not sure I didn’t create that particular feature) to already be created on the client receiving the image.
If you can, please retry the upload but use “Partition All” or whatever the setting is. I believe you will see the d1.mbr file for that case. If not, let me know and maybe we can run a debug task to try figuring out what exactly the problem is. While I am editing the scripts, I am doing so mostly blind. I do attempt to test all the elements as I can, but i’m far from perfect.
-
@anthonyglamis said:
I created those images in the previous fog version so is this a bug or am I not capturing the image correctly?
Also I deleted those images (Dell3450, LenovoE430) however they are still on my linux box, can I get those back into the fog server?If they are still in the /images folder then yes. If they are in a different machine, still yes, just transfer the files to the new fog server /images folder.
Just make new images in the fog gui with the same settings and point them to the file names and they should work. Does that make sense?
-
@Arrowhead-IT Thanks for the input. That does make sense. Hopefully I can get those back. It will save me some time.
@Tom-Elliott I am attempting to capture another image. Same model LenovoE431. I will post the output.
-
@Arrowhead-IT said:
I hadn’t noticed that the hashes were different before, so I checked mine and they are different.
This is by design. https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Security_design
-
@Arrowhead-IT said:
Just make new images in the fog gui with the same settings and point them to the file names and they should work. Does that make sense?
People always mess that up.
-
@Arrowhead-IT To add on, if you don’t mind.
Particularly pertaining to the different hashes, this is intentional.
The intent is to make it that much harder for somebody to see/guess your password. The FOG System in whole does the encryption/decryption when and as needed.
For even more security, with the new client at least, any time a client checks in the hash changes too. This is to further obfuscate possibly breach of your AD Password.
-
@anthonyglamis So I found a few more errors. Can you be more specific as to the type of image you’re working with?
I looked over all the code, and the unable to locate MBR message is from one of our many functions. It, quite simply, cannot find the mbr file. This MBR file is received by the system. If the OS is windows 7/8+8.1/10 and the image is in what I call legacy format (sys.img.000 and/or rec.img.000), it will use a pregenerated MBR and realign the partitions to match your disk. This is also the default handling mechanism, now, for Windows XP and Vista.
This part was where things were failing though, and i’m guessing the image was uploading using 1.2.0? Maybe you already said this I’m just blanking out for now. In either case, I’m hoping the download script is back to a MUCH more friendly and operation state.
-
@anthonyglamis So I found my answer.
When you’re working with a specific partition to image, there is no mbr file generated for the client. However, it appears there is something slightly off in this approach. If you select a specific partition, it is (from what I can tell) uploading the only the relevant partition?
It does not create an MBR for single partition images as it doesn’t know how it needs to be placed.
That said, if this is the intention (you only making a copy of partition 1 or 2), I will need to borrow some of your time so I can figure out a good approach in bypassing the need for the mbr.
-
@Tom-Elliott
I just install a new server with 6038 svn, copy all images (that work in 1.2, the server still alive), change all owners and permissions following this post and the wiki, but still get "Image Store Corrupt” Unable to locate MBR (restore partition table and bootloaders) when deploying.
1.2 still deploying correctly the same image. -
@Thiago can you update and then try? 6038 had the problem, and unless you reran the installer this morning, you most likely have what I suspect is the “bad” inits.
-
@Wayne-Workman said:
@Arrowhead-IT said:
Just make new images in the fog gui with the same settings and point them to the file names and they should work. Does that make sense?
People always mess that up.
Do I sound full of myself if I say that I never messed that up? Because well, I never messed that up. It just kinda worked as it should anytime I’ve done that.
-
@Arrowhead-IT said:
Do I sound full of myself if I say that I never messed that up? Because well, I never messed that up. It just kinda worked as it should anytime I’ve done that.
No. Would I sound full of myself if I said I haven’t, either? lol. But a lot of people have messed it up.
-
Wow this thread has a bunch of activity! Thanks for everyones help.
I captured an image late last night and checked /images for the d1.mbr file and it was present. I was able to deploy this image to another Lenovo E431 (this is windows 7 pro btw), however it did not join to AD, and interestingly enough it did not change the hostname either.
This is odd since yesterday Fog was actually successful in changing a hostname and adding one of our laptops to AD. Granted this was a PC we had taken off the domain in order to capture the image. We gave it a generic name LENOVO-E431-I3 and after capturing the image it would not let us change the name of the PC and kept rebooting. This of course was the client service doing it’s job. So in the Fog server we changed the hostname to what we wanted and boom after a reboot the hostname changer did it’s job and also added the laptop to AD.
I am looking at the fog .log and there is an authentication error more specifically this is from a deployed Win 7 image
--------------------------------Authentication--------------------------------
1/21/2016 10:27 AM Client-Info Version: 0.9.10
1/21/2016 10:27 AM Middleware::Communication URL: http://192.168.1.243/fog/management/other/ssl/srvpublic.crt
1/21/2016 10:27 AM Data::RSA FOG Server CA cert found
1/21/2016 10:27 AM Data::RSA ERROR: Certificate validation failed
1/21/2016 10:27 AM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
1/21/2016 10:27 AM Middleware::Authentication ERROR: Could not authenticate
1/21/2016 10:27 AM Middleware::Authentication ERROR: Certificate is not from FOG CA
1/21/2016 10:27 AM Service Sleeping for 120 seconds