Active directory Join issue
-
@Arrowhead-IT said:
I hadn’t noticed that the hashes were different before, so I checked mine and they are different.
This is by design. https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Security_design
-
@Arrowhead-IT said:
Just make new images in the fog gui with the same settings and point them to the file names and they should work. Does that make sense?
People always mess that up.
-
@Arrowhead-IT To add on, if you don’t mind.
Particularly pertaining to the different hashes, this is intentional.
The intent is to make it that much harder for somebody to see/guess your password. The FOG System in whole does the encryption/decryption when and as needed.
For even more security, with the new client at least, any time a client checks in the hash changes too. This is to further obfuscate possibly breach of your AD Password.
-
@anthonyglamis So I found a few more errors. Can you be more specific as to the type of image you’re working with?
I looked over all the code, and the unable to locate MBR message is from one of our many functions. It, quite simply, cannot find the mbr file. This MBR file is received by the system. If the OS is windows 7/8+8.1/10 and the image is in what I call legacy format (sys.img.000 and/or rec.img.000), it will use a pregenerated MBR and realign the partitions to match your disk. This is also the default handling mechanism, now, for Windows XP and Vista.
This part was where things were failing though, and i’m guessing the image was uploading using 1.2.0? Maybe you already said this I’m just blanking out for now. In either case, I’m hoping the download script is back to a MUCH more friendly and operation state.
-
@anthonyglamis So I found my answer.
When you’re working with a specific partition to image, there is no mbr file generated for the client. However, it appears there is something slightly off in this approach. If you select a specific partition, it is (from what I can tell) uploading the only the relevant partition?
It does not create an MBR for single partition images as it doesn’t know how it needs to be placed.
That said, if this is the intention (you only making a copy of partition 1 or 2), I will need to borrow some of your time so I can figure out a good approach in bypassing the need for the mbr.
-
@Tom-Elliott
I just install a new server with 6038 svn, copy all images (that work in 1.2, the server still alive), change all owners and permissions following this post and the wiki, but still get "Image Store Corrupt” Unable to locate MBR (restore partition table and bootloaders) when deploying.
1.2 still deploying correctly the same image. -
@Thiago can you update and then try? 6038 had the problem, and unless you reran the installer this morning, you most likely have what I suspect is the “bad” inits.
-
@Wayne-Workman said:
@Arrowhead-IT said:
Just make new images in the fog gui with the same settings and point them to the file names and they should work. Does that make sense?
People always mess that up.
Do I sound full of myself if I say that I never messed that up? Because well, I never messed that up. It just kinda worked as it should anytime I’ve done that.
-
@Arrowhead-IT said:
Do I sound full of myself if I say that I never messed that up? Because well, I never messed that up. It just kinda worked as it should anytime I’ve done that.
No. Would I sound full of myself if I said I haven’t, either? lol. But a lot of people have messed it up.
-
Wow this thread has a bunch of activity! Thanks for everyones help.
I captured an image late last night and checked /images for the d1.mbr file and it was present. I was able to deploy this image to another Lenovo E431 (this is windows 7 pro btw), however it did not join to AD, and interestingly enough it did not change the hostname either.
This is odd since yesterday Fog was actually successful in changing a hostname and adding one of our laptops to AD. Granted this was a PC we had taken off the domain in order to capture the image. We gave it a generic name LENOVO-E431-I3 and after capturing the image it would not let us change the name of the PC and kept rebooting. This of course was the client service doing it’s job. So in the Fog server we changed the hostname to what we wanted and boom after a reboot the hostname changer did it’s job and also added the laptop to AD.
I am looking at the fog .log and there is an authentication error more specifically this is from a deployed Win 7 image
--------------------------------Authentication--------------------------------
1/21/2016 10:27 AM Client-Info Version: 0.9.10
1/21/2016 10:27 AM Middleware::Communication URL: http://192.168.1.243/fog/management/other/ssl/srvpublic.crt
1/21/2016 10:27 AM Data::RSA FOG Server CA cert found
1/21/2016 10:27 AM Data::RSA ERROR: Certificate validation failed
1/21/2016 10:27 AM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
1/21/2016 10:27 AM Middleware::Authentication ERROR: Could not authenticate
1/21/2016 10:27 AM Middleware::Authentication ERROR: Certificate is not from FOG CA
1/21/2016 10:27 AM Service Sleeping for 120 seconds -
@anthonyglamis said:
Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified.
That’s the issue.
Try to reinstall the client on that image, and then re-upload and try again. If it’s still not working, try resetting the encryption on the problematic target host.
-
@Wayne-Workman
@Arrowhead-IT
Pertaining to the images I deleted from the Fog UI, they are still present in the /Images directory. So if I create a new image in the Fog UI and name the file the image name it adds. The file size is 0.0
Will this populate when I attempt to deploy the image to a new host? Just curious as I don’t want to deploy a 0.0 image size to one of my hosts lol -
@anthonyglamis said:
Will this populate when I attempt to deploy the image to a new host?
Yes. that field gets updated every time the image deploys or uploads.
-
@anthonyglamis @Wayne-Workman speaks the truth.
I would just add that there is a setting called FOG_FTP_IMAGE_SIZE in fog configuration → Fog Settings → General Settings
that you can enable. The size that says 0.0 is likely image size on client. If you enable FOG_FTP_IMAGE_SIZE then you will also see the compressed image size on the FOG server which I think will automatically update, but it might also need to be deployed first.I just like being able to see both sizes.
-
@anthonyglamis to add on, what you see by default in that field is how big a disk (approximately) you need to be able to image. The way it’s populated is as Wayne stated, through imaging tasks. There is also a field that, by default now, is hidden and will show how much space on disk it will use. If you enable viewing of the image, it should show a size which would then show you how much server disk space it’s using.
-
Come to think of it those images have the previous client service from 1.2.0, I’m guessing I will want to update the client service and capture again?
-
@anthonyglamis yes.
-
@Tom-Elliott
Do you need any information from me concerning the images I have that did not create the d1.mbr file? Just asking as I have to update the Fog server and start recapturing new images with the latest client. I essentially have no use for the previous images I created. -
OK so I’m having a brain fart today. I wanted to update to the latest version. I ran the install.sh and it rolled me back to 6032. Where is the latest version located?
Never mind, I was in the wrong folder. I am back on 6038, but would still like to upgrade to the latest version. I thought the installer would update.I used this link and SVN
-
@anthonyglamis if you are using svn to manage the trunk package, you change into the trunk folder and run
svn up
that will download the latest code from the subversion repository. Thencd bin
and then./installfog.sh
If you are using git they have a comparable update command.