Active directory Join issue
-
I realize you had a long and troubled day. So my questions may put you over the top.
Can you create a truth table from your testing thus far? (dell, full disk cap = No, dell, resizeable cap = Yes, Lenovo =No) there has to be some rational here.
Do you have one system that you can capture and deploy successfully?
Your issues are seeming to be multiple. The first is of course capture and deploy and then once deployed connecting to AD.
Its not clear quite yet in my mind is your issue with the new way fog is trying to capture images or the hardware them selves. Both of these systems are pretty new with new next gen components. If they are not reliable, do you have older systems you to setup a baseline with? I have seen recently with some of the newer lenovo, they have a built in small hard drive (16GB in size M.2 SSD) that seems to be causing some capture issues with other people. I’m not saying that is the issue with your lenovo its just one possibility.
-
@george1421
George it is odd to say the least. The images are indeed capturing but I’m really not sure how fog captures them, and if the problem lies there. In the images folder the 1d.mbr mbr file as well as all respective partitions are there. When creating new image I am choosing #2 single disk multiple partition. Next option #1 everything. Deploying fails every time.
The reason I am doing 2 different models is obviously for testing. I want to replicate errors or success across more than one platform.
In all reality I should be focused on the Lenovo E431 platform because the company I work for has these deployed the most. So it will be beneficial for me to get this image working. I am new to Linux so I am learning but I am certain I can pick this up.
After a capture why would fog fail if I am trying to deploy to another CPU that is the same model platform? Is it not capturing a complete image in general? That is my guess.
To answer your other question I have been able to successfully deploy images but those were all in older versions of fog. I have since updated to trunk. The AD/client service is working now, just not the imaging process.
I apologize if I didn’t answer all of your questions in full detail. -
@anthonyglamis are you running the latest trunk?
-
@Tom-Elliott I am running 6050, but will update today to the latest.
-
@Tom-Elliott I just updated to 6064. Do I also need to download the client every time there is a new revision?
-
@anthonyglamis Nope. The installer will auto download the latest client to your server and you don’t need to maually update your hosts with the new client. I think it’s supposed to update itself even, if I remember right
-
Update. I reran the deployment of the 2 images I captured and they imaged on both models. They did not auto join to AD though I am receiving the same authentication error in the log. This is odd as before capturing both images I installed the client service 0.9.10 as well as the certificate from http://192.168.1.243/fog/management/other/ssl/svrpublic.crt
Post deployment I uninstalled the client service, and removed the log file. Restarted. Installed the client service again. Restarted, and they auto joined to AD. Obviously I only did that for testing purposes. Am I missing something in the pre-deployment phase?
Should I have reset the encryption data in Group Management? -
@anthonyglamis This sounds like a client issue, any thoughts @Jbob
-
@anthonyglamis Can you post the new client log with the error?
-
@anthonyglamis Do you see anything when you go to http://192.168.1.243/fog/management/other/ssl/srvpublic.crt
Also, please fill jbob’s request below.
-
@Wayne-Workman @jbob @Arrowhead-IT
I can download the cert but only in Chrome. Firefox says there is no data, and IE states page cannot be found.
I was searching through threads and came across a thread in which Arrowhead-IT was having basically the same issues I am. The client works just fine if you install it after an image is deployed. This deployment is with the client service installed on an image and then deployed to a client.
Attached are 2 logs.
The 1st displays the authentication error being logged.
The 2nd log is displays what is logged after I uninstall and re-install the client service on the same machine. Everything starts to work fine after that. -
@anthonyglamis said:
after I uninstall and re-install the client service on the same machine. Everything starts to work fine after that.
If it works fine after you uninstall/reinstall, can you make a new image, and on your golden image before you capture, can you uninstall and then reinstall and then capture the image? Then try out the new image?
You can make the new image from your old one (just download it but disable domain joining).
You don’t have to overwrite your current image, just make a new one with a new name.
-
@anthonyglamis I am in agreement with @Wayne-Workman. That log file you posted indicates that your image has the wrong certificates. This could have been caused by a server re-install / key re-generation after making your image. Simply updating your image with a re-installed client should fix it.
-
@Jbob @Wayne-Workman Workman
For testing purposes I did exactly what you suggested. I have a new image compiled. Uninstalled the client service, ensured it was talking to the server and captured the imaged. I am attempting to deploy it now. I will update with the status. The only thing I am confused about it every time I update my revision I will have to create another image? Interesting. There is a new revision almost everyday.
-
@anthonyglamis No, you don’t need to create a new image for a new revision. It’s only if you reinstalled fog completely, regenerating the ca certs.
-
@anthonyglamis said:
The only thing I am confused about it every time I update my revision I will have to create another image?
This should not be the case, unless you’re just doing it wrong - which is possible.
The new client has a security model that is based on a cryptographically secure trust model. Details about it are in the wiki. If you blast your ssl certificates and CA on the server, then, this trust is also blasted.
And the new client will not accept communications from an un-trusted source. This is by design.
-
@Arrowhead-IT Well I’m an idiot then because after every revision I was reinstalling Fog. I tested 2 machines. The images were a success and the auto join to AD worked perfectly! This is going to make my life so much easier. Thanks guys for all the help. Thanks for your time. Now I can at least help anyone else that might have AD issues Also for someone like me who is a newbie to Linux, I might compile a write up to help anyone in the future.
Now on to figure out how to store printers and have them map automatically and I will be in serious business!Once again thank you to everyone that replied to this thread!
-
@anthonyglamis said:
Also for someone like me who is a newbie to Linux, I might compile a write up to help anyone in the future.
Please do. Post it in our Tutorials section.
-
@anthonyglamis Just so I’m understanding, there wasn’t a problem at all? I know you were having a problem, but this wasn’t something FOG was doing necessarily?
-
@Tom-Elliott I’m not going to say there were not any small bugs that were fixed via the latest revisions. There were times where images would not even capture, but on a second try they would, or deploy for that matter. I’m not sure about the certificates issue either, logically it makes sense to compile an image, that is not on the domain, install the latest Client Service and then capture that image. Then deploy to your clients. I wasn’t always reinstalling fog after revisions so in theory I should have been successful once or twice.
I have successfully deployed an image to 2 laptops today, but here is what I ended up doing. I had a image I wanted to capture on a computer that was still on my domain. I UN-installed the Client Service, restarted, reinstalled the client service, ensured the client and server were talking (i didn’t have to check the log as it auto joined to AD so obviously it was working), and captured that image. It worked. I figured who cares if I capture an image of a computer already joined to my domain as the client service would rename a unique identifier as well as host name of my choice.