Active directory Join issue

anthonyglamis · Jan 21, 2016, 12:14 AM

@Arrowhead-IT Thanks for the input. That does make sense. Hopefully I can get those back. It will save me some time.

@Tom-Elliott I am attempting to capture another image. Same model LenovoE431. I will post the output.

Wayne Workman · Jan 21, 2016, 12:16 AM

@Arrowhead-IT said:

I hadn’t noticed that the hashes were different before, so I checked mine and they are different.

This is by design. https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Security_design

Wayne Workman · Jan 21, 2016, 4:18 PM

@Arrowhead-IT said:

Just make new images in the fog gui with the same settings and point them to the file names and they should work. Does that make sense?

People always mess that up.

Tom Elliott · Jan 21, 2016, 4:30 AM

@Arrowhead-IT To add on, if you don’t mind.

Particularly pertaining to the different hashes, this is intentional.

The intent is to make it that much harder for somebody to see/guess your password. The FOG System in whole does the encryption/decryption when and as needed.

For even more security, with the new client at least, any time a client checks in the hash changes too. This is to further obfuscate possibly breach of your AD Password.

Tom Elliott · Jan 21, 2016, 4:36 AM

@anthonyglamis So I found a few more errors. Can you be more specific as to the type of image you’re working with?

I looked over all the code, and the unable to locate MBR message is from one of our many functions. It, quite simply, cannot find the mbr file. This MBR file is received by the system. If the OS is windows 7/8+8.1/10 and the image is in what I call legacy format (sys.img.000 and/or rec.img.000), it will use a pregenerated MBR and realign the partitions to match your disk. This is also the default handling mechanism, now, for Windows XP and Vista.

This part was where things were failing though, and i’m guessing the image was uploading using 1.2.0? Maybe you already said this I’m just blanking out for now. In either case, I’m hoping the download script is back to a MUCH more friendly and operation state.

Tom Elliott · Jan 21, 2016, 4:40 AM

@anthonyglamis So I found my answer.

When you’re working with a specific partition to image, there is no mbr file generated for the client. However, it appears there is something slightly off in this approach. If you select a specific partition, it is (from what I can tell) uploading the only the relevant partition?

It does not create an MBR for single partition images as it doesn’t know how it needs to be placed.

That said, if this is the intention (you only making a copy of partition 1 or 2), I will need to borrow some of your time so I can figure out a good approach in bypassing the need for the mbr.

Thiago · Jan 21, 2016, 11:15 AM

@Tom-Elliott
I just install a new server with 6038 svn, copy all images (that work in 1.2, the server still alive), change all owners and permissions following this post and the wiki, but still get "Image Store Corrupt” Unable to locate MBR (restore partition table and bootloaders) when deploying.
1.2 still deploying correctly the same image.

Tom Elliott · Jan 21, 2016, 12:24 PM

@Thiago can you update and then try? 6038 had the problem, and unless you reran the installer this morning, you most likely have what I suspect is the “bad” inits.

JJ Fullmer · Jan 21, 2016, 4:18 PM

@Wayne-Workman said:

@Arrowhead-IT said:

Just make new images in the fog gui with the same settings and point them to the file names and they should work. Does that make sense?

People always mess that up.

Do I sound full of myself if I say that I never messed that up? Because well, I never messed that up. It just kinda worked as it should anytime I’ve done that.

Wayne Workman · Jan 21, 2016, 4:20 PM

@Arrowhead-IT said:

Do I sound full of myself if I say that I never messed that up? Because well, I never messed that up. It just kinda worked as it should anytime I’ve done that.

No. Would I sound full of myself if I said I haven’t, either? lol. But a lot of people have messed it up.

anthonyglamis · Jan 21, 2016, 4:39 PM

Wow this thread has a bunch of activity! Thanks for everyones help.
I captured an image late last night and checked /images for the d1.mbr file and it was present. I was able to deploy this image to another Lenovo E431 (this is windows 7 pro btw), however it did not join to AD, and interestingly enough it did not change the hostname either.
This is odd since yesterday Fog was actually successful in changing a hostname and adding one of our laptops to AD. Granted this was a PC we had taken off the domain in order to capture the image. We gave it a generic name LENOVO-E431-I3 and after capturing the image it would not let us change the name of the PC and kept rebooting. This of course was the client service doing it’s job. So in the Fog server we changed the hostname to what we wanted and boom after a reboot the hostname changer did it’s job and also added the laptop to AD.
I am looking at the fog .log and there is an authentication error more specifically this is from a deployed Win 7 image

--------------------------------Authentication--------------------------------

1/21/2016 10:27 AM Client-Info Version: 0.9.10
1/21/2016 10:27 AM Middleware::Communication URL: http://192.168.1.243/fog/management/other/ssl/srvpublic.crt
1/21/2016 10:27 AM Data::RSA FOG Server CA cert found
1/21/2016 10:27 AM Data::RSA ERROR: Certificate validation failed
1/21/2016 10:27 AM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
1/21/2016 10:27 AM Middleware::Authentication ERROR: Could not authenticate
1/21/2016 10:27 AM Middleware::Authentication ERROR: Certificate is not from FOG CA
1/21/2016 10:27 AM Service Sleeping for 120 seconds

Wayne Workman · Jan 21, 2016, 4:41 PM

@anthonyglamis said:

Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified.

That’s the issue.

Try to reinstall the client on that image, and then re-upload and try again. If it’s still not working, try resetting the encryption on the problematic target host.

anthonyglamis · Jan 21, 2016, 5:14 PM

@Wayne-Workman
@Arrowhead-IT
Pertaining to the images I deleted from the Fog UI, they are still present in the /Images directory. So if I create a new image in the Fog UI and name the file the image name it adds. The file size is 0.0
Will this populate when I attempt to deploy the image to a new host? Just curious as I don’t want to deploy a 0.0 image size to one of my hosts lol

Wayne Workman · Jan 21, 2016, 5:16 PM

@anthonyglamis said:

Will this populate when I attempt to deploy the image to a new host?

Yes. that field gets updated every time the image deploys or uploads.

JJ Fullmer · Jan 21, 2016, 5:21 PM

@anthonyglamis @Wayne-Workman speaks the truth.
I would just add that there is a setting called FOG_FTP_IMAGE_SIZE in fog configuration → Fog Settings → General Settings
that you can enable. The size that says 0.0 is likely image size on client. If you enable FOG_FTP_IMAGE_SIZE then you will also see the compressed image size on the FOG server which I think will automatically update, but it might also need to be deployed first.

I just like being able to see both sizes.

Tom Elliott · Jan 21, 2016, 5:44 PM

@anthonyglamis to add on, what you see by default in that field is how big a disk (approximately) you need to be able to image. The way it’s populated is as Wayne stated, through imaging tasks. There is also a field that, by default now, is hidden and will show how much space on disk it will use. If you enable viewing of the image, it should show a size which would then show you how much server disk space it’s using.

anthonyglamis · Jan 21, 2016, 5:55 PM

Come to think of it those images have the previous client service from 1.2.0, I’m guessing I will want to update the client service and capture again?

Wayne Workman · Jan 21, 2016, 5:57 PM

@anthonyglamis yes.

anthonyglamis · Jan 21, 2016, 6:03 PM

@Tom-Elliott
Do you need any information from me concerning the images I have that did not create the d1.mbr file? Just asking as I have to update the Fog server and start recapturing new images with the latest client. I essentially have no use for the previous images I created.

anthonyglamis · Jan 21, 2016, 6:25 PM

OK so I’m having a brain fart today. I wanted to update to the latest version. I ran the install.sh and it rolled me back to 6032. Where is the latest version located?
Never mind, I was in the wrong folder. I am back on 6038, but would still like to upgrade to the latest version. I thought the installer would update.

I used this link and SVN

https://wiki.fogproject.org/wiki/index.php?title=SVN

Active directory Join issue

--------------------------------Authentication--------------------------------

190

12.0k

17.3k

155.2k