Fog Client issues
-
@David-Osinski for the moment mind disabling snapins?
-
@Tom-Elliott
I turned off the machine, disabled snapins and turned the machine back on. Here is the log again. 0_1479413974844_fog.log
You may notice that i am getting an authentication error until 2:16. I found out that it is our antivirus program (Forticlient) that causes that. once i disabled and shut it down, you can see that its back to the normal messages. -
@David-Osinski So your Forticlient antivirus was causing the issue? If so, you may want to see if you can create an exception for the FOG Service.
-
@Wayne-Workman
This does not seem to be the reason for the issue. as stated the client is off. I only brought the forticlient antivirus to your attention because at the beginning of the log it says authentication error. This still does not fix the first issue. It will still not join active directory or do snapins. Tom wanted my to disable snapins but my client will still not join active directory. -
@David-Osinski I just saw this line in the last log you posted:
11/17/2016 2:08 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
Can you:
- Ensure the host you’re working with is not set in FOG to join the domain,
- Uninstall the FOG Client from the computer, reboot, install the fog client, reboot, and check the logs please?
If the authentication issues clear up after these steps, recapture the image and then try again on another computer for domain joining.
-
After fighting with the client for about a week now, it seems to be our antivirus/webfiltering client (Forticlient) that is causing the problems. If i completely remove forticlient, it works just fine. I have been on tech support with fortinet for the past few days trying to figure this out. If I turn off all services and shutdown forticlient, it still happens. The only way i can get it to work is actually uninstalling it. So, this leads me to revert back to the old fog client and that works like a champ still. Thanks for all your suggestions. I did try what wayne said but still didnt work after that.
-
@David-Osinski An exception or exemption cannot be made for the FOGService ?
-
@Wayne-Workman According to Fortinet, this seems to be an incompatibility issue between the two clients. If you install Fog client alone, It works. Once you install forticlient, it seems to break fog client. Even if you disable forticlient completely, and stop the service. They think it may be a driver issue. I have an open ticket with fortinet that they are researching the issues.
-
@David-Osinski That would make me ask, what drivers is fortinet installing? The client, as far as I’m aware, has no reliance on drivers. It does need network access (which is what I suspect fortinet is blocking in some way).
Exceptions/Exemptions should be possible though. I’d start by taking a look at fortinet and what it’s blocking that the client might actually need.
-
@Tom-Elliott If you look at the fog client from an AV perspective, I can understand why the fog client could be blocked. The fog client is sending encrypted http traffic to an IP address. I don’t know if the FOG server will initiate traffic to the fog client or only respond to a query from the fog client (this is important to know to decide if its unsolicited traffic from an unknown IP address).
This might resemble a botnet malware (fog client) with a remote command and control server on the intenet (FOG Server).
Why does the old fog client work (??). If I had to guess I might suspect its the encryption the the FOG client / server is now doing. Since the AV software can’t inspect the traffic its just blocking it outright. Most of the modern AV software will now inject its driver into the network communication chain so that I can watch all data in and out of the client computer.
The other thing that could be causing a conflict is fortinet and the fog client are using the same network port on the client.
But as you noted, a white list exception is probably the only solution.
-
@george1421 while I completely agree that the client looks exact like a root kit, the difference is all the client binaries are signed by a trusted certificate authority. All major anti virus software first look to see if a PE binary contains a valid authenticode before performing analysis on it.
-
I wonder if the order of install would make a difference?
Like,
- Install AV first, then FOG Client
then - Install FOG Client first, then AV.
- Install AV first, then FOG Client
-
I’m guessing your Antivirus installs a Filter Driver in your Network Adapter. If correct, uncheck it, save, and try again.