Host list: connection timed out

alh

Server

• FOG Version: 1.3.5
• OS: Ubuntu 16.04 LTS

Client

• Service Version: 0.11.11
• OS: Windows 7

Description

After installation all hosts were marked with a red exclamation mark with the error message: “no such device or address”. We tried to solve this by adding WINS-resolution and hostnames are now resolved properly on the server “getent hosts hostname”.

However, we now in FOG see a new error message “connection timed out”. We tried to adjust the Windows firewall following this guide: https://wiki.fogproject.org/wiki/index.php/Client_Setup#Firewall_Exceptions but it seems to be outdated since “C:\Program Files\FOG\FOGServiceConfig.exe” does not exist anymore. For which of the following EXEs do I need to add a firewall exception or is there another cause for this issue?

• FOGService.exe
• FOGTray.exe
• FOGUpdateHelper.exe
• FOGUpdateWaiter.exe
• FOGUserService.exe

Thanks for your help!

Update: our (hardware) XP-clients seem to work just fine, even without the FOG Client Service.

alh

We solved by doing the following:

On the FOG-Server install Winbind:

sudo apt-get install -y winbind libnss-winbind

Edit the Samba config:

# /etc/samba/smb.conf

[global]
    ...
    workgroup = <domain/workgroup>
    ...
    wins server = <ipofyourwinsserver>
    ...

Edit the nsswitch config:

# /etc/nsswitch.conf

hosts: files dns wins

Reboot your server.

On the Windows 7 clients we had to add the following firewall rule:

netsh advfirewall firewall add rule name="FOG Service" dir=in action=allow remoteip=<ipofyourFOGserver> protocol=tcp localport=445

That worked for us.

Tom Elliott

The FOG Client (and any of its files) have nothing to do with the “Ping”. Nor does the “Ping” have any effect on the hosts from functioning.

That said, port 445 on the Windows clients needs to be allowed. That should be all that’s needed.

Wayne Workman

#wiki worthy

alh

OK, so the status icon is a mere ping to the host -> copied that.

By port 445 being allowed on the Windows clients you mean outgoing connection. That means I do not need to allow any incoming connections anymore, right?

Wiki: We, the German Literature Archive (http://www.dla-marbach.de), would be willing to help in updating the wiki. We are introducing FOG now and document everything for ourselves anyway. However, I could not find a register button on the wiki page.

Wayne Workman

@alh said in Host list: connection timed out:

By port 445 being allowed on the Windows clients you mean outgoing connection.

Port 445 inbound. The fog server pings the host on port 445.

For wiki access, PM me your email address and I’ll get an account made for you.

alh

@Wayne-Workman I send you the mail address.

Regarding our little issue I added to firewall rules to our Win7 clients:

• Allow incoming ICMPv4
• Allow incoming for FOGService

I can ping the clients by hostname from the FOG server but they still show up as Connection timed out. in the host list.
And isn’t port 445 already used by a lot of system services like Netlogon, File and Printer Sharing, Remote Service Management, etc.?

Wayne Workman

@alh the FOG Ping service does not do a traditional ping, it uses port 445.

justeverything

@Tom-Elliott Is this the same port for linux, like ubuntu 16.04 or debian 8? I also have the connection time out issue in the host menue.

If i enable the ufw firewall on ubutu and allow the port 445, the status changes from “connection timeout” to “connection refused”

I allowed these ports. (22 for ssh, 445 for the fog ping)

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere                  
445                        ALLOW IN    Anywhere                                  
22 (v6)                    ALLOW IN    Anywhere (v6)             
445 (v6)                   ALLOW IN    Anywhere (v6) ```

Tom Elliott

@justeverything FOG uses port 445 to do ping.

Yes, it’s the same port number regardless of OS. How that port responds on different OS’ I cannot say.

justeverything

@Tom-Elliott do you have any idea what I can try to fix this except opening the port on the host?

Quazz

@justeverything If the port isn’t open on the host then it can’t communicate, simple as that, to be honest. It’s like trying to call someone who put everyone on a blocklist.

Tom Elliott

Or more accurately, it’s like calling a number that’s been removed from use. You could re-apply it relatively easily, but if you’re shying away from keeping it available for whatever reason, NO ONE will be able to call it to begin with.

george1421

@Tom-Elliott So to be clear here, this isn’t a traditional ICMP ping which is on the OSI layer 3 (IP) but instead a layer 4 port level connection test.

That is interesting idea. It would also be interesting to know how a linux or any other non-windows box would respond (assuming that samba was not loaded on a windows machine). To the connect request to port 445. I could see the device sending a nak back to the FOG server. Which I would guess is also a success response too.

Tom Elliott

@george1421 It’s a NetBIOS port (number 445) by default. As for if it’s usable or not on linux, well I don’t know. To be fair, I followed what was already in place, just neatened up the code base.

george1421

@Tom-Elliott Not throwing shade as the young folks would say on this. Its just a different concept and something we should be aware of if we are expecting an icmp ping. I just did a quick check at my office and I have linux machines that have samba and no samba installed so I can confirm / test if they respond as a windows machine does to a port level ping.

I have a meeting in a few minutes and will test afterwards.

Tom Elliott

If you don’t want to enable the port, you don’t have to. Understand the “ping” status is just a nicety and has no bearing on actual availability of a machine or any functionality of how FOG will operate.

justeverything

@Tom-Elliott yes, I can confirm this - I don’t have to enable the ports, but I want to. I like this feature very much and it would be sad If I won’t be able to use it.

The problem with my setup is that it says “connection refused” although I enabled the port 445 both on the server and the host via ufw firewall.

Server OS is the latest debian 8 and Client OS is the latest Ubuntu 16.04 Maybe anyone has some ideas. Thanks in advance. :))

Tom Elliott

@justeverything You could try this:

https://unix.stackexchange.com/questions/183317/resolving-netbios-names-from-linux

george1421

@justeverything I guess I would ask the question" If you open a command prompt on the linux server can you ping (icmp) the windows computer by is short name (or the name registered in fog)?

george1421

@george1421

during testing I did find that the udp probe to hosts would aways return a success, even if the host didn’t exist (not a very successful test). This was using the netcat [nc] utility. The command used was nc -zuvv <ip_addr> 445

When I changed to use the tcp port then the answers were more in line with an icmp ping.
command use nc -zvv <ip_addr> 445

1. For a windows host answer was: Connection to <ip_addr> 445 port [tcp/microsoft-ds] succedded!
2. For a linux host with samba installed: Connection to <ip_addr> 445 port [tcp/microsoft-ds] succedded!
3. For a linux host without samba or anything listening on port 445: Connection to <ip_addr> 445 port (tcp) failed: No route to host.
   For a host that doesn’t exist: Connection to <ip_addr> 445 port (tcp) failed: No route to host. (after about 5 sec timeout)

Does the selecting port ping work, yes as long as its a tcp connection attempt.

Why was that selected over an icmp ping, only the programmers of the past know.