Smart Installer caching credentials causing AD lockouts - maybe?

Is it possible that when installing the FOG service using the SmartInstaller, something in the process cached my active directory credentials and is attempting authentication? I ask because a user has this laptop at home, and when she connects to our VPN, my AD account gets locked. Looking at the AD server logs I see that the lockouts are happening because of failed logins from this particular laptop.

It’s especially weird because I wouldn’t have been able to actually run the installer as a non-admin, but my non-admin account is the only one being affected.

Sorry for pointing the finger at FOG but it’s the only non-commercial software installed on this particular laptop that I installed under my non-admin account. I’m going to look at it tomorrow and perhaps disable the FOG service in an attempt to prevent the password locks.

@Sebastian-Roth, not a problem at all. I manually added the affected client.
Thank you for your genuine efforts and good luck sleuthing it out!

@Sebastian-Roth
My version: Your version of FOG is up to date.
You're running the latest dev-branch version: 1.5.8.28

@Sebastian-Roth Thanks for confirming the function of the pending MAC filter. Are the MAC addresses in the comma-separated list case-sensitive by chance?

The computer was listed under Pending when I checked this morning with the primary MAC with the correct value but it also had an Additional MACs entry labeled Not found which matches the filter (I added the checkmarks):

Maybe I need to enter it again as 54:ea:3f?

Hi Sebastian, thanks for the rapid and accurate response! I did find a duplicate of the MAC address which is because the clients all use a VPN.

I added the first three parts of the MAC address (0A:00:27) into FOG Configuration -> FOG Settings -> FOG Client - Host Register -> QUICKREG PENDING MAC FILTER:

Isn’t that supposed to make it ignore the duplicate?

In the meantime, I will try ignoring it via the duplicate host’s Additional MACs screen:

Please let me know if there’s a better or different approach I can take.

Updated the server and reinstalled the client on this host and I cannot seem to get the client to connect and auto-register. Maybe I could push it manually from a pxe boot but believe I had the process automated before. It is not listed under Pending Hosts either.

---

FOG.log on the client

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 4/16/2020 3:11:10 PM Client-Info Version: 0.11.19
 4/16/2020 3:11:10 PM Client-Info OS:      Windows
 4/16/2020 3:11:10 PM Middleware::Authentication Waiting for authentication timeout to pass
 4/16/2020 3:11:10 PM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
 4/16/2020 3:11:10 PM Data::RSA FOG Server CA cert found
 4/16/2020 3:11:10 PM Middleware::Authentication Cert OK
 4/16/2020 3:11:10 PM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
 4/16/2020 3:11:10 PM Middleware::Authentication ERROR: Could not get security token
 4/16/2020 3:11:10 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
 4/16/2020 3:11:10 PM Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
 4/16/2020 3:11:10 PM Middleware::Response Invalid security token

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 4/16/2020 3:11:10 PM Client-Info Version: 0.11.19
 4/16/2020 3:11:10 PM Client-Info OS:      Windows
 4/16/2020 3:11:10 PM Middleware::Authentication Waiting for authentication timeout to pass
 4/16/2020 3:13:10 PM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt
 4/16/2020 3:13:10 PM Data::RSA FOG Server CA cert found
 4/16/2020 3:13:10 PM Middleware::Authentication Cert OK
 4/16/2020 3:13:10 PM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
 4/16/2020 3:13:10 PM Middleware::Authentication ERROR: Could not get security token
 4/16/2020 3:13:10 PM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
 4/16/2020 3:13:10 PM Middleware::Communication POST URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newService
 4/16/2020 3:13:10 PM Middleware::Response Invalid security token

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 4/16/2020 3:13:10 PM Client-Info Version: 0.11.19
 4/16/2020 3:13:10 PM Client-Info OS:      Windows
 4/16/2020 3:13:10 PM Middleware::Authentication Waiting for authentication timeout to pass

---

apache access_log on fogserver

<Client_IP_Address> - - [16/Apr/2020:15:11:09 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1744 "-" "-"
<Client_IP_Address> - - [16/Apr/2020:15:11:10 -0500] "POST /fog/management/index.php?sub=requestClientInfo&authorize&newService HTTP/1.1" 200 15 "-" "-"
<Client_IP_Address> - - [16/Apr/2020:15:13:09 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1744 "-" "-"
<Client_IP_Address> - - [16/Apr/2020:15:13:09 -0500] "POST /fog/management/index.php?sub=requestClientInfo&authorize&newService HTTP/1.1" 200 15 "-" "-"

Re: unable to install CA certificate

I was getting this error:

Unable to install FOG Project CA

during GPO installation while the .msi lives on a DFS share. I also could not install the .msi manually over the share:

However copying it to the local machine it installed fine.

I made some permission changes on the DFS such as forcing READ permissions from the root for Domain Computers. I was able to install it over the share, and after a couple reboots it finally installed via GPO.

@astrugatch So it sounds like you’re kicking off a script rather than using the fields within the FOG Snapin GUI, correct?

@astrugatch What’s your share access look like? No user/passwords necessary?

We can do that. It lives in the same folder as setup so would I reuse the FOG variable like so?

[FOG_SNAPIN_PATH]\setup.exe /configure [FOG_SNAPIN_PATH]\installOfficeBusRet32.xml

Although now that I think about it, it’d be great if I could modify this file as-needed without having to re-compress the folder.

Could I use something like this instead?

[FOG_SNAPIN_PATH]\setup.exe /configure \\myserver\share\installOfficeBusRet32.xml

and if so, do you have any suggestions on creating a share which the fog service could read from without authentication?