RE: Active Directory registration not working Windows 7 x64 client

The error, as everyone expected, was indeed in the encryption key. Somehow there is a difference between how HostnameChange encrypts/decrypts. I put in some debug code to encrypt my password and the encrypted hex is completely different. When I enter this encrypted hex in the active domain settings, everything works. Now tracking down why HostnameChange encrypts differently from the standard FOGCrypt (recompiled that from scratch as well, same output as standard binary).

As I still haven’t received wiki access, here one more important bit of information: for the Active Directory integration the user name MUST NOT include the domain name. That information is sometimes mentioned, but [URL=‘http://www.fogproject.org/wiki/index.php/Managing_FOG#Active_Directory_Integration’]this section still says you may have to include it[/URL] that. That won’t work.

One thing I found out is that you cannot use the fully qualified name as domain in the active domain settings of a client. It must be in NetBios format. The reason is that the backend returns the user name as “<DOMAIN><username>” and if you have as domain “fog.example.org” you get a user name “fog.example.org\Administrator” for example, which won’t work.

[quote=“Tom Elliott, post: 43893, member: 7271”]And your username field is not in the format domain/username?[/quote]

No, it wasn’t. The domain name is automatically appended I saw already. The problem is that the password is garbled. When I hard-code it, everything works. Narrowing down to the culprit.

Wow, compiliation actually works if I compile the FOGService.exe as well and copy that first. That’s great, can now do development on Linux.

And to repeat, with the original HostnameChange.dll I get this:

[CODE] 16/03/2015 9:21 p.m. FOG Service Engine Version: 3
16/03/2015 9:21 p.m. Starting all sub processes
16/03/2015 9:21 p.m. 1 modules loaded
16/03/2015 9:21 p.m. * Starting FOG.HostNameChanger
16/03/2015 9:21 p.m. FOG::HostnameChanger Starting hostname change process…
16/03/2015 9:21 p.m. FOG::HostnameChanger Yielding to other subservices for 7 seconds.
16/03/2015 9:21 p.m. FOG::HostnameChanger Attempting to connect to fog server…
16/03/2015 9:21 p.m. FOG::HostnameChanger Module is active…
16/03/2015 9:21 p.m. FOG::HostnameChanger AD mode requested, confirming settings.
16/03/2015 9:21 p.m. FOG::HostnameChanger Hostname is up to date
16/03/2015 9:21 p.m. FOG::HostnameChanger Attempting to join domain if not already a member…
16/03/2015 9:21 p.m. FOG::HostnameChanger Domain Error! (‘Unknown Error’ Code: 1355)[/CODE]

That’s the same error [URL='http://www.fogproject.org/forum/threads/fog-service-register-no-longer-working.10703/#post-29215’]that’s mentioned here[/URL].

PS: it would be great if someone had a tip on how to compile HostnameChange.dll on Linux and produce a .dll that’s recognised. Then I could do some actual debugging!

OK, I had both the old dll and new dll in the directory, and it seems the service picks up both. That’s confusing. When using the new dll, I get this output (as already posted):

[CODE] 16/03/2015 9:04 p.m. FOG Service Engine Version: 3
16/03/2015 9:04 p.m. Starting all sub processes
16/03/2015 9:04 p.m. 2 modules loaded
16/03/2015 9:04 p.m. * Starting FOG.HostNameChanger
16/03/2015 9:04 p.m. * Starting FOG.MODDebug
16/03/2015 9:04 p.m. FOG::MODDebug Start Called
16/03/2015 9:04 p.m. FOG::MODDebug Sleeping for 100 Seconds
16/03/2015 9:04 p.m. FOG::HostnameChanger Starting hostname change process…
16/03/2015 9:04 p.m. FOG::HostnameChanger Yielding to other subservices for 5 seconds.
16/03/2015 9:04 p.m. FOG::HostnameChanger Attempting to connect to fog server…
16/03/2015 9:04 p.m. FOG::HostnameChanger Module is active…
16/03/2015 9:04 p.m. FOG::HostnameChanger AD mode requested, confirming settings.
16/03/2015 9:04 p.m. FOG::HostnameChanger Padding is invalid and cannot be removed.
16/03/2015 9:04 p.m. FOG::HostnameChanger at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte
[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode,
Boolean fLast)
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset,
Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
at System.IO.Stream.Close()
at FOG.FOGCrypt.decrypt(Byte[] cipherData, Byte[] Key, Byte[] IV)
at FOG.FOGCrypt.decrypt(Byte[] cipherData, String Password)
at FOG.FOGCrypt.decryptHex(String hex)
at FOG.HostNameChanger.changeHostName()[/CODE]

I’ve tried to fire up MonoDevelop, an IDE on Linux and to recompile this, but it seems my dll is not recognised unfortunately.

[quote=“Tom Elliott, post: 42293, member: 7271”]Which new one are you referring to?

The one from the github fogproject repo? Or the one from the fogservice repo?[/quote]

The one I downloaded [URL=‘http://www.fogproject.org/forum/threads/active-directory-registration-not-working-windows-7-x64-client.11514/#post-42039’]from here in this thread[/URL].

[quote=“Tom Elliott, post: 42287, member: 7271”]Look them up and you may have a better/clearer answer. The error codes you see are not FOG generated[/quote]

Yep, they are generated by the old HostnameChanger. But the new one says this:

[CODE]16/02/2015 2:41 p.m. FOG::HostnameChanger Padding is invalid and cannot be removed.
16/02/2015 2:41 p.m. FOG::HostnameChanger at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte
[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode,
Boolean fLast)
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset,
Int32 inputCount)
[/CODE]

As this is a different error message, does that mean that perhaps the encryption key of the new HostnameChanger is not the default one?

The old dll error message may seem to indicate I really have a problem with username/password, and I’ll check that again.

[quote=“Wolfbane8653, post: 42276, member: 3362”]From your comments [URL=‘http://fogproject.org/forum/threads/requests-for-wiki-access-ask-here.3811/page-2#post-42253’]here[/URL]. I am assuming that you have partly figured this out?

This error usually occurs due to the password not being encrypted correctly.[/quote]

That’s what one would think, but have triple checked the password, and got another person to check the encrypted password too.

But note I was using the old HostnameChanger and the new one. What error does indicate password not being encrypted correctly? Because I got different errors in both cases.

[quote=“Junkhacker, post: 42278, member: 21583”]It is worth mentioning that this user needs to be a domain user with rights to add computers to the domain, not a user on the computer.[/quote]

Yep, it’s the domain administrator. I just wanted to avoid having permission issues, so using max permissions for now.

[quote=“Wolfbane8653, post: 42275, member: 3362”]What is the typo here? Are you really going to rag on me b/c there is no comma? I didn’t even write this page.[/quote]

As you saw per the directions of the wiki I asked for wiki access, so I could fix obvious issues. There maybe a policy of not granting access anymore, and instead of that you seem to get annoyed when I mention issues.

If you don’t want me to help improve the wiki, please say so directly, and I’ll stop immediately pointing out things.

The typo is the word " riquired." whould should be “required.”

Nothing to do with the VM, physical hardware with no partition on the disk will do the same. You need to restore from a full disk image.

[URL=‘http://www.fogproject.org/wiki/index.php/Managing_FOG#Preparing_the_Image’]This page[/URL] has, I believe, outdated information: “Enter the user name that has access to the computer objects. Include the name of your domain, i.e. mydomain\username”

I believe “mydomain” should be left out since the latest versions.

Typo on [URL=‘http://www.fogproject.org/wiki/index.php/Client_Setup#Windows_7_3’]this page[/URL]: "
[LIST]
[*]As of FOG 0.28 this is no longer riquired.
[/LIST]
"

PS: the even better thing to do would be for the FOG Client to setup these rules upon install!

[quote=“Wolfbane8653, post: 42156, member: 3362”]Yes this was a bit dated but has been corrected now.[/quote]

My suggestion is to use an environment variable, i.e.:

[CODE]netsh advfirewall firewall add rule name=“Fog Client” dir=in action=allow program=“%ProgramFiles(x86)%\FOG\FOGService.exe”[/CODE]

And update [URL=‘http://www.fogproject.org/wiki/index.php/Main_Page’]the main page[/URL] to direct users to the proper thread to requests access: The “please request one in our [URL=‘http://www.fogproject.org/forum’]forums[/URL]” should link to this thread.

And on [URL=‘http://www.fogproject.org/wiki/index.php/Managing_FOG#FOG_Tray’]the troubleshooting page[/URL]: there is some formatting issue I think: the phrase “If the PXE boot does not work” is probably meant as an header, has nothing to do with the preceding issue.