RE: 20H2 Image Worked, but Tried Building a 21H1 Image and Now Image Does not Work

@littleman1234 Well that’s one way to create a golden image. There are a few things I probably would do differently to make things go smoother and repeatable every time the golden image needs to be recreated (as each new windows 10 release is released).

1. How about building your image using a VM? That way you get a hardware agnostic mother image.
2. How about using MDT to automate the Golden Image creation. Use the light touch method of image deployment or if you are old enough the Ron Popeil “set it and forget it” method. In this approach you automate the windows 10 image build, install windows updates, install any global applications, make any windows settings (understand that windows 10 will reset anything to do with user profiles in sysprep) and prepare the system for sysprepping.
3. Just a few dos and don’ts
   3.1 DO NOT let the computer connect to the internet, also set windows update to only talk to wsus server and not get updates from other windows 10 computers (i.e. turn off delivery optimization).
   3.2 DO NOT connect the computer to AD (ever before sysprepping)
   3.3 DO NOT install programs that are unique guid based before image capture. This would be programs like enterprise antivirus or serialized applications.
4. Use the setupcomplete.cmd batch file to do any post image deployment customizations. This is the only way to undo some of the things microsoft reset when sysprep is run.
5. Run sysprep with a customer answer file and power off the computer.
6. Capture with FOG
7. Deploy with FOG
8. If you want hardware specific drivers pushed out you can do that with a fog post install script. And then have the setupcomplete.cmd file run the pnputil command to load them into windows during OOBE/WinSetup.

Using the above process I can build a new windows 10 image from dvd in about 50 minutes. Actual hands on time is about 7 minutes from powering on the computer to manually running the sysprep image and powering off the vm at the end. The 50 minutes includes installing 8 common company wide applications as well as windows updates in an automated manner.

Now with that said it did take me about 3 days when I first started working with MDT to get what I wanted as in a solid golden image. So its not just turn MDT on and it spits out an image. There is real work involved with setting it up the first time.

BUT I have to say what ever method works for you is OK. The double sysprep is not necessary in my opinion. Also I’ve never had a good image if I let the computer connect to AD. Doing so tattoos the golden image with AD settings, so I would avoid it until you have the golden image deployed to the target computer.

@sebastian-roth said in New release?:

For those I’d suggest they stick with 1.5.x for now and probably some months down the road until 1.6.x is fully ready for production. Just my opinion.

Same here I think sticking with 1.5.x line a bit longer is in order. No new features in 1.5.x just bug fixes for now. We need to get the 1.5.x last version as stable as 1.4.4 was to the 1.4.x line.

In 1.6 I’d like to see nfsv4, and some other stuff around security posture of FOG nothing dramatic though.

@jyost well we can always put back the ipxe if you really think that is your problem.

@jyost Unless the disk was badly fragmented it shouldn’t have taken that much time to squeeze down a disk. What the FOG Program does is packs the file system to make the disk files sequential taking up as little non-contiguous space on the disk as possible. Its kind of akin to disk fragmentation, but it moves all of the blocks towards the start of the disk. Then it shrinks the partitions to the size of data. That is how it can make a partition resizable. It squeezes all of the air out of the partition then clones that squeezed partition.

While I don’t recommend this if you were to abort the capture right in the middle then look at your disk structure you would see what you see in partclone a 35.5 GB partition with 800MB of free space. Its possible that this partition was 100GB (guess) in size to start with. Having about 34.6GB of data on that 100GB disk.

@jyost It almost appears there is something going on with this disk. Did the source computer have windows 10 (any version) and someone did an in place upgrade to a different version of windows 10?

@jyost If you use the git method to install FOG initially then its pretty easy.

Change into that directory depending on who’s instructions the fogproject folder will be in /root or /opt Then key in

git pull
git checkout dev-branch
git pull

Then simply rerun the installer with the latest options. Understand the installer will reset all of the iPXE files you have as well as bzImage which you just updated. So you will need to recompile ipxe and copy ipxe.efi and snponly.efi back over to the /tftpboot directory as well as redownload 5.10.x kernels.

Edit: yeah it would probably help to see if someone already answered the question before replying.

@jyost Ok two things here.

If that is a Windows 10 20H2 or later target computer you are going to need to do a few things. M$ changed the disk structure on 20H1 or 20H2 (sorry I can’t remember at the moment) but that 4th partition is now marked as unmovable. The developers have addressed this issue on the dev branch 1.5.9.111 The other thing is you probably need to update the FOS Linux kernel (FOG Web UI -> Fog Configuration -> Kernel update. Update to 5.10.55 or later for both x64 and x32 bit versions.

@chuck2000 We have see this before when you do an in place upgrade of windows, it seems to leave a shattered hard drive for some reason. Well done getting it worked out.

@michaeloberg Well unfortunately we’ve hit a wall. But you have some additional things to now tell HP support.

We are using the latest linux kernel, with the appropriate settings for this nic driver. Yet we are still not seeing the pass thru mac address.

We attempted to use the latest realtek nic driver with the latest linux kernel and no success. (I’m really not liking this approach because its not keeping the linux kernel pure with well tested drivers, but we needed to do it to rule out an old linux kernel driver at fault).

The native windows driver is doing the same thing.

@jyost OK first let me say there is no connection between iPXE and your current issue.

iPXE takes the process from the PXE rom to the iPXE menu. Once you make a menu selection on the iPXE menu then iPXE will download bzImage (a.k.a The Kernel) and init.xz (virtual hard drive) then boots bzImage. Once bzImage starts it takes over control of the computer from the boot loader. So with bzImage running its in full control of the computer.

Based on the error I might think there is an issue with your storage device.

What I want you to do is cancel this capture task if its still running. Then schedule a new capture task, but before you hit the schedule task button, tick the debug checkbox. Now schedule the task. PXE boot the target computer. After a few screens of text that you need to clear with the enter key you will be dropped to the FOS Linux command prompt.

At the FOS Linux command prompt please key in the following:

uname -a
lsblk
fdisk -l /dev/nvme0n1

Lets see what fos linux is seeing here. Stay in this mode because we might have a few more commands for you.

On a side note, you probably need to be on fog version 1.5.9.111 if you are trying to capture a windows 10 20h2 or later release.

@michaeloberg Try this as bzImage-rt-opts2

wget -O /var/www/fog/service/ipxe/bzImage-rt-opts2 https://drive.google.com/uc?id=1ovhBUdH5OHadajGepSuOxCjBCMh-rCos&export=download

same protocol as the last opts kernel. Again this might not solve the mac address issue but it looks different than the previous kernel with the same fog kernel settings but updated nic driver. We can rule out the older nic driver at fault here.

@michaeloberg Yep that was right. And we have another bread crumb to follow. We see for the ops kernel, it wants rtl8153a-4.fw

I CAN fix that. Give me a minute (well about 10).

@michaeloberg No problem. Since the files are coming from a google drive and not the “official” fog project web site you need to do things a bit differently.

First download them to your windows computer. They will go into the downloads folder.

Now they are in your downloads folder you have 2 options. You can go the gui route or command line by using putty’s pscp program. The GUI route is probably the easiest, by installing winscp Use winscp to log into your FOG server. If you can login as root then do so. My guess it will only let you login as a normal user. Log into your fog server with winscp. If you can log into as root the navigate to /var/www/html/fog/service/ipxe and drop the files. If you have to log in as a normal user then just drop the files in your normal user home directory. Then open a command prompt and issue
sudo cp bzImage-rt-v215 /var/www/html/fog/service/ipxe
and
sudo cp bzImage-rt-opts /var/www/html/fog/service/ipxe

Edit: Tom knows all of the tricks to get things done…

@michaeloberg OK I have a few kernels I want you to test. Please test each one to see if it reads the pass-thru mac address.

This first one is bzImage-rt-v215 This kernel has the version 2.15 driver from the realtek web site. The version built into the linux kernel is at version 1.11. This is kernel version 5.15.6
https://drive.google.com/file/d/1qxcjC9ZrV8lVh4T6rgBtmtgSp7SWRzL9/view?usp=sharing

This next one is stock FOS linux kernel 5.15.6 but has the additional kernel options listed here: http://linux-hardware.org/?id=usb:0bda-8153 this kernel is called bzImage-rt-opts
https://drive.google.com/file/d/1t4WgWHOv3wIFjnodRtMsRcaO87XIZxM4/view?usp=sharing

Don’t get discouraged if neither one of these works. We are trying to find out where the problem isn’t right now. I want you to run this command after you boot into debug mode and/if if fails grep -i -e firmware /var/log/messages What I’m looking for is if the rt8153 or something network related complains about missing firmware. As I mentioned before I did see several 8153 hardware specific firmware listed but we are not including them by default. The linux kernel will complain if it needs the firmware but none are built into the kernel. This is not a common error, but does happen now and again. Your case is unique so we are casting a wide net here.

For the developers here are the setting changes I found when I compared the FOS Linux default config vs the web site.

# CONFIG_USB_IPHETH is not set
CONFIG_USB_NET_CDCETHER=y
CONFIG_USB_PEGASUS=y
CONFIG_USB_RTL8150=y
CONFIG_USB_USBNET=y
CONFIG_USB_CATC=y
CONFIG_USB_RTL8152=y
# CONFIG_USB_GADGET is not set
CONFIG_USB_PHY=y
CONFIG_USB_SUPPORT=y
CONFIG_USB_NET_DRIVERS=y
# CONFIG_USB_RTL8153_ECM is not set

The not set ones are the deviations between the web site and the default FOS configurations. Personally I think the key is the last realtek settings but I set them all in the above kernel.

Here are the kernel option descriptions.

x Symbol: USB_IPHETH [=n]                                x
x Type  : tristate                                       x
x Defined at drivers/net/usb/Kconfig:580                 x
x   Prompt: Apple iPhone USB Ethernet driver             x
x   Depends on: NETDEVICES [=y] && USB_NET_DRIVERS [=y]  x
x   Location:                                            x
x     -> Device Drivers                                  x
x       -> Network device support (NETDEVICES [=y])      x
x         -> USB Network Adapters (USB_NET_DRIVERS [=y])

x Symbol: USB_GADGET [=n]                                                    x
 x Type  : tristate                                                           x
 x Defined at drivers/usb/gadget/Kconfig:17                                   x
 x   Prompt: USB Gadget Support                                               x
 x   Depends on: USB_SUPPORT [=y]                                             x
 x   Location:                                                                x
 x     -> Device Drivers                                                      x
 x       -> USB support (USB_SUPPORT [=y])                                    x
 x Selects: USB_COMMON [=y] && NLS [=y]                                       x
 x Selected by [n]:                                                           x
 x   - USB_EHCI_TEGRA [=n] && USB_SUPPORT [=y] && USB [=y] && USB_EHCI_HCD [=yx

 
 x Symbol: USB_RTL8153_ECM [=n]                                               x
 x Type  : tristate                                                           x
 x Defined at drivers/net/usb/Kconfig:638                                     x
 x   Prompt: RTL8153 ECM support                                              x
 x   Depends on: NETDEVICES [=y] && USB_NET_DRIVERS [=y] && USB_NET_CDCETHER [x
 x   Location:                                                                x
 x     -> Device Drivers                                                      x
 x       -> Network device support (NETDEVICES [=y])                          x
 x         -> USB Network Adapters (USB_NET_DRIVERS [=y])                     x
 x                                                                            x
 

@altitudehack The forum is a bit strange. You have to go into the forum post settings (little gear on original post) then set to ask as question. Once that is done you can mark the entire thread solved or pick the post with the right answer. I don’t know why the forum doesn’t default to every OP needs to be asked as a question. But it is what it is. I took care of it for you.

@george1421 On the fog server linux console lets do this.

cd /etc
find ./ -name www.conf

Find should return with some path to the config file
./php-fpm.d/www.conf

Lets edit that file. I can’t give you the exact path because the config file moves depending on the version of php that’s installed.

Search for php_admin_value[memory_limit] and make sure its set to 256MB

php_admin_value[memory_limit] = 256M

Make the change and reboot the server (easy) or restart php-fpm (slightly harder)

Edit: OK I’m too slow between telephone calls and users stopping by. Looks like you hit the right area. Just watch out for RAM exhaustion if you bump the values up too high. The php-fpm process has up to 35 workers defined.

@altitudehack said in User Tracking search not working:

So the question is where is there a limit of 134MB? Each php-fpm worker should have a 256MB limit. The issue is the size of what is being reported in the report is larger than a defined buffer. Let me look.

@michaeloberg Thank you for sticking with us on this. I guess the only trick I have left is to see if I can compile linux 5.15.5 with the updated driver from realtek to see if that resolves the issue. If that doesn’t then … I’m not sure. I will look at that tonight since I don’t have a lot of extra time during the day.

Make sure the firmware is updated on both the computer and network adapter please.

Lastly just to be sure that you are running the updated kernel. On the screen where you typed in the ip a s command if you typed in uname -a it should show you the kernel version. For the bzImage-5.15.5 file it should show 5.15.5

@altitudehack First let me say I don’t have an answer to this issue. But i can tell you that php-fpm will only throw an error If there is either a task timeout or there is a problem with the php programming code. I would also inspect the apache error log to see if php-fpm is working like it should but apache is unhappy with the report.

@chuck2000 said in FOG Upload Error:

Hi, I am running version 1.44

That’s pretty old… but then again you are trying to image systems that are equally as old, so its all good.

To debug this I think we need you to do the following. As Sebastian said the error is a bit erroneous. The actual error is just off the screen in the blue partclone screen.

What I want you to do is cancel this imaging task if it did not already terminate. Then reschedule another one, but before you hit the schedule task button, tick the debug checkbox. Then hit the schedule task button. Now pxe boot the target computer. After a few screens of text you will be dropped at the FOS linux command prompt. From there, simply key in fog. That will single step you through the capture / deployment. Keep hitting enter until you get to the blue partclone screens. The error will be spewed across that screen when you get to it. Take a clear picture with a mobile phone and posts the picture here.