RE: Which Linux distro(s) have been tested with FOG - What is recommended?

@wayne-workman i managed to go from 16 to 18 (server) fine… but when i tried to go 18 to 20 it all went wrong so just rolled the VM back. i will when 18 falls out of support do what Seb suggests and move the images over and the DB to a fresh install… after all my VM started life as v 14 of ubuntu so probably due a fresh install.

@ITCC Someone much more cleverer than me (from ANME) has worked out how to fix it and it is due to sysprep sealed images rather than Fog persay as Tom suggested. the Fix is to add the following to your sysprep SetupComplete.cmd file

for /f "tokens=2 delims={}" %%a in ('bcdedit /enum {bootmgr} /v ^| find "identifier"') do set prep-bcdid={%%a}
bcdedit -set {current} device partition=c:
bcdedit -set {current} osdevice partition=c:
bcdedit -set {memdiag} device partition=\Device\HarddiskVolume1
bcdedit -set %prep-bcdid% device partition=c:

your right they do support PXE boot i found the option right at the bottom in the bios you can choose between PXE HTTP and iSCSI
i didn’t do enough scrolling down last time i looked.

@ITCC Someone much more cleverer than me (from ANME) has worked out how to fix it and it is due to sysprep sealed images rather than Fog persay as Tom suggested. the Fix is to add the following to your sysprep SetupComplete.cmd file

for /f "tokens=2 delims={}" %%a in ('bcdedit /enum {bootmgr} /v ^| find "identifier"') do set prep-bcdid={%%a}
bcdedit -set {current} device partition=c:
bcdedit -set {current} osdevice partition=c:
bcdedit -set {memdiag} device partition=\Device\HarddiskVolume1
bcdedit -set %prep-bcdid% device partition=c:

we have just taken delivery of 50 of these units for our school and i can’t get them to Network boot. they have Intel i226-v Nics in them & Intel Core Ultra 5 125H (all very nice)

if i use a USB Stick with D:\EFI\BOOT\bootx64.efi (ipxe.efi from tftp folder) then i can get them to register and image

I am now on Fog version 1.5.10.1650 thinking i might have just needed a newer set of boot files but what i did notice was that on pressing F12 the boot menu says UEFI: HTTP IPv4 Intel Ethernet Controller I226-V
and when you boot it says: >>Start HTTP Boot over IPv4 on MAC: MACADDRESS and it just hangs here and doesn’t start iPXE

is PXE booting and HTTP Boot over IP two different things? and is this somehting i can get working

just to update I downloaded windows 11 23H2 from MS admin console and then made a new image with fog and deployed it and whilst for some reason the GPO that should auto encrypt the c drive doesn’t appear to be working, if I right click it and choose encrypt with BitLocker and chose allow windows to unlock the drive automatically (which is what the GPO should do) it encrypts just fine. So its definitely something new with Windows 11 24H2 I suspect its to do with secure boot being disabled.

Edit ignore the bit about the gpo not working I moved the pc to a diferent OU for testing and it simply wasn’t applied. I have since now forced windows update to install Win11 24H2 and the drive remains encrypted. so this for a while will be a workaround for our staff laptops that need to be encrypted.

I too am trying to get this working its new problem for us on Windows 11 24H2 our older win 11 images were fine so is our win 10 22H2 images.
other than trying the bcd edits in the post i have also tried below but still no joy

Tried separately and together these changes which are suggestions I came across on the net.
group policy editor -> computer config -> admin templates -> windows components -> bitlocker drive encryption -> os drives -> config TPM for UEFI.
PCR 0,2,11 Ticked (i.e. remove 4)
AND OR
group policy editor -> computer config -> admin templates -> windows components -> bitlocker drive encryption -> os drives -> Allow Secure Boot for integrity validation
Disable

Enabling some combinations in the Event log looks like the c drive is encrypting but on restart it then just goes into automatic recovery mode.
If we leave neither of these options set it doesn’t encrypt with the error message reported in this thread about the BCD Settings

These are the sort of Event logs we get (in this is with PCR 4 Removed)
Application and Service Logs > Microsoft > Windows > BitLocker-API

Before the GPO is applied lots of these

BitLocker cannot use Secure Boot for integrity because it is disabled.

After the GPO is applied . with lots of this inbetween the ones below

BitLocker cannot use Secure Boot for integrity because it is disabled in Group Policy.

BitLocker cannot use Secure Boot for integrity because it is disabled in Group Policy.
BitLocker Drive Encryption is using software-based encryption to protect volume C:.

The identification field was changed.
Identification GUID: {ID}

A BitLocker key protector was created.
Protector GUID: {ID}
Identification GUID: {ID}


BitLocker encryption was started for volume C: using XTS-AES 128 algorithm.

Device Encryption initialized automatically for volume C:.

BitLocker Drive Encryption recovery information was backed up successfully to Active Directory Domain Services.
Protector GUID: {ID}
Identification GUID: {ID}

A BitLocker key protector was created.
Protector GUID: {ID}
Identification GUID: {ID}

BitLocker was resumed for volume C:.

BitLocker successfully sealed a key to the TPM.
PCRs measured include [0,2,11].
The source for these PCRs was: Group Policy.

BitLocker was resumed for volume C:.

And in windows no padlock on the c drive… restart (even after being idle for 30 mins) no adds to the event log either… Windows Automatic repair.

Just to add I have tried it with and without the recovery partition on the end.

@sebastian-roth this has worked for me with a brand new HP 440 G8

@wayne-workman i managed to go from 16 to 18 (server) fine… but when i tried to go 18 to 20 it all went wrong so just rolled the VM back. i will when 18 falls out of support do what Seb suggests and move the images over and the DB to a fresh install… after all my VM started life as v 14 of ubuntu so probably due a fresh install.

@Gordon-Taylor ignore me… ive just reinstalled fog and mine is fine now… the mysql bug as mentioned at the begining of the thread

i think this is the same error as mine that started yesterday and it happened after i did a apt-get upgrade… i noticed at the end of the upgrade i has these lines:

NOTICE: Not enabling PHP 7.1 FPM by default.
NOTICE: To enable PHP 7.1 FPM in Apache2 do:
NOTICE: a2enmod proxy_fcgi setenvif
NOTICE: a2enconf php7.1-fpm
NOTICE: You are seeing this message because you have apache2 package installed.

ive just switched my fog server off as its stoping the workstations to boot and i cant stay late to troubleshoot it today… but i can tomorrow…

my fog server (1.5.5.3) runs in a hyper-v VM and the /images are mounted on a separate disk to the VHDX that contains the ubuntu OS so i will easily be able to back it up before i try doing the release update… but I’m just looking for any pointers or anything i may need to do once i got the Ubuntu up to the next LTS. I’m just conscious 14 is only in support till this April. Also should i go on and and go up to the 18 LTS?