RE: FOG Server Communications Issues

Not only am I not seeing the PXE boot menu, but tasks cannot be scheduled via the web GUI. When I try the task management screen comes up, but is blank. Also tftp is not working. Windows 7 will not recognize the command “tftp x.x.x.x get pxelinux.0” where x.x.x.x is the server’s IP address, even when the command prompt is run as an administrator. Windows XP understands the command, but can’t find the file. I’m not sure if the error is with tftp or with fog itself, but it might explain why the PXE boot menu does not come up. I also tried using F12 to boot from the network card, but after it connected to the DHCP server, did something with tftp (those letters came up and nothing else), the boot agent exited and a message came up saying the boot agent was not available. Does any of this make sense to you Tom? Also, could the router be at fault? As in perhaps tftp requests are not being passed through even though its DHCP server is disabled.

Well tftp seems to be working correctly. It had been erroring out this morning with PXE-E32. Turns out the servers firewall was interfering with it. Also I installed the FOG client on the Windows 7 screen. Still no splash screen or menu. It connects to the DHCP server, tests tftp, and then boots. The ultimate test of FOG is to image a machine and so I will sysprep the computer and then attempt to upload an image.

First the service wasn’t running so it would not connect. Then I made the changes recommended here: [url]http://www.debian-administration.org/articles/478[/url] and started the service which was when it could not find the file. It seemed to connect to the server, but not find what it was looking for.

Hmmm. When I was testing out tftp between the xp machine and the fog server I tried to “tftp <fog server IP> get pxelinux.0” but that was not found. Also Filezilla would not connect. Is it possible the computer is not booting correctly into FOG? Our computers are Dell Optiplex 780s, if it makes a difference. Tomorrow I will try to set up a task remotely and see if it works.

Not sure. Perhaps the PXE boot did’t work correctly? The computer was able to receive an IP address and after that I think the boot agent exited (PXE-M01 Intel Boot Agent Exiting) and Windows XP started. I assumed that was normal behavior. Where is the images file located?

Indeed I did, Tom. Turns out the service was not actually started and there was a syntax error in the config file. Both computers have PXE booted successfully. The FOG splash screen did not come up, however, possibly because the client is not installed on them. Tomorrow I will endeavor to do that, register the computers in FOG and hopefully attempt to upload my first image. Once again thank you for your help.

Well I’ve got all of the computers talking to one another and initialized tftp, but problems persist. I cannot PXE boot either of the other two computers. When attempting to do so, the process errors out with the code PXE-E51 No DHCP or ProxyDHCP offers were received. Curiously when I type “service dhcp restart” in terminal on the FOG server it says that service is unrecognized. But I KNOW I installed it as the configuration file above shows. Any thoughts? Perhaps the DHCP server is not installed or configured properly?

Ok so it seems 3 out of the 4 issues in my original post weren’t really all that serious. All that remains is to do is fix the networking issue and check to make sure I can connect to the FOG server via ftp. Then the imaging test can begin.

Thank you for all of your help Tom. It seems I over thought the problem with the hostnames a bit. As for the config file, none of the computers have an IP address of 192.168.10.2. The router is 192.168.10.1 and all the rest are well above 10.10 .

What about the two fields on the login page that return an error? Do you think those are related to the DHCP server or can I ignore them?

[quote=“Tom Elliott, post: 21246, member: 7271”]
The reason you’re unable to resolve hostnames is because you don’t have a DNS Server, so this is expected. If you’re unsure whether or not the XP machine has an IP, check it and also verify that the Windows Firewall is turned off on that machine.[/quote]

So is it possible to image a handful of machines without a DNS server or should I install one on the FOG machine? Given that all of the (4) computers are in one room it seems like overkill to do so. This setup is only for testing purposes; the production machine will use the campus infrastructure. My config file is as follows:

#DHCP Server Configuration File.
#see /usr/share/doc/dhcp*/dhcpd.conf.sample
#This file was created by FOG
use-host-decl-names on;
ddns-updates-style interim;
ignore client-updates;
next -server 192.168.10.2

subnet 192.168.10.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.10.10 192.168.10.254
default-lease-time 21600;
max-lease-time 43200;

option domain-name-servers x.x.x.x;

option routers x.x.x.x;

   filename "pxelinux.0";

}

According to IP config the XP machine has no IP address. I believe the firewall is off, but there wasn’t the time to go through the network setup again. Doing so may fix the problem.

I reran the install and installed the DHCP server then disabled that functionality on the router to avoid conflicts. Thus the router is now acting like a switch. But problems persist. I am still not able to resolve hostnames. Furthermore the computers do not seem to be talking to one another. After rebooting the server I was initially unable to connect to anything. After changing the computers IP address and then manually entering in the IP addresses of the other computers on the network I was able to ping the Windows 7 machine. But the XP one will not respond and apparently doesn’t have an IP address. Is this a problem with the DHCP server? Would it help to post the configuration file for it?

The next question is: how does one uninstall FOG? Having not installed the DHCP server I wish to start from scratch (but not delete the whole VM if possible). I believe the DHCP function on the router can be disabled thus turning it into a miniswitch. At that point it will be possible to do an isolated network install as per the instructions on the wiki (which seems to be the thrust of your suggestion).

As for firestarter, my understanding is that it is basically a GUI wrapper for IP Tables. I do not know enough to edit them by hand and feel more comfortable using the program.

Tom, I did the install while connected to the internet. Then once everything was done I unplugged the WAN and set up the mini network. My goal was to avoid conflicts with the campus DHCP server (in the future the library will have its own instance, but does not now). On that note wouldn’t having DHCP enabled on the router as well as a DHCP server on the computer cause problems? It seems like I should simply use the router as a switch and install DHCP on the FOG computer.

Actually now that I think about it, the FOG machine is not on the same subnet as the router due to NAT being enabled in VMware. Could that be the issue? Also I have Firestarter installed in Debian. Could that be causing issues as well?

.32. It made sense to use the latest one. The only thing I did not try was uninstalling and then reinstalling it since it is not readily obvious how to do so.

Today I got around to installing FOG on our test machine. It runs in a Debian 7.3 virtual machine (VMware Player) with the Host OS being Windows 7. The computer is networked to two other machines via a TrendNet TEW-731BR router. One runs Windows 7 and is intended to be used as a reference machine for uploading images and the second is a Windows XP machine I am hoping to image. This mini network is totally separate from the campus network and not connected to the internet. The install seemed to go well, but I suspect I did not do something correctly because the following issues have cropped up.

1. At the log in screen in the box below the username and password fields, which says “Number of Fog sites and version number” both report an error connecting to the server. I dared to plug the computer into the campus network for a brief instant and the issue disappeared.

2. After entering the two other computers as hosts in FOG, the program is unable to resolve the host names of either one. I used the name of the computers for this field. Adding exemptions, turning off the Windows firewall, and disabling the access protection feature of McAfee did little. The only development was that I was able to get the Windows 7 machine to go from “unable to resolve host name” to “host down” despite it being on. These are not domain machines, but I also added “search workgroup” to the resolv.conf file to no effect. And both can be pinged from the command prompt.

3. My understanding is that when a computer is PXE booted from a FOG server some sort of splash screen comes up. It does not for either of the test machines although the FOG client is not installed on them.

4. I am not able to connect to the server via Filezilla from the Windows XP machine. It seems to establish a connection, but does not get a “welcome message” and returns a connection error.

My theory is that I did not set up DHCP correctly. Since the router is essentially a DHCP server in a box I did not install one during the FOG installation, but specified its IP address. Also I did not know what to put for the DNS address field since there is no DNS server (as far as I am aware - correct me if I am wrong) in the mini-network and left that field blank. And I accidently put the wrong IP address for the FOG server. During install the fact that VMware player is set to use NAT slipped my mind.

Any help would be much appreciated.

Thank you in advance Tom. I look forward to reading of your results. Ubuntu is based off of Debian so my assumption is that there would be few issues. But you never know.

Networking is not my specialty. However there are racks of Cisco Catalyst 3500 series network switches in various locations around the library. Presumably these are for the wired portion of our network. There are also wireless routers on the second floor although none of our public machines connect to the network that way. Currently the library computers are not on their own subnet. This would tend to be an issue since PXE boot requests are presumably set to be forwarded to the existing WDS machine. However the network administrators have expressed a willingness to put the machines we want to control on their own subnet and give it a separate DHCP scope once we go into production. Presumably it will then be possible to specify PXE and TFTP requests to go to our FOG server. That should eliminate the need for running the program in non-intrusive mode.

Right now we are in the testing phase. As the University closes for the Winter Break after tomorrow there won’t be any progress before 2014. Currently the plan is to use a router to hook the FOG server up to a reference computer and two targets to be re-imaged. In order to avoid conflicts with the campus DHCP server our mini-network will not be hooked up to the main campus network. That way we do not have to make any changes to network infrastructure until FOG is thoroughly tested.

Thank you for your help. You have put my fears to rest. FOG seems to be the perfect solution for us since it requires neither a significant outlay of money nor the purchase and setup of a Windows Domain controller with all the bells and whistles.

Right now my only questions pertain the the OS for our server. I am most familiar with Debian and plan to use version 7 to host FOG. Has anyone experienced any problems with using FOG and Debian together? And is there a particular distro that the former runs best on?

What about testing? The user guide seems to suggest that this can be done by plugging the ethernet cable into a router and creating a mini-network. Is that a correct assessment? And what about non-intrusive mode? Is that a viable way of imaging machines in a production environment?

We have already looked into both of the options you suggested, Kevin. The issue is that they require too much hands on management. In particular they cannot take into account any Windows or McAfee updates. Those would have to be done manually. With 70 - 100 computers that is not feasible especially since the Systems Department (which consists of myself and a colleague) has other responsibilities such as web development, maintaining the Integrated Library System (the catalog), and troubleshooting computer issues. Also the requirement to choose the correct option upon start up may lead to problems as some of our employees are not comfortable with technology.

My personal favorite, in regards to software, is Drive Vaccine made by Horizon Data Systems. It works like Windows Disk Protection, but is easier to manage and has a central management console. One of my goals is to centralize control of our computers. Sadly it costs money.

[QUOTE]The security risks are all dependent on what you choose to run. Apache itself is not a concern. You won’t have FOG sitting in the DMZ, so your employment’s firewall should block almost everything going out anyways. The concern is what version of Linux you choose to install FOG on. The more features you install, the more security risks you add. I personally am an Ubuntu guy, so I install FOG on Ubuntu server. It’s all command line, no GUI. This means that the server is fast to boot, very little to crash, and extremely robust. I ended up having to install a GUI so others could administer the server if I was not available, so LXDE core to give an absolute minimum GUI experience for others. But again, less is more when it comes to security.[/QUOTE]

Thank you for putting my mind at ease. The library has not had many problems, but the one we did have came from an unsecure FTP port on our catalog server. It is a Windows machine and IIS was not set the way it should. But that computer has an external IP address and is used to host our Online Public Access Catalog.

Should I install FOG, my plan is to use Debian as that is what I am most familiar with (other than Mint, but it seems meant for desktops rather than servers). It has a reputation for stability and security. The latter can be enhanced by taking steps such as installing Fail2Ban, a firewall, disabling root access over SSH, etc. Having a GUI does help so I’d install LXDE.

[quote=“Kevin, post: 20908, member: 3”]
Now a question I have for you. Especially with the transition to Windows 7, is there a reason that you can’t have your machines on the domain? It seems like it could be very easy to just group all of your machines into a new OU. Group policy is a very powerful tool and you can really tweak how you want your computers to work and behave. With Windows 7, you can have a whole new level of control that didn’t exist in XP, and can install templates (ADM and ADMX’s) to control programs even furhter. Granted you can’t do “frozen” profiles by default, but you can at least limit what gets installed in the first place, which is half the battle.
[/quote]

Kevin, the short answer is office politics. At one time the library was on the domain. We had our own subnet and a dedicated server. But then the campus IT department was outsourced to a company called Ellucian and a number of employees at the library alienated them (to put it mildly - I don’t know the full story, but this is what I’ve been told). The result was that when our server died we were kicked off the domain and lost our subnet. Since then the relationship has improved, but is still delicate. My hope is to implement FOG without having to go to them, particularly because I’ve heard they don’t want linux servers on campus (not sure why). However if push comes to shove the library administration is willing to go to bat for us.

But in regards to Windows 7, we are already utilizing local group policies. They are a huge lifesaver and have allowed us to lock our test computer to a degree I’d not though possible without a product such as Fortres 101. But there is no way to stop people from cluttering up the desktop with their files and if malware slips by our security there is no one click solution to remove it the way there is with SteadyState. While FOG doesn’t give that per se, it seems to come close. Our campus IT folks run Active Directory and have Mandatory profiles, thus eliminating the need for third party security software.