RE: Backup Image

Why not build a second fog and capture the first?

Perhaps I should expand.

This is what I did up to v1607.

My sysprep answer file sets autologon of Administrator for 99 times. It enables the Administrator account and has the password included (hashed by sysprep). It also includes a FirstLogonCommands to run a cleanup script.

That cleanup script performs the first part to remove security, rewrites the RunOnce registry value, then restarts the computer. Because the RunOnce registry value was recreated, the auto logon of Administrator launches that script again to perform further functions. After 3 more restarts the script turns off autologon, does not rewrite the RunOnce, re-enables security, then shuts the system down.

With v1709 I changed how I harvest driver files and have been able to install all drivers without the need to dumb down the security. I now install all general drivers from setupcomplete.cmd .

This is how I handle unsigned or untrusted drivers.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1806"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1806"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security]
"DisableSecuritySettingsCheck"=dword:00000001

… then restart, install drivers, then

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1806"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1806"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer]

Capture it as a Windows 8.1 image.

@wayne-workman In an enterprise environment with established DHCP and DNS one would quickly have their ass hauled onto the carpet if multiple roaming rogue DHCP and DNS servers were deployed using the combined solution offered for mobilizing FOG.

I think it would be better to also offer a FOG-centric version of the mobile FOG solution that doesn’t involve tacking on unnecessary and potentially career-damaging services.

I’m hoping the development of 2.0 hasn’t strayed from a long lost posit that promised to stay focused on FOG first. Compartmentalize solutions by addressing DNS and DHCP services as separate non-FOG accessories.

What if you don’t want dnsmasq or DHCP running on your FOG server? What if you want a FOG server to just be a FOG server?

If you’re referring to the retail version of Windows 10 that’s created by using the Microsoft Windows 10 Installation Media Creation Tool, it’s not quite the same as the GVLK (Generic Volume License Key) version, but I don’t think there would be anything that would prevent the running of the setupcomplete.cmd.

Microsoft Windows Server 2016 Hyper-V Core (10.0.14393.0) and Microsoft Windows Server 2016 Standard (10.0.14393.0) are both fine.

Bad news everyone!

The same problem exists also in Windows Server Insider Preview build 17093.

Alrighty then. Hyper-V running on Windows 10v1709.
Gen2 (UEFI) can network boot ipxe.efi just dandily and image.
Gen1 (Legacy) can network boot with undionly.kpxe but sits indefinitely at iPXE initialising devices…

hmm …

• hangs after “GATEWAY IP:”
  default.ipxe

• hangs after “iPXE initialising devices…”
  intel.kkpxe
  intel.kpxe
  intel.pxe
  realtek.kkpxe
  realtek.kpxe
  realtek.pxe
  undionly.kkpxe
  undionly.kpxe
  unidonly.pxe

• hangs after “WARNING: Using legacy NIC wrapper on”
  ipxe.kkpxe
  ipxe.kpxe
  ipxe.pxe

So all I have accomplished is to confirm the problem as a third party.

There is also the option of running the free Microsoft Windows Server 2016 Hyper-V Core (10.0.14393.0) as your hypervisor.

Okay, since I misinterpreted (ie: skimmed ) the OP, I will see what I can reproduce with Windows 10v1709 as the hypervisor.

What version Hyper-V are you running?
What is the precise building of your virtual machine (prior to installing your OS)?

EG: My setup is on Server 2016 Standard with Hyper-V role

Virtual Machine Generation 1

• 4 Processors
• Memory Startup RAM 4096 MB (NO Dynamic Memory)
• Network Adapter (Not Connected)
• Delete SCSI controller
• Boot Order = CD, IDE, Legacy Network Adapter
• VHDX, (1024 GiB), Dynamic
• Secure Boot Disabled
• Standard Checkpoints
• Automatic Start Action (nothing)

Virtual Machine Generation 2

• 4 Processors
• Memory Startup RAM 4096 MB ( NO Dynamic Memory)
• Network Adapter (Not Connected)
• Boot Order = DVD Drive, File, Hard Drive, Network Adapter
• VHDX, (1024 GiB), Dynamic
• Secure Boot Disabled
• Standard Checkpoints
• Automatic Start Action (nothing)

Then I install the OS… I don’t connect the network adapter until after entering audit mode.

When it comes time to capture the machine, after it’s shutdown I do this.

Gen1.
ADD Legacy Network Adapter with Virtual Switch to CONNECTED
SET Network Adapter Virtual Switch to CONNECTED
SET BIOS to Boot from Legacy Network Adapter

Gen2.
SET Network Adapter Virtual Switch to CONNECTED
SET BIOS to Boot from Network Adapter

Then capture.

Enterprise and Education versions natively support it.

@sebastian-roth That did the trick! That server can now update its kernel.

It’s interesting to see how two different causes have similar results.

Something to look at from the FTP logs.

Wed Feb  7 12:37:04 2018 [pid 15591] CONNECT: Client "<FOGIP>"
Wed Feb  7 12:37:04 2018 [pid 15591] FTP response: Client "<FOGIP>", "220 (vsFTPd 3.0.2)"
Wed Feb  7 12:37:05 2018 [pid 15591] FTP command: Client "<FOGIP>", "USER fog"
Wed Feb  7 12:37:05 2018 [pid 15591] [fog] FTP response: Client "<FOGIP>", "331 Please specify the password."
Wed Feb  7 12:37:05 2018 [pid 15591] [fog] FTP command: Client "<FOGIP>", "PASS <password>"
Wed Feb  7 12:37:05 2018 [pid 15590] [fog] OK LOGIN: Client "<FOGIP>"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "230 Login successful."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "PASV"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "227 Entering Passive Mode (<FOGIP>,209,195)."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "TYPE A"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "200 Switching to ASCII mode."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "LIST -a //var/www/html/fogservice/ipxe"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "150 Here comes the directory listing."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "226 Transfer done (but failed to open directory)."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "MKD //var/www/html/fogservice/ipxe/backup/"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "550 Create directory operation failed."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FAIL MKDIR: Client "<FOGIP>", "//var/www/html/fo[Wed Feb 07 12:37:05.182303 2018] [:error] [pid 1410] [client <CLIENT_IP>:45345] PHP Warning:  ftp_mkdir(): Create directory operation failed. in /var/www/html/fog/lib/fog/fogftp.class.php on line 492, referer: http://xyzfog/fog/management/index.php?node=about&sub=kernel&file=aHR0cHM6Ly9mb2dwcm9qZWN0Lm9yZy9rZXJuZWxzL0tlcm5lbC5Ub21FbGxpb3R0LjQuMTMuNC42NA==&arch=64
gservice/ipxe/backup/"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "PASV"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "227 Entering Passive Mode (<FOGIP>,96,38)."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "LIST -a /var/www/html/fogservice/ipxe"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "150 Here comes the directory listing."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "226 Transfer done (but failed to open directory)."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "PASV"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "227 Entering Passive Mode (<FOGIP>,232,42)."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "LIST -a /var/www/html/fogservice/ipxe"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "150 Here comes the directory listing."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "226 Transfer done (but failed to open directory)."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "RNFR /tmp/bzImage"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "550 RNFR command failed."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FAIL RENAME: Client "<FOGIP>", "/tmp/bzImage"
[Wed Feb 07 12:37:05.184327 2018] [:error] [pid 1410] [client <CLIENT_IP>:45345] PHP Warning:  ftp_rename(): RNFR command failed. in /var/www/html/fog/lib/fog/fogftp.class.php on line 769, referer: http://xyzfog/fog/management/index.php?node=about&sub=kernel&file=aHR0cHM6Ly9mb2dwcm9qZWN0Lm9yZy9rZXJuZWxzL0tlcm5lbC5Ub21FbGxpb3R0LjQuMTMuNC42NA==&arch=64
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "TYPE I"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "200 Switching to Binary mode."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "PASV"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "227 Entering Passive Mode (<FOGIP>,47,255)."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "STOR /var/www/html/fogservice/ipxe/bzImage"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "553 Could not create file."
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FAIL UPLOAD: Client "<FOGIP>", "/var/www/html/fogservice/ipxe/bzImage", 0.00Kbyte/sec
[Wed Feb 07 12:37:05.185077 2018] [:error] [pid 1410] [client <CLIENT_IP>:45345] PHP Warning:  ftp_put(): Could not create file. in /var/www/html/fog/lib/fog/fogftp.class.php on line 707, referer: http://xyzfog/fog/management/index.php?node=about&sub=kernel&file=aHR0cHM6Ly9mb2dwcm9qZWN0Lm9yZy9rZXJuZWxzL0tlcm5lbC5Ub21FbGxpb3R0LjQuMTMuNC42NA==&arch=64
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP command: Client "<FOGIP>", "QUIT"
Wed Feb  7 12:37:05 2018 [pid 15595] [fog] FTP response: Client "<FOGIP>", "221 Goodbye."

@sebastian-roth It’s solved for one server, but not the other.

@sebastian-roth No proxy server. The error message has changed one one server at /var/log/httpd/error_log.

PHP Warning:  ftp_login(): Login incorrect. in /var/www/html/fog/lib/fog/fogftp.class.php on line 463, referer: http://xyzfog/fog/management/index.php?node=about&sub=kernel&file=aHR0cHM6Ly9mb2dwcm9qZWN0Lm9yZy9rZXJuZWxzL0tlcm5lbC5Ub21FbGxpb3R0LjQuMTMuNC42NA==&arch=64

The value for “Fog Configuration / Fog Settings / TFTP Server / FOG_TFTP_FTP_PASSWORD” changed. It now does not match the password as found in “/opt/fog/.fogsettings” or “Storage Management / Management Password”. I changed it to match, then ran the kernel update again and it worked!

The other server has exhibited no change in errors or passwords.

@sebastian-roth Aside from changing your

chmod 644 var/www/fog/service/ipxe/testfile

to

chmod 644 /var/www/fog/service/ipxe/testfile

The commands and results were word for word identical to what you posted.

SELinux is already configured and functions properly for all servers. Imaging is not the problem. The problem is updating the kernel on 2 of 18 physical servers.

@sebastian-roth said in Kernel Update fails ... Oh no, not again!:

rename /var/www/fog/service/ipxe/testfile /var/www/fog/service/ipxe/backup/testfile

Completed the ftp steps detailed and update via GUI continues to fail.