Direct Access and FOG

Dear Community / Developers.

We have been using FOG for quite some time now, very happy with it.

Now we have started moving clients out of the office due to the lockdowns and have them accessing our network via Direct Access.

This works via IPv6 through a Direct Access Server in a separate network zone.

I am able to create the necessary firewall rules to get the Direct Access Server and the FOG server communicating with each other. The clients contact the Direct Access Server, communication is forwarded to FOG and back.

I can see that the clients contact FOG in the fog.log.

What doesnt work is accessing files from snapins for any client that accesses the system via IPv6. The FOG server runs on IPv4 because thats the system used within the office network as well. The DAC Server does seem to do some translating, hence the successful connections, but it seems as though in this case it doesnt work / translate well?

Is there anybody with experience in this area or some general tips on how to make this work?

Our FOG runs on a linux server (Centos) within the office network with the further connection to the DAC through the above mentioned path.

When checking the Log file i can see the client getting the information that a snapin is set to be executed, but then when accessing the file i can see that an ipv6 address seems to be used and get a line saying that access is not possible.

The same snapin for a non-DAC client from within the network works flawlessly.

Any help / tips is / are appreciated !

Best wishes
Sébastien

Thank you!

I clicked the update button but didnt wait long enough it seems.

Sorry for bothering you with this trivial stuff, thanks for the help.

Sébastien

Hi.

Running FOG on a Centos Machine

You are currently running version: 1.5.9-RC2.9

I registered one of our new L14 Lenovo Laptops and when I send the Deploy command the Laptop PXE Boots into the deployment process.

There is some errors first:

ACPI BIOS ERROR (bug): Faile creating [\SB.PCI0-LPCB.EC.LHKF], AE_ALREADY_EXISTS (20180810/dswload2-316)
ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20180810/psobject-221)
ACPI Error: Skip parsing opcode OpcodeName unavailable (20180810/psloop-543)
mmc0: Unknown controller version (3). You may experience problems.

After that normal syslogd, klogd and sysctl messages. Populating /dev using udev: done, Saving random seed Ok,

Starting haveged: haveged: listening socket at 3
OK

And then

No network interfaces found, your kernel is most probably missing the correct driver!
Please check your network setup and try again!

I think I am running the most recent Kernels that are available:

bzImage Version: 4.19.123
bzImage32 Version: 4.19.123

Any idea on what I can do or where I am going wrong?

Thanks for your help!
Sébastien

Soooo …

After Resetting the Encryption it works.

So in this case uninstalling the FOG Client, then Reinstalling it, manually started the FOG Service in Window and reset the Encryption Data solved the problems for this client.

I have a second machine that seems to have the same problem at first glance, but have to check that to make sure it really is the same.

And the Thread you found from me at the beginning of my FOG journey … i still add the certificate manually during sysprep via the setupcomplete. On this client I havent imaged in quite some time and its only me using it. Really strange.

I’ll check the other client and report back.

Thanks !

Hi and thx.

Accessing via plain http.

Just reinstalled, the install works fine. After restarting the fog service the log shows:

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 09.06.2020 21:36:46 Client-Info Version: 0.12.0
 09.06.2020 21:36:46 Client-Info OS:      Windows
 09.06.2020 21:36:46 Middleware::Authentication Waiting for authentication timeout to pass
 09.06.2020 21:38:45 Middleware::Communication Download: http://fog.lfdw.local/fog/management/other/ssl/srvpublic.crt
 09.06.2020 21:38:45 Data::RSA FOG Server CA cert found
 09.06.2020 21:38:45 Middleware::Authentication Cert OK
 09.06.2020 21:38:45 Middleware::Authentication ERROR: Could not get security token
 09.06.2020 21:38:45 Middleware::Authentication ERROR: Die Daten sind unzulässig.

 09.06.2020 21:38:46 Middleware::Communication POST URL: http://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&authorize&newService
 09.06.2020 21:38:46 Middleware::Response Invalid security token

Will try and find the thread you mentioned. Just confused because we are a fairly small team and wouldnt know what could have been changed

And now this in the log:

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 09.06.2020 12:46:43 Client-Info Version: 0.12.0
 09.06.2020 12:46:43 Client-Info OS:      Windows
 09.06.2020 12:46:43 Middleware::Authentication Waiting for authentication timeout to pass
 09.06.2020 12:48:44 Middleware::Communication Download: http://fog.lfdw.local/fog/management/other/ssl/srvpublic.crt
 09.06.2020 12:48:44 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
 09.06.2020 12:48:44 Middleware::Authentication ERROR: Could not authenticate
 09.06.2020 12:48:44 Middleware::Authentication ERROR: Der Wert darf nicht NULL sein.
Parametername: authority

I can open the URL just fine in a browser

Possibly following this: https://forums.fogproject.org/topic/14501/new-snapin-cannot-change-directory/3?_=1591698231148

On a Windows 10 Client that has not changed anything afaik I suddenly get errors relating to the security certificate.

When I run the Smart Installer (v 0.12.0 is already installed though) with Repair I get “Unable to install CA certificate”.

Following another thread I changed the settings.json HTTPs thing to 1, but no change - and wouldnt know why this would suddenly appear in an otherwise unchanged environment. I changed it back to its original https=0 …

The fog.log shows (with https=0) - client was restarted and server too, fog web gui is accessible and responsive, and again it worked fine so far, only recent change was upgrade to current dev-branch:

------------------------------------------------------------------------------
----------------------------------UserTracker---------------------------------
------------------------------------------------------------------------------
 09.06.2020 12:40:46 Client-Info Client Version: 0.12.0
 09.06.2020 12:40:46 Client-Info Client OS:      Windows
 09.06.2020 12:40:46 Client-Info Server Version: 1.5.9-RC2.9
 09.06.2020 12:40:46 Middleware::Response ERROR: Unable to get subsection
 09.06.2020 12:40:46 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 09.06.2020 12:40:46 Service Sleeping for 60 seconds
 09.06.2020 12:41:46 Middleware::Communication URL: https://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&configure&newService&json
 09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
 09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
 09.06.2020 12:41:46 Middleware::Communication ERROR: Could not contact FOG server
 09.06.2020 12:41:46 Middleware::Communication ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
 09.06.2020 12:41:46 Middleware::Response Success
 09.06.2020 12:41:46 Service ERROR: Invalid promptTime, using default
 09.06.2020 12:41:46 Middleware::Communication URL: https://fog.lfdw.local/fog/management/index.php?sub=requestClientInfo&mac=00:FF:9B:99:A9:20|E8:6A:64:D7:EE:EE|02:00:4C:4F:4F:50|0A:00:27:00:00:0B|D0:C6:37:B2:BC:9A|D0:C6:37:B2:BC:9B|D2:C6:37:B2:BC:9A|D0:C6:37:B2:BC:9E||00:15:5D:25:44:CF&newService&json
 09.06.2020 12:41:46 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
 09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
 09.06.2020 12:41:47 Middleware::Communication ERROR: Could not contact FOG server
 09.06.2020 12:41:47 Middleware::Communication ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
 09.06.2020 12:41:47 Middleware::Response Success
 09.06.2020 12:41:47 Middleware::Communication URL: https://fog.lfdw.local/fog/service/getversion.php?clientver&newService&json
 09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
 09.06.2020 12:41:47 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
 09.06.2020 12:41:47 Service ERROR: Unable to get cycle data
 09.06.2020 12:41:47 Service ERROR: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
 09.06.2020 12:41:47 Middleware::Response Success

Anybody have an idea what might be wrong or where to look?

It works now. Great!!

That would be my user on the fog machine. No idea why that user became the owner, wouldnt the install script set permissions to the fogproject user?

Or does the output from ls mean something different?

Is it this from ls -ld fogproject (run from the home directory)?

This is what I get from sestatus:

So it seems its set to permissive already? Shall I deactivate?

I am not Linux native so sorry for any confusions that may arise. Thanks for taking the time!!

Doesn’t look like it

Just noticed, similar error when trying to do a kernel update:

Type: 2, File: /var/www/html/fog/lib/fog/fogftp.class.php, Line: 464, Message: ftp_login(): OOPS: cannot change directory:/home/fogproject, Host: 192.168.43.17, Username: fogproject

Hello.

Server: Centos 7
FOG: You’re running the latest dev-branch version: 1.5.9-RC2.8

When I try Creating a new snapin I get the following error:

Type: 2, File: /var/www/html/fog/lib/fog/fogftp.class.php, Line: 464, Message: ftp_login(): OOPS: cannot change directory:/home/fogproject, Host: 192.168.43.17, Username: fogproject

Checked the .fogsettings file, Storage settings and tftp Settings, both user and password seem to be identical.

Re-Ran the installfog.sh

Reset the password for the fogproject user to make sure its what i thought it should be.

What am I doing wrong?

Thanks for your ongoing support.

Aaaaand… stupid me.

Duplicate Mac Adress due to an external USB Networking Adapter.

Sorry for bothering you.

Hi everyone.

Have been using FOG for quite some time and everything was great.

We are running FOG 1.5.7.102. Kernels Up to date (I think 101 is the latest?)

Today I suddenly got the message:

http://192.168.43.17/fog/service/ipxe/boot.php... HTTP 5xx Server Error

Nothing has changed in our setup as far as I am aware.

Httpd Error Logs last entry is:

PHP Logs last Entrys are from a day ago, … only NOTICE: [pool www] child {number} started messages

Anybody can give me a hint?

Thanks so much.

@Quazz said in Windows Sysprep Breaking:

@agray Antivirus products sometimes cause trouble when installed before sysprep I believe.

For example: Bitdefender has a page about it

https://www.bitdefender.com/support/how-to-troubleshoot-cloning-a-windows-system-with-sysprep-tool-when-a-bitdefender-security-agent-is-installed-1243.html

Symantec is the same, there even is a program that you have to run in order to reset everything for sysprep to work.

@agray I cant seem to find your response into what the log files say. Did you check them? Or have I just not seen it and its in the thread somewhere?

Interesting, we do not need the Domain name in front

Anywho, great that you solved it

I noticed the same thing some time ago, but wasnt sure it always happened so never reported it. Didnt try for some time to delete an image though.

Check your OU Settings.

In our systems it looks like this:

OU=Computers,OU=COMPANY,DC=company,DC=local

Not sure if that is the problem, but since its different from our working setup …

Ah well, stupid me.

Booted from a BIOS PXE bootable USB Stick and everything works just fine. Sorry for bothering you.