RE: Active Directory Mac OS X

@Nicolas-Bricet Just out of curiosity: could you try adding the device to the domain using just the admins name so:
administrator
not
domain\administrator
OS X sometimes does not like the appending of the domain. Along with the above recommendation could you please remove any OU settings you may have entered into FOG. This is for testing purposes, if it works then we can get started seeing why things went wrong. If this does not work I will send you a copy of a script to try to see if it can be done at all. I will try and test tomorrow at work on my domain.

Good luck and please post your results!

-T

@Louis-CSUSA please understand, Apple uses a method of pxe booting called bootp. This is not pxe nor is really compatible. You can specify an efi option in dhcp but realize, that even if you get it to work, changes in osx firmware will most likely break this at a later time. Again the most reliable way to start and consistently get this to work is using a USB drive to start.

If you can’t get fog to boot from a USB and the correct efi file(also understand the ipxe.efi file in fog is not compatible with osx) getting a true pxe boot solution to work is going to be frustrating.

Try the Mac Boot app again under el Capitan and select create media and use the USB option.

If this does not get you further a rebuild of a custom efi module is going to have to be done. I can help with this!! I am currently booting 2016 iMac Mac pro and macbook air from my USB created in mac boot

Try that and let me know how it goes

T

I usually hate to throw out 3rd party software in this forum, but I too have software that requires certain screen resolutions. I use NirCmd with a simple batch file as a snapin job.

Download the app and add it to a share that can be accessed by a non user account. This would be everyone or domain computer (if on domain) permissions. Make sure that the file is marked read/execute by that group.

next simply create a batch file with:

@echo off
\\sharename\folder\nircmd.exe setdisplay 800 600 60

next create snapin and upload that new batch file and viola

Again not a solution but this how I do it

-T

I did create an app that should do it however it is not 100%
Mac Boot

Use at your own risk as it creates a hybrid MBR on machine electing to use the bios version of the software. Basically do not use on production machine until it has been verified by you.

-T

LOL, Apple and its proprietary way of doing things. Simple explanation, netboot is not pxe boot. OS X is very picky about netboot. The efi iPxe file first must be named boot.efi as well as match the architecture of the machine that is booting (for you thats 64 bit) secondly not all ethernet or wifi adapters will be visible to iPxe after handoff. DHCP must point to that file as well as the boot file also.

I have lots of experience with imaging Macs with FOG. We do about 1500 or more a year.

Basically you have a few options but I will line out what we do. When I create an image, on the “master” machine I create the smallest partition possible. In that partition I add the folders:
/System/Library/CoreServices/

After that I add the 64 or 32 bit ipxe file naming it boot.efi. Again for you thats a 64 bit file

Now on reboot, hold down option and select that partition. If it is able to find your nics and boot to FOG then you are in good shape!!. If it works copy the partition you just created to a usb disk. Now use that to boot your machines. Realize that you can simply select the usb disk in the boot manager and once iPxe loads up pull it out, and use it on another machine (if you are doing multiple machines). Because of limitations in iPxe do not expect a pretty FOG Menu. No background picture and such.

If your nics are not visible to the efi iPXE then you will need to use the undionly.kpxe file. That is a lot more tricky!! But if needed I will explain to you!

I hope this helps a little

-T

Well this is indeed a bit odd. If running the launchctl commands start and stop the service, the service should start on its own based on your plist. Essentially this is what happens when the mac boots and hands off the thread to launchd. So hmmmmm. Permissions??? Perhaps!!

Please run:

ls -la /Library/LaunchDaemons/org.freeghost.daemon.plist

and

ls -la /opt/fog-service

This will verify permissions.

Also, in security under System Preferences, try allowing apps from anywhere. This is obviously not a fix but certainly could help resolve a possible issue.

Please post your results

Thanks,
-T

I guess I am going to throw out some things about licensing with MAK keys and activating with SLMGR

First MAK keys:
Multiple Activation Keys are kind of funny. The hardest thing to wrap your head around is the amount of times you can Activate the key. In general you get to activate 4 times for every license you buy. I am sure you are saying WTF are you talking about… “I bought 100 license and got a MAK key. Are you telling me I can activate 400 licenses”? No that is not what I mean. The MAK key will let you activate a total of 400 times for the 100 licenses you bought in a year. So if you imaged 100 computers 4 times in a month and tried to activate one more computer you would get an error like “The MAK key has exceeded…” at which point you would call MS VL Services to have them reset your counter.

Good that mombo jumbo is out of the way
Issues with activating a MAK key in an image:
Lets say you made a base image with a different key than your MAK key. Created the image and deployed it. Then you have fog activate using the MAK key. It will activate however on next reboot it is not Genuine. Again WTF!! This is because When a key is already installed and you use a new key with slmgr.vbs (slmgr.vbs /ipk xxxxx-xxxxxx-xxxxxx etc) it will install and activate it if you ask it to. However it will get erased on shutdown, because the old key was never removed. So in general you need to uninstall the old key then install the new one before activation. So:
slmgr.vbs /upk
slmgr.vbs /ipk xxxxx-xxxxx…
slmgr.vbs /ato

This in a simple batch script will take care of your issue make a simple snapin!
An interesting factoid. When you install a MAK key on a machine and use a product key extraction software. The machine will have a unique key that is not the MAK key. You can activate this key as many times as you wish for that particular machine. Just found that kinda neat.

Final word of advice. If you are managing licenses on 50+ machines and have a MAK key for them…use a KMS server. super easy to install and it will never talk back to MS. It is kind of an honor system with them. You can activate however many machines you want with them and it will always activate them. Obviously there are some restrictions like the machine will have to check in once 180 days to reactivate to your kms sever and you must activate 25+ machine before the server will actually work. Again the server is super easy to setup!!

I have over 5000 windows computers to activate and license and I have a KMS server that activates all versions of Windows: Vista-10 and Server 2008 - 2012, and Office too. I just install the kms key on the client before I make the image and they auto activate the key once they finish imaging.

Sorry for the long post but thought some clarification was needed!

T

The current Group Settings in FOG to do not directly update a host. Rather when a host asks for things like printers or etc, the server combines the groups and host settings together and passes to the host. The host will always take priority over group so that if a group has a default printer and a host another. The host default printer wins

-T

Quick question:
Does the service run fine after reboot and then from then on out? Meaning does this only happen directly after imaging and syspreping?

That is strange. Just at quick glance it does not look like it it getting the next server dhcp option. tftp:///default.pxe

No tftp server specified. In order to get that far dhcp should have been received. Can you try a version of ipxe with cli and manually enter in commands. Romomatic downloads are a good place to get stock ipxe efi file

Are you using Cisco switches?

I have also had this issue with some Dell computers, my fix was to update bios. If my bios is upto date I have not had any other issues. I am not saying that this is the case but we use a multitude of device type and anytime I see this issue, I update the bios and it seems to resolve the issue.

Yes that may be a bug or something Tom E needs to look into. When you use $ it stands for a variable so when it was supplied in the fogsettings file, $2 represented the variable 2 which was probably null and that is why it was truncated. The password for the db is stored in more than one place in FOG. Try {your webroot}/fog/lib/fog/config.php. This is where the installer writes it for use by PHP.

As with anytime in upgrading/updating you should make a backup of your sql files so that in case of an emergency you can always revert to where you had left. If you have not done so, please do.

So check that config file and make sure it is correct, and try and run the installer script again without using the password with the $ in it. That does make for a secure password, but can make for some other headaches down the road.

@Wayne-Workman
Agreed, currently I am running on VM with dual quad xeon core running as fast as a vm most likely can. I am currently running uploads of about 3-5 GBmin and downloads of about 6gbmin. This is running across our WAN of fibre back bone and true gigabit switches. I mean downloading Windows 7 image in 7 minutes. I have not experienced anything faster even with very expensive commercial products.

And correct me if I am wrong but quit some time ago the compression switched to the client side of things meaning, the server is not going to be the bottle neck but more the client processing the compression/decompression. So you can have a very fast server but if the client is running an economy processor then thing may become a bit slower.

@Tom Elliot: Also the mbr looks to be 102M in size?? That looks concerning…

I would check out /opt/fog/.fogsettings
The file is hidden so you will need to show hidden files ctrl+h
Checking my settings I do not see a fog user as a local db user. it will use root by default or a user that you specified during install

Hope that helps

yes I do it all the time! The trick will be getting the devices to boot into fog. You can download an ipxe iso and boot off a usb cd, or use unetbootin to put the iso on to a usb drive and boot from there. I am in the midst of finalizing the FOG Service for MAC. it installs a efi and windows partition that boots off the network. I have been imaging 1500+ macs a year with fog. It works very well.

I have also had this issue with imaging. This may not be the case but if you upload a non resizable image and the destination drive is at all smaller than the one you uploaded from, you will get this error. Often times without any error that is visible. Partclone will spit out an error that lasts less than 1 second. Often times we receive refurbished devices with varying hardware, i.e. different size drives. When imaging 7 with FOG prior to 1.2.0 we had to do single disk multiple partitions. Now to circumvent the hard drive size issues we use single disk resizable and choose to upload everything. Again this is an old thread but saw it on the boards and thought I would offer my 2 cents

So I have some things to update here. Maybe some are already doing this, if not I hope this helps others.

I have been messing around with the mac efi booting of ipxe a lot. To summarize (again probably well known), Macs are very crazy when it comes to efi booting. Some can run 64 bit OS but not 64 bit efi, some use 64 bit efi but only boot 64 bit OS if you unlock it. While most modern macs boot pure 64 bit architecture. This I found was a pain when trying to get the older macs(pre 2010) to netboot to fog. I had already been able to get a mac to netboot to tftp and ipxe.efi like explained earlier in this forum, but I could not provide images of the ipxe 32 and 64 bit efi simultaneously using isc-dhcp or a Windows dhcp server. Well till earlier today. So I will explain how to provide netboot for both 32 and 64 bit efi through isc-dhcp-server and how to embed the ipxe efi on the efi partition on the mac for use in a Windows dhcp server. So here we go:

If you are using isc for dhcp leasing, I found that trying to provide a true BSDP service was going to really suck because Apple doesn;t really adheare to DHCP “rule” during the entire boot process leaving isc holding the bag after the initial request was made. I found that the only way to determine the correct efi framework was to do so by the model id that Apple uses in the bsdp request.
Below is a sample config file for isc dhcp:
[CODE]# DHCP Server Configuration file.

see /usr/share/doc/dhcp*/dhcpd.conf.sample

This file was created by FOG

use-host-decl-names on;
ddns-update-style interim;
ignore client-updates;
next-server 192.168.1.1;

subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.1.10 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
option domain-name-servers 127.0.1.1;
option routers 192.168.1.1;
filename “undionly.kpxe”;
##filename “pxelinux.0”;
}

allow booting;
authoritative;
class “AppleNBI-i386” {
match if substring (option vendor-class-identifier, 0, 14) = “AAPLBSDPC/i386”;
option dhcp-parameter-request-list 1,3,17,43,60;
if (option dhcp-message-type = 1) {
option vendor-class-identifier “AAPLBSDPC/i386”;
}
if (option dhcp-message-type = 1) {
option vendor-encapsulated-options 08:04:81:00:00:67;
}

    if (substring (option vendor-class-identifier, 15, 7) = "iMac5,1"){
            filename "ipxe32.efi";
        log(info,concat("Received BSDP REQUEST ",substring (option vendor-class-identifier, 15, 10)," using 32 bit EFI"));
    } elsif (substring (option vendor-class-identifier, 15, 10) = "MacBook2,1"){
          filename "ipxe32.efi";
        log(info,concat("Received BSDP REQUEST ",substring (option vendor-class-identifier, 15, 10)," using 32 bit EFI"));
    } elsif (substring (option vendor-class-identifier, 15, 10) = "MacBook3,1"){
          filename "ipxe32.efi";
        log(info,concat("Received BSDP REQUEST ",substring (option vendor-class-identifier, 15, 10)," using 32 bit EFI"));
    } else {
            filename "ipxe.efi";
        log(info,concat("Received BSDP REQUEST ",substring (option vendor-class-identifier, 15, 10)," using 64 bit EFI"));
    }

}

allow unknown-clients;
[/CODE]
If you look at the config above, notice a reoccurring:
[CODE]} elsif (substring (option vendor-class-identifier, 15, 10) = “MacBook2,1”){
filename “ipxe32.efi”;
log(info,concat(“Received BSDP REQUEST “,substring (option vendor-class-identifier, 15, 10),” using 32 bit EFI”));
}[/CODE]
You would need to add a new occurance for your model id. Replace the MacBook2,1 with what is recorded in your syslog file. The number 10 will also need to be changed to the length of characters in the model id taken from the syslog. Add your changes and run sudo service isc-dhcp-server restart to make changes final. I feel this approach is not that bad for isc. Since MOST post '09 device support 64 bit efi. You would only need to make changes for the older devices.

Ok for Windows DHCP. This approach doesn’t not include any dhcp modification at all. Since Leopard GPT tables have been pretty standard or required in later versions of X, we can use one of the hidden partitions found on an OSX hard drive. Now I have added this to the service I wrote and added some other changes, but it at least automate the process. But for those who just want to try it out here you go. In order to get a 32 bit version of ipxe.efi please visit [url]https://rom-o-matic.eu/[/url] and build it there (Do not forget to add Fog’s ipxe script, look in the svn)

First lets find out what version of the efi you have. Run this command in the terminal:
[CODE]ioreg -l -p IODeviceTree | grep firmware-abi | cut -d \ -f 11[/CODE]
It should contain EFI64 or EFI32.

Next lets get mount the efi partition and create the correct dir structure:
[CODE]diskID=$(diskutil list | grep EFI | grep -o ‘(disk[0-9s]*)’);
mkdir /Volumes/efi;
mount -t msdos /dev/$diskID /Volumes/efi;
mkdir /Volumes/efi/System;
mkdir /Volumes/efi/System/Library/;
mkdir /Volumes/efi/System/Library/CoreServices/; [/CODE]

Finally add the correct ipxe efi to /Volumes/efi/System/Library/CoreServices/boot.efi. The file name must be boot.efi. If not, it will not work. This basic setup does not show up in Starup Disk in the System Prefs but will when holding down option at the boot screen. The version I have added to the service does show up with the Name “Fog Boot”.

If and or when ipxe decides to support reading of an ipxe script from a local partition this way would be cool for ethernetless macs. Add your own script on the efi partition that joins a wireless network and then proceeds on to fog. Anyways that’s in the future

I will have an updated service online soon.

Thanks,
Tom S

Sorry everyone, I had to reupload. I forgot to uncomment some commands. The link is now correct sorry. I guess thats what you get when you upload at midnight o_O