Fog can't join computers to domain

[glicks-code]

After adding correct Domain name and OU and ad user and password checked the network traffic there is nothing blocked however fog cannot add the computer to the domain but when trying manually the computer is able to join the domain

[darksidemilk]

Is the fog client installed on the machine you're trying to join to the domain?

[Sebastian-Roth]

Is this related to #556?

[glicks-code]

yes they are related both issues #557 and #556 are related @Sebastian-Roth and @darksidemilk yes we have the client on the machine that is given the command to join domain. @Sebastian-Roth we will check the php logs and apache and come back to you and answering your question about we updated the fog from 1.5.9 to 1.5.10

[glicks-code]

@Sebastian-Roth let me know what logs do you want to see so I can provide screenshot of the log and what am looking for in particular

[glicks-code]

After restarting the fog service on the client am getting (( http:/fogserver/fog/management/index.php?sub=requestClientInfo&authorize&newSevice HTTP/1.1 " 200 571 "-" "-" ))in the apache log @Sebastian-Roth

[Sebastian-Roth]

@glicks-code The logs that might hold interesting information are apache error log (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log).

Am 15. März 2023 05:10:31 MEZ schrieb glicks-code @.***>:

@Sebastian-Roth let me know what logs do you want to see so I can provide screenshot of the log and what am looking for in particular

-- Reply to this email directly or view it on GitHub: https://github.com/FOGProject/fogproject/issues/557#issuecomment-1469299172 You are receiving this because you were mentioned.

Message ID: @.***>

[glicks-code]

@Sebastian-Roth Thanks for the reply I found in the log we are being spammed [proxy_fcgi:error] [the pid is randomized] then there is a time out AH01075:Error Dispatching request to: (polling) referer http://fogserver/fog/management/index.php?node=home and php log is spamming child random number exited with code 0 after 18736.708810 seconds from start

[ODSMarcus]

Having the same issue here, also with the token under Authentication section and then everything showing "module is disabled globablly on the FOG server" underneath it.

I also reverted to the dev build we were on previously, 1.5.9.255

[darksidemilk]

@ODSMarcus are you saying the issue persisted when you reverted the fog server version?

I am trying to recreate this issue but when I updated my dev fog server to 1.5.10 and installed the client from that server onto a vm, it got connected and I got it to join the domain no problem. So there must be something more to this that we need to figure out.

Was this working previously? Have you reset the host encryption from the gui on the host? Have you confirmed the url in the fog log is pointing to your fog server and you can access the web gui from the client? Is the hostname changed module enabled in the fog server? Login to the fog web gui -> Open service configuration (the setting cogs icon) and check the hostname changer and other modules

[lukebarone]

@ODSMarcus Can you check your fog.log file? By default, it's either at the root of your C:\, or under C:\Program Files (x86)\fog. Look for the Hostname Changer section. It should give an indication of an error code.

[ODSMarcus]

Yes I am confirming it did work prior to this (been in use for 6 months), version 1.5.9.255 most recently updated due to a PXE issue which solved it.

URL in the fog log is correct. I have not reset the host encryption. Relavent logs:

 3/15/2023 9:42:24 AM Client-Info Version: 0.12.2
 3/15/2023 9:42:24 AM Client-Info OS:      Windows
 3/15/2023 9:42:24 AM Middleware::Authentication Waiting for authentication timeout to pass
 3/15/2023 9:42:24 AM Middleware::Communication Download: http://fog.mycorrecthostname.com/fog/management/other/ssl/srvpublic.crt
 3/15/2023 9:42:24 AM Middleware::Authentication Cert OK
 3/15/2023 9:42:24 AM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
 3/15/2023 9:42:24 AM Middleware::Authentication ERROR: Could not get security token
 3/15/2023 9:42:24 AM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
 3/15/2023 9:42:24 AM Middleware::Communication POST URL: http://fog.mycorrecthostname.com/fog/management/index.php?sub=requestClientInfo&authorize&newService
 3/15/2023 9:42:24 AM Middleware::Response Success
 3/15/2023 9:42:24 AM Middleware::Authentication Authenticated

------------------------------------------------------------------------------
--------------------------------HostnameChanger-------------------------------
------------------------------------------------------------------------------
 3/15/2023 9:42:25 AM Client-Info Client Version: 0.12.2
 3/15/2023 9:42:25 AM Client-Info Client OS:      Windows
 3/15/2023 9:42:25 AM Client-Info Server Version: 1.5.9.255
 3/15/2023 9:42:25 AM Middleware::Response Module is disabled on the host
------------------------------------------------------------------------------

To do additional checks, copy and pasting that URL on the machine in question does work in the browser - confirming the DNS is working as expected as well.

The image has not changed, settings have not changed, and previously imaged devices that were imaged a few months ago no longer work either after imaging.

Sidenote, I've used fog for about 10 years now so I feel like I've taken care of the basic setup properly. The hostname changer does seem to work still for existing computers that are not freshly imaged.

[lukebarone]

I'm sure you checked already, but on the FOG Web UI, can you confirm the following for me:

• Service Configuration -> Hostname Changer -> Hostname Changer Enabled?
• Hosts -> (find your host) -> Service Settings -> Hostname Changer

[ODSMarcus]

I'm sure you checked already, but on the FOG Web UI, can you confirm the following for me:

• Service Configuration -> Hostname Changer -> Hostname Changer Enabled?
• Hosts -> (find your host) -> Service Settings -> Hostname Changer

Yes both are on, again this is not a new device and this issue only started at upgrade.

[Sebastian-Roth]

@ODSMarcus @glicks-code Does anyone of you have plugins enabled? If so please let us know which ones exactly. Looks like we cannot replicate the issue so far so we need to gather more information to figure out what's wrong.

[Sebastian-Roth]

As well I am wondering if the initial issue reported by @glicks-code is exactly the same as described by @ODSMarcus (Module is disabled on the host). Please clarify so we make sure to properly address this.

[glicks-code]

@ODSMarcus @glicks-code Does anyone of you have plugins enabled? If so please let us know which ones exactly. Looks like we cannot replicate the issue so far so we need to gather more information to figure out what's wrong.

plugins are disabled and if you need any logs let us know we will provide them

I'm sure you checked already, but on the FOG Web UI, can you confirm the following for me:

• Service Configuration -> Hostname Changer -> Hostname Changer Enabled?
• Hosts -> (find your host) -> Service Settings -> Hostname Changer

Yes both are on, again this is not a new device and this issue only started at upgrade.

for this questions yes we have this enabled on the server from FOG WebUI

[glicks-code]

after checking even the token is not found or created downloading the client and wasn't able to authenticate to the fog server

[glicks-code]

and am getting similar issue as @ODSMarcus same log am getting as @ODSMarcus @Sebastian-Roth

[glicks-code]

pid 156516 70007 the timeout specified has expired client pc which am trying to deploy then error dispatching requests on this client please trying again after 13 hours

[ODSMarcus]

@Sebastian-Roth I have the following enabled: Task Reboot Snapin Client Hostname Changer Host Registration Client Updater

Plugins I have: Hoststatus LDAP Subnetgroup Accesscontrol

[glicks-code]

@Sebastian-Roth I have the following enabled: Task Reboot Snapin Client Hostname Changer Host Registration Client Updater

I have no plugins enabled

[Sebastian-Roth]

@glicks-code said:

after checking even the token is not found or created downloading the client and wasn't able to authenticate to the fog server

Ok, let's try to untangle this because I have a strong feeling that the issues reported here in the same topic by @glicks-code and @ODSMarcus are not the same. I say this because from @ODSMarcus's logs posted we see that authentication is working just fine.

@glicks-code Would you mind if we use this topic here (namely #557) to discuss @ODSMarcus issue? If not we need to ask @ODSMarcus to open a new issue report.

If you are fine with that we should discuss your issue in #556 which I guess is exactly about this.

[ODSMarcus]

@Sebastian-Roth I think my issue is strictly related to the line Response Module is disabled on the host - it is not disabled globally, I dont know why its thinking that it is.

[ODSMarcus]

@Sebastian-Roth one other note. A brand new, never before imaged device works fine. Any device already in fog (registered) seems that it doesnt work

[darksidemilk]

Have you tried using the 'reset host encryption' button on an existing host? You'll need to restart the client on that host after you push that button in the gui.

[ODSMarcus]

@darksidemilk I will give that a try. I have definitely deleted the host completely out of FOG and tried imaging again and still no luck, but I have not tried resetting.

[darksidemilk]

A brand new device works fine, but deleting a previously registered device from fog, and then adding it back fresh and re-imaging doesn't work?

Could you maybe provide the logs of the working and non working options?

[ODSMarcus]

See above for the nonworking device. That log hasn't changed. I imaged a brand new device earlier today, it worked but its been too long so the logs are overwriting from when the initial imaging took place.

I have reset the host encryption and still cannot seem to get it to work that way either.

[glicks-code]

@Sebastian-Roth I think my issue is strictly related to the line Response Module is disabled on the host - it is not disabled globally, I dont know why its thinking that it is.

ya sure will post most stuff there in #557

[glicks-code]

556 @Sebastian-Roth

getenforce ls -alZ /opt/fog/snapins/ssl/.srvprivate.key the result was " -rwxrwxrwx 1 fog project www-data ? 2324 Mar 5 19:45 /opt/fog/snapins/ssl/.srvprivate.key" As well let us know which Linux OS and version you use? Debian GNU/Linux 11 (bullseye)

[glicks-code]

is there away to see if this issue is occurring on 1.6 version of fog

[Sebastian-Roth]

@ODSMarcus We somehow lost track of this topic. Are you still seeing the same problem?

@glicks-code May I ask you to stick to #556, thanks.

[ODSMarcus]

Yes I am. It appears the only way we can image is to delete the computer out of AD, then delete it out of fog and perform a full host registration. If something fails on imaging, we must delete it out of both again.

If we have successfully imaged the computer, and need to reimage it again, we cannot reimage without deleting it from both again.

[darksidemilk]

Are you using a domain admin for domain joining with fog? Microsoft recently introduced a change that makes it more complicated for a non admin to leave and rejoin

[ODSMarcus]

Yes I am - it is a domain admin on the parent and child domains.