TOEC registration problem on not syspreped images
I successfully deployed 20 computers in a classroom using multicast. So far so good.
Now, I have deployed TOEC to every PC, but they are not registering properly. Only one computer appears in the computer list at a time. They seem to be overwriting themselves. I mean, they have different identifiers, but the same hardware UUID and InstallationID:
Name:PC-16 Identifier:9a801bfc-f9a6-4f81-8f92-1918663669cb Synced From Active Directory:False Active Directory GUID: Active Directory Disabled:False Installation Id:a254d36d-491f-4263-8990-bda02122e1b5 Hardware UUID:27D35943-70BE-11E8-B37B-7440BB273232 Provision Status:Provisioned Provision Date:09/07/2021 11:38:32 Last Checkin:09/07/2021 11:38:14 Last Known IP:192.168.1.243 Client Version:220.127.116.11 Last Inventory Time:09/07/2021 11:38:25 Name:PC-20 Identifier:6dcbaec9-ffa1-43a4-a7a3-243457e5cb14 Synced From Active Directory:False Active Directory GUID: Active Directory Disabled:False Installation Id:a254d36d-491f-4263-8990-bda02122e1b5 Hardware UUID:27D35943-70BE-11E8-B37B-7440BB273232 Provision Status:PendingConfirmation Provision Date:09/07/2021 11:40:32 Last Checkin:09/07/2021 11:38:14 Last Known IP:192.168.1.228 Client Version:18.104.22.168 Last Inventory Time:09/07/2021 11:38:25
It suppose it is so because I have not sysprepped the images. I wanted to keep users and machine configuration and intialization state.
PCs are activated and work ok, but would like to know if someone knows a workaround to register TOEC correctly (or may be a newsid alternative for W10, as I think this is the problem).
Even if you don't run sysprep, you should run the
C:\Program Files\Toec\Toec.exe --prepareImagecommand right before you capture the image. That will allow Toec to re-register itself once the image is deployed, and give it a unique identifier.
Note with 1.4.0 that the above command may not give Remotely a unique ID, and you may need to remove and reinstall Remotely on the endpoints, after the image is deployed. I believe he is fixing this with 1.5.0
@jason-cline Thanks for your answer.
I have installed TOEC through a poweshell script (winrm) after all PCs have been deployed with the master image. I mean, master image was not captured with TOEC installed.
I have also run this script on every PC, and, I can see on PC list how one PC appears, and, after a moment, it disappears and it is replacer by another.
$app = 'C:\Program Files\Toec\toec.exe' $SERVER_KEY = 'XXXXXXXXXXXXXXXXXXXXX' $CA_THUMBPRINT = 'XXXXXXXXXXXXXXXXXXXXX' $COM_SERVERS = '--comservers http://192.168.1.142:8888/' $RESETKEYS = "--resetkey $SERVER_KEY $CA_THUMBPRINT" $RESETPARTIAL = '--resetpartial' $RESETFULL = '--resetfull' get-service -DisplayName 'TOEC' | Stop-Service Start-Process $app -ArgumentList $RESETFULL Start-Process $app -ArgumentList $RESETKEYS Start-Process $app -ArgumentList $COM_SERVERS #Start-Process $app -ArgumentList $RESETPARTIAL get-service -DisplayName 'TOEC' | Start-Service
That's a new one for me If you go into 'View' on each PC as it appears, are the Identfier, Installation ID and Hardware ID different in each PC?
@jason-cline On my firs post you have a capture of 2 different PCs registration data (copied pasted between web refreshes, as they don't appear simultaneously). Differents IDs but same Hardware UUID and Installation ID.
FYI, in case anyone is wondering why I'm doing this way. It is because on every computer I have 3 different users (admin, alumn, teacher) with its own configuration (software, restrictions, polcies etc). If I only had one user, I could go with the copy profile and sysprep method. With 3 users, the only ways I know are this one, and the USMT profile restore after image deployment.
The installation id is the only thing that matters. If 2 pc's have the same id, it's going to show the behavior you are describing. Are you certain that it's not already on the image? It's nearly impossible for 2 machines to have the same installation id. Here is the code for how it is generated.
It is basically randomly creating a guid upon installation. The guid is not based on anything on the computer such as hardware or sids.
I'm also not sure whats going on with your script. Is that how you are installing on the client or what you are trying to do to fix it?
@theopenem_admin if the GUID is generated as you describe, it is clear that at some point it has been installed in the master image (don't remember, but could be). What is certain is that TOEC has been installed after deployment (maybe again) on each machine.
I will then execute the command with the argument "--prepareimage" as, if I understand correctly, this way it generates a new installation ID, which is the only ID that matters.
Do I have to enforce registration after this command with "resetpartial"?
Thanks again for you answers.
A few options:
Rebuild the image - Make sure you delete the program files\toec folder if it exists, otherwise install Toec, then run the --prepareImage, leaving Toec installed on the image.
Keep existing image - Delete program files\toec before installing again.
Keep existing image - Install Toec, then run --prepareImage and restart service
@theopenem_admin Useful information, thanks. Sorry for hopping in, just trying to help where I can.
@theopenem_admin Thanks. I kept existing image and did what you pointed. I've dropped PS script below in case it could be useful to someone.
Set-ExecutionPolicy Bypass -Scope Process -Force $NetworkPath = "\\server\share" $User = "XXX" $PWord = "XXXX" $logPath = "k:\Theopenem\logs\$env:computername.log" New-SMBMapping -LocalPath "K:" -RemotePath $NetworkPath -ErrorAction Stop -UserName $User -Password $PWord Start-Transcript -Path $logPath -Force -Append write-host 'Testing URLs' $(Invoke-RestMethod -Uri 'http://192.168.1.142:8888/Provision/VerifyDb') -eq "60" $(Invoke-RestMethod -Uri 'http://192.168.1.142:8888/Setting/VerifyDb') -eq "60" Get-Package -Provider Programs -IncludeWindowsInstaller -Name "Toec 22.214.171.124 x64" | Uninstall-Package -Force Remove-Item -Path "C:\Program Files\Toec" -Recurse -Force -ErrorAction SilentlyContinue Import-Certificate -FilePath "k:\Theopenem\toems - root CA.cer" -CertStoreLocation 'Cert:\LocalMachine\Root' -Verbose Import-Certificate -FilePath "k:\Theopenem\toems - intermediate.cer" -CertStoreLocation 'Cert:\LocalMachine\CA' -Verbose Start-Process 'c:\windows\System32\msiexec.exe' -ArgumentList "/i `"k:\Theopenem\Toec-1.4.4-x64.msi`" /quiet /passive" -Wait #get-service -DisplayName 'TOEC' | Stop-Service Start-Process 'C:\Program Files\Toec\toec.exe' -ArgumentList '--prepareimage' -Wait get-service -DisplayName 'TOEC' | Start-Service Remove-SmbMapping -LocalPath "K:" Stop-Transcript
Now, every PC is registered, but, I'm having problems with TOEC-API site/app pool. It answers correctly to http://localhost:8888/Provision/VerifyDb just after I start it. But, then. If I perfom a client inventory task for example, it stops responding. I have to manually restart IIS and it starts working again, but it ends hanging again.
TOEC client log:
2021-07-10 01:09:39,841 ERROR  ApiRequest - Error Retrieving API Response: System.Net.WebException: Anulada la solicitud: Se excedió el tiempo de espera de la operación. en System.Net.HttpWebRequest.GetResponse() en RestSharp.Http.GetRawResponse(HttpWebRequest request) en RestSharp.Http.GetResponse(HttpWebRequest request)
I've enabled full log ("ALL" log4net level in web.config for TOEC-API backend), but can't see any error. Only debug info.
Only things I've done after image deployment:
- disabled tftpd32 service and set service to disabled.
- disabled proxy service and set service to disabled.
What version of Windows did you install Theopenem on?
@theopenem_admin All pcs are W10 Home, included the one in which toems is installed.
Windows 10 can only handle 10-20 concurrent connections(OS limitation). Anymore than that and IIS will stop responding. It's in the getting started documentation. You'll need to use a server version for more than that.
@theopenem_admin OMG, I missed that one. Thanks!
10 concurrent connections for IIS on W10 Pro. I will take a look at IIS logs and investigate if there is a workaround (apart from paying a server license :/)
I've migrated the installation to an IIS Express and it is working great so far.