Troubleshooting post-imaging process
-
Image creation, upload, and deploy appears to have worked successfully.
The test machine received the deployed image, the sysprep answer file was performed and a local account created successfully. Drivers appear to have been pushed/installed as expected.
However, the machine itself does not show in TOEMS web-dash under computers, and the post-deployment group scripts (domain join really being the only one I need here) have not been run.
Where do I start to track down why this happened and/or how to resolve?
If I search for the machine by name, I do find an older reference to it under Computers, but this appears to have been from the first test run I'd performed (it was later deleted, and re-deployed after I resolved the driver-injection issue).
-
Is Toec installed on the client? If so, what's in the service log?
-
A whole load of "current security context is not associated with an active directory domain or forest".
"client has not been pre-provisioned and the current security policy requires it"As a side-request, is there a way to extend the login-timeout on the TOEMS web admin? This has been driving me crazy during setup/testing.
-
@nousernamethanks said in Troubleshooting post-imaging process:
"client has not been pre-provisioned and the current security policy requires it"
I suggest you read this.
https://docs.theopenem.com/getting-started/endpoint-provisioning-setup/ -
-
I have gone through that - LDAP sync is already configured, tested properly, and displays the AD/OU Trees as I'd expect.
I'm not sure how anything in there applies to a newly deployed machine, though. This is a new-from-box computer that's never been domain joined, so it wouldn't be in my current directory.
As far as I can tell, TOEMS is claiming "it should show up under computers" and require me to approve it for provisioning, but that's the part I'm not seeing. The newly deployed machine never shows up as an option to approve.
-
You just need to turn off PreProvison required. LDAP is only synced once per day. Since the computer is newly joined to the domain, it won't sync until the next run.
-
I'm not sure we're on the same page.
The computer isn't joined to the domain. That's supposed to be part of the automatic provisioning process (the "built-in-image-first-run" scripts). But it doesn't appear to be running that, at all.
-
It can't run those scripts if it's not provisioned and it's not going to provision unless you disable preprovision required.
-
Ok. What exactly is the 'provisioning' process referencing, then? I guess I assumed the deployment was the provisioning.
In your videos, the deployed machine shows up almost instantly under TOEMs web admin, while I don't appear to ever get that to show up at all.
-
Provisioning is explained here.
https://docs.theopenem.com/getting-started/endpoint-provisioning-setup/In admin settings->security, set these options
It will then provision without any interaction / approval.
-
Well, dang. That works now. LDAP sync and remainder of the first-install scrips ran as expected.
Only thing that didn't happen was the removal of the "please wait" wallpaper. Is there an easy way to add that to the first-run script to have it actually set the proper default one back?
-
Did you setup the cleanup policy?
-
I didn't see a cleanup policy anywhere. Only thing on the github was the join_domain script. Assumed it was part of that.
Have to say, I was absolutely loving the written documentation, right up until the point it just ... stops. The videos are okay, but they really don't do a good job of explaining the actual use of the software once it's installed.
-
Re-watched the Universal image video, and still not seeing anything about a cleanup policy, just join domain. Any pointers on where one would look for information about that?
-
Are you watching the video or skipping through it?
-
@theopenem_admin
Apparently I zoned out for that 30 seconds. Found it.Is there a way to push that policy manually, or force it to run on the test machine that's already finished the original joindomain policy? I've assigned it, but don't see a way to push it to the box and have no idea if/when it'll run.