Troubleshooting post-imaging process
-
A whole load of "current security context is not associated with an active directory domain or forest".
"client has not been pre-provisioned and the current security policy requires it"As a side-request, is there a way to extend the login-timeout on the TOEMS web admin? This has been driving me crazy during setup/testing.
-
@nousernamethanks said in Troubleshooting post-imaging process:
"client has not been pre-provisioned and the current security policy requires it"
I suggest you read this.
https://docs.theopenem.com/getting-started/endpoint-provisioning-setup/ -
-
I have gone through that - LDAP sync is already configured, tested properly, and displays the AD/OU Trees as I'd expect.
I'm not sure how anything in there applies to a newly deployed machine, though. This is a new-from-box computer that's never been domain joined, so it wouldn't be in my current directory.
As far as I can tell, TOEMS is claiming "it should show up under computers" and require me to approve it for provisioning, but that's the part I'm not seeing. The newly deployed machine never shows up as an option to approve.
-
You just need to turn off PreProvison required. LDAP is only synced once per day. Since the computer is newly joined to the domain, it won't sync until the next run.
-
I'm not sure we're on the same page.
The computer isn't joined to the domain. That's supposed to be part of the automatic provisioning process (the "built-in-image-first-run" scripts). But it doesn't appear to be running that, at all.
-
It can't run those scripts if it's not provisioned and it's not going to provision unless you disable preprovision required.
-
Ok. What exactly is the 'provisioning' process referencing, then? I guess I assumed the deployment was the provisioning.
In your videos, the deployed machine shows up almost instantly under TOEMs web admin, while I don't appear to ever get that to show up at all.
-
Provisioning is explained here.
https://docs.theopenem.com/getting-started/endpoint-provisioning-setup/In admin settings->security, set these options
It will then provision without any interaction / approval.
-
Well, dang. That works now. LDAP sync and remainder of the first-install scrips ran as expected.
Only thing that didn't happen was the removal of the "please wait" wallpaper. Is there an easy way to add that to the first-run script to have it actually set the proper default one back?
-
Did you setup the cleanup policy?
-
I didn't see a cleanup policy anywhere. Only thing on the github was the join_domain script. Assumed it was part of that.
Have to say, I was absolutely loving the written documentation, right up until the point it just ... stops. The videos are okay, but they really don't do a good job of explaining the actual use of the software once it's installed.
-
Re-watched the Universal image video, and still not seeing anything about a cleanup policy, just join domain. Any pointers on where one would look for information about that?
-
Are you watching the video or skipping through it?
-
@theopenem_admin
Apparently I zoned out for that 30 seconds. Found it.Is there a way to push that policy manually, or force it to run on the test machine that's already finished the original joindomain policy? I've assigned it, but don't see a way to push it to the box and have no idea if/when it'll run.