Ghost Solution Suite

Hi Guys,

Really having some major issues with Ghost (11.5) at the moment

I have over 600 Computers at my establishment - a mix of HP DC7800 & DC7600.

The image is exactly the same on all computers nd was created on a single machine and installed with XP Pro SP3. Was added to my domain (Windows 2008 Server x64) and then used Ghost to pull the image.

I then deployed that image to all my other computers via Ghost Console and had it so it retained the relevant computer name it had (i.e. computer01, computer02, computer03...) and also made sure it re-added itself on to the domain. The computers around the building all have a unique computer name mainly ponting at the room it is in and a numbering sequence. I want it to reatain all the information it presntly has, although with a fresh and clean image.

This used to work perfectly using Ghost 8.3 on my server 2003 Domain. Since moving to Server 2008 x64, I have had many issues as also had to install Ghost Solutions 2.5 (11.5). It has worked it it's current form  - however now i have the major issue where when i ghost, it will not re-add itself to the domain, thus forcing me to have to manually add all my machines to it. If it does retain its information on AD , when i try to log in on the Domain it will not let me, so i have to log in locally, and re-add it manually.

I have tried so many things within Ghost by changing the configuation files etc.. the user account ghost uses i have even gone as far as making it a DA just in case that was the root of the problem, but it has not helped.

Any input on this would be great and most appreciated.

If i've not explained it well, please let me know and i will explain it better - been on this all night and so exhausted :(

Thanks for your time in advance

The primary change involved with Windows Server 2008 is a Security Policy change surrounding downlevel encryption techniques  which stops the DC accepting communication from the clients; this has nothing particularly to do with our code, rather this is baked into the implementation of the NetJoinDomain API when used in a particular mode that our client uses, which happens to be hardcoded to negotiate an encryption technique which happens to be forbidden by default in Windows 2008 Domain Controllers. Supposedly Microsoft actually have fixed this API, and the fix is generally available for XP and above as a side-effect of clients also having to deal with some of the other design changes make in Windows 2008 in addition to the changes to the default security policy.

Other users have reported this in more detail in this thread where it is reported that this hotfix resolves the problem.

Hi mate,

thanks for that info. I've tried the hot fix and also the DC Default Policy and it still does not work at all. I can't begin to tell you how mnay times i have tried this on test machines and always fails to add to the domain.

I can't even set it to retain the current PC's name even if it doesn't add to the domain. The image name has a computer name of i.e. computer01 - when i deploy ghost to a machine that is already on the network, i.e. computer02 using the original image, in ghost 8.3 it would still retain the pc nam (in this case computer02), however it's setting it as the original image computer name of computer01.

any ideas? help? :(

Also, i now get "Client Time out" using ghostcast console although it did start to ghost. Thi has never happenend and there is no traffic on the network bar that one machine and the servers running.

Other that the specific issue above, which is pretty much the only known problem, there isn't anything special about Windows Server 2008 DCs that affects any Ghost Solution Suite version, other than the normal issues that affect all AD environments such as incorrect DNS configurations (or problematic DNS arrangements such as disjointed DNS namespaces) or permissions problems (such as those caused by doing an in-place upgrade of a domain controller, a practice to be avoided), and Ghost Solution Suite 2.5 does everything it does in much the same way that Ghost Solution Suite 1.1 did so there's no obvious reason why your environment would have these problems after the change.

I'll leave the client time out thing for now: it's important to focus on one thing to diagnose it, so I'll stick with the domain question:

Probably the best way to approach this is to walk through a single task start to finish, methodically gathering the logs of what happened as you go so they can be analysed. Since the cause of any problem could be in the GSS server machine, the client machine, the general network configuration, or the domain controller, it's necessary to be methodical to work out which component of the whole system to focus on. The most basic way to do this is this:

1: Select a task to deploy and configure a target machine: you can capture all the important information about that task's specification by using the "Task Scenario" option in the console. That scenario window rolls up the entire task specification in a way that is easy to cut and paste to save.

2: Run the task. Once it is complete, get all the details of the the task log information by opening the task log and using the "Export to file..." menu option to save the details of the task execution.

3: On the client machine that should have joined the domain, there is a logfile maintained by the Windows API which does the final domain join process; normally this logfile is written to "C:\Windows\Debug\NetSetup.LOG" where it contains all the information about the internal operation of the NetJoinDomain API process and the many steps that it goes through during the process of locating, authenticating with, and then synchronising with the domain controller.

With that information in hand, analysing it should help inform us where to look next for information as to the cause.

Hi Nigel,

Thanks for the prompt response again :)

I have great news - i've managed to fix this problem on the HP dc7600 clients (still testing on the HP dc7800).

I started off with a clean image and followed the usual steps of adding it to the domain with the right computer name etc... I then remote installed the ghost client on that particular pc and pulled an image but left it on the domain.

I then proceed to work on another working client and simply re-installed the ghost client. Now the key to this success (believe it or not as i'm still in shock), i ran a "Refresh Inventory" for the client i proposed to deploy the image onto but to retain its network credentials and namespace. In the Configuration tab of the task, i set it to "Default - use previous machine configuration" and executed the task using PCDOS.

In PCDOS it timed out after 55% however Ghost Console could still see the client, so i executed the task but this time used WINPE. Needless to say, after 10 minutes of pushing a 16GB Image, it was 100% succcessful and retained all the details i wanted - computer name and also joined the domain (effectively it never unjoined the domain as i never selected that option when i pulled the image).

I can finally breath and begin ghosting my 600+ clients in peace :)

I've been using 8.3 for years now and i guess at some point before my first ghost, i must have ran a "refresh Inventory" task - which would explain why it always worked.

Anyway - a massive thank you for your time. I just hope someone else can learn from this and save them time and days of worrying over a manual job :(

I'm still unsure whether or not that patch was even needed or the GPO setting. Only time will tell :)

Thanks again champ