SCCM | Intune | Windows 365 | Windows 11 Forums

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

PENDING Config manager OSD Front end

hls

Member
Messages
5
Reaction score
0
Points
1
Hello we are using Configmgr OSD front end(1.6.0) for installing application through task sequence and for customized OSD .but here in the domain option during the authentication window we need to add the new domain in our organization. Can anyone help us in how to create a new domain in the dropdown option along with existing domain. attached image for reference

UserAuthentication-ZoomIn1.jpgUserAuthentication-ZoomIn1.jpg
 
Solution
Hi hls,

For configuring a new domain besides the existing domain, you should find this "osdfrontend.exe.config" file and then find the place where is says "AuthenticationDomainName" and under

"<string>you-existing-domain.com<\string>"
put in a new string like this:
<string>your-new-domain.com<\string>

So when you are done editing the file it should look like this:
XML:
            <setting name="AuthenticationDomainName" serializeAs="Xml">
                <value>
                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
                        <string>your-existing-domain.com</string>...
Hi hls,

For configuring a new domain besides the existing domain, you should find this "osdfrontend.exe.config" file and then find the place where is says "AuthenticationDomainName" and under

"<string>you-existing-domain.com<\string>"
put in a new string like this:
<string>your-new-domain.com<\string>

So when you are done editing the file it should look like this:
XML:
            <setting name="AuthenticationDomainName" serializeAs="Xml">
                <value>
                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
                        <string>your-existing-domain.com</string>
                        <string>your-new-domain.com</string>
                    </ArrayOfString>
                </value>
            </setting>

Then you should be able to select between the 2 domains.

hope this helps you towards adding a new domain to the OSD frontend.
Please let me know if this helped you obtain answer to your question. :-)

Best Regards
Tim
 
  • Like
Reactions: hls
Solution
Hi hls,

For configuring a new domain besides the existing domain, you should find this "osdfrontend.exe.config" file and then find the place where is says "AuthenticationDomainName" and under

"<string>you-existing-domain.com<\string>"
put in a new string like this:
<string>your-new-domain.com<\string>

So when you are done editing the file it should look like this:
XML:
            <setting name="AuthenticationDomainName" serializeAs="Xml">
                <value>
                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
                        <string>your-existing-domain.com</string>
                        <string>your-new-domain.com</string>
                    </ArrayOfString>
                </value>
            </setting>

Then you should be able to select between the 2 domains.

hope this helps you towards adding a new domain to the OSD frontend.
Please let me know if this helped you obtain answer to your question. :)

Best Regards
Tim
Thank you Tim this helps ,but the issue I can see the change in osdfrontend in debug mode ,but while imaging I am unable to see the change.do we need to distribute boot image after editing this
 
Last edited:
Hi hls,

Yes you might need to redistribute the boot image for this to update.
Since the boot image content does not update when changes are made to the OSD Frontend, you need to redistribute or "update distribution points" if you can do that.

Best Regards
Tim
 
Hi hls,

Yes you might need to redistribute the boot image for this to update.
Since the boot image content does not update when changes are made to the OSD Frontend, you need to redistribute or "update distribution points" if you can do that.

Best Regards
Tim
Thank you Tim for the reply, I did that but no changes on the OSD front end still the same issue it is not updating
 
You’re welcome!

Did you try restarting the osd frontend application? That might do the trick!

Best regards
Tim
 
How can we do that ?Can you share some info regarding that
I looked a bit further into this and consulted a colleague about it.
He actually told me that you couldn't restart the application. (I was pretty sure you could though).

But we talked about it, and he said that all you actually had to do was to update the distribution points and then PXE boot again. it should work with just that.

If that's not the case, i would try to reach out to MSendpointmgr guys to maybe find the solution.

Best Regards
Tim
 
I looked a bit further into this and consulted a colleague about it.
He actually told me that you couldn't restart the application. (I was pretty sure you could though).

But we talked about it, and he said that all you actually had to do was to update the distribution points and then PXE boot again. it should work with just that.

If that's not the case, i would try to reach out to MSendpointmgr guys to maybe find the solution.

Best Regards
Tim
Thank you .Yes Thought of reaching them since we tried all those options.
 
Not sure about the proper way to ask a related question to the one being asked above regarding adding new domains to the authentication. Once added in the xml, what groups need to be setup in AD on the new domain in order for the authentication to work on that new domain. We've been pounding our heads trying to make authenticating to an additional domain work, but, all we get is "User is not authorized". Is there any documentation detailing this scenario?
 
Not sure about the proper way to ask a related question to the one being asked above regarding adding new domains to the authentication. Once added in the xml, what groups need to be setup in AD on the new domain in order for the authentication to work on that new domain. We've been pounding our heads trying to make authenticating to an additional domain work, but, all we get is "User is not authorized". Is there any documentation detailing this scenario?
Hi PJL,

Did you create a group with the same name in the new Domain?
From what i can read on the documentation this value is a String Value that does not accept Multiple Values.
<setting name="AuthenticationGroupName" serializeAs="String">
<value>AuthenticationGroup</value>
</setting>

So you might have to have a Group in the new domain with the same name as the old domain?
Try that and see if it works.

Best Regards
Tim
 
Hi PJL,

Did you create a group with the same name in the new Domain?
From what i can read on the documentation this value is a String Value that does not accept Multiple Values.
<setting name="AuthenticationGroupName" serializeAs="String">
<value>AuthenticationGroup</value>
</setting>

So you might have to have a Group in the new domain with the same name as the old domain?
Try that and see if it works.

Best Regards
Tim
Hi Tim, thanks for the reply. We did try that, yes. Using the documentation guidelines, we created a group in both domains called OSDFrontend Users. If authenticating against the original domain, it works just fine. If trying to authenticate on the second domain, we get "Authentication Failed - remaining attempts 3".
 
Hi Tim, thanks for the reply. We did try that, yes. Using the documentation guidelines, we created a group in both domains called OSDFrontend Users. If authenticating against the original domain, it works just fine. If trying to authenticate on the second domain, we get "Authentication Failed - remaining attempts 3".
Hi PJL,

Do you have a sync between the two Domains?
I know that we have 2 Domains right now, but we are authenticating towards the new domain and then in the Task Sequence applying the Domain Join option for the device.
So if i choose "Windows 11 Domain1" it will install the laptop into Domain 1 and if i choose "Windows 11 Domain2" it will install into Domain 2.

Let me know if this makes sense else i can try and provide some more information. :-)

Best Regards
Tim
 
Hi PJL,

Do you have a sync between the two Domains?
I know that we have 2 Domains right now, but we are authenticating towards the new domain and then in the Task Sequence applying the Domain Join option for the device.
So if i choose "Windows 11 Domain1" it will install the laptop into Domain 1 and if i choose "Windows 11 Domain2" it will install into Domain 2.

Let me know if this makes sense else i can try and provide some more information. :-)

Best Regards
Tim
Hi Tim
I am thinking this issue we are having is very specific to the OSDFrontend application. The Frontend needs a user who is authorized to do imaging. It's the very first step after PXE booting up the computer. It isn't a domain join account, it's simply checking to see if the user is authorized to perform the imaging. We have tested this by changing the Frontend App to only look for the new domain and we use an account on that domain which should have the proper rights, and still get "user is not authorized for deployments". So, I think we are down to a permissions issue at this point. We will keep working with our server team to try and determine how to make the permissions work. Thank you
 
Hi Tim
I am thinking this issue we are having is very specific to the OSDFrontend application. The Frontend needs a user who is authorized to do imaging. It's the very first step after PXE booting up the computer. It isn't a domain join account, it's simply checking to see if the user is authorized to perform the imaging. We have tested this by changing the Frontend App to only look for the new domain and we use an account on that domain which should have the proper rights, and still get "user is not authorized for deployments". So, I think we are down to a permissions issue at this point. We will keep working with our server team to try and determine how to make the permissions work. Thank you
We are having the same issue in our environment after 2403 update and installing a new ADK. We did not add a new domain to the mix and are seeing issues on our current production domain. Verified our config files for the FrontEnd application are still configured properly, re-updated boot images, reinstalled ADK, verified secret key in ConfigMgr WebService matches secret key in OSDFrontEnd.exe.config. My hunch is that there is an issue with WebService as the secret key is what allows for passing of data between ConfigMgr and Active Directory to FrontEnd. That user authentication step in FrontEnd runs against an AD security group in my environment so I'm hoping it's just the secret key not allowing data to pass. I think I may try reinstalling WebService entirely and will update this thread with results.
 

Forum statistics

Threads
6,692
Messages
26,099
Members
16,289
Latest member
SaieVadke

Trending content

Back
Top