@george1421 That’s true if using the fog installer to handle it.

@michaelkoch1811 There are methods to rebuild the binaries using your own binaries of course.

in the fogproject folder (where you normally run an installer) there’s a file under:
utils/FOGiPXE called buildipxe.sh

if you call this script with your <path/to/your/certificate.pem> it should build the ipxe binaries with your custom certificate.

./buildipxe.sh path/to/your/certificate.pem

By default it will try to use the CA pem we generated for FOG at install.

@theyikes from the linux reboot will restart the server and shutdown now will power it off.

@dvorak You’d need it in the ISO.

PXE is before the system is loaded, and as such cannot trigger actions at the HDD level beyond loading a Disk, Boot Rom, or whatever.

@HorizonG Short answer to both, yes.

There’s a bit of work to do to make it work but you can.
The first thing to know to help in full is what phase of sysprep you captured at?

If you captured right after the generalize phase (best practice) and specialize is what starts you can indeed update the unattend file dynamically with computer name, domain, ou, etc.
You can only effect the phases that haven’t happened yet. So you can add things to the specialize and oobe phases. Specialize does things before windows fully loads, it’s essentially a winpe environment, and oobe is the full windows where you can have a setupcomplete run. I have it kick off a series of powershell scripts (essentially).

Windows also moves the unattend file around across the phases, when I update the unattend file in a post install script I just update it in all these places. i.e. in the context of fog having mounted 😄 at /ntfs
"/ntfs/Windows/System32/Sysprep/Unattend.xml" "/ntfs/Windows/Panther/unattend.xml" "/ntfs/Windows/Panther/Unattend.xml"

I also have one at C:\Unattend.xml you’ll see in my example below.

Also note that it’s case sensitive, which is why I have 2 in the same spot as I’ve seen it both ways.

I don’t have time to dig into too much detail right now but here’s an example of injecting some stuff into the unattend files. I also included my bit where I can just patch in an updated Unattend.xml file, though this wouldn’t scale for every host I just use it for another option before recapturing a whole image to test an unattend change.

One very important bit for this to work as it does in the example is I have this bit in my specialize phase, which I replace with computername and AD info, replace NETBIOSDOMAINNAME with your short domain name that you use for this format logon string domain\username

<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <JoinWorkgroup>NETBIOSDOMAINNAME</JoinWorkgroup> </Identification> </component>

I also have <ComputerName></ComputerName> in the specialize phase under my "Microsoft-Windows-Shell-Setup" component i.e. the end of this has that. I took out my company info from this example, you don’t need all of this the same, just a contextual example. The product key is the GVLK for windows 10/11 publicly available.

<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DesktopOptimization> <GoToDesktopOnSignIn>true</GoToDesktopOnSignIn> <ShowWindowsStoreAppsOnTaskbar>true</ShowWindowsStoreAppsOnTaskbar> </DesktopOptimization> <BluetoothTaskbarIconEnabled>true</BluetoothTaskbarIconEnabled> <ConvertibleSlateModePromptPreference>1</ConvertibleSlateModePromptPreference> <CopyProfile>false</CopyProfile> <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet> <EnableStartMenu>true</EnableStartMenu> <OEMName>Company Name</OEMName> <RegisteredOrganization>Company Name</RegisteredOrganization> <ShowPowerButtonOnStartScreen>true</ShowPowerButtonOnStartScreen> <RegisteredOwner>Company Name</RegisteredOwner> <SignInMode>2</SignInMode> <TimeZone>Mountain Standard Time</TimeZone> <OEMInformation> <SupportURL>http://helpme.company.tld</SupportURL> <Logo>C:\img\company-logo.bmp</Logo> <SupportPhone>555-5555</SupportPhone> <SupportProvider>String that shows up in sys info</SupportProvider> <Manufacturer>string that shows up in sys info</Manufacturer> </OEMInformation> <Themes> <BrandIcon>C:\img\company-logo.png</BrandIcon> <ThemeName>Company Theme</ThemeName> <DesktopBackground>%WINDIR%\web\Wallpaper\some-injected-background.jpg</DesktopBackground> <WindowColor>Automatic</WindowColor> <DefaultThemesOff>false</DefaultThemesOff> </Themes> <DoNotCleanTaskBar>true</DoNotCleanTaskBar> <AutoLogon> <Password> <Value>supersecretencryptedpassword</Value> <PlainText>false</PlainText> </Password> <Enabled>true</Enabled> <Username>Administrator</Username> <LogonCount>99</LogonCount> </AutoLogon> <ProductKey>NPPR9-FWDCX-D2C8J-H872K-2YT43</ProductKey> <ComputerName></ComputerName> </component>

The fog post download examples. I also do something with the device form setting but I tried to just take that out for this example. Device form is mildly helpful for configuring the tablet vs desktop user experience if you have a mix of such devices.

unattends=("/ntfs/Unattend.xml" "/ntfs/Windows/System32/Sysprep/Unattend.xml" "/ntfs/Windows/Panther/unattend.xml" "/ntfs/Windows/Panther/Unattend.xml") for unattend in ${unattends[@]}; do [[ ! -f $unattend ]] && break #as a failsafe, reload the funcs.sh from fog . /usr/share/fog/lib/funcs.sh dots "Preparing Sysprep File at $unattend" #update unattend files if an Unattend.xml file is present to replace current file if [[ -f "/images/drivers/Unattend.xml" ]]; then echo -en "\n\nUnattend.xml patch file detected, updating the Unattend.xml file baseline\n\n"; echo -en "\n\nUnattend.xml patch file detected, updating the Unattend.xml file baseline\n\n" >> $updateUnattendLog rsync -aqzz "/images/drivers/Unattend.xml" $unattend; else echo -en "\n\nNo Unattend.xml patch file detected, skipping update of unattend.xml file baseline and just updating contents\n\n"; echo -en "\n\nNo Unattend.xml patch file detected, skipping update of unattend.xml file baseline and just updating contents\n\n" >> $updateUnattendLog fi #echo "File update Done" debugPause if [[ $adon=="1" ]]; then cp $unattend $unattend.old domainJoinStr="<JoinDomain></JoinDomain>\n\t\t<MachineObjectOU></MachineObjectOU>\n\t\t<Credentials>\n\t\t\t<Domain></Domain>\n\t\t\t<Password></Password>\n\t\t\t<Username></Username>\n\t\t</Credentials>" echo -en "\n\nInjecting Unattend Join fields into unattend for Dynamic update....\n" echo -en "\n\nInjecting Unattend Join fields into unattend for Dynamic update....\n" >> $updateUnattendLog # get the value of the workgroup to set as the netbios domain for the domain login netbiosdomain=`sed -n '/JoinWorkgroup/{s/.*<JoinWorkgroup>//;s/<\/JoinWorkgroup.*//;p;}' $unattend` #replace the workgroup join string with the domain tags to be updated sed -i -e "s|<JoinWorkgroup>${netbiosdomain}</JoinWorkgroup>|${domainJoinStr}|g" $unattend >/dev/null 2>&1 echo -en "\n\nSetting Dynamic Unattend fields - \n\nComputer Name: ${hostname}\nJoining Domain: ${addomain}\nWill be in OU: ${adou}\n" echo -en "\n\nSetting Dynamic Unattend fields - \n\nComputer Name: ${hostname}\nJoining Domain: ${addomain}\nWill be in OU: ${adou}\n" >> $updateUnattendLog sed -i \ -e "s|<ComputerName></ComputerName>|<ComputerName>${hostname}</ComputerName>|g" \ -e "s|<Name>\*</Name>|<Name>${hostname}</Name>|g" \ -e "s|<Password></Password>|<Password>${adpass}</Password>|g" \ -e "s|<Username></Username>|<Username>${aduser}</Username>|g" \ -e "s|<Domain></Domain>|<Domain>${netbiosdomain}</Domain>|g" \ -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \ -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo -en "\n\nFailed to update user, pass, ou, and domain setter, set just computername and deviceform instead and using simplified unattend file\n" echo -en "\n\nFailed to update user, pass, ou, and domain setter, set just computername and deviceform instead and using simplified unattend file\n" >> $updateUnattendLog echo -en "\n\Restoring unattend file from before domain join attempt\n" echo -en "\n\Restoring unattend file from before domain join attempt\n" >> $updateUnattendLog mv $unattend.old $unattend -f echo -en "\n\nSetting Dynamic Unattend fields - \n\nDeviceForm: ${DeviceForm}\nComputer Name: ${hostname}" echo -en "\n\nSetting Dynamic Unattend fields - \n\nDeviceForm: ${DeviceForm}\nComputer Name: ${hostname}" >> $updateUnattendLog debugPause sed -i \ -e "s|<ComputerName></ComputerName>|<ComputerName>${hostname}</ComputerName>|g" \ -e "s|<Name>\*</Name>|<Name>${hostname}</Name>|g" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo -en "\nFailed again after using failsafe unattend\n" echo -en "\nFailed again after using failsafe unattend\n" >> $updateUnattendLog debugPause handleError "Failed to update user, pass, ou, and domain setter and then failed the failsafe with no domain" fi else echo -en "\n\nRemoving Workgroup join section and backup unattend as adding domain join was a success...\n" echo -en "\n\nRemoving Workgroup join section and backup unattend as adding domain join was a success...\n" >> $updateUnattendLog rm -f $unattend.old sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1 sed -i "/<MachinePassword>/d" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to remove the Workgroup setter" fi fi echo -en "\n\nDone updating $unattend\n" echo -en "\n\nDone updating $unattend\n" >> $updateUnattendLog debugPause else echo -en "\n\nNo domain to join variable present, just setting deviceform and computer name and using simplified unattend file\n" echo -en "\n\nNo domain to join variable present, just setting deviceform and computer name and using simplified unattend file\n" >> $updateUnattendLog echo -en "\n\nSetting Dynamic Unattend fields - \n\nDeviceForm: ${DeviceForm}\nComputer Name: ${hostname}" echo -en "\n\nSetting Dynamic Unattend fields - \n\nDeviceForm: ${DeviceForm}\nComputer Name: ${hostname}" >> $updateUnattendLog debugPause sed -i \ -e "s|<ComputerName></ComputerName>|<ComputerName>${hostname}</ComputerName>|g" \ -e "s|<Name>\*</Name>|<Name>${hostname}</Name>|g" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to set workgroup join fields" fi fi done

@Rudolf So Fog can do what you want there’s just a few steps you skipped.

Fog will essentially do the same idea of copying the SSD from one to another but in a more centralized manner with more customization capability.

Basically, you need to

Install and configure the OS on a Virtual or Physical machine (virtual is easier to maintain if you already have a virtual infrastructure) Capture the image of that machine with fog Deploy the image to hosts

See https://docs.fogproject.org/en/latest/capture-an-image and https://docs.fogproject.org/en/latest/intro for some more info.

You can also expand further with customization of how you update your reference image, with windows there’s sysprep and other tools to help create a reference image, I’m sure linux has tools as well, I’m just not as well versed in them.

You can also edit the fog pxe menu to boot to an iso, I’m sure we have some examples in the forum for that.
There are also pre/post scripts so you can have a linux bash script that runs after an image is complete to do further customization of the image.

It sounds like Fog is the tool that will do what you’re trying to do, there’s just a bit more setup.

@plegrand said in upgrade Debian 11 to 12:

127.0.0.1:9000

This is the communication port that apache talks to php-fpm (PHP Execution Engine). For some reason during the update php-fpm was not updated or failed to restart correctly.

Well done getting this resolved on your end.

@Envy said in Help Required: Debugging PXE Boot Error on Mixed-Environment Network:

Problem: Some of our UEFI computers fail to obtain an IP address during PXE boot attempts, while others appear to continue but finally clock out with a “No configuration methods succeeded” error.

First since you have a mix environment I would start with setting up your dhcp server to send both bios and uefi boot files: https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence#Using_Windows_Server_2012_.28R1_and_later.29_DHCP_Policy

Second the no configuration methods succeeded and not getting an IP address sounds a lot like you have the default spanning tree configured. Where you should be running one of the fast spanning tree protocols like port-fast fast-stp, rstp, mstp, or what ever your switch mfg calls it. A quick test is to put one of those cheap 5 port unmanaged network switches between the pxe booting computer and the enterprise switch. If that fixes the problem then talk to your network admins to enable one of the fast stp protocols on all network ports where you have clients that need to pxe boot. Understand this is an infrastructure issue and not specifically a fog issue.

Also make sure you have the latest version of FOG installed or at least recompile ipxe to the latest version: https://forums.fogproject.org/topic/15826/updating-compiling-the-latest-version-of-ipxe

But I think I would work on the first two issues I mentioned first. Your network troubles really sound like the second issue I mentioned.

@gothikserpent What are the issues you’re seeing in the Single Disk resizable method?

I ask because while, from a purely technical standpoint, a resizable image would indeed be able to be on a slightly smaller disk (assuming your linux partition is in an EXT format, not LFS) the capture itself doesn’t change, just the restructuring of the partitions.

@george1421 I can’t point you to the ISO, only to their website to purchase a copy (Parted Magic Store), but I’ve grabbed 3 different cfgs and attached them. From what I see it appears that the iPXE format used is fine. And maybe this is not an iPXE issue anyway.

kernel ${win_base_url}/pm/bzImage initrd ${win_base_url}/pm/initrd.img imgfetch ${win_base_url}/pm/fu.img imgfetch ${win_base_url}/pm/m.img imgfetch ${win_base_url}/pm/files.cgz imgargs bzImage initrd=initrd.img initrd=fu.img initrd=m.img initrd=files.cgz edd=on vga=normal boot

The above seems to line-up fine with what I see in other cfgs.

kernel ${win_base_url}/pmagic/bzImage initrd=initrd.img initrd=fu.img initrd=m.img edd=on vga=normal netsrc=wget neturl="${win_base_url}/pmagic/pmodules/" netargs="-U pmagicboot" initrd ${win_base_url}/pmagic/initrd.img initrd ${win_base_url}/pmagic/fu.img initrd ${win_base_url}/pmagic/m.img boot

The code above loads the init stuff, but does say “/proc/cmdline: line 1: bzImage: command not found” but it does start to download the SQFS. However, that download fails around 76% with another error. Downloaded it in a browser to make sure my webserver isn’t wonky, and it compares without issue to the original in the ISO. Also, the ISO boots fine…
grubcfg.txt
sample_pxelinuxcfg.txt
syslinuxcfg.txt

@george1421 thank you so much this is what I was searching for.

@jaapvdpol Well lets see if we can get a few things sorted out here.

Scale: I have not seen an install yet with 100 storage nodes. Each storage node will need to be managed at some point in time.

I kind of see this as a two phase project.

The initial push to move from windows to linux. Will you have boots on the ground at each location to do this? If yes they can bring a mobile deployment server with them (laptop kitted with what they need for imaging). If you are trying to do this all remote I can see it taking a while to complete. Post upgrade to linux. From time to time you may need to image failed computers. How will you handle that? Have a fog server at each site? Will you train local folks to be able to do this? Or is a drop ship a new system and they return the failed one for repair a bit of a better solution? Now I’ve used a raspberry pi for a fog server to image low volume systems. But that is before the prices of those critters when crazy. You think about it, with a site of 20 computers, you might, and I say ‘might’ reimage 1 computer a year. Is there value in having 100 storage nodes? I’m not saying one way or the other is right, just think about what you are trying to achieve and how much management work you are willing to do.

Now in regards to dnsmasq, that is a service we can install on the FOG server. With our configuration it will send out pxe boot information to the local subnet its connected to. You don’t need to touch anything on the router or network. So when the mobile fog server arrives, so does the pxe boot information. When the mobile fog server leaves, so does the concept of pxe booting. In this design (mobile deployment server) the target computers are not designed to pxe boot through the fog server, but instead a tech sitting in front of the computer presses F10 or F12 during booting to get to the efi boot manager where the tech picks pxe boot.

Understand I’m just trying to tell you what’s possible. Since I don’t know 100% of your use case I can only give suggestions based on how FOG works.

@george1421
Thanks, that’s very helpful. I’ll do some debugging and see what I can find.

@sega You can try something like this:
https://superuser.com/questions/29450/how-to-do-a-powershell-or-other-script-to-change-screen-resolution

Sure it’s a help site, but it should be there to help out.

@PhilienTaylor I’m not sure what your question is here. Your end goal is not clear based on what you have posted.

FOG doesn’t support imaging over Torrent. FOG doesn’t support Secure boot. There is a tutorial on how you can create your own keys and then sign the boot files. This will require you to upload the certificates into each hardware. Or to go to microsoft and go through the process to get microsoft signed signing keys for what you want to boot on the target hardware. FOG doesn’t have any utlity for hypervisor environments. The FOG server can run as a vm client, but FOG has no relationship with virtualization.

@george1421

Absolutely, I already had http serving in-place so the additional 1GB size result was negligible impact. Thanks for the additional insight, however.

Happy to help out, I just noticed a majority of posts about this ended with users reporting Hiren over PXE was “solved” by simply updating their wimboot version, with no other notes. While it does fix booting it, it is only part of the solution. It’s necessary to do that but it is not a complete fix. You need the Y:\ mount fixed or else the booted ISO is still heavily broken. Hopefully this helps some people out. HBCD is a great Swiss Army knife.

PS: I changed BOOT EXIT TYPE and EFI BOOT EXIT TYPE and the rEFInd menu appeared and the Windows was booted.

Just curious to know if that fixed the situation or renaming the files which I mentioned before.

@AisleWay The WOL Broadcast plugin is designed specifically for your use case.

Seeing as fog server is running on 10.133.x.x, the WOL packets are restricted (by default) to that particular subnet.

If you add the broadcast of 10.20.x.x to the plugin, it will send there.

If you need it to go to 10.10.x.x, add it to the plugin and wol will send via that as well.

Not sure what else we can provide.

This seems, to me, to indicate that the other networks are separated.

For example:

10.x.x.x is generally the whole scope, (10.0.0.0/8) but you have your network broken into seperated subnets.

For example:
10.0.0.0/16
10.1.0.0/16

etc…

If all systems in your network is in the 10.x.x.x scope, why the separation when you want not to have to worry about what network to send across?

@mashina said in Providing installation media via pxe booting for UEFI systems.:

Interestingly, the problem doesn’t occur when Ubuntu is already present, and then Windows is deployed. Anyway, that is not a big problem at this moment.

But in this case the uefi firmware has already registered ubuntu as a bootable OS. So it just goes, oh hello I see you again on disk1. But if the entry doesn’t exist then it needs to be fixed up. You might be able to test this on a working system, go into the uefi firmware and delete the entry for ubuntu on the second disk, only leaving windows in the uefi boot manager. Upon reboot does it need to fix itself up again?

Just be aware that FOG doesn’t touch the uefi firmware or boot manager. BUT you can do that with in a FOG post install script and using the linux uefi manager (not the actual name) app. You can add remove uefi boot manager entries at your need.

Your suggestion works well for putting Linux on Disk1, but if the user needs to reinstall Windows, it’ll also go to /dev/nvme1n1, messing everything up

True it will mess everything up. But also I took your inital post as you will load windows once and then could potentially reload ubuntu or the OS on the second drive multiple times. If you “had to” you could write a FOG preinstall script to ask what drive do you want to send the image too, but that gets a bit messy, but its possible.