@Tom-Elliott said in Hide/Secure FOG Client download page:

Private key is built to the client at install time. The Public server ca cert is pulled at install time

This is what I was unclear about. I thought the installer already had FOG’s private key. So each client gets its own private key?

@LiamRetrams I recently published a function related to this in my FogApi Powershell module (see my signature)

I posted an example of using it in a snapin to change a host’s boot order to pxe boot as the first boot option

https://forums.fogproject.org/topic/16784/powershell-snapin-no-output-non-error?_=1729112272355

as @george1421 stated this is a windows issue, part of the oobe process involves changing the boot order. But you can utilize bcdedit to fix it. I’ve made an attempt at creating a universal option with my Set-WinToBootToPxe function, It works for me on some Asus motherboard based systems, I’d be very interested to hear if it works on custom Gigabyte builds as well.

See also

https://github.com/darksidemilk/FogApi/blob/master/FogApi/Public/Set-WinToBootToPxe.ps1 https://fogapi.readthedocs.io/en/latest/commands/Set-WinToBootToPxe/ https://github.com/darksidemilk/FogApi/blob/master/FogApi/Public/Get-WinBcdPxeID.ps1 https://fogapi.readthedocs.io/en/latest/commands/Get-WinBcdPxeId/

@george1421 pls ignore, internal network issue. thank you.

@razercortex pls disregard. internal network issue.

@AUTH-IT-Center Thank you. I didn’t find that article but it has what I need.

@HorizonG

I’m making an update to my script.

If the computer belongs to several groups at the same time, this can cause problems.

I now return all the groups, then the script selects only the group starting with GROUP_AUTOMATE_ …

7679ccb4-dc09-4d19-9a3f-49b8039eeaf2-image.png

This will copy only this folder to the local directory of the client machine : clientfolderpath=“/ntfs/FOG/Sites/$SITE_GROUP”
136a0ede-7eec-46bc-a1bc-04560b236750-image.png

Le script

#!/bin/bash #Variables FOG_HOSTNAME=$hostname FOG_API_TOKEN="deleted for privacy reasons" FOG_USER_TOKEN="deleted for privacy reasons" FOG_SERVER="deleted for privacy reasons" # Adresse IP ou nom d'hôte de votre serveur FOG echo "Serveur FOG: $FOG_SERVER" # Fonction pour appeler l'API FOG function invoke_fog_api() { local fog_api_token="$1" local fog_user_token="$2" local fog_server="$3" local uri_path="$4" local method="${5:-GET}" local json_data="$6" local base_uri="http://$fog_server/fog" local uri="$base_uri/$uri_path" # Construct headers local headers=( -H "fog-api-token: $fog_api_token" -H "fog-user-token: $fog_user_token" -H "Content-Type: application/json" ) # Make API call and store response in a variable if [ "$method" == "GET" ]; then response=$(curl -s -X GET "$uri" "${headers[@]}") else response=$(curl -s -X "$method" "$uri" "${headers[@]}" -d "$json_data") fi echo "$response" } # Fonction pour obtenir les détails de l'hôte function get_fog_host() { local fog_api_token="$1" local fog_user_token="$2" local fog_server="$3" local fog_hostname="$4" response=$(invoke_fog_api "$fog_api_token" "$fog_user_token" "$fog_server" "host?name=$fog_hostname") # Vérifiez si la réponse est vide if [ -z "$response" ]; then echo "Erreur: La réponse de l'API pour l'hôte est vide." return 1 fi # Vérifiez la validité du JSON if ! echo "$response" | jq . > /dev/null 2>&1; then echo "Erreur: La réponse de l'API pour l'hôte n'est pas un JSON valide." echo "Réponse brute de l'API: $response" return 1 fi # Extraire les détails de l'hôte local host_info host_info=$(echo "$response" | jq --arg hostname "$fog_hostname" '.hosts[] | select(.name == $hostname)') if [ -z "$host_info" ]; then echo "Erreur: Aucun détail trouvé pour l'hôte $fog_hostname." return 1 fi echo "$host_info" } # Fonction pour obtenir les groupes associés à un hôte function get_fog_groups_for_host() { local fog_api_token="$1" local fog_user_token="$2" local fog_server="$3" local host_id="$4" # Récupérer les associations de groupes local response response=$(invoke_fog_api "$fog_api_token" "$fog_user_token" "$fog_server" "groupassociation") # Vérifiez la validité du JSON if ! echo "$response" | jq . >/dev/null 2>&1; then echo "Erreur: La réponse de l'API pour les associations de groupes n'est pas un JSON valide." echo "Réponse brute de l'API: $response" return 1 fi # Extraire les IDs des groupes associés à l'hôte local group_ids group_ids=$(echo "$response" | jq -r --arg host_id "$host_id" '.groupassociations[] | select(.hostID == ($host_id | tonumber)) | .groupID') # Récupérer les détails des groupes response=$(invoke_fog_api "$fog_api_token" "$fog_user_token" "$fog_server" "group") # Vérifiez la validité du JSON if ! echo "$response" | jq . >/dev/null 2>&1; then echo "Erreur: La réponse de l'API pour les groupes n'est pas un JSON valide." echo "Réponse brute de l'API: $response" return 1 fi # Afficher les détails des groupes associés dans un format simple local group_ids_array group_ids_array=$(echo "$group_ids" | jq -R -s -c 'split("\n") | map(select(length > 0) | tonumber)') echo "$response" | jq -r --argjson group_ids "$group_ids_array" \ '.groups[] | select(.id as $id | $group_ids | index($id)) | "\(.id) \(.name)"' } # Fonction pour traiter et afficher les groupes dont le nom commence par GROUP_AUTOMATE_ function process_fog_groups() { local group_data="$1" echo "Groupes associés à l'hôte (commençant par GROUP_AUTOMATE_) :" # Initialiser les index local group_index=1 # Extraire les groupes et définir les variables d'environnement while IFS= read -r line; do id=$(echo "$line" | awk '{print $1}') name=$(echo "$line" | awk '{$1=""; print $0}' | sed 's/^ *//') # Remove leading spaces from the name if [[ "$name" == GROUP_AUTOMATE_* ]]; then # Définir les variables d'environnement pour le nom et l'ID du groupe export FOG_GROUP_NAME_$group_index="$name" export FOG_GROUP_ID_$group_index="$id" # Afficher le groupe echo "GROUP NAME = $name" echo "GROUP ID = $id" export FOG_GROUP_NAME_AUTOMATE=$name export FOG_GROUP_NAME_ID=$id # Incrémenter l'index pour le prochain groupe group_index=$((group_index + 1)) fi done <<< "$group_data" } # Fonction principale pour la simulation function GetInfo_host() { local fog_api_token="$FOG_API_TOKEN" local fog_user_token="$FOG_USER_TOKEN" local fog_server="$FOG_SERVER" local fog_hostname="$FOG_HOSTNAME" # Obtenez les détails de l'hôte local local_host local_host=$(get_fog_host "$fog_api_token" "$fog_user_token" "$fog_server" "$fog_hostname") # Vérifiez si local_host est vide if [ -z "$local_host" ]; then echo "Erreur: Aucune information sur l'hôte trouvée." return 1 fi # Obtenez l'ID de l'hôte local host_id host_id=$(echo "$local_host" | jq -r '.id') if [ -z "$host_id" ]; then echo "Erreur: Impossible d'extraire l'ID de l'hôte." return 1 fi # Obtenez les groupes associés à l'hôte local host_groups host_groups=$(get_fog_groups_for_host "$fog_api_token" "$fog_user_token" "$fog_server" "$host_id") # Vérifiez si host_groups est vide if [ -z "$host_groups" ]; then echo "Erreur: Aucune information sur les groupes trouvée pour l'hôte." return 1 fi # Traitement des groupes et affichage des détails process_fog_groups "$host_groups" # Accès aux variables d'environnement pour chaque groupe for i in $(seq 1 $((group_index - 1))); do echo "Nom du groupe $i: ${!FOG_GROUP_NAME_$i}" echo "ID du groupe $i: ${!FOG_GROUP_ID_$i}" done # Affichage des détails echo "---------------------------------------" echo "Détails de l'hôte pour: $fog_hostname" echo "---------------------------------------" echo "Détails de l'hôte récupérés :" echo "$local_host" echo "---------------------------------------" # Afficher le contenu de host_groups => ALL GROUPS echo "---------------------------------------" echo "ALL GROUPS :" echo "$host_groups" echo "---------------------------------------" # Affichage des détails du groupe AUTOMATION #echo $FOG_GROUP_NAME_AUTOMATE #echo $FOG_GROUP_NAME_ID echo "Détails du groupe automation" echo "Nom du groupe: $FOG_GROUP_NAME_AUTOMATE" echo "ID du groupe: $FOG_GROUP_NAME_ID" echo "---------------------------------------" # Définir les variables d'environnement pour le nom et l'ID du groupe export FOG_GROUP_NAME_AUTOMATE export FOG_GROUP_NAME_ID } GetInfo_host SITE_GROUP="${FOG_GROUP_NAME_AUTOMATE##*_}" echo "Target Site $SITE_GROUP" echo "Try to copy this folder if existing : /images/Sites/$SITE_GROUP" # Vérification de la présence du disque système echo "Verifying we've found the OS disk" if [[ ! -d /ntfs/windows && ! -d /ntfs/Windows && ! -d /ntfs/WINDOWS ]]; then echo "! OS root Not found !" # Assurez-vous que 'debugPause' est défini, sinon utilisez une alternative appropriée # debugPause exit 1 fi echo "Found" # Préparer le chemin des dossiers clientfolderpath="/ntfs/FOG/Sites/$SITE_GROUP" remotefolderpath="/images/Sites/$SITE_GROUP" # Créer le répertoire /tmp/sites s'il n'existe pas déjà if [[ ! -d /tmp/sites ]]; then mkdir -p /tmp/sites fi # Créer le sous-répertoire avec le nom contenu dans $SITE_GROUP if [[ -n "$SITE_GROUP" ]]; then mkdir -p "/tmp/sites/$SITE_GROUP" echo "Le répertoire /tmp/sites/$SITE_GROUP a été créé." else echo "Erreur : \$SITE_GROUP est vide. Impossible de créer le répertoire." exit 1 fi # Créer le répertoire clientfolderpath s'il n'existe pas déjà if [[ ! -d "$clientfolderpath" ]]; then mkdir -p "$clientfolderpath" echo "Répertoire client créé : $clientfolderpath" fi # Copier le dossier avec rsync echo -n "In Progress" rsync -aqz "$remotefolderpath/" "$clientfolderpath/" >/dev/null 2>&1 if [[ $? -eq 0 ]]; then echo "Dossier copié avec succès." else echo "Erreur : Échec de la copie du dossier." exit 1 fi debugPause

@george1421 Hello,
This feature is still highly asked to me about our FOG Deployment in our company. Do you mind giving me more informations about how can I achieve to boot my WIM / ISO image with a Fog Task ?

Ok I did it. If I dont set the partition as UEFI it doesnt add another entry in the boot. I have tested many times and it doesnt seems to fail… Not sure the consecuences of not setting it as UEFI.

@rogerdodger wait, I just read this bit, not reimaging it makes it difficult. You still could use snapins and the fog client, but fully automating it would require reimaging.

@Tom-Elliott thanks for everything. Guess we can close this topic (I’m not really sure if I can do it myself)

@george1421 That’s true if using the fog installer to handle it.

@michaelkoch1811 There are methods to rebuild the binaries using your own binaries of course.

in the fogproject folder (where you normally run an installer) there’s a file under:
utils/FOGiPXE called buildipxe.sh

if you call this script with your <path/to/your/certificate.pem> it should build the ipxe binaries with your custom certificate.

./buildipxe.sh path/to/your/certificate.pem

By default it will try to use the CA pem we generated for FOG at install.

@theyikes from the linux reboot will restart the server and shutdown now will power it off.

@dvorak You’d need it in the ISO.

PXE is before the system is loaded, and as such cannot trigger actions at the HDD level beyond loading a Disk, Boot Rom, or whatever.

@HorizonG Short answer to both, yes.

There’s a bit of work to do to make it work but you can.
The first thing to know to help in full is what phase of sysprep you captured at?

If you captured right after the generalize phase (best practice) and specialize is what starts you can indeed update the unattend file dynamically with computer name, domain, ou, etc.
You can only effect the phases that haven’t happened yet. So you can add things to the specialize and oobe phases. Specialize does things before windows fully loads, it’s essentially a winpe environment, and oobe is the full windows where you can have a setupcomplete run. I have it kick off a series of powershell scripts (essentially).

Windows also moves the unattend file around across the phases, when I update the unattend file in a post install script I just update it in all these places. i.e. in the context of fog having mounted 😄 at /ntfs
"/ntfs/Windows/System32/Sysprep/Unattend.xml" "/ntfs/Windows/Panther/unattend.xml" "/ntfs/Windows/Panther/Unattend.xml"

I also have one at C:\Unattend.xml you’ll see in my example below.

Also note that it’s case sensitive, which is why I have 2 in the same spot as I’ve seen it both ways.

I don’t have time to dig into too much detail right now but here’s an example of injecting some stuff into the unattend files. I also included my bit where I can just patch in an updated Unattend.xml file, though this wouldn’t scale for every host I just use it for another option before recapturing a whole image to test an unattend change.

One very important bit for this to work as it does in the example is I have this bit in my specialize phase, which I replace with computername and AD info, replace NETBIOSDOMAINNAME with your short domain name that you use for this format logon string domain\username

<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <JoinWorkgroup>NETBIOSDOMAINNAME</JoinWorkgroup> </Identification> </component>

I also have <ComputerName></ComputerName> in the specialize phase under my "Microsoft-Windows-Shell-Setup" component i.e. the end of this has that. I took out my company info from this example, you don’t need all of this the same, just a contextual example. The product key is the GVLK for windows 10/11 publicly available.

<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DesktopOptimization> <GoToDesktopOnSignIn>true</GoToDesktopOnSignIn> <ShowWindowsStoreAppsOnTaskbar>true</ShowWindowsStoreAppsOnTaskbar> </DesktopOptimization> <BluetoothTaskbarIconEnabled>true</BluetoothTaskbarIconEnabled> <ConvertibleSlateModePromptPreference>1</ConvertibleSlateModePromptPreference> <CopyProfile>false</CopyProfile> <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet> <EnableStartMenu>true</EnableStartMenu> <OEMName>Company Name</OEMName> <RegisteredOrganization>Company Name</RegisteredOrganization> <ShowPowerButtonOnStartScreen>true</ShowPowerButtonOnStartScreen> <RegisteredOwner>Company Name</RegisteredOwner> <SignInMode>2</SignInMode> <TimeZone>Mountain Standard Time</TimeZone> <OEMInformation> <SupportURL>http://helpme.company.tld</SupportURL> <Logo>C:\img\company-logo.bmp</Logo> <SupportPhone>555-5555</SupportPhone> <SupportProvider>String that shows up in sys info</SupportProvider> <Manufacturer>string that shows up in sys info</Manufacturer> </OEMInformation> <Themes> <BrandIcon>C:\img\company-logo.png</BrandIcon> <ThemeName>Company Theme</ThemeName> <DesktopBackground>%WINDIR%\web\Wallpaper\some-injected-background.jpg</DesktopBackground> <WindowColor>Automatic</WindowColor> <DefaultThemesOff>false</DefaultThemesOff> </Themes> <DoNotCleanTaskBar>true</DoNotCleanTaskBar> <AutoLogon> <Password> <Value>supersecretencryptedpassword</Value> <PlainText>false</PlainText> </Password> <Enabled>true</Enabled> <Username>Administrator</Username> <LogonCount>99</LogonCount> </AutoLogon> <ProductKey>NPPR9-FWDCX-D2C8J-H872K-2YT43</ProductKey> <ComputerName></ComputerName> </component>

The fog post download examples. I also do something with the device form setting but I tried to just take that out for this example. Device form is mildly helpful for configuring the tablet vs desktop user experience if you have a mix of such devices.

unattends=("/ntfs/Unattend.xml" "/ntfs/Windows/System32/Sysprep/Unattend.xml" "/ntfs/Windows/Panther/unattend.xml" "/ntfs/Windows/Panther/Unattend.xml") for unattend in ${unattends[@]}; do [[ ! -f $unattend ]] && break #as a failsafe, reload the funcs.sh from fog . /usr/share/fog/lib/funcs.sh dots "Preparing Sysprep File at $unattend" #update unattend files if an Unattend.xml file is present to replace current file if [[ -f "/images/drivers/Unattend.xml" ]]; then echo -en "\n\nUnattend.xml patch file detected, updating the Unattend.xml file baseline\n\n"; echo -en "\n\nUnattend.xml patch file detected, updating the Unattend.xml file baseline\n\n" >> $updateUnattendLog rsync -aqzz "/images/drivers/Unattend.xml" $unattend; else echo -en "\n\nNo Unattend.xml patch file detected, skipping update of unattend.xml file baseline and just updating contents\n\n"; echo -en "\n\nNo Unattend.xml patch file detected, skipping update of unattend.xml file baseline and just updating contents\n\n" >> $updateUnattendLog fi #echo "File update Done" debugPause if [[ $adon=="1" ]]; then cp $unattend $unattend.old domainJoinStr="<JoinDomain></JoinDomain>\n\t\t<MachineObjectOU></MachineObjectOU>\n\t\t<Credentials>\n\t\t\t<Domain></Domain>\n\t\t\t<Password></Password>\n\t\t\t<Username></Username>\n\t\t</Credentials>" echo -en "\n\nInjecting Unattend Join fields into unattend for Dynamic update....\n" echo -en "\n\nInjecting Unattend Join fields into unattend for Dynamic update....\n" >> $updateUnattendLog # get the value of the workgroup to set as the netbios domain for the domain login netbiosdomain=`sed -n '/JoinWorkgroup/{s/.*<JoinWorkgroup>//;s/<\/JoinWorkgroup.*//;p;}' $unattend` #replace the workgroup join string with the domain tags to be updated sed -i -e "s|<JoinWorkgroup>${netbiosdomain}</JoinWorkgroup>|${domainJoinStr}|g" $unattend >/dev/null 2>&1 echo -en "\n\nSetting Dynamic Unattend fields - \n\nComputer Name: ${hostname}\nJoining Domain: ${addomain}\nWill be in OU: ${adou}\n" echo -en "\n\nSetting Dynamic Unattend fields - \n\nComputer Name: ${hostname}\nJoining Domain: ${addomain}\nWill be in OU: ${adou}\n" >> $updateUnattendLog sed -i \ -e "s|<ComputerName></ComputerName>|<ComputerName>${hostname}</ComputerName>|g" \ -e "s|<Name>\*</Name>|<Name>${hostname}</Name>|g" \ -e "s|<Password></Password>|<Password>${adpass}</Password>|g" \ -e "s|<Username></Username>|<Username>${aduser}</Username>|g" \ -e "s|<Domain></Domain>|<Domain>${netbiosdomain}</Domain>|g" \ -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \ -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo -en "\n\nFailed to update user, pass, ou, and domain setter, set just computername and deviceform instead and using simplified unattend file\n" echo -en "\n\nFailed to update user, pass, ou, and domain setter, set just computername and deviceform instead and using simplified unattend file\n" >> $updateUnattendLog echo -en "\n\Restoring unattend file from before domain join attempt\n" echo -en "\n\Restoring unattend file from before domain join attempt\n" >> $updateUnattendLog mv $unattend.old $unattend -f echo -en "\n\nSetting Dynamic Unattend fields - \n\nDeviceForm: ${DeviceForm}\nComputer Name: ${hostname}" echo -en "\n\nSetting Dynamic Unattend fields - \n\nDeviceForm: ${DeviceForm}\nComputer Name: ${hostname}" >> $updateUnattendLog debugPause sed -i \ -e "s|<ComputerName></ComputerName>|<ComputerName>${hostname}</ComputerName>|g" \ -e "s|<Name>\*</Name>|<Name>${hostname}</Name>|g" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo -en "\nFailed again after using failsafe unattend\n" echo -en "\nFailed again after using failsafe unattend\n" >> $updateUnattendLog debugPause handleError "Failed to update user, pass, ou, and domain setter and then failed the failsafe with no domain" fi else echo -en "\n\nRemoving Workgroup join section and backup unattend as adding domain join was a success...\n" echo -en "\n\nRemoving Workgroup join section and backup unattend as adding domain join was a success...\n" >> $updateUnattendLog rm -f $unattend.old sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1 sed -i "/<MachinePassword>/d" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to remove the Workgroup setter" fi fi echo -en "\n\nDone updating $unattend\n" echo -en "\n\nDone updating $unattend\n" >> $updateUnattendLog debugPause else echo -en "\n\nNo domain to join variable present, just setting deviceform and computer name and using simplified unattend file\n" echo -en "\n\nNo domain to join variable present, just setting deviceform and computer name and using simplified unattend file\n" >> $updateUnattendLog echo -en "\n\nSetting Dynamic Unattend fields - \n\nDeviceForm: ${DeviceForm}\nComputer Name: ${hostname}" echo -en "\n\nSetting Dynamic Unattend fields - \n\nDeviceForm: ${DeviceForm}\nComputer Name: ${hostname}" >> $updateUnattendLog debugPause sed -i \ -e "s|<ComputerName></ComputerName>|<ComputerName>${hostname}</ComputerName>|g" \ -e "s|<Name>\*</Name>|<Name>${hostname}</Name>|g" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to set workgroup join fields" fi fi done

@Rudolf So Fog can do what you want there’s just a few steps you skipped.

Fog will essentially do the same idea of copying the SSD from one to another but in a more centralized manner with more customization capability.

Basically, you need to

Install and configure the OS on a Virtual or Physical machine (virtual is easier to maintain if you already have a virtual infrastructure) Capture the image of that machine with fog Deploy the image to hosts

See https://docs.fogproject.org/en/latest/capture-an-image and https://docs.fogproject.org/en/latest/intro for some more info.

You can also expand further with customization of how you update your reference image, with windows there’s sysprep and other tools to help create a reference image, I’m sure linux has tools as well, I’m just not as well versed in them.

You can also edit the fog pxe menu to boot to an iso, I’m sure we have some examples in the forum for that.
There are also pre/post scripts so you can have a linux bash script that runs after an image is complete to do further customization of the image.

It sounds like Fog is the tool that will do what you’re trying to do, there’s just a bit more setup.

@plegrand said in upgrade Debian 11 to 12:

127.0.0.1:9000

This is the communication port that apache talks to php-fpm (PHP Execution Engine). For some reason during the update php-fpm was not updated or failed to restart correctly.

Well done getting this resolved on your end.

@Envy said in Help Required: Debugging PXE Boot Error on Mixed-Environment Network:

Problem: Some of our UEFI computers fail to obtain an IP address during PXE boot attempts, while others appear to continue but finally clock out with a “No configuration methods succeeded” error.

First since you have a mix environment I would start with setting up your dhcp server to send both bios and uefi boot files: https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence#Using_Windows_Server_2012_.28R1_and_later.29_DHCP_Policy

Second the no configuration methods succeeded and not getting an IP address sounds a lot like you have the default spanning tree configured. Where you should be running one of the fast spanning tree protocols like port-fast fast-stp, rstp, mstp, or what ever your switch mfg calls it. A quick test is to put one of those cheap 5 port unmanaged network switches between the pxe booting computer and the enterprise switch. If that fixes the problem then talk to your network admins to enable one of the fast stp protocols on all network ports where you have clients that need to pxe boot. Understand this is an infrastructure issue and not specifically a fog issue.

Also make sure you have the latest version of FOG installed or at least recompile ipxe to the latest version: https://forums.fogproject.org/topic/15826/updating-compiling-the-latest-version-of-ipxe

But I think I would work on the first two issues I mentioned first. Your network troubles really sound like the second issue I mentioned.

@gothikserpent What are the issues you’re seeing in the Single Disk resizable method?

I ask because while, from a purely technical standpoint, a resizable image would indeed be able to be on a slightly smaller disk (assuming your linux partition is in an EXT format, not LFS) the capture itself doesn’t change, just the restructuring of the partitions.

@george1421 I can’t point you to the ISO, only to their website to purchase a copy (Parted Magic Store), but I’ve grabbed 3 different cfgs and attached them. From what I see it appears that the iPXE format used is fine. And maybe this is not an iPXE issue anyway.

kernel ${win_base_url}/pm/bzImage initrd ${win_base_url}/pm/initrd.img imgfetch ${win_base_url}/pm/fu.img imgfetch ${win_base_url}/pm/m.img imgfetch ${win_base_url}/pm/files.cgz imgargs bzImage initrd=initrd.img initrd=fu.img initrd=m.img initrd=files.cgz edd=on vga=normal boot

The above seems to line-up fine with what I see in other cfgs.

kernel ${win_base_url}/pmagic/bzImage initrd=initrd.img initrd=fu.img initrd=m.img edd=on vga=normal netsrc=wget neturl="${win_base_url}/pmagic/pmodules/" netargs="-U pmagicboot" initrd ${win_base_url}/pmagic/initrd.img initrd ${win_base_url}/pmagic/fu.img initrd ${win_base_url}/pmagic/m.img boot

The code above loads the init stuff, but does say “/proc/cmdline: line 1: bzImage: command not found” but it does start to download the SQFS. However, that download fails around 76% with another error. Downloaded it in a browser to make sure my webserver isn’t wonky, and it compares without issue to the original in the ISO. Also, the ISO boots fine…
grubcfg.txt
sample_pxelinuxcfg.txt
syslinuxcfg.txt