RE: Lenovo 300e ipxe boots ok but ipxe.efi can't resolve the system

@mjaskowski Great to see you back. When you see rEFInd that means your client chainloaded to boot from disk. Make sure it is registered and a task is scheduled for it.

@isaiah658 @Tom-Elliott Thanks for posting all the details on this issue. I will look into this for the current 1.5.x branch of FOG when I get back next week!

You don’t sound angry. You sound like you’re attempting to describe the problem with as much detail as you know of right now and potential steps you’ve take to try to fix the issue at hand as well as a way for us to try to replicate.

I will say, however, that the issue was kind of a feature. I can’t say I have fixed this in working-1.6, but I do know what’s happening at a basic level.

When you change the primary mac address, it tries to put the original primary as an associated mac. I added this around 1.4 timeframe because I was fixing so many other issues at the time. Maybe something was missed.

The good news is it shouldn’t take too much effort to fix the issue as well as maybe be more descriptive of how to explain that changing the primary mac moves the original to “associated”.

I added this as a kind of feature as simply going in to change the mac did not necessarily mean you wanted the original mac to just disappear. At least that was the thought.

Hopefully this can help us narrow where the problem you’re describing is and give us all an insight of how we can correct the issue.

Why would you want to run both clonezilla and FOG? FOG uses partclone which is the same program clonezilla uses. That said, it’s one thing if you wanted to use a CloneZilla Image on a host. We do have support for that, by simple creating the Image definition and setting the Image Manager to Uncompressed. FOG, however, has many more options readily available and configurable via the GUI. Again, this is not to say you cannot use Clonezilla images with FOG. However, FOG manages hosts, inventory, images, and much more through a simple web gui. Running clonezilla is possible, but still means you have the manual tasks to complete.

I guess we need to understand the why of this more so we can try to help you out more.

I will definitely look into this issue when I get back.

@jashley Anything in the Apache error log when this happens?? See my signature on where to find the log.

@Greg-Plamondon apologies i thought this was part of main code.

save below code in /var/www/html/fog/lib/hooks/removehosteditgen.hook.php

this is just to get you going, change data and template number to the right id that is relevent for what you want to remove and remove/comment out what you don’t want removing. read up about hooks on wiki. if you get stuck i’ll happily assist when i can to meet what you originally asked for etc but it’s worth you having a go yourself to understand how hooks function.

hope this helps

<?php
class removehosteditgen extends Hook {
    public $name = 'removehosteditgen';
    public $description = 'Remove unused fields in host edit general';
    public $author = 'Rowlett';
    public $active = true;
    public function __construct()
    {
        parent::__construct();
        self::$HookManager
            ->register(
                'HOST_EDIT_GEN',
                array(
                    $this,
                    'hostData'
                )
            )
			->register(
                'SUB_MENULINK_DATA',
                array(
                    $this,
                    'RemoveSideNotes'
                )
            )
            ->register(
                'SUB_MENULINK_DATA',
                array(
                    $this,
                    'RemoveDelete'
                )
            );
    }
	public function HostData($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			unset($arguments['data'][5],$arguments['template'][5]);
			unset($arguments['data'][8],$arguments['template'][8]);
			unset($arguments['data'][9],$arguments['template'][9]);
			unset($arguments['data'][10],$arguments['template'][10]);
			unset($arguments['data'][11],$arguments['template'][11]);
		}
    }
	public function RemoveSideNotes($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			unset($arguments['notes']['Host']);
			unset($arguments['notes']['MAC']);
			unset($arguments['notes']['Image']);
			unset($arguments['notes']['O/S']);
			unset($arguments['notes']['Last Deployed']);
			unset($arguments['notes']['Primary Group']);
		}
    }
	public function RemoveDelete($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			if (!in_array(self::$FOGUser->get('type'),array(0))) {
				unset($arguments['submenu']['?node=host&sub=membership&id='.$_REQUEST['id']]);
				unset($arguments['submenu']['?node=host&sub=delete&id='.$_REQUEST['id']]);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-printers']); 
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-service']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-powermanagement']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-virus-history']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-login-history']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-login-history']);
				
				
			}
		}
    }
}

Hi all, i have secureboot working with ipxe (FOG) using a self-signed certificate and you do however need to enroll the keys but i have added an .efi program that you can run to automate all this from the pxe boot menu to ease this process.

i’ve been testing it for the last 12 months or so to see if there is any gotchas but none yet and over 80% of our estate have secureboot with ipxe working (7K devices) - only lenovo x1 carbons have been problematic but this appears to be due to poor bios and/or secureboot implementation.

this does mean you have to manage the certificates yourself going forward too as you are essentially taking ownership and provisioning the devices and applying your own PK which means you have to trust 3rd party CAs however the plus side there is no cost involved. i also don’t have assurances how to remotely distribute a renewed certificate when it expires but expiration is 10 years and there is going to be some work needed when microsoft CA expires in 2026.

on first attempt, i hadn’t included microsoft CA so windows os failed to load with untrusted error from secureboot… i loved the irony… i dont trust microsoft either :-)

if anyone is interested i can write up instructions however you have to remember technically this is outside of FOG remit, so support on FOG forums will be extremely limited and unfortunately with 2 jobs i have very little time to spare either.

@george1421 To be honest, I never expected the partclone update to really change anything in that regard. I just figured there was a possibility that it could improve somewhat.

I’ve been confusing this thread with another one I think. I assumed he was already on those inits.

It’s worth a shot!

Can be downloaded from: https://dev.fogproject.org/blue/organizations/jenkins/fos/detail/master/95/artifacts

@scottedwards54 On Windows the fog-client runs under the SYSTEM account. This will likely have no access to the UNC path share. Search the forums and you will find a few posts on this topic.