PXE-E32 Error; Not sure what went wrong.

JazKW

@sebastian-roth The ip address in option 66 and that of the fog server match.

Sebastian Roth

@JazKW Please follow the TFTP troubleshooting guide and let us know what you get.

JazKW

@sebastian-roth TFTP was not enabled in firewalld so it was not getting through, but I’ve run into another error.
Could not boot: Connection timed out (http://ipxe.org/4c0a6035)
I did check the specified files on the wiki and the IP address is correct for both files. But in .fogsettings submask has: ‘Error: =4099<UP,BROADCAST,MULTICAST> is not recognized’ instead of an actual subnet mask, would this be the possible cause?

Sebastian Roth

@JazKW As far as I know from the top of my head the submask setting is mostly used to generate a valid DHCP config. If you are using a Windows DHCP server, that should not cause an issue. But I am wondering if DHCP on your FOG server is still running and might cause an issue? Please run the following commands and post results here:

ps ax | grep dhc
cat /opt/fog/.fogsettings

JazKW

@sebastian-roth This is the result I got from the two commands:

[root@FOG fog]# ps ax | grep dhc
 4197 ?        S      0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
 4198 ?        S      0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
19862 pts/0    S+     0:00 grep --color=auto dhc
[root@FOG fog]# cat /opt/fog/.fogsettings
## Start of FOG Settings
## Created by the FOG Installer
## Find more information about this file in the FOG Project wiki:
##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
## Version: 1.5.4
## Install time: Thu 09 Aug 2018 08:48:22 AM EDT
ipaddress='192.168.1.87'
copybackold='0'
interface='eth0'
submask='255.255.255.0'
routeraddress='192.168.1.18'
plainrouter='192.168.1.18'
dnsaddress='192.168.1.18'
username='fog'
password='Qigd/N34xpA2aa0amHlKfnz+zbeHkxgM8l4RwVAW0tk='
osid='1'
osname='Redhat'
dodhcp='N'
bldhcp='0'
dhcpd='dhcpd'
blexports='1'
installtype='N'
snmysqluser='root'
snmysqlpass=''
snmysqlhost='localhost'
installlang='0'
storageLocation='/images'
fogupdateloaded=1
docroot='/var/www/html/'
webroot='/fog/'
caCreated='yes'
httpproto='http'
startrange=''
endrange=''
bootfilename='undionly.kpxe'
packages='bc curl gcc gcc-c++ genisoimage gzip httpd lftp m4 make mariadb mariadb-server mod_ssl mtools net-tools nfs-utils php php-bcmath php-cli php-common php-fpm php-gd php-ldap php-mbstring php-mcrypt php-mysqlnd php-process syslinux tar tftp-server unzip vsftpd wget xinetd xz-devel '
noTftpBuild=''
notpxedefaultfile=''
sslpath='/opt/fog/snapins/ssl/'
backupPath='/home/'
php_ver=''
php_verAdds=''
sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
## End of FOG Settings
[root@FOG fog]# 

Sebastian Roth

@JazKW As far as I can see there is no DHCP server running or configured in fogsettings. Can you please take a picture of the Could not boot: ... error on screen. Possibly there is some important information we are still missing.

george1421

@jazkw The question I wonder is why dnsmasq is running on this computer? There are valid uses for dnsmasq with FOG, but why its active with this setup.

JazKW

@george1421 It shouldn’t be. I have it set up with the windows DHCP server. If dnsmasq is running, it shouldn’t. So at this point I would be asking how to turn it off, because it seems like it’d be what’s causing the Host machine not to be able to PXE boot.

JazKW

george1421

@jazkw Well it depends on what mode dnsmasq is configured in. If its setup as proxydhcp then it could be mucking up the works. The config file path shown is not something that FOG would setup or configure. That looks like some other application configured dnsmasq for you.

If in doubt, key in systemctl stop dnsmasq to temporarily stop the service. Then try to pxe boot. If you still can’t understand what is going wrong then lets capture a packet trace of the pxe booting process. As long as the FOG server and the pxe booting client are on the same subnet, we can use FOG to spy on the pxe booting process. If the target computer is on a different subnet then we will need a second computer on the pxe booting computer’s subnet with wireshark installed.

I have a tutorial on how to capture a pcap of the pxe booting process here: https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue

JazKW

@george1421 Stopping dnsmasq didn’t change anything, still the same result and same error. Need to review network policy before attempting a packet capture.

george1421

@jazkw OK fair enough. Just be aware with the capture filter defined in that article only pxe booting and dhcp process will be captured in the pcap. No PII is available at this point in the booting process. Even windows isn’t involved where we want to capture. Now I agree if you don’t use the exact capture filter I defined you may indirectly capture info you don’t want.

If you are able to capture a pcap, but don’t want to post it here, or IM me the link to the pcap, we can still work indirectly via your eyes with the pcap, but it will take much longer that way.

JazKW

@george1421 There is one other thing I’ve noticed each time I went to uninstall and reinstall FOG, none of the services exist.
When I go to run these commands

sudo rm /etc/init.d/FOGImageReplicator
sudo rm /etc/init.d/FOGMulticastManager
sudo rm /etc/init.d/FOGScheduler```

I get:
[root@FOG NetworkManager]# sudo rm /etc/init.d/FOGImageReplicator
rm: cannot remove ‘/etc/init.d/FOGImageReplicator’: No such file or directory

For each one; and when I go to check where they’re supposed to be located, they aren’t there

[root@FOG init.d]# ls -la
total 40
drwxr-xr-x.  2 root root    70 Aug  6 10:33 .
drwxr-xr-x. 10 root root   127 Aug  6 10:32 ..
-rw-r--r--.  1 root root 18104 Jan  2  2018 functions
-rwxr-xr-x.  1 root root  4334 Jan  2  2018 netconsole
-rwxr-xr-x.  1 root root  7293 Jan  2  2018 network
-rw-r--r--.  1 root root  1160 Apr 11 03:36 README

george1421

@jazkw I’d have to look into what the installer is doing, but your FOG server is running in a systemd environment not systemv as the older versions of linux. SystemD uses systemctl which stores the init files in a different location instead of init.d (that is where systemv uses).

JazKW

@george1421 Not sure if you have any control over it, but you may want to update the uninstall article on the wiki for systemd. I may have bad or redundant service files from previous install attempts, unless they were overwritten.

Sebastian Roth

@JazKW Thanks for the picture. I see http://.../boot.php...................... Connection timed out .... This is a big issue. The client is not able to load the iPXE menu stuff and fails. Are you able to open this URL in your browser from a PC within your network: http://192.168.1.87/fog/service/ipxe/boot.php

My guess is that you have a local firewall not allowing this connection. Please check using sudo iptables -L -n -v (post full output here).

JazKW

@sebastian-roth No I was not able to connect to the Fog server from another PC.

EDIT: Disabling firewalld got it to work.

This is what I got from the iptables:

[root@FOG init.d]# sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
5331K  892M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 504K   31M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 196K   25M INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 196K   25M INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 196K   25M INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
 132K   17M REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 5282K packets, 800M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68
5840K  886M OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public  all  --  em1    *       0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDO_public  all  --  *      em1     0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 140K   18M IN_public  all  --  em1    *       0.0.0.0/0            0.0.0.0/0           [goto] 
   47  6862 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     2    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 196K   25M IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 196K   25M IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 196K   25M IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   30  1827 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
   15   975 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:69 ctstate NEW
63870 7604K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:49152:65532 ctstate NEW

Chain IN_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination ```

Sebastian Roth

@jazkw said in PXE-E32 Error; Not sure what went wrong.:

EDIT: Disabling firewalld got it to work.

Just add TCP port 80 to your firewall config and you should be fine. Although there might be later issues with NFS… If you are not familiar with firewall configuration you might want to leave it disabled for now till you have it all up and running. Later on you can still enable it again and add ports as needed.

JazKW

@sebastian-roth Can go ahead and mark this as solved. Thank you for the help.