UEFI Boot

londonfog

Hi There,

trying to set up uefi boot, we have it setup correctly on the dhcp side with correct options. When selecting uefi boot I get an address, it finds the server and the following happens:
tftp://fogip/default.ipxe… ok
http://fogip/fog/service/ipxe/boot.php...........Connection Timed out (http://ipxe.org/4c0a6092)
Could not boot: connection timed out (http://ipxe.org/4c0a6092)
Chainloading failed, hit ‘s’ for the iPXE shell; reboot in 10 seconds

Legacy boot still works fine. Are there parameters I need to change in boot.php or maybe in default.ipxe?

Thanks in advance!

george1421

@londonfog Hmm, ok that isn’t it then. I thought it was possible that something happened with the 1.5.8 update and ipxe.efi was damaged some how.

In each of the boot loaders (undionly.kpxe and ipxe.efi) there is a script that calls default.ipxe on the FOG server… But thinking about it now, its getting past that point because it calls default.ipxe which chains to bootp.php. That http call is failing for some reason. So default.ipxe has already been loaded by ipxe.efi.

I don’t have an answer why only uefi has this issue. I can say that 1.5.5 is kind of old, but I don’t remember your issue being an issue in 1.5.5. I guess you could try ipxe.efi from 1.5.8 to see if that changes anything. Here is the link to the github site where you can download ipxe.efi https://github.com/FOGProject/fogproject/tree/master/packages/tftp

george1421

This is a very strange error. The connection timeout should not happen if the web ui is operational. You shouldn’t be able todo anything with the boot file to cause this.

If with a browser can you call that url?

Just for clarity if you are changing dhcp option 67 then for bios the value should be undionly.kpxe and for uefi mode it should be ipxe.efi.

If you have a windows 2012 or later dhcp server you can create filter policies to send the correct boot file based on the pxe booting computer so it doesn’t have to be one or the other you can boot.

londonfog

@george1421 we’re using infoblox for DHCP. I worked with the network engineer for creating the policies. I’ll verify that he’s pointing the UEFI filter to the correct file in tftboot.

And yes I can go to that url. So does it seem more like a networking thing at the moment?

george1421

@londonfog Well its not totally clear. I’m pretty sure its not pxe booting parts since iPXE is being delivered and is working because it can reach the FOG server to download via tftp the default.ipxe file. In that simple text file it chains to boot.php over http. That is where its failing.
(sidebar: since you changed IP addresses to anonymize them, make sure the value in default.ipxe is the correct IP address of the fog server. This disconnect might happen if you changed the IP address of the fog server after FOG was installed) So if its failing on the http side, one might think there could be some kind of firewall/screening blocking the target computer from reaching the http port. If you were getting an access denied message here I might think you turned on https on the fog server and didn’t recompile iPXE with the correct certificate.

The connection timeout would indicate that the target computer can’t reach the web server for some reason.

londonfog

@george1421 also, I think I mentioned in the original post, but BIOS pxe is still working. If the IP were not correct in default.ipxe would bios pxe also not boot?

george1421

@londonfog You are correct the IP has to be set correctly. Right now I’m in conflict because what you are telling me is happening, should if the only difference is the same computer and the only change is bios to uefi mode.

londonfog

@george1421 correct, if I use legacy it boots fine, switch to UEFI, I get the error in original post. I’m quite baffled, which is what lead me to bring this here. I’ll be back in the office tomorrow and can dig more, any suggestions I’ll gladly take! Thanks for all your replies so far!

Sebastian Roth

@londonfog Absolutely sure there is no typo in the “fogip” part of the URL? Would you run tcpdump -nn port 80 on your FOG server when booting the client in UEFI mode to see if it even tries to open the TCP connection?

londonfog

@Sebastian-Roth I’m sure there is no typo considering legacy boot still works fine. But when I get into the office I’ll do a dump to see if anything stands out.

londonfog

@george1421 I happened to look at /opt/fog/.fogsettings and noticed that bootfilename= is ‘undionly.kpxe’ should this be changed to include ipxe.efi?

george1421

@londonfog The .fogsettings file would be only used if FOG was your dhcp server. I don’t think that is the case here.

The tcpdump that Sebastian recommended would surely capture if that uefi client was talking to the FOG server. I might add in port 69 so you get the timing of the tftp download too.

so the tcpdump command would be tcpdump -nn port 80 or port 69 From there you should see the tftp download of ipxe.efi, then ipxe reaching out to get default.ipxe file, and then ipxe attempting to access boot.php via http protocol.

For completelness here is my tutorial on when pxe booting goes back what to do: https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue

The relevant capture string from there is: tcpdump -w output.pcap port 67 or port 68 or port 69 or port 4011 In your case you want to add in http so the capture string would look like this tcpdump -w output.pcap port 67 or port 68 or port 69 or port 4011 or port 80 This will output the capture into the output.pcap file you can review in wireshark.

londonfog

@george1421 so after the connection times out I decided to hit ‘s’ and drop to the iPXE prompt. And then I manually called the chain command I saw listed near the bottom of my boot.php file which is:
:bootme
chain -ar http://xxx.xx.xx.x/fog/service/ipxe/boot.php##params ||
goto MENU
autoboot

I manually typed out the chain line and it boots to my fog menu page… So i’m glad I can atleast make the connection, i’m just stumped why it’s not automatically doing it?

george1421

@londonfog Can you get me a screen shot of that exact text?

The reason why I question it is the default.ipxe file should have a different format. What you are telling me, I might expect from the boot.php file itself. So this IS a clue to what is going sideways.

Here is what the default.ipxe file should look like

#!ipxe
cpuid --ext 29 && set arch x86_64 || set arch ${buildarch}
params
param mac0 ${net0/mac}
param arch ${arch}
param platform ${platform}
param product ${product}
param manufacturer ${product}
param ipxever ${version}
param filename ${filename}
param sysuuid ${uuid}
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
:bootme
chain http://<fog_server_ip>/fog/service/ipxe/boot.php##params

Here is the very bottom of what boot.php outputs

param sysuuid ${uuid}
:bootme
chain -ar http://<fog_server_ip>/fog/service/ipxe/boot.php##params ||
goto MENU
autoboot

Well rereading your post. I can see I was off point here. Lets try this.

When you pxe boot and get the http timeout error, hit s to stop and then key in manually.

chain http://<fog_server_ip>/fog/service/ipxe/boot.php I’m only interested to see if you get an output from boot.php. It may be nonsensical but that will test if http works from the target computer.

If that works, find a inexpensive unmanged switch and place that between the pxe booting computer and the building network switch. The cheaper the switch the better (think the $20 monoprice switch). While I SERIOUSLY doubt this is a spanning tree issue, it might explain random communications.

londonfog

@george1421

default.ipxe
#!ipxe
cpuid --ext 29 && set arch x86_64 || set arch ${buildarch}
params
param mac0 ${net0/mac}
param arch ${arch}
param platform ${platform}
param product ${product}
param manufacturer ${product}
param ipxever ${version}
param filename ${filename}
param sysuuid ${uuid}
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
:bootme
chain http://<fogIP>/fog/service/ipxe/boot.php##params

bottom of boot.php
param sysuuid ${uuid}
:bootme
chain -ar http://<fogIP>/fog/service/ipxe/boot.php##params ||
goto MENU
autoboot

Now I have hit ‘S’ at the time out error to drop to a ipxe shell and have successfully booted to the fog menu by running
chain -ar http://<fogIP>/fog/service/ipxe/boot.php##params

george1421

@londonfog I can’t believe I did not ask you the version of FOG you are using. What version of FOG?

londonfog

@george1421 1.5.5

george1421

@londonfog Hmm, ok that isn’t it then. I thought it was possible that something happened with the 1.5.8 update and ipxe.efi was damaged some how.

In each of the boot loaders (undionly.kpxe and ipxe.efi) there is a script that calls default.ipxe on the FOG server… But thinking about it now, its getting past that point because it calls default.ipxe which chains to bootp.php. That http call is failing for some reason. So default.ipxe has already been loaded by ipxe.efi.

I don’t have an answer why only uefi has this issue. I can say that 1.5.5 is kind of old, but I don’t remember your issue being an issue in 1.5.5. I guess you could try ipxe.efi from 1.5.8 to see if that changes anything. Here is the link to the github site where you can download ipxe.efi https://github.com/FOGProject/fogproject/tree/master/packages/tftp

londonfog

@george1421 interesting.

when I type `chain http://fogip/fog/service/ipxe/boot.php’ it times out

it does not time out when I run `chain -ar http://fogip/fog/service/ipxe/boot.php’

george1421

@londonfog OK for grins, update /tftpboot/default.ipxe and add in the -ar into the chain call.

george1421

@londonfog Very sneaky for the @developers to use an undocumented command switch to make things “just work” when we don’t expect them to.

use the undocumented "chain -ar" option (--autofree and --replace); this will prevent iPXE from running out of memory after several iterations

ref: https://forum.ipxe.org/showthread.php?tid=6944