UEFI pxe boot problem from a network

lebrun78

Hello
I take advantage that the university is deserted (covid19) to be able to do my dhcp tests, so I can easely insolate the boot log from a machine.
I have allways this problem on the vlan only with uefi pxe boot

Mar 31 11:37:08 sybille2 dhcpd: DHCPREQUEST for 148.60.10.34 from 00:11:e2:61:00:03 via em2.10
Mar 31 11:37:08 sybille2 dhcpd: DHCPACK on 148.60.10.34 to 00:11:e2:61:00:03 via em2.10
Mar 31 11:37:34 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003016
Mar 31 11:37:34 sybille2 dhcpd: Lease request from 10:65:30:83:5c:4b in subnet 148.60.10
Mar 31 11:37:34 sybille2 dhcpd: DHCPDISCOVER from 10:65:30:83:5c:4b via em2.10
Mar 31 11:37:35 sybille2 dhcpd: DHCPOFFER on 148.60.10.193 to 10:65:30:83:5c:4b via em2.10
Mar 31 11:37:37 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003016
Mar 31 11:37:37 sybille2 dhcpd: Lease request from 10:65:30:83:5c:4b in subnet 148.60.10
Mar 31 11:37:37 sybille2 dhcpd: DHCPREQUEST for 148.60.10.193 (148.60.10.252) from 10:65:30:83:5c:4b via em2.10
Mar 31 11:37:37 sybille2 dhcpd: DHCPACK on 148.60.10.193 to 10:65:30:83:5c:4b via em2.10

lebrun78

It looks like that topic no ?

George1421 have respond to this;
https://community.spiceworks.com/topic/2141866-wds-uefi-pxeboot-when-dhcp-and-clients-are-on-same-netwrok?from_forum=2721

lebrun78

pxe success on an other vlan, vlan with fog server

Mar 31 11:49:13 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003016
Mar 31 11:49:13 sybille2 dhcpd: Lease request from c8:1f:66:b1:e0:86 in subnet 148.60.0.0
Mar 31 11:49:13 sybille2 dhcpd: DHCPDISCOVER from c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:13 sybille2 dhcpd: DHCPOFFER on 148.60.3.85 to c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:16 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003016
Mar 31 11:49:16 sybille2 dhcpd: Lease request from c8:1f:66:b1:e0:86 in subnet 148.60.0.0
Mar 31 11:49:16 sybille2 dhcpd: DHCPREQUEST for 148.60.3.85 (148.60.4.3) from c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:16 sybille2 dhcpd: DHCPACK on 148.60.3.85 to c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:39 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003010
Mar 31 11:49:39 sybille2 dhcpd: Lease request from c8:1f:66:b1:e0:86 in subnet 148.60.0.0
Mar 31 11:49:39 sybille2 dhcpd: DHCPDISCOVER from c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:39 sybille2 dhcpd: DHCPOFFER on 148.60.3.85 to c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:40 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003010
Mar 31 11:49:40 sybille2 dhcpd: Lease request from c8:1f:66:b1:e0:86 in subnet 148.60.0.0
Mar 31 11:49:40 sybille2 dhcpd: DHCPDISCOVER from c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:40 sybille2 dhcpd: DHCPOFFER on 148.60.3.85 to c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:44 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003010
Mar 31 11:49:44 sybille2 dhcpd: Lease request from c8:1f:66:b1:e0:86 in subnet 148.60.0.0
Mar 31 11:49:44 sybille2 dhcpd: DHCPREQUEST for 148.60.3.85 (148.60.4.3) from c8:1f:66:b1:e0:86 via em2.2
Mar 31 11:49:44 sybille2 dhcpd: DHCPACK on 148.60.3.85 to c8:1f:66:b1:e0:86 via em2.2

george1421

@lebrun78 So let me see if I understand the issue.

On one vlan you can not pxe boot a uefi system, but on the same vlan you can pxe boot a bios based computer?

On a second vlan you can pxe boot both a uefi system and a bios based system no problem?

If that is the case I’d like to see a wireshark pcap of a uefi failed boot on the bad vlan. Use wireshark installed on a witness (extra) computer with a wireshark capture filter of port 67 or port 68

When you capture the power on and pxe boot of the target computer start wireshark, power on the computer and pxe boot to the error. Then stop wireshark and save the pcap. In the pcap you will see a dhcp discover from the target computer, then a dhcp offer from your main dhcp server. We need to look into that offer packet to see what the target computer is being told to boot. Upload the pcap here so we can look at it.

lebrun78

Hello,

On one vlan you can not pxe boot a uefi system, but on the same vlan you can pxe boot a bios based computer? Yes

On a second vlan you can pxe boot both a uefi system and a bios based system no problem? Yes, the vlan the fog server is on.

Here is the capture from the wittness host:

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000000    0.0.0.0               255.255.255.255       DHCP     389    DHCP Discover - Transaction ID 0xea2ea26c

Frame 1: 389 bytes on wire (3112 bits), 389 bytes captured (3112 bits) on interface 0
Ethernet II, Src: Dell_83:5c:4b (10:65:30:83:5c:4b), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)

No.     Time           Source                Destination           Protocol Length Info
      2 1.001404071    148.60.10.252         255.255.255.255       DHCP     343    DHCP Offer    - Transaction ID 0xea2ea26c

Frame 2: 343 bytes on wire (2744 bits), 343 bytes captured (2744 bits) on interface 0
Ethernet II, Src: Dell_82:50:7e (50:9a:4c:82:50:7e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 148.60.10.252, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)

No.     Time           Source                Destination           Protocol Length Info
      3 3.271384044    0.0.0.0               255.255.255.255       DHCP     401    DHCP Request  - Transaction ID 0xea2ea26c

Frame 3: 401 bytes on wire (3208 bits), 401 bytes captured (3208 bits) on interface 0
Ethernet II, Src: Dell_83:5c:4b (10:65:30:83:5c:4b), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Request)

No.     Time           Source                Destination           Protocol Length Info
      4 3.404871387    148.60.10.252         255.255.255.255       DHCP     343    DHCP ACK      - Transaction ID 0xea2ea26c

Frame 4: 343 bytes on wire (2744 bits), 343 bytes captured (2744 bits) on interface 0
Ethernet II, Src: Dell_82:50:7e (50:9a:4c:82:50:7e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 148.60.10.252, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)

Thank you very much for your help.

lebrun78

In
UEFI Reading the DHCP offer on boot, router ip et subnet mask are wrong. (ip router and subnet mask of the vlan of fog server).

In legacy mode, (same PC, same vlan)
router ip et subnet mask are wrong too. (ip router and subnet mask of the vlan of fog server). But the boot is going on
capturedhcp.txt

george1421

@lebrun78 would you upload the entire pcap. I need to see the raw data and not just the packet headers.

lebrun78

here is a uefi capture:

capturedhcp.pcap

george1421

@lebrun78 Please look at the forum chat (chat bubble at the top of the forum window) for a few questions based on the pcap.

Sebastian Roth

@lebrun78 said in UEFI pxe boot problem from a network:

router ip et subnet mask are wrong

I think this is key to the mystery here!

george1421

@Sebastian-Roth I agree, also in the pcap it has the bootp pxe boot information (in the header) but not the dhcp pxe boot options (66 & 67). Some target systems look at the ethernet header and others look at the dhcp options to boot.

I didn’t try to figure out the funky subnet mask (255.255.248.0) to make sure all of the subnets defined were in range. I figured everything was close enough it should work.

lebrun78

Several vlan:

• 148.60.0.0 255.255.248.0 (148.60.0.0 > 148.60.7.255)
  (fog server vlan 148.60.4.1, dhcp 148.60.4.3 router 148…60.7.254

• 148.60.8.0 255.255.255.0 (148.60.8.0 > 148.60.8.255)
  router 148…60.8.254 no dhcp

• 148.60.10.0 255.255.255.0 (148.60.10.0 > 148.60.10.255)
  dhcp 148.60.10.252 router 148…60.10.254 (vlan with deployment problem)

• 148.60.11.0 255.255.255.0 (148.60.11.0 > 148.60.11.255)
  dhcp 148.60.11.248 router 148…60.11.254

• 148.60.12.0 255.255.255.0 (148.60.12.0 > 148.60.12.255)
  dhcp 148.60.11.252 router 148…60.12.254

• 148.60.13.0 255.255.255.0 (148.60.13.0 > 148.60.13.255)
  dhcp 148.60.13.248 router 148…60.13.254

• 148.60.14.0 255.255.255.0 (148.60.14.0 > 148.60.14.255)
  dhcp 148.60.14.252 router 148…60.14.254

• 148.60.15.0 255.255.255.0 (148.60.15.0 > 148.60.15.255)
  dhcp 148.60.15.109 (its native vlan) router 148…60.15.254

lebrun78

@george1421
Here is the capture from fog server, client in uefi mode
uefi.pcap

george1421

@lebrun78 Well I’m not sure how to explain this situation but @Sebastian-Roth is spot on.

First the easy part, it appears there are 2 dhcp servers (or configurations) involved here. The reason why I say that is that they are giving different responses to the pxe boot request. If you look at the pcap on the working subnet it responds with dhcp option 12, the not working pcap does not include dhcp option 12. This is only important to show there are different settings for these two pcaps.

Now to the hard part to explain.

On the working subnet
Client IP: 148.60.3.152
Subnet Mask: 255.255.248.0
Gateway: 148.60.7.254
Subnet Range: 148.60.0.1-148.60.7.254

On the not working subnet.
Client IP: 148.60.10.193
Subnet Mask: 255.255.248.0
Gateway: 148.60.7.254
Subnet Range: 148.60.8.1-148.60.15.254

So now to identify the problem. If you look at the not working subnet you will see the gateway IP address is outside of the usable range of the client’s IP address. The gateway address is 148.60.7.254 but the subnet base address is 148.60.8.0. So its not possible for the client to reach the router to get outside of the subnet to connect to the FOG server at 148.60.4.1. At this time the problem is infrastructure related and not FOG.

lebrun78

@george1421
“At this time the problem is infrastructure related and not FOG.” I agree.
I don’t understand the boot dhcp response on vlan 10.
The ip configuration is good when loaded !

Sebastian Roth

@lebrun78 said in UEFI pxe boot problem from a network:

The ip configuration is good when loaded !

You mean when Windows boots it’s correct?

george1421

@lebrun78 said in UEFI pxe boot problem from a network:

I don’t understand the boot dhcp response on vlan 10.

Looking at the dhcp packet from your main dhcp server its giving out the wrong default router address for this subnet. So any computer that uses dhcp should not be able to connect to any device beyond its local subnet. Its impossible since the router its being told to use to leave the local subnet, is on a different subnet to start with.

You should contact your infrastructure staff and ask they to confirm the dhcp settings are correct for this subnet. If I had to guess, I would think they just copied the settings from the subnet where your FOG server is and pasted them into the vlan 10 subnet configuration and missed the router value. But that is only a guess made from 6600km away.

lebrun78

@Sebastian-Roth
Yes ipconfig is good.

lebrun78

@george1421
I’m the infrastructure manager, the dhcpd.conf is the one in the first post …

george1421

@lebrun78 I’m going to have to look into this, but I have to ask the question why does the dhcp servers have two different IP addresses? Those each are listed in the pcaps.