UEFI is not booting with Windows DHCP
-
@cjiwonder Your issue is secure boot. The FOG Project doesn’t have signed ipxe boot loaders or FOS imaging engine. Secure boot is blocking both of them from running. Turn secure boot off for imaging and it will work for you. Once imaging is done you can reenable secure boot.
-
@JamiesonCA092 My NIC is intel, tried both ipxe.efi and intel.efi but no luck.
-
@george1421 Already secure boot is disabled.
-
@cjiwonder said in UEFI is not booting with Windows DHCP:
Already secure boot is disabled.
sorry I missed that in your first post.
What error do you see? Is iPXE even trying to boot?
The difference between ipxe.efi and snp*.efi is in the network adapter. If iPXE boots but can’t find the network interface then you are not selecting the correct version of iPXE. But if iPXE never boots (what I suspect) then there is something wrong with the mechanics of getting the uefi boot file to the target computer. What error does the computer screen say? Something about “NBF”?
-
@george1421 PXE is not booting, could you pls help me to resolve this issue?
-
@cjiwonder said in UEFI is not booting with Windows DHCP:
PXE is not booting, could you pls help me to resolve this issue?
You really haven’t given me anything to help you other than it works for bios and not for uefi.
You have snp*.efi configured for dhcp option 67.
You haven’t provided any error message if there are any. No error messages is also a clue.
If the fog server and pxe booting computer are on the same ip subnet you can use this tutorial to capture the pxe booting process. This will tell us exactly what the target computer is being told through dhcp: https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue
If your fog server and pxe booting computer are on different subnets, then you will need to load a computer with wireshark and use the capture filter of
port 67 or port 68
to capture the dhcp process.Upload the pcap to the forum or a file share site that you can manage, and I will take a look at it.
I need more info to be able to help solve this issue.
-
@george1421 There is no error message, “>>Start PXE over IPv4” message and after a minute booting to HDD. Fog Server and PXE boot client are in the same VLAN but DHCP server is in a different VLAN. Tried with snponly.efi, intel.efi and pexe.efi but no luck. There is no issue with the DHCP IP release if I boot the PC in Windows, and there is no issue in booting with undionly.exe on the same PC. I am new to Wireshark, please guide me to run the capture filter. Thanks.
-
@cjiwonder If the fog server and pxe booting computer are on the same subnet then use the instructions in the link I previously provided to generate the pcap file. This will give you the entire pxe booting information and not just the dhcp part you would get from wireshark.
But to answer your wireshark question, when you first startup wireshark you will be prompted with this screen. In the using this filter section enter
port 67 or port 68
and then double click on your ethernet adapter and the capture will start. With this filter you will only see the dhcp booting packets and not all of the network data packets.Now pxe boot the target computer until you get the error. You should see at least 4 packets (Discover, Offer, Request, and Ack) this is the DORA process. The Discover and Request come from the target computer and Offer(s) and Ack from the DHCP server. The Offer packet tells the target computer which file to load from the tftp server. This same process is for both wireshark and tcpdump using the fog server. You can review the tcpdump output with wireshark if you want.
-
This post is deleted! -
@george1421 6768.pcap Attached capture filter for ports 67 and 68. 192.168.200.1 is the VLAN gateway.
-
@cjiwonder Well this is the strangest pcap that I’ve seen in a while. I finally found a uefi computer pxe booting at 8.3 seconds (you have a very active dhcp network). And the request is from 192.168.200.1.
Your dhcp server is telling the client to get ipxe.efi from 192.168.200.3. Is that your fog server? The dhcp transaction looks normal and from the dhcp side should work.
It looks like you used wireshark on the same subnet as your dhcp server? I would have expected to see broadcast messages from the pxe booting computers instead of unicast messages between the routers and dhcp server. That’s OK because we now know that the dhcp server is sending out the right boot file information (assuming that 200.3 is your fog server). If you would have used the tcpdump command from the fog server we could/should have see the target computer requesting the file to download. That would tell us if the file was actually being sent to the pxe booting computer. But from the dhcp side it looks good.