FOG menu not showing up on some machines after DHCP server rebuild
-
Rebooted as requested, still exhibiting the same undesired behavior. Working on the Wireshark capture right now.
-
This is my first time using Wireshark so I am not really sure what I should be looking for. I apologize for being totally lost at this point.
I filtered on the MAC address of the client that I am having issues with.[0_1471959801565_wireshark.pcap](Uploading 100%)
-
@Jay-Bosworth for some reason your upload didn’t work as expected. Could you try again?
-
Yeah let me try again, I think it said something about me not having privileges, but here goes…[0_1471963844264_wireshark.pcap](Uploading 100%)
Yeah, “You do not have enough privileges for this action”
-
@Tom-Elliott Any idea why Jay is not allowed to upload a pcap file?
-
I think it might be because my reputation is only 1. I could be wrong though.
-
@Sebastian-Roth said in FOG menu not showing up on some machines after DHCP server rebuild:
@Tom-Elliott Any idea why Jay is not allowed to upload a pcap file?
Sometimes it just doesn’t work. Just re-try is what I do.
-
[0_1472034851705_wireshark.pcap](Uploading 100%) [0_1472034862838_wireshark.pcap](Uploading 100%) [0_1472034869176_wireshark.pcap](Uploading 100%) [0_1472034874663_wireshark.pcap](Uploading 100%) [0_1472034883351_wireshark.pcap](Uploading 100%) [0_1472034888967_wireshark.pcap](Uploading 100%)
Nope, just tried six more times there…
-
@Jay-Bosworth pcap that Jay was trying to post.
[edit] it contained more communication information that requested (and some stuff that shouldn’t be public). Jay I’ll post what I need you to do to create a new capture. [/ edit] -
@Joe-Schmitt do you know why Jay can’t upload the same file that George can?
-
@Wayne-Workman said in FOG menu not showing up on some machines after DHCP server rebuild:
@Joe-Schmitt do you know why Jay can’t upload the same file that George can?
When I was younger, my mom called me “a unique person” quite often. Its probably that…
I removed the upload pcap file since it contained things that the general public should not see.
-
Okay, thanks, I was afraid of that. I tried to filter it just to the MAC address of the client. I had a feeling it wasn’t enough though.
-
In wireshark, you can apply a filter, and then export the displayed packets.
-
OK I have a few questions:
- Is the target system an apple device?
- Is 10.60.82.15 your fog server?
- What is 192.168.101.2 and why is it sending a dhcp nak (dhcp rejection)
- Did the target get 10.60.16.119?
crud, that one was an iPhone.
I see another one that is a HP device with a mac address of 00:1b:78:a4:a0:6c
But that one looks like a dhcp renewal. What is interesting is that I seen dhcp ACK from 10.20.88.37 and NAKs from 10.60.82.170, 192.168.101.2 and 10.20.0.101This tells me you have multiple dhcp servers attempting to respond to a dhcp request?
-
No, the target system I am testing with right now is an HP DC7800 Microtower. Mac address ends in AB:02
Yes 10.60.82.15 is my FOG server. Not sure what 192.168.101.2 is, but the Health Department rents a room in our district and they have a VPN setup with a DHCP server for their machines. We also have a sonic wall in place for our phones that are on a separate vLan to give them addresses. Target right now is 16.155 but that Wireshark is from a day ago so it may not be the same address now as it was then.
.170 is my main DHCP server.
the .20 addresses belong to my ISD which is our ISP so I will check with them…
I am happy to pull another Wireshark if necessary just let me know the steps I should take.
Thanks,
-
@Jay-Bosworth Its been nuts here this am so it took me a while to grab the screenshot.
Capture requirements.
- Target computer, wireshark computer, and DHCP server need to be on the same subnet to capture broadcast based traffic. If any of these are on a different subnet then you will need to setup wireshark on a mirrored port to the target computer.
- If your FOG server is on the same subnet as the target computer and dhcp server you can use tcpdump on your FOG server to capture the pcap file. (hint: wireshark is not needed).
- Start your pcap capture device. for your FOG server using tcpdump you can use the following command:
tcpdump -w issue.pcap -i eth0 port 67 or port 68 or port 69
or with wireshark select Capture->Options then select the proper network adapter and key the following into the capture filterport 67 or port 68
- Press the start button.
- PXE boot the target computer to the error
- Stop the wireshark/tcpdump capture.
- Analyze the pcap file.
-
I know this doesn’t technically go in here, but it is part of the process I am following to help resolve this… since I haven’t found what was causing the issues yet, I decided to take the plunge and upgrade to 1.3.0. So I am now running 1.3.0-RC-8 and when my computers boot they are stopping at a screen where it is asking for the address of the tftp server. When I type in the IP address of the FOG server it tries to connect to x.x.x.x/default.ipxe, but the connection is timing out. TFTP was working before the upgrade, is it possible the upgrade changed permissions? Any help is appreciated.
Thanks!
-
@Jay-Bosworth said in FOG menu not showing up on some machines after DHCP server rebuild:
it is asking for the address of the tftp server.
That tells me you have more than one DHCP server, and one or more are mis-configured.
-
@Jay-Bosworth What OS and what version are you running?
Also, Wayne is right, so check that out asap.
-
Ubuntu 14.04.5 LTS
I have only ever setup one DHCP server. As I stated it is a new build so the settings are exactly what is called for in the FOG setup.
Option 66 pointing to my FOG Server Option 67 pointing to undionly.kpxe