Surface Pro 3 - ipxe issues

xerxes2985

Thanks Wayne and George.

I am using the updated 2.76 version of dnsmasq, however I do not have the boot kernel ipxe7156.efi I’ll have to try that and report back my findings.

Wayne Workman

@xerxes2985 said in Surface Pro 3 - ipxe issues:

I do not have the boot kernel ipxe7156.efi

Really?

Try this command:
find /tftpboot | grep ipxe7156.efi

MRCUR

@george1421 @Wayne-Workman This still exists and is working for me with SP3’s and SP4’s. I could not get either model working with ipxe.efi.

Scott Adams

In my environment, I use both Surface Pro 3s and Surface Pro 4s.

I use snponly.efi and can image my Surfaces.

Wayne Workman

@Scott-Adams said in Surface Pro 3 - ipxe issues:

In my environment, I use both Surface Pro 3s and Surface Pro 4s.

I use snponly.efi and can image my Surfaces.

Exactly what version of FOG are you using? This is quite important.

xerxes2985

@Wayne-Workman let me restate that lol. I have it, just not in my itsp.conf file. I didn’t specify that as an option.

Wayne Workman

@xerxes2985 Well go through the wiki article I linked and set it up as an option.

If you can get us a packet capture of the network booting process of the Surface Pro 3, it would help us to improve our DHCP & DNSMASQ default configurations.

xerxes2985

@Wayne-Workman I’m using

Running Version 1.3.0-RC-23
SVN Revision: 6017

@Scott-Adams
Here are the contents of my itsp.conf

port=0
log-dhcp
tftp-root=/tftpboot
dhcp-no-override
dhcp-boot=undionly.kpxe,,x.x.x.x
pxe-prompt="Booting FOG Client", 20
pxe-service=X86PC, "Boot BIOS PXE", undionly.kpxe
pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe.efi
pxe-service=X86-64_EFI, "Boot UEFI PXE-64" ipxe.efi
pxe-service=X86-64_EFI, "Boot Surface UEFI" snponly.efi
dhcp-range=x.x.x.x,proxy

When I PXE boot and select my snponly.efi entry the screen flashes, then goes back to the “Surface” logo.

george1421

@xerxes2985 Yeah that config file won’t do what you need. If you are up for a little road trip I think we can collect what we need to get you started.

As long as your fog server, dhcp server and target computer are on the same subnet we can use the FOG server to eavesdrop on the dhcp / pxe booting process to give us some insight for tweaking the ltsp.conf file.

To set this up, make sure all ll three on the same subnet.

1. Run this tcpdump command: tcpdump -w output.pcap port 67 or port 68 or port 69 or port 4011
2. PXE boot the target computer to the error or failure how ever you look at it.
3. Post the pcap file here so we can look at it.

The tcpdump filter will only capture dhcp, tftp, and dhcpProxy traffic so you can be sure that no internal data will leak out. You can review the output.pcap file with wireshark if you want to be sure.

Now with your snponly.efi line, can you test to see if the ipxe7156.efi file boots your surface pro better. We are taking several approaches here to see which one fits the best for your situation.

@Wayne-Workman I think once we get a solid path forward on this devices we need to get this information documented and then into a wiki. These surface pros are not going away any time soon.

Wayne Workman

@george1421 Completely agree. I’ve been meaning to collect all of our information and put it in one spot. I’ll start on it tonight at least, and at least get all the links together.

george1421

@Scott-Adams said in Surface Pro 3 - ipxe issues:

In my environment, I use both Surface Pro 3s and Surface Pro 4s.

I use snponly.efi and can image my Surfaces.

Could you document your entire setup for the surface pros only the PXE booting and FOG parts. We need to know dhcp settings and network adapter used, and if there is any relevancy to bios version or setting you did to make this work. I think you hold the key to getting snponly.efi or even ipxe.efi working for these guys.

xerxes2985

0_1479320050891_test.pcap

@george1421

here’s a wireshark capture I did of any traffic going into FOG

xerxes2985

@george1421

Now that I figured out how to take it out of my Ubuntu server, here is the file.
0_1479321004153_output.pcap

george1421

I’m IM’ing with you but its pretty lonely when you don’t respond.

Here is the relevant information from the pcap file. Its packet #7.

We can see that this device has a unique UUID which is cool we can use that if we want to create a custom dnsmasq filter.
We also can see that the system arch is type 7 EFI BC. That info will be used in the ltsp.conf file. According to your posted config file dnsmasq should send ipxe.efi for the type BC_EFI.

george1421

I had a quick IM session with the OP. He was able to get the surface pro to boot using the ipxe7156.efi file. He went the bit longer way the wiki defined to get to the right answer. But this route would have worked too. (the longer way is the proper way if you need to add filters some time in the future).

<edit> the OP IM’d me and said that this route did not work as expected so he went the longer route. Do no follow this section since it is now suspect.
In his posted ltsp.conf file, if he would have replaced

pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe.efi

with

pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe7156.efi

it would have worked equally as well.

But this way unfortunate all Arch 7 type devices would get the same ipxe boot file. With filters you can tailor the boot file based on the specific booting client type (assuming that the vendor set the uuid field correctly)

xerxes2985

All,

I’ve modified my itsp.conf to the following based upon ProxyDHCP_with_dnsmasq:Adding (a bit more complex) UEFI support to the basic script

port=0
log-dhcp
tftp-root=/tftpboot
dhcp-no-override

dhcp-vendorclass=BIOS,PXEClient:Arch:00000
dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
dhcp-vendorclass=UEFI,PXEClient:Arch:00007
dhcp-vendorclass=UEFI64,PXEClient:Arch:00009

dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,x.x.x.x
dhcp-boot=net:UEFI,ipxe7156.efi,,x.x.x.x
dhcp-boot=net:UEFI64,ipxe.efi,,x.x.x.x
dhcp-boot=undionly.kpxe,,x.x.x.x
pxe-prompt="Booting FOG Client", 20

dhcp-range=x.x.x.x,proxy

The key to getting the Surface Pro 3 to PXE boot into the FOG Menu, and successfully start a Full Registration was modifying the following values.

dhcp-boot=net:UEFI,ipxe.efi,,x.x.x.x

To This

dhcp-boot=net:UEFI,ipxe7156.efi,,x.x.x.x

I am currently 12% of the way through capturing an image, although my VM will probably fill up.

george1421

@xerxes2985 You have the proper setup now. Adding filters (if you need them) is just a short walk from there. There is two ways you can go with the config file, easy and a little harder. But the little harder gives you many more options.

The wiki page you referenced is based on my working document here: https://forums.fogproject.org/topic/8726/advanced-dnsmasq-techniques

which goes into the details a bit more.

Tom Elliott

@xerxes2985 is it possible it’s looping back because it’s looking for snponly.efi.0?

Wayne Workman

@george1421

PXEClient:Arch:00007:UNDI:003016

Either one of two things here…

Either this is not a Surface 3 but is actually a Surface 4, or, all Surface Pros have the exact same vendor class identifier.

Why do I say this? That vendor class identifier is exactly what we found for a Surface Pro 4 and integrated into FOG’s built-in DHCP configuration:
https://github.com/FOGProject/fogproject/blob/dev-branch/lib/common/functions.sh#L2020

Tom Elliott

@Wayne-Workman I only say that because he’s using Dnsmasq (.0). I’m not sure if Dnsmasq still looks for .0 regardless of what the filename actually is.