FOG UEFI Boot Hyper-V 2016
-
@ty900000 If you have time to debug this we can tell you what is going sideways.
Follow the steps here to get a pcap and post it here for review: https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue
Also note I was appending to my previous post when you write yours.
-
Yeah, I got some time. Thanks!!
I tried 00002, 00006, 00008, 00007, 00009 and made the appropriate .efi file change in DHCP. The only one that picked up the proper .efi file was the 00007. If that makes sense.
-
-
@ty900000 looking at it now…
Client is arch 7 EFI:BC
dhcp server 192.168.160.5 responds with:
next server - 192.168.160.90
boot file - ipxe7156.efi
your IP - 192.168.160.234
tftp server - 192.168.160.90after normal dhcp handshake then client pulls file size
ipxe7156.efi from tftp server 192.168.160.90Then requests ipxe7156.efi from tftp server.
What I see strange is that the client only asked for the first block of 1482 bytes. Then in at least what is in the capture it never asks for any more. I think the ipxe.efi file is a bit more than 1482 bytes.
Minus the last bit this should be a fully functional and correct dhcp/pxe booting process.
-
@ty900000 Since I’m ignorant of hyper-v is there such a thing as secure boot? And it is turned off??
-
Thanks for looking at it. Yeah, I disabled Secure Boot before I even booted the server the first time.
-
@ty900000 Secure boot must be off in the moment you boot via EFI to PXE. Or what do you mean with “first time”?
-
@ty900000 I’m still searching to see if someone else is able to pxe boot iPXE on gen2 hyper-v
-
Cool. Thank you. I appreciate it a lot.
Before I even boot a server, I change a bunch of settings: add more processors, change checkpoint type, disable secure boot, etc. before I click Start… in Hyper-V.
-
@ty900000 it sounds like network isn’t working for you, maybe you need another kernel @george1421?
Is this your post? https://community.spiceworks.com/topic/1957582-pxe-problem-hyper-v-2016-with-gen2-
vm-uefi-bootIt seems your problem is known and unsolved
https://forums.fogproject.org/topic/8843/pxe-booting-hyper-v-2016 -
No, neither of those posts is mine. For the Spiceworks post, I am getting a DHCP address pulled in. And for the Fog Forum post, I am using a Gen 2 machine, not a Gen 1. I can boot a Gen 1 machine via PXE, but would like to make a Gen 2 machine.
-
@ty900000 So you cannot legacy pxe boot on the Gen 2 machine?
-
@ty900000 Does it have an option for a different type of network card as in VMWare there is E1000 and VMX
-
@Tom-Elliott So far what I found is that gen 2 is uefi only system.
I was thinking about seeing if we can get ipxe.efi to boot from an iso image to see if its a cruddy uefi network firmware issue or something else. I’m taking a break for lunch but will dig into it later.
I don’t have any experience with hyper-v so I can’t test it in my lab at all.
-
I will setup a Hyper-V lab this Saturday. If there is no answer I can let you know on Monday
-
Thank you both for the help! Let me know if there is anything else you need from me for debugging/verification.
-
@ty900000 <snarky> Yeah use VMWare instead </snarky>
As far as I can see ipxe.efi should work with a hyper-v gen 2 uefi virtual machine. I’ve seen videos of this working.
Can you tell me what your end game is here with pxe booting a hyper-v vm? I have a few other options in my back pocket that we may have to use depending on what your plan is.
-
Ha! Yeah, I had to fight to use Hyper-V in the first place…
I work for a federal government contracting company and we have orders to harden our systems, network, infrastructure, etc by the end of the year. One of our guys already created an image of a 2016 server with a hardened baseline. I was hoping I could just blow that image to a VM, rather than use the generic ISO and rebuild all the security hardening from scratch every time we need to set up a server.
-
@ty900000 while this is off point of your post.
I know of a company that must compily with USGCB/STIG/NIST standards. Those policies are typically applied by GPO generally. They use MDT to build a baseline system with some of the “stuff” already in the box and configured for compliance the rest is applied by GPO.
They use MDT to build the reference image using a virtual machine running under VMWare. Once that reference image is created on the VM, they sysprep it and power it off. (now this is a feature of VMWare so I can’t speak for Hyper-V). The shutdown VM is then turned into a VM template. When ever they need a new virtual machine they just clone the vm template to a virtual machine. No external services are required here other than MDT to build the golden image to start with. By using MDT they can refresh their vm template on some interval with the latest windows updates and STIG requirements.
But we still should identify the proper settings to pxe boot a hyper-v vm. I know this won’t be the last time this issue comes up on the forums. UEFI is here to stay.
-
Okay, yeah. I just did a quick Google and Hyper-V can make templates akin to VMWare’s operation. (I’m new to Hyper-V, myself) That may be our best option going forward. Thanks for the tip.
And, it is possible our network is wonky. I’m the same guy from the Multicast being really slow issue: https://forums.fogproject.org/topic/10017/fog-server-cpu-requirements. So, it wouldn’t surprise me if 99% of the world had this working and my company is part of the 1% with a bad network setup.
But, yeah. If this is a more common issue than just me, I’m more than willing to help in any way I can with it.