PXE UEFI boot problems
-
I have some problems with booting UEFI in another network.
First lets explain what we have:There are two different networks.
Network one - quarantine network
The FOG server is inside this network and use the DHCP server from the FOG.
Network two - client network
This network get his ip address from a Unifi DHCP server.Now lets explain what i want todo:
We want to integrate the clients also to the PXE network so i can capture and deploy those system from the same PXE server to an Synology NAS center.Now lets explain what is the problem:
Network one - quarantine network
Everything here is working fine. I can boot from BIOS (legacy) and UEFI. We deploy here many systems on a day.
Network two - client network
I can start the PXE from the BIOS (legacy) but not from UEFI and i don’t know how i can resolve this problem.
On the Unifi console there is an option DHCP Network boot and a filename. If i change this to ipxe.efi i will get the following messageChecking Media Presence... Media Present Start PXE over IPv4. Downloading NBP File... Succeed to download NBP fileAfter this it goes to boot into Windows.
I have also attached an screenshot from my Unifi DHCP settings.
Can anyone help me with this, or tell me what i’m doing wrong???
-
Before I can give you a clear answer, can you tell me why the FOG server is on the quarantine network? What problem are you trying to solve here?
Is there any type of network IP routing between the two networks?
-
Because if the FOG server isn’t in the quarantine network i can’t do a multicast task.
There a plenty of multicast tasks on this network everyday and this is the fastest way to do these multicast tasks.Yes there is a routing between this two networks. In the client network i can ping the fog server and visa versa.
-
@eazis Ok, when you use industry specific key words like ‘quarantine’, I wanted to make sure there wasn’t something more going on here than expected.
So for your business network, you want to do point to point (unicast) imaging only? If you want to do multicast imaging your router between the two subnets must support multicast routing.
OK to your initial question. The issue you have is your dhcp server on your business network doesn’t support dynamic boot files. If you want to pxe boot both uefi and bios (legacy mode) computers, your dhcp server needs to be smart enough to send the appropriate boot file based on the pxe booting client computer. In the case of the fog server, it uses isc-dhcp server which has a specific configuration to dynamically switch between the two boot files.
So if your dhcp server doesn’t support this you can use a ProxyDhcp server (like dnsmasq) to only supply the pxe booting information. This is not a dhcp server replacement (it can be, but not in this instance), but a dhcp add on function called ProxyDHCP. Where the dnsmasq server listens for a discover request from a pxe booting client and sends out a ProxyDHCP offer in addition to your primary dhcp server sending out a dhcp offer.
Dnsmasq (or any other ProxyDHCP service) can run on the fog server, or on a windows or linux box on your business network.
-
@george1421 said in PXE UEFI boot problems:
@eazis Ok, when you use industry specific key words like ‘quarantine’, I wanted to make sure there wasn’t something more going on here than expected.
So for your business network, you want to do point to point (unicast) imaging only? If you want to do multicast imaging your router between the two subnets must support multicast routing.
OK to your initial question. The issue you have is your dhcp server on your business network doesn’t support dynamic boot files. If you want to pxe boot both uefi and bios (legacy mode) computers, your dhcp server needs to be smart enough to send the appropriate boot file based on the pxe booting client computer. In the case of the fog server, it uses isc-dhcp server which has a specific configuration to dynamically switch between the two boot files.
So if your dhcp server doesn’t support this you can use a ProxyDhcp server (like dnsmasq) to only supply the pxe booting information. This is not a dhcp server replacement (it can be, but not in this instance), but a dhcp add on function called ProxyDHCP. Where the dnsmasq server listens for a discover request from a pxe booting client and sends out a ProxyDHCP offer in addition to your primary dhcp server sending out a dhcp offer.
Dnsmasq (or any other ProxyDHCP service) can run on the fog server, or on a windows or linux box on your business network.
In the client network (business network) there are only clients for UEFI. So there is no need for BIOS (legacy).
I don’t need dynamic boot files on this network. So i thought if i change the filename to ipxe.efi then it will start in UEFI but this is only what i getChecking Media Presence... Media Present Start PXE over IPv4. Downloading NBP File... Succeed to download NBP fileAfter this it goes to boot into Windows.
If i change the filename back to undionly.kkpxe and change the BIOS to non-UEFI it will start over PXE.
-
@eazis ok lets collect a bit more info then.
- What version of fog are you using?
- What is the manufacturer and model of the target hardware.
- Has the firmware been updated on the target hardware
- (which probably should be #1) Have you disabled secure boot on the target computer?
What I find strange is that the iPXE kernel is not starting at all. This makes me think secure boot has not been disabled.
-
- Fog version: 1.5.0
- ASUS (EEE family) A4110
- No firmware changes
- Secure boot is disabled on target computer
When i connect this computer to the “quarantine network” it can boot from UEFI.
If i connect it back to the “client network” it can’t boot from UEFI… -
@eazis To rule out the workstation from this problem, if you (have you) moved a non-pxe booting computer from the business network to the imaging network and confirmed it boots into the iPXE menu?
We are missing something here iPXE should boot no matter what subnet. The next steps will be to get wireshark setup to capture some packets.
-
Yes indeed.
That’s the strange thing…it don’t boot into iPXE
If i do the following command on the “client network” in Windows it download succesfully the fileF:\>tftp -i 10.54.68.102 GET ipxe.efi Transfer successful: 994176 bytes in 1 second(s), 994176 bytes/s -
@eazis Again to rule out the workstation, please test a non-functioning one from the business network on the imaging network. We have seen some systems with pretty cruddy uefi firmware that have been fixed with firmware updates. I want to rule out a hardware issue before going to packet capture.
-
There is no hardware issue, because if i rule out the workstation to the imaging network it boot into iPXE with UEFI
-
@eazis Ok then, wireshark is the next steps, as well as tcpdump on the fog server.
On the fog server you will want to follow this guide: https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue
In reality since your target computer is on another subnet, all you need is port 69 (tftp) the rest are dhcp and proxydhcp.
You will need a computer with wireshark loaded and on the same subnet as the non-pxe booting computer. Ideally this non-pxe booting computer should be on the same subnet as your main dhcp server. For wireshark you will want to run this capture filter
port 67 or port 68The process will be to start tcpdump on the fog server, then wireshark capture and then pxe boot a failing pxe boot system. As soon as the pxe boot system starts into windows then stop wireshark and then stop tcpdump. You can either review with wireshark or upload to a dropbox or google drive and I will review it. What we are looking for is the target system will send a dhcp discover packet. That packet will state the type of computer it is. Then your dhcp server should send out a dhcp offer. You should have only one offer from one dhcp server.
As for the pcap from the fog server, I’m interested in seeing the requested file is transferred completely.
-
Sorry for the delay. I had some other problems to resolve.
Now the ASUS (EEE family) A4110 can boot from the PXE network. But i still have some clients with UEFI that can’t boot.
They have the following error:Server IP address is 10.54.68.102 NBP filename is ipxe.efiÿ NBP filesize is 0 Bytes PXE-E23: Client recieved TFTP error from serverIt looks like that this ÿ is wrong. Any suggestions to resolve this? I have included tcpdump on the following link.
http://www.eazis.com/output.pcapMany thanks.
-
@eazis said in PXE UEFI boot problems:
NBP filename is ipxe.efiÿ
Did you copy&paste the filename into the Unifi DHCP settings page? Maybe just clear the setting and re-type by hand to make sure there is no hidden character in that filename field. I can clearly see 0xff in the PCAP file… So either the Unifi DHCP is doing something really weird or there is a character in that field.
