PXE UEFI booting Lenovo Yoga X1
I hope I’m not late to the party. We got new machines here at the school and I have decided to install the latest version of FOG to make it work with UEFI. The old version still works but with BIOS only.
The new fog server is working well in BIOS mode with the new laptops but not in UEFI mode.
I followed the steps from here https://wiki.fogproject.org/wiki/index.php?title=BIOS_and_UEFI_Co-Existence#Using_Windows_Server_2012_.28R1_and_later.29_DHCP_Policy but it doesn’t work.
I also tried changing the default boot from BIOS to UEFI in the DHCP server to see whether the laptops could boot with no success. Secure boot has been disabled on the laptops.
I’m wondering if I have to add something to the .fogsettings file? I only see undionly.kpxe as the bootfilename.
Our DHCP server is a Windows Server 2012 R2.
I also tried with an old Lenovo X240 with no success.
@fogmania Well done!!
Found the culprit!!!
One laptop was contacting one of the DHCP servers and and the other was contacting the other one.
It was an issue related to server replication, now everything is working at the moment.
Tanks again George, I really appreciate your help.
@fogmania Firmware the same on both laptops?
If you would upload both pcaps to a google drive and DM me the links, I’ll take a look at them to see if I can spot anything different. I’m sure they are the same, just sometimes I get luck.
I have rechecked everything and it looks good to me. I’m also having 2 different responses from 2 identical computers. I checked in wireshark and everything looks the same except that one of the computers gets undionly.kpxe and the other gets ipxe.efi.
IP’s are on same subnet, DHCP server is responding and fog server too. I deleted all policies and filters and created only the filter and policy for the 00007 NIC. Still one gets UEFI, the other does not.
I checked and safe mode is disabled in both laptops. UEFI is enabled in both laptops. Both laptops have the same Architecture according to Wireshark.
I thank you George for your efforts anyway, keep up your good job, it is invaluable to me and this community.
@fogmania You have the right tools and skills right now to find out what is going on. Also you have 2 different responses from two different computers. Compare the computer’s discovery with the dhcp server offer to try to identify what went wrong. I’m suspecting you have a policy or a filter with a type-o in it. Its very easy to do when you are keying in the arch ID in your dhcp server.
@george1421 Thanks George,
I had a look at it as you said and I’m getting an offer from the DHCP server with an IP address on the same subnet. The next server IP address is the FOG server but I don’t know why the boot file name is still undionly.kpxe.
With the other identical laptop I’m getting the same results but that other laptop is getting the ipxe.efi, I’m scratching my head a lot as to why this would be happening with two identical laptops.
I’m going to have a look at it again closely today and get back to you. I hope it is not too much bothering from my part.
This boot kernel has been removed because the iPXE project fixed the issue with ipxe.efi so there was no reason to keep an old version of iPXE (release 7156).
Now in your same pcap, packet #2 should be an offer from your dhcp server. Make sure there is only one offer, and its from your dhcp server (or the router’s dhcp-relay interface). Look at that packet before the option numbers there are some fields. You are interested in the Next Server and Boot file name fields. The Next Server should point to the IP address of your FOG server, and the boot file name should be ipxe.efi for this specific troubled server. If these blank, look down in the options for option 66 and 67. These fields instruct the pxe booting client the needed information on how to pxe boot.
Here are the results:
Acording to the documentation, I need to use ipxe7156.efi but I don’t have it in the tftpboot folder.
This is how I have the DHCP scope policy now: I created a policy for each architecture just in case:
@fogmania The picture you showed me only had 2 uefi definitions created, you should have 3. One for type 6,7, and 9.
OK what we are going to do is to use wireshark to find out what is going on. You will need to install wireshark on a computer that is on the same subnet as the target computer. I want you to use the following capture filter in wireshark “port 67 or port 68”. Then keep the time between you starting wireshark and pxe booting the computer to an error. Once you receive an error stop wireshark capture and look at the data.
You should see a dhcp discover packet coming from 0.0.0.0 going to 255.255.255.255 address, click on that packet, then down below click on the triangle (twisty) next to the text “Bootstrap Protocol Discover”. Then scroll down the list until you see Option 93 and the click on the triangle there. That line is the client computer saying “hello I’m type XX” You need to have a matching policy in your dhcp server that matches that system type.
I did create a policy for each definition. Funnily, One of the X1 Yoga is now booting to UEFI having this config. The other one is still getting the NBP file message.
Why could this be happening? They are connected to the same switch, the Lenovo X240 is also getting the NBP file message.
Option 66 is currently with my Fog Server’s IP.
I feel I’m getting there but I’m stuck at the moment, I’m no expert in Fog.
@fogmania Be aware there are 2 64 bit uefi version BC and i86-x64 (type 7 and type 9) in addition to the 32 bit (type 6) (as said from memory). You are missing half of the definitions.
Also for dhcp option 66, you should use ip addresses and not host names.
Here is the screenshot with the scope options for the subnet mentioned:
@fogmania Yep the picture says it all. Wrong boot file. (NBP == uefi system).
Now I can tell you if you have a 2012 or 2016 MS dhcp server the instructions do work. That is how I run my environment. You need to ensure your policy is applied to each subnet scope.
Can you show us what the dhcp scope options looks like for the 10.101.82.x subnet? If you use greenshot to grab a screen snapshot you can obfuscate any private details that might appear in the scope.
@tom-elliott Thanks for your reply.
I did make the change and it worked. thanks for that.
Thing is that I want to be able to use both boot files in my environment as we still have some legacy computers at the school.
I tried the steps from the website mentioned before about coexistence of BIOS and UEFI but it didn’t work, undionly.kpxe is still coming up as the bootfile as per the screenshot.
@fogmania There’s the problem. Undionly.kpxe is for Legacy BIOS booting. You’re appearing to boot over EFI.
Try changing your boot file to ipxe.efi?
Thanks for your reply. The PC and the DHCP are not in the same subnet. Here you have the screenshot:
As I said, it is working well for BIOS but not for UEFI. I’m not an expert in this I have to say, I’m just trying to understand and figure things out.
Will you post a screen shot of the error you have on the target computer?
Also is the fog server and pxe target computer on the same subnet? If so we can use tcpdump on the fog server to see what is going on. This will tell us if you have the MS dhcp server setup correctly.