PXE-E32 Error; Not sure what went wrong.



  • Not entirely sure what went wrong, but when I attepmed to PXE boot the machine with the image I wanted to capture, I ran into this error after getting an address from dhcp. Option 66 and 67 are configured in the Windows DCHP server with the TFTP server address and undionly.kpxe.
    I am using CentOS 7 and FOG v1.5.4
    I have not been able to find a solution on these forums.



  • @sebastian-roth Can go ahead and mark this as solved. Thank you for the help.


  • Developer

    @jazkw said in PXE-E32 Error; Not sure what went wrong.:

    EDIT: Disabling firewalld got it to work.

    Just add TCP port 80 to your firewall config and you should be fine. Although there might be later issues with NFS… If you are not familiar with firewall configuration you might want to leave it disabled for now till you have it all up and running. Later on you can still enable it again and add ports as needed.



  • @sebastian-roth No I was not able to connect to the Fog server from another PC.

    EDIT: Disabling firewalld got it to work.

    This is what I got from the iptables:

    [root@FOG init.d]# sudo iptables -L -n -v
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
        0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
        0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
        0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
    5331K  892M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
     504K   31M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
     196K   25M INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     196K   25M INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     196K   25M INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
     132K   17M REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
        0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
        0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
        0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
        0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
    
    Chain OUTPUT (policy ACCEPT 5282K packets, 800M bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68
    5840K  886M OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain FORWARD_IN_ZONES (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 FWDI_public  all  --  em1    *       0.0.0.0/0            0.0.0.0/0           [goto] 
        0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 
    
    Chain FORWARD_IN_ZONES_SOURCE (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FORWARD_OUT_ZONES (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 FWDO_public  all  --  *      em1     0.0.0.0/0            0.0.0.0/0           [goto] 
        0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 
    
    Chain FORWARD_OUT_ZONES_SOURCE (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FORWARD_direct (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FWDI_public (2 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain FWDI_public_allow (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FWDI_public_deny (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FWDI_public_log (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FWDO_public (2 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain FWDO_public_allow (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FWDO_public_deny (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FWDO_public_log (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain INPUT_ZONES (1 references)
     pkts bytes target     prot opt in     out     source               destination         
     140K   18M IN_public  all  --  em1    *       0.0.0.0/0            0.0.0.0/0           [goto] 
       47  6862 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 
    
    Chain INPUT_ZONES_SOURCE (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain INPUT_direct (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     2    --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain IN_public (2 references)
     pkts bytes target     prot opt in     out     source               destination         
     196K   25M IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     196K   25M IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     196K   25M IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       30  1827 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain IN_public_allow (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
       15   975 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:69 ctstate NEW
    63870 7604K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:49152:65532 ctstate NEW
    
    Chain IN_public_deny (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain IN_public_log (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT_direct (1 references)
     pkts bytes target     prot opt in     out     source               destination ```

  • Developer

    @JazKW Thanks for the picture. I see http://.../boot.php...................... Connection timed out .... This is a big issue. The client is not able to load the iPXE menu stuff and fails. Are you able to open this URL in your browser from a PC within your network: http://192.168.1.87/fog/service/ipxe/boot.php

    My guess is that you have a local firewall not allowing this connection. Please check using sudo iptables -L -n -v (post full output here).



  • @george1421 Not sure if you have any control over it, but you may want to update the uninstall article on the wiki for systemd. I may have bad or redundant service files from previous install attempts, unless they were overwritten.


  • Moderator

    @jazkw I’d have to look into what the installer is doing, but your FOG server is running in a systemd environment not systemv as the older versions of linux. SystemD uses systemctl which stores the init files in a different location instead of init.d (that is where systemv uses).



  • @george1421 There is one other thing I’ve noticed each time I went to uninstall and reinstall FOG, none of the services exist.
    When I go to run these commands

    sudo rm /etc/init.d/FOGImageReplicator
    sudo rm /etc/init.d/FOGMulticastManager
    sudo rm /etc/init.d/FOGScheduler```
    

    I get:
    [root@FOG NetworkManager]# sudo rm /etc/init.d/FOGImageReplicator
    rm: cannot remove ‘/etc/init.d/FOGImageReplicator’: No such file or directory

    For each one; and when I go to check where they’re supposed to be located, they aren’t there

    [root@FOG init.d]# ls -la
    total 40
    drwxr-xr-x.  2 root root    70 Aug  6 10:33 .
    drwxr-xr-x. 10 root root   127 Aug  6 10:32 ..
    -rw-r--r--.  1 root root 18104 Jan  2  2018 functions
    -rwxr-xr-x.  1 root root  4334 Jan  2  2018 netconsole
    -rwxr-xr-x.  1 root root  7293 Jan  2  2018 network
    -rw-r--r--.  1 root root  1160 Apr 11 03:36 README
    

  • Moderator

    @jazkw OK fair enough. Just be aware with the capture filter defined in that article only pxe booting and dhcp process will be captured in the pcap. No PII is available at this point in the booting process. Even windows isn’t involved where we want to capture. Now I agree if you don’t use the exact capture filter I defined you may indirectly capture info you don’t want.

    If you are able to capture a pcap, but don’t want to post it here, or IM me the link to the pcap, we can still work indirectly via your eyes with the pcap, but it will take much longer that way.



  • @george1421 Stopping dnsmasq didn’t change anything, still the same result and same error. Need to review network policy before attempting a packet capture.


  • Moderator

    @jazkw Well it depends on what mode dnsmasq is configured in. If its setup as proxydhcp then it could be mucking up the works. The config file path shown is not something that FOG would setup or configure. That looks like some other application configured dnsmasq for you.

    If in doubt, key in systemctl stop dnsmasq to temporarily stop the service. Then try to pxe boot. If you still can’t understand what is going wrong then lets capture a packet trace of the pxe booting process. As long as the FOG server and the pxe booting client are on the same subnet, we can use FOG to spy on the pxe booting process. If the target computer is on a different subnet then we will need a second computer on the pxe booting computer’s subnet with wireshark installed.

    I have a tutorial on how to capture a pcap of the pxe booting process here: https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue



  • 0_1534249781761_20180809_092028~01.jpg



  • @george1421 It shouldn’t be. I have it set up with the windows DHCP server. If dnsmasq is running, it shouldn’t. So at this point I would be asking how to turn it off, because it seems like it’d be what’s causing the Host machine not to be able to PXE boot.


  • Moderator

    @jazkw The question I wonder is why dnsmasq is running on this computer? There are valid uses for dnsmasq with FOG, but why its active with this setup.


  • Developer

    @JazKW As far as I can see there is no DHCP server running or configured in fogsettings. Can you please take a picture of the Could not boot: ... error on screen. Possibly there is some important information we are still missing.



  • @sebastian-roth This is the result I got from the two commands:

    [root@FOG fog]# ps ax | grep dhc
     4197 ?        S      0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
     4198 ?        S      0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
    19862 pts/0    S+     0:00 grep --color=auto dhc
    [root@FOG fog]# cat /opt/fog/.fogsettings
    ## Start of FOG Settings
    ## Created by the FOG Installer
    ## Find more information about this file in the FOG Project wiki:
    ##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
    ## Version: 1.5.4
    ## Install time: Thu 09 Aug 2018 08:48:22 AM EDT
    ipaddress='192.168.1.87'
    copybackold='0'
    interface='eth0'
    submask='255.255.255.0'
    routeraddress='192.168.1.18'
    plainrouter='192.168.1.18'
    dnsaddress='192.168.1.18'
    username='fog'
    password='Qigd/N34xpA2aa0amHlKfnz+zbeHkxgM8l4RwVAW0tk='
    osid='1'
    osname='Redhat'
    dodhcp='N'
    bldhcp='0'
    dhcpd='dhcpd'
    blexports='1'
    installtype='N'
    snmysqluser='root'
    snmysqlpass=''
    snmysqlhost='localhost'
    installlang='0'
    storageLocation='/images'
    fogupdateloaded=1
    docroot='/var/www/html/'
    webroot='/fog/'
    caCreated='yes'
    httpproto='http'
    startrange=''
    endrange=''
    bootfilename='undionly.kpxe'
    packages='bc curl gcc gcc-c++ genisoimage gzip httpd lftp m4 make mariadb mariadb-server mod_ssl mtools net-tools nfs-utils php php-bcmath php-cli php-common php-fpm php-gd php-ldap php-mbstring php-mcrypt php-mysqlnd php-process syslinux tar tftp-server unzip vsftpd wget xinetd xz-devel '
    noTftpBuild=''
    notpxedefaultfile=''
    sslpath='/opt/fog/snapins/ssl/'
    backupPath='/home/'
    php_ver=''
    php_verAdds=''
    sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
    ## End of FOG Settings
    [root@FOG fog]# 
    

  • Developer

    @JazKW As far as I know from the top of my head the submask setting is mostly used to generate a valid DHCP config. If you are using a Windows DHCP server, that should not cause an issue. But I am wondering if DHCP on your FOG server is still running and might cause an issue? Please run the following commands and post results here:

    ps ax | grep dhc
    cat /opt/fog/.fogsettings
    


  • @sebastian-roth TFTP was not enabled in firewalld so it was not getting through, but I’ve run into another error.
    Could not boot: Connection timed out (http://ipxe.org/4c0a6035)
    I did check the specified files on the wiki and the IP address is correct for both files. But in .fogsettings submask has: ‘Error: =4099<UP,BROADCAST,MULTICAST> is not recognized’ instead of an actual subnet mask, would this be the possible cause?


  • Developer

    @JazKW Please follow the TFTP troubleshooting guide and let us know what you get.



  • @sebastian-roth The ip address in option 66 and that of the fog server match.


Log in to reply
 

419
Online

6.2k
Users

13.6k
Topics

128.0k
Posts