Client doesn't boot from FOG
-
Hello
I’ll try to include as much Information as possible without getting too long.
I’m on a Project right now to install FOG in an existing infrastructure.
The Idea is to Image fat clients from the client network and deploy them onto other devices.There are 3 Networks involved:
172.16.8.0/24 - DHCP/DNS-Server(Windows Server), citrix pxe Server
The Citrix Environment needs to stay.
172.16.21.0/24 - VMs such as the FOG-server (hosted on VMware ESXi)
172.16.28.0/23 - Clients booting from the citrix Server and fat clients like Notebooks.I have installed FOG on an Ubuntu 18.04.2 Server.
I did not know how to configure my existing dhcp on fog because it is in a different subnet.
The Clients receive the correct ip from the DHCP-reservations.
Here is a short summary of the Installation:
Option 2 - Debian based
reinstalled apache… files (y)
Normal Installation
didnt Change ip in use (correct)
didn’t Change interface (n)
no router address configured (n)
dhcp does not handle dns (n)
no dhcp on fog (n)
language support (y)
accept, mysql Password…
I’m able to Access the web interface and tried to add my test-Client manually (just the Name and MAC) so fog would recognize a dhcp-request for it, but without luck.The fog Server uses cntlm to authenticate to the Proxyserver.
I had to download the binaries for the fog installation manually but didn’t have any other Problems.
We added a dhcp-relay on the router for the fog-server. All other Servers (dhcp and citrix pxe) are allready configured.The DHCP-Options are configured to use the citrix pxe by Default (all reservations have Options 11, 66, 67 set for that by default)
I can manually configure Option 66 and 67 for the Clients to use fog.
I replicated the scope to all other DCs and checked it, but the Client did not care at all.
He kept booting and finding the citrix server-ip and file.I tried george1412’s instructions in his post:
https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue
and captured the traffic.
I will try to capture some traffic with Wireshark tomorrow, so i can check on outgoing traffic.Finally my Questions are
Did i do anything wrong in the Installation of fog?
Have i forgotten/overlooked a configuration to get this to work?
Is it even possible to get this to work?Im not at work right now but i can add more details if needed.
Any help is much appreciated, thank you in advance. -
@foguser I’ll answer your questions in different order as it makes more sense to me doing it this way.
Is it even possible to get this to work?
From what I have read so far it looks like a bit of a non-standard setup that needs a bit of knowledge and setting the right configurations. See my later answers.
Did i do anything wrong in the Installation of fog?
Looks fine for me. You don’t want the FOG server to handle DHCP in your network which is perfectly fine. All the other things are clear and correct.
Have i forgotten/overlooked a configuration to get this to work?
You probably have and I am fairly sure we can point you the right way. Maybe not spot on but close enough for you to figure it out.
so fog would recognize a dhcp-request for it, but without luck.
Just to get that right in the first place. In your setup FOG does not care about DHCP at all! You choose to use your own DHCP server and this one is in charge of serving the right information to the clients. BUT the FOG server is taking a share in the whole PXE process and I guess this is where things fail for you.
If you have Citrix Fat Client PXE stuff on by default your clients will boot into that and don’t reach out to the FOG server.
I can manually configure Option 66 and 67 for the Clients to use fog.
I replicated the scope to all other DCs and checked it, but the Client did not care at all.
He kept booting and finding the citrix server-ip and file.So are you planning to manually switch between Citrix and FOG PXE booting the clients? There is only one route you can go or you need to use chainloading to PXE boot from the FOG server first and then hand over to the Citrix if there is no task scheduled for this client (just an idea how you can combine all you have there). But let’s go back to your issue. What did you set Option 66 and 67 to? 66 should be the FOG server IP address (make sure the DHCP hands out gateway information as well as your clients need to talk across the subnets) and 67 should be
undionly.kpxefor legacy BIOS andipxe.efifor UEFI machines (wiki article on this topic).My guess is that DC replication wasn’t properly working and caused the clients to still boot to the Citrix server.
-
I know Sebastian asked you quite a few of these same questions but I’m looking at it from a different perspective.
-
We may need the actual pcap file to debug what is going on. Its best to upload it to a google (or such) drive and then post the link here. That way you can take down the pcap whenever you feel the need.
-
What is your dhcp server? (Windows 2012 or newer server)?
-
Before FOG was introduced into your environment, did you already have dhcp options 66 and 67 configured?
In the case of fog, if you have an existing dhcp server don’t have fog install one. The fog dhcp server is intended to be when you have an isolated imaging network and you need dhcp services. If you have an in place dhcp server and its capable use it. You fog install should just be a standard FOG install.
As for the dhcp-helper/relay settings on your router. You only need those if you are running dnsmasq on your fog server. Normal pxe booting you don’t need to touch your routers unless you can’t route between the subnets.
-
-
I try to answer to both of you, so here we go.
We have a set of clients provided with the service of the pxe citrix server. Notebooks are not part of this (locally installed, no need for pxe-boot until now). I plan to configure them on the dhcp once and leave the options as they are, no switching after that. So every device just needs one service, fog or citrix.
The Citrix server provides the client with a streamed image. The dhcp Option 11 is set for this and have been a few years untill i installed fog some days ago.
The options 11, 66 and 67 are configured on the scope of the client network to use the citrix pxe. No individual options until fog.
The main Problem i still have is, the Notebook boots and gets the address and file of the citrix server.
He gets the correct ip and the option 11 as configured (i tested “not configured” but set which ends either in an error that there is no option 11-> streaming aborted and i tried the ipadress of the fog-server, that he will try to connect to for a few seconds only to boot and do it again)
I tried:
option 11: empty(but set) and fog-ip
option 66: ip of the fog-server and a-record -> servername resolved by dns to the address
option 67: undionly.kpxe just to test, ipxe.efi (notebook uses uefi)
All configured directly on the dhcp-reservation. Do i need the Policy/vendor class?
I thought the individual configurations on a reservation are prioritized in every case of configuration.
The DHCP-Server is Windows Server 2012 R2.
In a recent wireshark capture on the fog server i saw some dhcp-requests and discover due to the dhcp-relay configured on the router but nothing other than that between the network/hosts.
I keep trying to figure out why the DHCP-options arent used to boot. I think thats the first and maybe only problem i have to solve. -
@foguser said in Client doesn't boot from FOG:
Please stick with me with these (many) questions. I’m trying to draw a picture in my mind of your setup by using your words.
We have a set of clients provided with the service of the pxe citrix server. Notebooks are not part of this (locally installed, no need for pxe-boot until now). I plan to configure them on the dhcp once and leave the options as they are, no switching after that. So every device just needs one service, fog or citrix.
Lets come back to this since you have a windows 2012 dhcp server you can create filters to send the right boot file if needed. We use this technique for sending the right boot file for uefi vs bios type computers. I’m pretty sure we can make this all automatic once we get the pxe booting worked out
The Citrix server provides the client with a streamed image. The dhcp Option 11 is set for this and have been a few years untill i installed fog some days ago.
The options 11, 66 and 67 are configured on the scope of the client network to use the citrix pxe. No individual options until fogFOG doesn’t care about dhcp option 11 so we can ignore that for now. For testing dhcp option 66 should be the IP address of your fog server (not the fqdn name of your fog server). The reason is some pxe booting roms are pretty dumb where they don’t do a dns lookup for dhcp option 66. For dhcp option 67 it should be either ipxe.efi for a uefi computer or undionly.kpxe for a bios computer.
The main Problem i still have is, the Notebook boots and gets the address and file of the citrix server.
OK to debug this we will need a second computer on the same vlan/subnet as the pxe booting computer. On this second computer install wireshark with the capture filter of
port 67 and port 68. Start wireshark and then pxe boot the target computer. Once the target computer errors out stop wireshark. Please post the pcap so I can review it. I am interested in the DHCP OFFERS (not show in your initial picture). I’m interested in the OFFERS to see what the dhcp server is telling the target computer for boot-server and boot-file.The DHCP-Server is Windows Server 2012 R2.
This wiki page will help when you get things working to automatically manage uefi and bios boot files: https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence#Using_Windows_Server_2012_.28R1_and_later.29_DHCP_Policy
Lets get the pcap from the target computer’s perspective. In my tutorial you will only see the FOG server’s side of the conversation because your target computers are on a different subnet from the fog server. If the target computer is on the same subnet as the fog and dhcp server you can get a complete picture of the booting process. In you case we will need to look at each side to understand what is going wrong.
-
@george1421
i dont know how much more time i will invest in this.
I maybe just try to build a mini-network to be able to use fog.I really dont care too much if its all automatic. I also saw the article on how to change the bios/uefi file for machines.
As i saw so far i only have to use uefi-machines, so it wouldn’t matter.As it came out today, option 11 isnt needed anymore. I used the ip for option 66 and ipxe.efi for 67.
I installed wireshark on the notebook and made a test with ipconfig /release and /renew.
The notebook received the correct ip, filename and destination server with the dhcp offer.
When i bootet it again, it did not care again and just downloaded the citrix nbp-file.
Is there some sort of cache involved on the dhcp-server or client that i maybe have to flush/configure?
The citrix-environment is really the main focus in our company. We have well over 100 clients using this daily and i’m not the caretaker for this service. So my goal is to get it working with changing as little as possible on the citrix service.I opened up all ports on the fog server, to make sure nothing is blocked, but i was again only seeing dhcp requests and discoveries. Not to my surprise because the client does, as mentioned above, never try to boot from there.
Something special about that was, that for each dhcp-request on port 67/68 (dont know exactly anymore) a ‘destination unreachable port unreachable’ answer was generated. i dont know why or where this should come from, as i have opened all input traffic.
Im not at work right now and i’ll see if i get the time to provide something too look at. Maybe i just have time in the evening (like now) to add some more detail.
Another question: We have a kind of test-environment based on a seperate vlan.
Does a vlan matter if all traffic is handled on the same one? generally is a vlan a problem?
I can ping the fog-server from the notebook / other clients, so the connectivity is there. -
@foguser said in Client doesn't boot from FOG:
When i bootet it again, it did not care again and just downloaded the citrix nbp-file.
This is why I need to see the pcap file, not a picture of it but the actual file so I can peek at its bits. I need to see who is telling what to load.
opened up all ports on the fog server, to make sure nothing is blocked, but i was again only seeing dhcp requests and discoveries. Not to my surprise because the client does, as mentioned above, never try to boot from there.
The fog server is not in the picture at the moment. Right now the actors are the pxe booting computer and what ever dhcp servers respond to the target computer. FOG comes into play as soon as the target computer asks for the boot file pointed to by dhcp option 67. Your focus needs to be capturing what dhcp server is telling the client. That will be in the pcap. I only care (read want to see) the dhcp packets that is why I recommended using the capture filter of
port 67 and port 68
