FOG menu not showing up on some machines after DHCP server rebuild
-
[0_1472034851705_wireshark.pcap](Uploading 100%) [0_1472034862838_wireshark.pcap](Uploading 100%) [0_1472034869176_wireshark.pcap](Uploading 100%) [0_1472034874663_wireshark.pcap](Uploading 100%) [0_1472034883351_wireshark.pcap](Uploading 100%) [0_1472034888967_wireshark.pcap](Uploading 100%)
Nope, just tried six more times there…
-
@Jay-Bosworth pcap that Jay was trying to post.
[edit] it contained more communication information that requested (and some stuff that shouldn’t be public). Jay I’ll post what I need you to do to create a new capture. [/ edit] -
@Joe-Schmitt do you know why Jay can’t upload the same file that George can?
-
@Wayne-Workman said in FOG menu not showing up on some machines after DHCP server rebuild:
@Joe-Schmitt do you know why Jay can’t upload the same file that George can?
When I was younger, my mom called me “a unique person” quite often. Its probably that…
I removed the upload pcap file since it contained things that the general public should not see.
-
Okay, thanks, I was afraid of that. I tried to filter it just to the MAC address of the client. I had a feeling it wasn’t enough though.
-
In wireshark, you can apply a filter, and then export the displayed packets.
-
OK I have a few questions:
- Is the target system an apple device?
- Is 10.60.82.15 your fog server?
- What is 192.168.101.2 and why is it sending a dhcp nak (dhcp rejection)
- Did the target get 10.60.16.119?
crud, that one was an iPhone.
I see another one that is a HP device with a mac address of 00:1b:78:a4:a0:6c
But that one looks like a dhcp renewal. What is interesting is that I seen dhcp ACK from 10.20.88.37 and NAKs from 10.60.82.170, 192.168.101.2 and 10.20.0.101This tells me you have multiple dhcp servers attempting to respond to a dhcp request?
-
No, the target system I am testing with right now is an HP DC7800 Microtower. Mac address ends in AB:02
Yes 10.60.82.15 is my FOG server. Not sure what 192.168.101.2 is, but the Health Department rents a room in our district and they have a VPN setup with a DHCP server for their machines. We also have a sonic wall in place for our phones that are on a separate vLan to give them addresses. Target right now is 16.155 but that Wireshark is from a day ago so it may not be the same address now as it was then.
.170 is my main DHCP server.
the .20 addresses belong to my ISD which is our ISP so I will check with them…
I am happy to pull another Wireshark if necessary just let me know the steps I should take.
Thanks,
-
@Jay-Bosworth Its been nuts here this am so it took me a while to grab the screenshot.
Capture requirements.
- Target computer, wireshark computer, and DHCP server need to be on the same subnet to capture broadcast based traffic. If any of these are on a different subnet then you will need to setup wireshark on a mirrored port to the target computer.
- If your FOG server is on the same subnet as the target computer and dhcp server you can use tcpdump on your FOG server to capture the pcap file. (hint: wireshark is not needed).
- Start your pcap capture device. for your FOG server using tcpdump you can use the following command:
tcpdump -w issue.pcap -i eth0 port 67 or port 68 or port 69
or with wireshark select Capture->Options then select the proper network adapter and key the following into the capture filterport 67 or port 68
- Press the start button.
- PXE boot the target computer to the error
- Stop the wireshark/tcpdump capture.
- Analyze the pcap file.
-
I know this doesn’t technically go in here, but it is part of the process I am following to help resolve this… since I haven’t found what was causing the issues yet, I decided to take the plunge and upgrade to 1.3.0. So I am now running 1.3.0-RC-8 and when my computers boot they are stopping at a screen where it is asking for the address of the tftp server. When I type in the IP address of the FOG server it tries to connect to x.x.x.x/default.ipxe, but the connection is timing out. TFTP was working before the upgrade, is it possible the upgrade changed permissions? Any help is appreciated.
Thanks!
-
@Jay-Bosworth said in FOG menu not showing up on some machines after DHCP server rebuild:
it is asking for the address of the tftp server.
That tells me you have more than one DHCP server, and one or more are mis-configured.
-
@Jay-Bosworth What OS and what version are you running?
Also, Wayne is right, so check that out asap.
-
Ubuntu 14.04.5 LTS
I have only ever setup one DHCP server. As I stated it is a new build so the settings are exactly what is called for in the FOG setup.
Option 66 pointing to my FOG Server Option 67 pointing to undionly.kpxe
-
@Jay-Bosworth Are you sure there’s no DHCP running on your FOG server?
Check by
sudo service isc-dhcp-server stop
-
unrecognized service.
-
I ran service --status-all and DHCP doesn’t even show up in the list so I don’t think it is the FOG server. It is somewhere else, still trying to figure out how I can track it down.
-
-
@Jay-Bosworth said in FOG menu not showing up on some machines after DHCP server rebuild:
I have only ever setup one DHCP server.
Then you might have a rogue DHCP server somewhere.
The fact is - the only time anyone has ever reported having to manually enter a TFTP address for FOG network booting - is when there are 2 or more DHCP servers operating on that broadcast domain, and at least one is misconfigured. And we’ve had people ask about this many times. It’s always the same case.This tool explained here would help you:
http://www.cyberciti.biz/faq/linux-unix-dhcpdump-monitor-dhcp-traffic/Or you can run wireshark on your desktop with the
bootp
filter to watch DHCP broadcasts. -
Also unrecognized, I am close to shutting down the port that the rogue DHCP server is on. I will update once that is done and I test some more.
-
@Jay-Bosworth Rogue dhcp server is confirmed? You found it?