RE: Issue Deploying Image To A Specific Laptop Brand

@AngryITGuy First let me say I don’t use FOG for image deployment any more since I’ve moved to a different IT group, but if this situation hit my desk I would go through a similar process as below

I have more questions than answers for you. But the good thing here is FOG is imaging these systems and can deploy windows 10 to the hardware without issue. Right away we can rule out fog’s foundational support system being broken because it can deploy win10 and win11 to other hardware and win10 to this stone hardware.

When I debug something new or strange I try to build a truth table in my head of different experiments to see what works and what not works. Something like:

Deploy and boot win10 Dell laptop: Yes
Deploy and boot win11 Dell laptop: Yes
Deploy and boot win10 Stone laptop: Yes
Deploy and boot win11 Stone laptop: No (kind of)

So now to the unknown questions (and I assume these stone laptops are in uefi mode, you mentioned ‘bios’, but your boot loader is ipxe.efi.

On this stone laptops do you have pxe setup as the default boot source or is it the hard drive? This question is to see if the boot is failing if you are booting through ipxe.efi or if the firmware is having a problem finding the boot partition. If you are booting through iPXE see if changing the boot order to the hard drive solves the issue (for this test).

You will need to turn off secure boot for this next step. If you swap the hard drives between the dell and stone computer, does the stone computer boot normally repeated times? Does the dell computer reboot repeated times OK? This check is to see if the problem moves with the hard drive. The question is around if fog combined with the disk controller hardware on the stone doing something to damage the boot sector for win11 when it deploys. The dells works, can you get the stone computers working by deploying to a dell and then transplanting the hard drive to the stone?

If you deploy win10 and then upgrade to win11 on a stone laptop (verify its working 100%) and then capture and deploy to a same make and model computer. Does it boot correctly on the second computer? Can you deploy it to the same computer it was captured from and does it work? This will test if there is something wrong with your win11 image you are trying to deploy to the stone computer.

Lets see how the above goes before we plot the next test.

Just to recap

1. Test booting through iPXE vs firmware booting directly to hard drive
2. Swap the hard drives between the dells and stone computers see if the problem moves
3. Try to capture and deploy using the same hardware. First to like computer if no work, try to deploy to same computer image was captured from.

@sega said in FOG Multicast on different VLANs:

So some people already tried it?

Yes and so have I. You would need some way to dynamically change the network adapter defined in the global FOG settings to change the network adapter. You might also need to change a file called /tftpboot/default.ipxe to point to different interfaces. You might be able to get around this by setting up multiple tftp servers on the fog server, where each tftp server bound to a different interface and had a different home directory, that would be more of a long term change. And then you need to work out a way to update the imaging network interface in the fog settings depending on what interface you wanted to image using. There may be more crafty ways about doing this, but this is just off the top of my head.

@ecoele I can say this option will not probably be added by the developers since its such a niche or one off requirement. But I’m not speaking on behalf of the developers, I’m just stating my opinion. Its up to them to decide if a feature request has merit.

But fog being opensource its free for you to modify to your needs.

What I can tell you that there are several user defined fields you are free to add whatever data you want. On the database side I think the fields are called user1 and user2.

The second part is that FOG’s database runs on mysql (mariadb). This is much like any other sql server. If you have a windows computer and the mysql odbc driver installed you can query the fog database from a reporting writing tool running on windows. From there you can print labels, etc. You could do something as an excel macro to query mysql on the fog server.

Again on the mysql server, you could program something on the fog server in either python or php to extract the data from mysql.

@sega said in FOG Multicast on different VLANs:

I wanted to try to run multicast, but sadly our switches are just Layer 2 switches and they don’t support that on other VLAN (as far as I read, not a big network guy myself).

Layer 2 switches are good enough. Hopefully they are managed switches, that will make them work a bit better. Turn on igmp snooping on the switches. What that will do for you is enable sparse mode (i.e. only ports part of the multicast will transmit multicast data) without it the switch will work in dense mode where multicast traffic will be sent to all ports (impacting the bandwidth of devices not part of the multicast).

Muticasts are typically restricted to the current vlan. Where the magic happens is on your router between the vlans. Your router needs to be configured to forward muticast traffic between the vlans. This is typically done with a igmp helper / proxy / relay service much like dhcp needs a helper service to forward dhcp traffic from remote vlans to the vlan that has the dhcp server. This service running on your router will send the multcast data between the subnets.

So my idea was now: The FOG server is running on a VM, is it possible to give that machine just 4 more virtual network adapter (for each VLAN one) and reconfigure the IP address on the clients to one thats on there VLAN? Somehow I think that would be too easy.

This won’t work because when FOG service was designed it was designed to only support a single imaging network. Your fog server can have 4 network adapters, but only one can be the imaging network adapter. The rest will only work as management interfaces.

Or do I need to have a second FOG Server in that specific VLAN that just using the main FOG storage?

If you have no other option you can use a fog storage server here on the remote vlan. The issue is that only the FOG server supports muticasts. The fog storage nodes only supports unicast imaging.

@phant0mbot said in Dell OptiPlex 3000 Thin Client:

have tried both SAN and GRUB exit options

boot loader == snponly.efi

These are in contradiction with each other. SAN boot and Grub are bios boot methods. snponly.efi is a uefi boot loader. Since you are getting into the fog iPXE menu we can assume the hardware IS uefi based since it is booting snp.efi. Try a uefi exit mode of rEFInd (refind) to see if that will boot from the hard drive. The default value can be set globally in the fog configuration->fog settings page. Don’t force a bios attempted boot from a uefi booted computer, that never works.

@phant0mbot said in Dell OptiPlex 3000 Thin Client:

The Thin Client is able to pxe boot and accepts the image, but then can’t get past booting the final time.

It just attempts to boot from hard drive on the Fogproject Menu and keeps refreshing.

1. Just to be clear here. You CAN get to the FOG iPXE menu?

2. What happens when you pick a FOG iPXE menu. This will cause bzImage and init.xz to the target computer. Does the kernel attempt to boot?

@Jchinn412 The answer is it depends on how you have your disk structure setup

Post the results of these two commands.

lsblk
df -h

It maybe easy or harder (but not impossible) depending on how you have the disk created.

@aurfalien The arch value is not going to be fine grained enough for what you want.

This is a short table of what is available in the arch field.
Arch:00000: This is often associated with the non-UEFI, or legacy BIOS, boot process.
Arch:00007: This value typically indicates a 32-bit UEFI system.
Arch:00009: This value identifies a 64-bit UEFI system

So if you want to send bios or uefi boot loaders this is the method you want to use.

But from your post you want to switch between "undionly.kpxe while others the ipxe.kpxe " This are both bios boot loaders so the arch value == 0 for both hosts.

…However would you know how I can determine the client-arch value for a particular host?

If you know how to use wireshark you can get the answer you seek. Take a witness computer (third computer not part of the pxe booting process) and load wireshark on it (you may need to disable the windows firewall for this) Plug this witness computer into the same subnet as the pxe booting computer. When you startup wireshark set the capture filter to port 67 or port 68 and then select your ethernet adapter that is plugged into the same vlan subnet as the target computer. With the witness computer scanning pxe boot the target computer. Keep the scanner running until the pxe booting computer gets to the fog menu.

Now stop wireshark from scanning. Look at the packets it captured, it should have captured about 4 if you setup the capture filter correctly. If it collected a lot of traffic (like if you forgot to set the capture filter) set the view or display filter of bootp.

So with the 4 packets these should be the DORA packets Discover, Offer, Request, Ack/Nak. What you are interested in is the Discover packet, this is from the target computer saying hello world. Look into this packet. Scroll down the list of values until you see the dhcp options. To see the arch value its in dhcp option 93 or 94, or right in that area. You can use most of these dhcp options to set special filters on the dhcp server and then send different boot files depending on the values. You need to find what is unique between these systems so you can tell the dhcp how to react when it sees that particular value from the client during the discover / offer part of DORA

@aurfalien I’m right there with you. The iPXE menu can also do a if/then action but that is more limited than what you can do on the dhcp server side.

OK so it looks like your dhcp server is linux based and not via windows or third party.

So to my question, what is unique you can identify (from a computer standpoint) so your dhcp server knows which boot loader name to send out?

The method to take really depends on the number of clients you are looking at and what the uniqueness of the machines are.

When a client computer starts the DORA process for pxe booting it sends out a DISCOVER packet. That packet tells the dhcp server about the client. Those parameters can be used to customize the OFFER response back from the dhcp server.

Common parameters might be if the client is uefi or bios, or x64 or x32 architecture, mac address, or stripping out the manufacture from the mac address, or system UUID.

The simplest and most accurate method is to send the unique boot file based on the mac address.

for the standard isc dhcp server you would put in something that looks like this for each host. The host specific settings will override the pool options.

    host myhost01{
        hardware ethernet 00:11:22:33:44:55;
        filename "undionly.kpxe";
    }
    host myhost02{
        hardware ethernet 00:a1:b2:c3:d4:e5;
        filename "ipxe.kpxe";
    }

    # General configuration for other clients
    subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.10 192.168.1.200;
        option routers 192.168.1.1;
        filename "snponly.efi";
        next-server 192.168.1.100;
    }

While that is the most accurate and simplest to implement if you have just a few hosts, if you are dealing with 100s of hosts that might be challenging.

If your targets have multiple network adapters you could use the system UUID (if the vendor populates this field)

    # Define a class for clients identified by a specific UUID
    class "uuid-clients" {
        match option dhcp-client-identifier;
    }

    # Host declaration for a specific client identified by its UUID
    host myclient {
        option dhcp-client-identifier = 0:1:2:3:4:5:6:7:8:9:a:b:c:d:e:f; # Replace with actual UUID
        filename "ipxe.efi";
    }

There are options but the path forward depends on the number of hosts you are trying to manage.

@aurfalien The quick answer is you can’t do what you want with an if/then in iPXE. I’m not saying there isn’t a solution but with iPXE it might be difficult.

So lets start with undionly.kpxe and ipxe.kpxe. Undionly.kpxe uses the undi driver built into the network card. Almost all bios cards in the last 20 years support the undi driver format that is almost 30 years old. The ipxe.kpxe boot loader uses iPXE built in network drivers, much like linux has built in network drivers. I’m finding it strange that undionly.kpxe doesn’t work where ipxe.kpxe does work. These must be some really old network cards where only ipxe.kpxe only works. Lets make sure you don’t mean ipxe.efi (which is the uefi driver version).

So from a programic standpoint how will the system know what iPXE boot loader to pick between undionly and ipxe? What is unique between these two systems?

How many systems are on each side of the fence?

The solution lies in your dhcp server. We have some options as long as the dhcp server can tell or identify system A get boot loader X and system B gets boot loader Y. We’ll need more background information here to give you a complete solution.

@jatosaj I think I would approach this by having FOG as your PXE boot source. This will use iPXE as your boot loader. iPXE is a very powerful boot loader as compare to syslinux (pelinux). Both are capable of doing what you want, just you’ll have an easier time managing this setup from FOG.

The idea is to pxe boot into the FOG menu, then have FOG chain (load) the aikenwb environment.

Understand I’m just spitballing this configuration. But within the fog UI under FOG Configuration there is an iPXE menu manager. You will create a new iPXE menu using these settings.

Menu Item: os.chainaikenwb
Description: Boot AikenWorkbench
Parameters:
iseq ${platform} pcbios && set bootfname “bios/pxelinux.0” ||
iseq ${platform} efi && set bootfname “grub/bootx64.efi” ||
chain -ar tftp://192.168.2.1/${bootfname}
boot || goto MENU
Menu Show with: All Hosts

If AikenWorkbench requires the dhcp settings to contain the exact values we will need to get a bit more creative with the FOG menu.
(this one I have about 60% confidence I created the menu correctly)

Menu Item: os.chainaikenwb
Description: Boot AikenWorkbench
Parameters:
set next-server 192.168.2.1

iseq ${platform} efi && goto is_awb_efi || goto is_awb_bios

:is_awb_efi
set bootfile “grub/bootx64.efi”
goto awb_boot

:is_awb_bios
set bootfile “bios/pxelinux.0”

:awb_boot
set filename ${bootfile}
set net0.dhcp/filename ${bootfile}
set proxydhcp/filename ${bootfile}
chain -ar tftp://${next-server }/${bootfile}
boot || goto MENU
Menu Show with: All Hosts

Even if I missed on the menu, using FOG and iPXE is the easiest answer to get what you need. You CAN do it with FOG. For full disclosure you can also create a menu in syslinux to chain load into iPXE too. So if you have a way to create customer menues in AikenWB you can pxe boot into AikenWB and then chain to fog, but you’ll lose out in some of the boot features of FOG.

@diogo-seabra As for the picture, I think we need to clearly define your network.

dnsmasq works by using broadcast messages. So that means dnsmasq will only work on the local subnet. If your pxe booting computers are on a different subnet then you will need to add the fog server’s IP address to the list in the dhcp relay service on your router.

Also if you have dhcp snooping enabled on your network switches, that may also cause dnsmasq to not respond properly.

@diogo-seabra Just to be clear you WILL need to have this as the last line in your configuration for dnsmasq.

dhcp-range=<fog_server_IP>,proxy

Where you replace <fog_server_IP> with the IP address of your fog server.

@diogo-seabra said in Dnsmasq on your FOG server:

At DHCP main not needed configure the option 66 and 67, right?

Correct. We use dnsmasq for those dhcp servers that setting dhcp options 66 and 67 are impossible. Such as when an external company manages your dhcp infrastructure.

@diogo-seabra said in Dnsmasq on your FOG server:

dhcp-range=192.168.10.0,proxy,255.255.255.0
dhcp-range=172.30.20.0,proxy,255.255.255.0

These should not be necessary. In this configuration dnsmasq is only in proxy-dhcp mode. It will not hand out IP addresses, that is the responsibility of your main dhcp server. DNSMASQ in this mode will only send out a proxy dhcp OFFER packet telling the target computer after it gets its IP address contact the proxy dhcp server for additional information.

As for your main dhcp server, its not necessary to set dhcp option 66, because the proxy dhcp server (dnsmasq) will override that setting.

PXE-E16 no valid offer received

This means the pxe booting client didn’t either receive an IP address or the DHCP Discovery from the target computer didn’t make it to the dnsmasq server because it didn’t respond.

So I have to ask you if you have a microsoft dhcp server, why do you feel the need to run dnsmasq? (this is a specific and intentional question). Microsoft dhcp server can do everything (almost) that a dnsmasq server can do.

@BrightPipe said in FOG not saving images in the directory:

EDIT---- Running the installer again seems to have fixed the issue. Thanks.

Good deal because that was going to me my next request. I’m glad you have it sorted out.

@BrightPipe When FOS Linux captures an image it will do that as root on FOS Linux. The issue we need to see is not specifically the owner permission but the group permission. From command line if you change into /images/dev and then issues ls -la * what is the group ownership of that 408… directory.

What actually happens here is FOS Linux connects to the FOG server over ftp as the fogproject user that is also a member of the fogproject group. That file we need to move is owned by root, but hopefully the group is fogproject so the fogproject user can move the file.

One way to test this permission issue is to (from the fog server cli) connect to the fog server using ftp. The user ID is fogproject and the password for fogproject is found in a hidden file /opt/fog/.fogsettings Use that to log into the fog server over ftp then issue the following commands.

cd /images/dev
mv 408d5caa1a89 /images

If you have the proper permissions on that directory then the directory should move to /images.

If the permissions are messed up (as in you mapped the /images directory over to a new disk to add more space) just rerun the fog installer, that will fix the permissions on the /image and /image/dev directory.

@cookc I can’t speak specifically to Win11 deployment since I’ve left that space, but I’ve seen reports that the setupcomplete.cmd file doesn’t run in Win11 if you are using OEM media. VLK media appears to still run this file, but not OEM. I think that is regardless of the actual key you are using. Its the media (DVD Image) that seems to be causing this issue. But again I need to clarify that I don’t deploy windows products now so I have no first hand experience.

You maybe able to get around this by using the autoadmin login and the first run commands in the unattend.xml file.

I had to explain the process for another reason here: https://forums.fogproject.org/post/157075

@mchristo said in Problem PCX Boot HP 17x104fg:

As far as i investigated, the lapto has a NIC of the Realtek+RTL8102/8103/8136 Family.

Just for clarification, when you see the FOG iPXE menu then the pxe booting is done and iPXE has taken over control of your PC. When you select a FOG iPXE menu item, iPXE transfer control over to FOS Linux (bzImage+init.xz). So your problem is within FOS Linux.

This is a pretty old 10/100 nic, so I would think FOS Linux would know about it. I’ve never hear that family of nic’s before so I can’t be for sure that linux supports it.

If this computer has windows on it go into the device manager, and select that nic. Get the hardware ID of that nic, it will be in the form of vend_id=8086&device_id=1cfd that was a totally made up number. I need the 2 groups of hex codes to match the linux driver ID.

I can’t seem to find a HP 17-x104fg but I can find a 17-x104ng laptop with a 7th gen intel chip. I’m suspecting the realtek nic family you mentioned is not installed in this laptop. There is no reason to install a 10/100 nic along side a 7th gen intel processor. Lets get the nic hardware ID so we can properly ID that nic.

@RAThomas said in UEFI is not booting with Windows DHCP:

The solution for my case was to add this to the client port configuration on my Cisco switch:

Yep, if you are not using port-fast, fast-ftp, mstp, or rstp (or whatever your switch mfg calls it) standard spanning tree takes 27 seconds to start forwarding packets. This timer restarts every time the network link winks, like as the PC starts, iPXE starts up, and then FOS linux starts. FOS linux boots so fast (< 16 seconds), its already given up trying to get an IP address before the ports starts to forward traffic.