@diogo-seabra said in Dnsmasq on your FOG server:
At DHCP main not needed configure the option 66 and 67, right?
Correct. We use dnsmasq for those dhcp servers that setting dhcp options 66 and 67 are impossible. Such as when an external company manages your dhcp infrastructure.
@diogo-seabra said in Dnsmasq on your FOG server:
dhcp-range=192.168.10.0,proxy,255.255.255.0
dhcp-range=172.30.20.0,proxy,255.255.255.0
These should not be necessary. In this configuration dnsmasq is only in proxy-dhcp mode. It will not hand out IP addresses, that is the responsibility of your main dhcp server. DNSMASQ in this mode will only send out a proxy dhcp OFFER packet telling the target computer after it gets its IP address contact the proxy dhcp server for additional information.
As for your main dhcp server, its not necessary to set dhcp option 66, because the proxy dhcp server (dnsmasq) will override that setting.
PXE-E16 no valid offer received
This means the pxe booting client didn’t either receive an IP address or the DHCP Discovery from the target computer didn’t make it to the dnsmasq server because it didn’t respond.
So I have to ask you if you have a microsoft dhcp server, why do you feel the need to run dnsmasq? (this is a specific and intentional question). Microsoft dhcp server can do everything (almost) that a dnsmasq server can do.
@BrightPipe said in FOG not saving images in the directory:
EDIT---- Running the installer again seems to have fixed the issue. Thanks.
Good deal because that was going to me my next request. I’m glad you have it sorted out.
@BrightPipe When FOS Linux captures an image it will do that as root on FOS Linux. The issue we need to see is not specifically the owner permission but the group permission. From command line if you change into /images/dev and then issues ls -la * what is the group ownership of that 408… directory.
What actually happens here is FOS Linux connects to the FOG server over ftp as the fogproject user that is also a member of the fogproject group. That file we need to move is owned by root, but hopefully the group is fogproject so the fogproject user can move the file.
One way to test this permission issue is to (from the fog server cli) connect to the fog server using ftp. The user ID is fogproject and the password for fogproject is found in a hidden file /opt/fog/.fogsettings Use that to log into the fog server over ftp then issue the following commands.
cd /images/dev
mv 408d5caa1a89 /images
If you have the proper permissions on that directory then the directory should move to /images.
If the permissions are messed up (as in you mapped the /images directory over to a new disk to add more space) just rerun the fog installer, that will fix the permissions on the /image and /image/dev directory.
@cookc I can’t speak specifically to Win11 deployment since I’ve left that space, but I’ve seen reports that the setupcomplete.cmd file doesn’t run in Win11 if you are using OEM media. VLK media appears to still run this file, but not OEM. I think that is regardless of the actual key you are using. Its the media (DVD Image) that seems to be causing this issue. But again I need to clarify that I don’t deploy windows products now so I have no first hand experience.
You maybe able to get around this by using the autoadmin login and the first run commands in the unattend.xml file.
I had to explain the process for another reason here: https://forums.fogproject.org/post/157075
@mchristo said in Problem PCX Boot HP 17x104fg:
As far as i investigated, the lapto has a NIC of the Realtek+RTL8102/8103/8136 Family.
Just for clarification, when you see the FOG iPXE menu then the pxe booting is done and iPXE has taken over control of your PC. When you select a FOG iPXE menu item, iPXE transfer control over to FOS Linux (bzImage+init.xz). So your problem is within FOS Linux.
This is a pretty old 10/100 nic, so I would think FOS Linux would know about it. I’ve never hear that family of nic’s before so I can’t be for sure that linux supports it.
If this computer has windows on it go into the device manager, and select that nic. Get the hardware ID of that nic, it will be in the form of vend_id=8086&device_id=1cfd that was a totally made up number. I need the 2 groups of hex codes to match the linux driver ID.
I can’t seem to find a HP 17-x104fg but I can find a 17-x104ng laptop with a 7th gen intel chip. I’m suspecting the realtek nic family you mentioned is not installed in this laptop. There is no reason to install a 10/100 nic along side a 7th gen intel processor. Lets get the nic hardware ID so we can properly ID that nic.
@RAThomas said in UEFI is not booting with Windows DHCP:
The solution for my case was to add this to the client port configuration on my Cisco switch:
Yep, if you are not using port-fast, fast-ftp, mstp, or rstp (or whatever your switch mfg calls it) standard spanning tree takes 27 seconds to start forwarding packets. This timer restarts every time the network link winks, like as the PC starts, iPXE starts up, and then FOS linux starts. FOS linux boots so fast (< 16 seconds), its already given up trying to get an IP address before the ports starts to forward traffic.
@BrightPipe OK what is happening here is, the FOS engine has uploaded the image to /images/dev/<mac_address> using NFS. Then the FOS engine connects to the fog server using FTP as the fogproject user. Then it issues a mv (move) command from /images/dev/<mac_address> to /images/<image_name> directory.
So you are saying there is a directory name in /images that matches <image_name> but the files stay in /images/dev directory? If yes then it appears that the fogproject user doesn’t have rights to ‘move’ the files out of /images/dev , but it does have rights to create the directory in /images.
That gives me a clue that the fogproject user doesn’t have permissions to /images/dev/<mac_address> directory.
@diogo-seabra said in Inject drivers via Fog:
To use the unattend.xml can we follow this steps
This is kind of an open ended question so I’m not sure how to answer within context.
The fog.updateunattend script is intended to update the unattend.xml script at deployment time, like system name, OU to bind to, etc.
If you want to use the unattend.xml script to “do things” post deployment, that is not connected to the fog.updateattend script.
For reference here is my windows 7 unattend.xml (I know, but the file really hasn’t changed much between win7 and win11.
https://forums.fogproject.org/post/112435
The interesting sections of the file are this:
<AutoLogon>
<Password>
<Value>**REMOVED BY ME**</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>**REMOVED BY ME**</Username>
<Domain>**REMOVED BY ME**</Domain>
<LogonCount>1</LogonCount>
</AutoLogon>
This sets it up for the administrator account to auto login once. Doing this allows the next important section to run.
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Description>Move to OU</Description>
<Order>1</Order>
<CommandLine>cscript.exe /B c:\windows\buildscripts\SetOUTo.vbs "some_new_ou"</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>2</Order>
<Description>Activate Windows</Description>
<RequiresUserInput>false</RequiresUserInput>
<CommandLine>cscript /B C:\windows\system32\_slmgr.vbs /ato</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>3</Order>
<CommandLine>shutdown.exe -r -t 30 /c "The computer will RESTART in 30 seconds"</CommandLine>
<Description>Reboot at end</Description>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
</FirstLogonCommands>
While this section doesn’t speak directly to running the pnputil.exe command, you could add it to the list of steps pretty easy, possibly in the first section with “description move to ou”. The auto login command allows this section to run once the desktop is configured. The last step of the first run section tells windows to reboot after executing everything else. The concept will be the same or you, run the pnputil command with the proper switches and then the last step will be to reboot loading the proper drivers at restart.
@Mdearmas I think I would start with your router. Look up the model and how to enable directed broadcasts, also look to see if there is any helper services that can be turned on to forward WOL packets to the target LAN. Your issue isn’t with FOG, but rather its a network infrastructure issue.
@george1421 I was pretty close with my limited knowledge of this.
google-fu: router forward wol broadcast to different subnet
AI response
To forward Wake-on-LAN (WOL) broadcast packets across different subnets, you’ll generally need to configure your router to forward these packets, as they don’t inherently route like standard IP packets. This often involves enabling directed broadcasts or using a WOL proxy agent.
Here’s a breakdown of the process and some common methods:
Understanding the Challenge:
WOL relies on a “magic packet” sent at the Ethernet layer, not the IP layer.
Routers primarily handle IP traffic and don’t typically forward broadcast packets across subnets by default.
Methods for Forwarding WOL Packets:
Subnet Directed Broadcasts:
Configure the router to forward broadcast packets to a specific subnet.
This involves using the broadcast address of the target subnet (e.g., 192.168.1.255 for 192.168.1.0/24).
The router at the destination subnet needs to be configured to recognize and forward the WOL packet as a true broadcast.
This method allows you to target multiple subnets.
WOL Proxy Agent:
A WOL proxy agent acts as an intermediary, receiving WOL requests on one subnet and rebroadcasting them as a directed broadcast on the target subnet.
This is often used for WOL over the internet or when directed broadcasts are not desired.
Using a Router with WOL Support:
Some routers, like those from CommScope, have native support for forwarding WOL packets.
You may need to configure specific settings, like forwarding UDP port 9 (or 7) and using helper addresses.
Example Configuration (using Subnet Directed Broadcasts):
Identify the Target Subnet: Determine the IP address range of the subnet you want to wake up.
Find the Broadcast Address: Calculate the broadcast address for that subnet (e.g., for 192.168.1.0/24, it’s 192.168.1.255).
Configure the Router:
Enable directed broadcasts (often under "ip forward-protocol udp").
Configure a helper address on the router’s interface facing the WOL server, pointing to the target subnet’s broadcast address.
Ensure UDP port 9 (or 7) is included in the forwarding rules.
Send the WOL Packet: Send the magic packet to the target subnet’s broadcast address.
@Mdearmas This is only at the fringe of my knowledge, but WOL is a L2 protocol that won’t traverse routers until you have a helper service (like dhcp relay is for dhcp) that will forward directed broadcasts across your router. I understand why it works but not sure how to get your router to forward directed broadcasts to the intended target vlan.
post taken from this thread: https://www.elevenforum.com/t/automated-windows-11-installation-with-post-installation-script.28219/
"The normal sequence for Windows Post-Setup:
SetupComplete.cmd would be ideal for you, it’s right after OOBE but before any user profiles are provisioned. But the problem is Windows deliberately skips SetupComplete when it detects an OEM setup."
There are several ways to do the injection the most correct place is the setupcomplete.cmd file. But if you have an OEM licensed install that file is skipped.
The other option is to add the driver injection (only one call to pnputil is really needed in my experience) is if/when you use the unattend.xml file. There is a first run section where you can call applications at first login, but you must couple that step with autoadminlogin function, so as soon as OOBE finishes autoadminlogin logs in the administrator account once to run the firstrun section of the unattend.xml file. This way is a bit more complicated to setup. If you can get the setupcomplete.cmd file to run its much easier of a setup
@cwhitmore https://www.youtube.com/watch?v=eJcd4c7wU3o might get you started.
Are you having issues or just want to understand what you can do.
@Aaexy said in Deploying FOG in a Secure‑Boot‑Mandated UEFI Environment:
Secure Boot policy Must remain enabled at all times; only Microsoft‑signed keys are in the firmware (no option to enrol custom keys).
If this is the case there is nothing you can do with FOG. You will need to get the ipxe kernel (ipxe.efi / snp.efi) and bzImage signed with the microsoft keys so they can boot in your environment. While this pains me to say, you would probably be better off with a different imaging solution than FOG.
@mbghost said in UEFI Boot - Kernel panic: Unable to mount root fs on /dev/ram0:
I disabled Snooping
If that was dhcp snooping I can see where it might be causing a problem. If that’s igmp snooping then for multicasting you want that enabled.
@mbghost said in UEFI Boot - Kernel panic: Unable to mount root fs on /dev/ram0:
But when I try to create an image from the FOG web console and capture image, it breaks everything. I get the same error on all device
Mind including the error you are seeing? It would be helpful to include a screen shot or picture of the error so we can see the context of the error too.
@mbghost If the network test doesn’t work then lets focus in on that toshiba all in one. Lets identify the hardware components since it seems to be the focus of the problem. First do the easy stuff.
@mbghost I’m still leaning towards init.xz corruption. Its very strange that on a fresh fog sever it works on day one and then the next its no good.
Just for clarification its all and every Toshiba all in ones but other models work just fine? Its only this specific model.
What I’m thinking at the moment is that bzImage transfers fine and its around 8MB in size. The kernel also boots fine because its getting to the point where it attempts to connect to the root file system.
init.xz is a zstd compressed image. Its compressed size is around 350MB. Both images are very small in size. Something is happening to the init.xz image to where bzImage is not able to mount it and the kernel panics.
This image persists across multiple deployments and multiple installs of FOG server. It also crosses different init.xz and bzImage kernels.
FOS linux does boot 1 out of 12 attempts.
So where could the problem hide?
Right now there isn’t a clear picture on the cause. I can say this IS unique and I’ve haven’t seen this before with FOG.
Something else you might do is in the fog settings, set the log level to 7. I think the default is 4. 7 is verbose and the kernel might spit out more information to why its not happy with the init.xz file. Like decompression failed.
@mbghost This error message baffles me. If its happening where I think its happening its not a pxe boot issue. This error happens after you pick an iPXE menu item or if you tell a computer to image.
So you can probably rule out ipxe.efi/snp.efi here.
This error message is generated with FOS linux is booting. The kernel has booted and when it goes to connect to init.xz the format of init.xz is corrupt for some reason.
What version of FOG are you running
What version of “the kernel” are you running?
What version of init.xz are you running (get this from a bios computer that boots. the version of the init will be under the fog logo)
What computer is this happening on (make and model)?
Is it all uefi systems or only from one manufacture?
How much ram does this computer have?
Are you seeing both bzImage and init.xz get transferred completely to the target machine. This will be visible just after you pick an item on the FOG iPXE menu.
To me this error is telling me something is wrong with init.xz or for some reason bzImage is not the right kernel for init.xz
@mbghost said in Unable to Get IP Address After PXE Menu on Physical PC (FOG Project on ESXi):
ESXi server → Cisco Switch → Client.
So just to be clear pxe boot the vm on esxi works no prob, but physical host does not.
Lets test this, on the target computer, put one of those cheap unmanaged switches (like the $20 monoprice ones) between the pxe booting computer and the building network switch. Now try to pxe boot. If it works then get with your networking group and make sure the switch ports are configured for portfast, because its spanning tree causing you some troubles. Understand this is an educated guess based on what you’ve posted.
Just for some background on this, standard spanning tree takes 27 seconds to start forwarding traffic. FOS Linux boots in under 15 seconds, so its already given up trying to get an IP address by the time spanning tree starts forwarding data.