RE: Not able to TFTP boot. Invalid Argument Error

@Sebastian-Roth I’m kind of at a loss on this. I have tried many different combinations of the certs that I have, have tried using the one fog uses, and have tried the ones provided by iPXE. They all continue to give me invalid argument error. I added the DEBUG=tls line to the buildipxe.sh file, and tried booting. It said my cert was added to the certstore, and then ran through what I’m guessing are handshakes. In the end I still get the invalid argument error.

Is there a way to use my ssl certs for just the web server? Then all of the fog functions would use the supplied fog certs?

@Sebastian-Roth Tried that with our cert that we use. I replaced both the path for both TRUST= and CERT= with the certificate path, compiled and ran the installer. I tried it with the default.ipxe unchanged, as well as with the IP in place of the FQDN in the chain line.

My buildipxe.sh looks like:

#!/bin/bash
BUILDOPTS=“TRUST=/home/fogserver/Documents/fogcert.crt CERT=/home/fogserver/Documents/fogcert.crt”
IPXEGIT=“https://git.ipxe.org/ipxe.git”

The chain line of the default.ipxe looks like this:

chain https://xxx.xxx.xxx.xxx/fog/service/ipxe/boot.php##params

Am I messing up the placement of the certificate? Apache asks for three separate certificate components (certificate, key, chain), am I supposed to have two different certificates specified in the buildipxe.sh?
…

@Sebastian-Roth I don’t think i get one from the script. How could i check?

I do use a custom SSL cert for the web server. In the apache2 site config, it points to the correct cert and key. That’s also why I get the password prompts during installation.

@Sebastian-Roth Hmm… I did that and still get the same error after. Same error code as well, pointing at the TLS handshake.

@Sebastian-Roth I am running Ubuntu 16.04 LTS

@george1421 said in Not able to TFTP boot. Invalid Argument Error:

@george1421 Just wondering is this fog client computer you are trying to USB boot registered in FOG? If so delete the registration and see if it throws the same error.

This happened on both laptops that were registered as well as a few that were not.

I also checked all of the logs after attempting to boot, and it didn’t update any of those logs. I assume that means it’s in line with what Sebastian said about the TLS error.

@Sebastian-Roth I ran the recompiling script last friday. At the end it says it needs to go through the FOG installation again, so i did. After that, it still gave the same error. Should I be allowing it to go through the FOG installation again or does that basically reset the iPXE binaries again?

@george1421 said in Not able to TFTP boot. Invalid Argument Error:

http://<fog_server_ip>/fog/service/ipxe/boot.php?mac=00:00:00:00:00:01

Here is what I get. I do change the IP section from a FQDN to the IP. When installing I put the FQDN as the IP address so that I don’t have to change too much.

#!ipxe
set fog-ip xxx.xxx.xxx.xxx
set fog-webroot fog
set boot-url https://${fog-ip}/${fog-webroot}
cpuid --ext 29 && set arch x86_64 || set arch i386
goto get_console
:console_set
colour --rgb 0x00567a 1 ||
colour --rgb 0x00567a 2 ||
colour --rgb 0x00567a 4 ||
cpair --foreground 7 --background 2 2 ||
goto MENU
:alt_console
cpair --background 0 1 ||
cpair --background 1 2 ||
goto MENU
:get_console
console --picture https://xxx.xxx.xxx.xxx/fog/service/ipxe/bg.png --left 100 --right 80 && goto console_set || goto alt_console
:MENU
menu
colour --rgb 0xff0000 0 ||
cpair --foreground 1 1 ||
cpair --foreground 0 3 ||
cpair --foreground 4 4 ||
item --gap Host is NOT registered!
item --gap -- -------------------------------------
item fog.local Boot from hard disk
item fog.memtest Run Memtest86+
item fog.reginput Perform Full Host Registration and Inventory
item fog.reg Quick Registration and Inventory
item fog.deployimage Deploy Image
item fog.multijoin Join Multicast Session
item fog.sysinfo Client System Information (Compatibility)
choose --default fog.local --timeout 3000 target && goto ${target}
:fog.local
sanboot --no-describe --drive 0x80 || goto MENU
:fog.memtest
kernel memdisk initrd=memtest.bin iso raw
initrd memtest.bin
boot || goto MENU
:fog.reginput
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=https://xxx.xxx.xxx.xxx/fog/ consoleblank=0 rootfstype=ext4 storage=xxx.xxx.xxx.xxx:/images/ storageip=xxx.xxx.xxx.xxx loglevel=4 mode=manreg
imgfetch init_32.xz
boot || goto MENU
:fog.reg
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=https://xxx.xxx.xxx.xxx/fog/ consoleblank=0 rootfstype=ext4 storage=xxx.xxx.xxx.xxx:/images/ storageip=xxx.xxx.xxx.xxx loglevel=4 mode=autoreg
imgfetch init_32.xz
boot || goto MENU
:fog.deployimage
login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param qihost 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
param sysuuid ${uuid}
:fog.multijoin
login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param sessionJoin 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
param sysuuid ${uuid}
:fog.sysinfo
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=https://xxx.xxx.xxx.xxx/fog/ consoleblank=0 rootfstype=ext4 storage=xxx.xxx.xxx.xxx:/images/ storageip=xxx.xxx.xxx.xxx loglevel=4 mode=sysinfo
imgfetch init_32.xz
boot || goto MENU
:bootme
chain -ar https://xxx.xxx.xxx.xxx/fog/service/ipxe/boot.php##params ||
goto MENU
autoboot

@george1421 Correct. In the past, since I started using HTTPS, I’ve had to change the default.ipxe file to point to http vs https. https never worked for me (I’m guessing because i never compiled the binaries after updating). So I’ve always changed the chain address to be http instead of https. Now that doesn’t work either.

@george1421 Oh, got ya. I don’t call it directly. It first goes to default.ipxe and then from there calls the boot.php

@george1421 Thanks for that, I’ll look at doing that once I get this up and running again. Once it fails, how can I see what params were passed that might be incorrect? Is there a log file stored anywhere?

@george1421 I made a usb using the easy method in this guide: https://wiki.fogproject.org/wiki/index.php?title=USB_Bootable_Media. I made both a uefi usb as well as a bios mbr usb. The mbr one i made using ISO to USB using an iPXE ISO.

When using the UEFI USB, the screen in the previous post comes up, where i need to enter in the IP address and then the tftp server does the rest. For the BIOS USB, i need to enter the command line and type in the next-server and the filename. It’s messy, but i rarely use the BIOS USBs now. I’ve tried both and they both gave me the invalid argument.

@Sebastian-Roth Here’s capture 1: http://tinypic.com/r/211vz39/9
Here’s capture 2: http://tinypic.com/r/akv9zr/9

@Sebastian-Roth Here’s the picture: http://tinypic.com/r/2lsvh9l/9

I don’t recall doing that for previous upgrades. I’ll try that! Previously i had to go and edit the default.ipxe file to show chain http://xxx.xxx.xxx.xxx/fog/service/ipxe/boot.php instead of chain https://xxx.xxx.xxx.xxx/fog/service/ipxe/boot.php. I really only use the HTTPS setup for the webserver and fogservice client connection.

As for dnsmasq, when i first put this server into production, I was told that it would not work within our network. They recommended going the USB route. It was fairly simple to setup the USBs so I never really pursued the alternative.

Hello,

I’m trying to tftp boot into the server to register some new hosts. When trying to boot, i get an “invalid argument” error. This only happened after upgrading to 1.5.5.

Things to note:
-I use the HTTPS setup switch for the installer.
-In order to get around the 066 067 DHCP setup (dont have access to the companies DHCP server), i use a ipxe USB key to point to the fog server.
-Server is running Ubuntu 16.04 LTS

@Sebastian-Roth I can’t get it to replicate, since it already updated the apache2 package. But it’s basically the capture 2 image, except in the capture1 selected section if that makes sense (see attached files). EDIT: For some reason i can’t upload the screen captures.

@Sebastian-Roth It’s more so the apache2 package that asks. We have a custom certificate that we use for HTTPS traffic on the fog web server. The key for that certificate is password protected. So when apache2 service is launched it requests the password to access the private key. I assume if the key weren’t password protected, it wouldn’t ask for it.

Either way, it works. Just hangs for about ten minutes before the timeout happens.

Looks like it continued after about a ten minute delay. My guess is that during the package update, apache2 had to be restarted. When the fog installer restarts the apache server later in the install, the passphrase entry for the ssl key works fine. Just wanted to let you know it’s not a pressing issue, as it completes the install.

Hello,

I went to update to the latest version of FOG (1.5.5) and the installer failed shortly after the “updating packages as needed” step. It looks like it skipped the part where you can enter the password for your ssl certificate key. In the past, it would ask for the password and allow you to enter it, but this time it comes up with an error saying “Please enter password with the systemd-tty-ask-password-agent tool!”.

Any help would be greatly appreciated!

@wayne-workman Hey Wayne, you can forget this. I tinkered with it a bit (reentered in the credentials, changed the path a few times, etc) and for some reason, it started working on the SYSTEM user using psexec. After that, I tested as a snapin, and with the powershell template (powershell.exe -ExecutionPolicy Bypass -NoProfile -File xxxxx.ps1) it worked correctly.