Error messages, Windows 11, Sysprep

After doing sysprep on Windows 11, running into error messages. I tried re-modifying regedit & the sysprep, but they did not help

Knowing that sysprep would solve the SID & GUID issue, so I would like to implement sysprep before capturing a Win10 image. However, I found that sysprep constantly cleared most of the configuration and only kept the installed software.

Even though I just tried an audit mode, it still cleared some configuration. That means I have to do lots of manual work after deployment. But the point I wanna use FOG is to avoid lots of manual work. I heard that an alternative solution which is new SID is no longer available.

I have lots of configurations in detail here, including things like network adapter configuration. What should I do before sysprep so ALL the configuration on the PC can be held?

@george1421 Cool! After reinstalling FOG, ipxe.efi has file sizes now so the ASUS PC can PXE boot with ipxe.efi. Thank you very much!

@george1421 The attached image is the other PC that is luckily working. This one is using undionly.kpxe. This shows the iPXE booting page that we are familiar with, and it’s the same as the one on iPXE’s official website. But the ASUS PXE booting page looks so different so I have no idea.

Can you specify “rerun the FOG installer”? Do you mean reboot or reinstall FOG? I rebooted the FOG server, ipxe.efi size is still 0, and the ASUS PC is still not going into the FOG.

@george1421 The size of ipxe.efi is 0 in the FOG server. So the booting page on the ASUS is not wrong. Is that normal?

What I did with dnsmasq was just following your instruction. In /etc/dnsmasq.d/ltsp.conf, only edit <fog_server_IP> is edited

@george1421 I am running into the PXE boot problem on the ASUS motherboard, but other PCs work well for capturing and deploying the OS images. Here in this attached picture, you see that the server IP is correct, and a message “NBP file downloaded successfully”. But after that, it’s not booting to the FOG but just booting into the hard drive. The secure boot is disabled. I found that this ASUS machine can only do PXE boot with UEFI, but not with legacy. Should I change something on dnsmasq (ltsp.conf in /etc/dnsmasq.d), or I should perform other changes?

Edit: The main issue might be “NBP file size is 0 Bytes”, so it didn’t technically download the boot file

@george1421 Bravo! dnsmasq works. Now I can capture the OS image. Thank you very much!

@george1421 I followed your instructions and launched Wireshart as admin. Click this for my Wireshark file. The IP of the host with the Wireshark is 172.20.4.54, and the FOG server IP is 172.20.4.25. I only see they are communicating with port 80 (HTTP), not 67 or 68. If I run tcpdump on the FOG server, there’s more for port 22 (SSH), but still no for port 67 or 68. I don’t know why DHCP packets don’t exist. My router is Sophos. Anything could block the DHCP packets?

And there’s a very small progress. I manually put the command of chain http://172.20.4.25/fog/service/ipxe/boot.php on the network boot page of the client host, so the client host can at least do the registration and inventory, and I can see the client host pops up on the FOG web. But since the client host still cannot find the FOG server automatically by the boot file, then I can’t capture the OS image.

So what is the very first thing I should do now? Figuring out the network problem? But regarding the network, is that the thing I’m able to configure by myself, or do I have to contact the router provider?

Click here for the Sophos instruction. In their settings, they need both DHCP server and TFTP server. And looks like the DHCP server is defaulting the IP with .1. The IP that could be changed is the one for the “TFTP server”, which is the setup I don’t have. Seems like now there’s a mismatch between the setup that Sophos expects and the FOG expects. How can we figure out this mismatch? It seems like I have to make the FOG server the “TFTP server”, and then set up another one as the DHCP server?

@george1421 Also, we confirmed that both the client and server are on the same subnet. Nothing is blocked between them

@george1421 I powered on another PC, here DHCP IP here is 172.20.4.1? So this is like the previous one with the “server” IP written as 172.20.4.1?

I didn’t adjust the server IP address. It remains the same, it’s 172.20.4.25. Same with FOG and “next-server” in the router settings. Not sure why it shows 172.20.4.1. I guess maybe because the client PC cannot find the server, then it goes to the default gateway? Then back to the question, how can I let my client PC detect the server?

@george1421 I updated the boot file name. Now the DHCP should be okay. From the attached image, you can see the Client PC can see the DHCP IP address, but then there’s the error of TFTP server response timeout. I still couldn’t see DHCP packets from either Wireshark or tcpdump but now the client PC can see the DHCP IP. I am not sure if it’s okay? If not, then how can I configure DHCP packets on my network?

tftpd-hpa on my server is active and running, and ufw firewall is blocked, but still cannot access TFTP from the client PC. What should I do in this case?

tftp-hpa config:

# /etc/default/tftpd-hpa
# FOG Modified version
TFTP_USERNAME="root"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS=":69"
TFTP_OPTIONS="-s"

netstat -antup | grep ":69"

udp        0      0 0.0.0.0:69              0.0.0.0:*                           739/in.tftpd
udp6       0      0 :::69                   :::*                                739/in.tftpd

@george1421 Thanks for your reply! I tried the Wireshark and I saw none of ports 67, 68, 69 or 4011 generate packets. But if I tried any other random ports then I could see some packets. So I guess like you said, maybe because the boot file name on the router setting is not correct?

We are using the Sophos router but we saw they require the full path to the boot file for the boot file name section in their instruction. So my question is, universally for FOG, the boot file name should always be a single file name, like undionly.kpxe or ipxe.efi, is that correct? If not, then how to set it up specifically on the Sophos router? Also, I saw plenty of boot files under the /tftpboot directory. So what is the best boot file that you recommend me to try?

Currently, I have restrictions to access the router settings, I may have to adjust the boot file name on Monday.

@george1421 Thanks for the reply! I only have one server, so that should be my DHCP server. I’ve set up FOG on this server. Both FOG and this server are assigned the same IP, which is the same as the one you see in the screenshot. So what should I do to verify the issue which bothers the connectivity from the Client PC to the server? Are there any further things that I should set up?

When my Client PC goes into the PXE boot, it can’t find anything, and can’t even detect any IP address (see image). I tried multiple PCs and got the same thing. But if I boot into the OS on Client PCs, they can ping the server that hosts the FOG.

I put the boot file as /tftpboot/undionly.kpxe, and I also tried /tftpboot/ipxe.efi before. I checked the tftp folder on the server that hosts the FOG, and boot files are all there! The IP for “Next-server” here is exactly the IP of the server that hosts the FOG (see image). Is there anything else that I should do on network setup since this is the most unclear part?

Ideally, when my router has DHCP boot enabled and configured, I successfully install FOG on the server with no issue, and I start the PXE boot on my Client PC, then the Client PC should get something. But I got nothing and I couldn’t find any instructions which point to this. I would appreciate it if anyone could help!