Thursday, July 28, 2016

Info - PXE Boot and DHCP communications

DHCP Guide


This document describes common scenarios for implementing DHCP in relation to PXE boot with particular focus on Configuration Manager.
Assumptions and audience

Audience must familiar with basic IP networking principles.

The background

In order for a client to perform a PXE boot, there must be a DHCP service available, this is not required to be a Microsoft DHCP service. Any DHCP server is good.
The following diagram shows a typical network setup
In this case the client and the server is on the same network, which is the simplest setup you will come across, normally the setup will be more advanced, but in order to explain the basics, we will start with this simple model.

The DHCP Process

During a normal DHCP process the following happens:
  1. The client sends out a DHCP broadcast on the network
  2. The broadcast is picked up by the server
  3. The server replies with a broadcast containing the MAC address of the client and a suggested IP address
  4. The client replies back to the server, indicating that it will use the provided address

The PXE Boot process

When a client initiates a PXE boot (often by pressing a key of selecting a particular boot option during start-up) the process changes a little bit:
  1. The client sends out a DHCP broadcast on the network, with a flag stating that it needs to PXE boot
  2. The broadcast is picked up by the server
  3. The server replies with a broadcast containing the MAC address of the client and a suggested IP address
    1. If the server configuration has any information on how to PXE boot, this information is included in the reply to the client.
  4. The client replies back to the server, indicating that it will use the provided address
  5. The client then contacts the PXE boot server (is this case the same server) and requests the bootfile specified in the boot information sent back from the server
  6. The file is loaded and launched.

PXE Configuration on the DHCP server

Traditionally the PXE configuration has been made on the DHCP by setting either server or scope options, typically Option 66 and 67 are used, option 66 specifies the server to contact, 67 is the name of the file to request.
Another method of providing the boot information is to have a service listen for the DHCP request coming from the client and then send an additional reply back to the client. This is commonly known as dynamic PXE boot.

PXE booting from Configuration Manager Distribution Point

Configuration Manager provides dynamic PXE boot using the WDS service (available in Windows Server)
A typical simple setup could look like the following
The PXE server is installed on the SCCM DP (the WDS service).
Now the boot process is as follows:
  1. The client sends out a DHCP broadcast on the network, with a flag stating that it needs to PXE boot
  2. The broadcast is picked up by the server
  3. The server replies with a broadcast containing the MAC address of the client and a suggested IP address
  4. The WDS service also replies back to the client with information on how to PXE boot
  5. The client replies back to the server, indicating that it will use the provided address
  6. The client then contacts the PXE boot server (is this case the SCCM DP server) and requests the bootfile specified in the boot information sent back from the server
  7. The file is loaded and launched.
This method has the great advantage that it is dynamic and therefore it can send back information based on the type of client requesting a PXE boot, whereas a setup using options configured on the DHCP cannot.
Why is this important in this case?
A PXE boot on a BIOS based system is using one method, whereas UEFI based systems are using another, therefore the PXE server must be able to dynamically provide different information according to the client type.
Also note: For UEFI PXE boot to work correctly with SCCM DPs the underlying OS must be Windows Server 2012 R2 or later.

Additional scenarios

Given that a typical network setup today is a lot more complex than the examples given above I will go through some of these to illustrate how to successfully implement PXE boot in such environments

Multiple subnets

The common method of setting up networks today is to have multiple subnets connected by routers or switches providing router-like functionality.
A typical setup could look like the following:
In this setup the DHCP server is in one subnet, the SCCM DP in another and the client is connected to a third network.
Given that DHCP traffic is based primarily on broadcasts, and broadcasts are normally contained within a subnet (in order to control spamming of the network). As such DHCP and also PXE will not work in a setup like this.
The way to fix this is to implement IP Helpers.
IP Helpers is a function implemented in routers to allow broadcast traffic to pass between networks in a controlled manor. It is important to note that IP Helpers typically forwards a specific type of traffic to a specific target (IP address).
In the given example an IP Helper must forward DHPC requests from subnet 10.10.30.0 to 10.10.10.10 to allow the client to obtain an IP address from the DHCP server.
For PXE boot requests to be answered correctly by the SCCM DP server, an additional IP Helper must also forward the request to 10.10.20.10.
The resulting setup looks like this
Note that in the case where the DHCP Server and the SCCM DP is on the same subnet, there must still be two IP Helpers implemented as IP Helpers are directed to a specific IP Address.

Special cases: 1E Nomad with PXE Everywhere

In some scenarios special features like 1E Nomad and PXE Everywhere may be implemented, and that may change the way you should implement DHCP and PXE boot.
There are two typical setups for this approach.

Central DHCP Server

A typical setup for Nomad with PXE Everywhere would be like to following:
The DHCP Server is placed in a central location, and will provide DHCP addresses to clients, using an IP Helper. However, the PXE functionality is provided by local clients running the PXE Everywhere component. In this case there must not be an IP Helper that forwards the DHCP request to the SCCM DP, as we intend for PXE boot requests to be serviced locally. If the IP Helper was setup the client would attempt to contact the SCCM DP to PXE boot.
So but not having the additional IP Helper the DHCP request is forwarded only to the DHCP which provides an IP Address to the client, and the PXE Everywhere service will reply to the same DHCP request to provide PXE boot information.
For this to work successfully the DHCP Server should not provide any PXE information either dynamically or using static option as that will cause confusion for the client trying to PXE boot.

Local DHCP Server

In some Nomad scenarios there may not be a central DHCP server to provide IP addresses to clients. The can be done by the local router, maybe a SOHO (Small Office Home Office) router. These routers are typically not able to provide any PXE boot information, which in this case is a good thing. The client will follow the normal process to obtain an IP address and the PXE Everywhere service will reply to the DHCP with the required PXE Boot information.
The following shows a setup for this case:

Conclusion

  • Never use DHCP options, BIOS and UEFI based devices require different replies from PXE Server
  • In routed networks use IP Helpers to both the DHCP server and the PXE server
  • Do not install DHCP and PXE service on the same server unless it REALLY makes sense
  • It is safe to rely on local DHCP functionality but may require an IP Helper pointing to the PXE Server if this is not local
  • Windows Server 2012 R2 or later is required for UEFI boot to work correctly
Page source: http://blog.coretech.dk/rja/dhcp-guide/

Posted by at No comments:

Friday, April 15, 2016

OnSearchComplete - Failed to end search job. Error = 0x80244010

Problem: In SCCM 2012 SP1 clients, you see this error in  wuahandler.log
Scan does not complete and patches dont install.

Also,
OnSearchComplete - Failed to end search job. Error = 0x80244010. 

Solution:
1.Check if the WSUS Pool is not stopped.
2. Delete the Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
3. Restart ccmexec

or,

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f
net stop wuauserv
net start wuauserv
Posted by at 1 comment:

Monday, March 28, 2016

Reporting on Skype for Business with version numbers

A report can be generated with HW inventory to check SFB installations.

Skype for Business 2016 Windows Client (updated Feb 2016)
Version
Cumulative Update
KB Article
16.0
RTM
16.0.4288.1000
September, 2015 (Security)
KB2910994
16.0.4300.1001
November, 2015 (Security)
KB3085634
16.0.4312.1000
December, 2015 (Security)
KB3114372
16.0.4339.1000
February, 2016
KB3114696
-> Skype for Business / Lync 2013 Windows Client (updated Dec 2015)
Version
Cumulative Update
KB Article
15.0.4420.1017
RTM
15.0.4454.1506
February, 2013 (CU1)
http://support.microsoft.com/kb/2812461
15.0.4481.1000
March 2013 (CU2)
http://support.microsoft.com/kb/2760556
15.0.4481.1004
May 2013 (CU3)
http://support.microsoft.com/kb/2768004
15.0.4517.1504
July 2013 (CU4)
http://support.microsoft.com/kb/2817465
15.0.4535.1002
September 2013 (CU5)
http://support.microsoft.com/kb/2817630
December 2013 (Security)
http://support.microsoft.com/kb/2850057
15.0.4569.1508
March 2014 (CU6)
http://support.microsoft.com/kb/2863908
15.0.4605.1003
April 2014 (CU7)
http://support.microsoft.com/kb/2880474
15.0.4615.1001
May 2014 (CU8)
http://support.microsoft.com/kb/2880980
15.0.4623.1000
June 2014 (CU9)
http://support.microsoft.com/kb/2850074
June 2014 (Security)
http://support.microsoft.com/kb/2881013
15.0.4641.1000
August 2014 (CU10)
http://support.microsoft.com/kb/2881070
15.0.4641.1000
August 2014 (LyncHelp)
http://support.microsoft.com/kb/2881083
15.0.4641.1001
Sept 2014 (CU11)
http://support.microsoft.com/kb/2889860
15.0.4659.1000
Oct 2014 (CU12)
http://support2.microsoft.com/kb/2889929
15.0.4667.1000
Nov 2014 (CU13)
https://support.microsoft.com/kb/2899507
15.0.4693.1000
Feb 2015 (CU14)
http://support2.microsoft.com/kb/2920744
15.0.4701.1000
Mar 2015 (CU15)
https://support.microsoft.com/kb/2956174
15.0.4711.1002
April 2015 (CU16)*
KB2889923 | KB2889853
15.0.4719.1000
May 2015 (Security)
KB3039779
15.0.4727.1001
June 2015 (CU17)
KB3054791
15.0.4745.1000
August 2015 (Security)
KB3055014
15.0.4753.1000
Sept 2015 (Security)
KB3085500
15.0.4771.1000
Nov 2015 (Security)
KB3101496
15.0.4779.1000
Dec 2015
KB3039776
15.0.4797.1000
Feb 2016
KB3114732

Posted by at No comments:

Tuesday, March 22, 2016

Difference between v_R_System and v_GS_Computer_System views

While doing queries, it is confusing which view to use-v_R_System or  v_GS_Computer_System

v_R_System View is from discovery - information populated by discovery info.
v_GS_Computer_System is from hardware inventory. Information populated by received inventory of clients.

Thus v_GS_Computer_System is from WMI, v_R_System depends on the discovery.
Posted by at No comments:

Thursday, January 28, 2016

PXE Boot errors and descriptions

PXE Boot errors and descriptions

Init/Boot/Loader Codes


PXE-E00: Could not find enough free base memory. PXE BaseCode and UNDI runtime modules are copied from FLASH or upper memory into the top of free base memory between 480K (78000h) and 640K (A0000h). This memory must be zero filled by the system BIOS. If this memory is not zero filled, the relocation code in the PXE ROMs will assume that this memory is being used by the system BIOS or other boot ROMs.

PXE-E01: PCI Vendor and Device IDs do not match! This message should never be seen in a production BIOS. When the system BIOS initializes a PCI option ROM, it is supposed to pass the PCI bus/device/function numbers in the AX register. If the PCI device defined in the AX register does not match the UNDI device, this error is displayed.

PXE-E04: Error reading PCI configuration space. This message is displayed if any of the PCI BIOS calls made to read the PCI configuration space return an error code. This should not happen with a production BIOS and properly operating hardware.

PXE-E05: EEPROM checksum error. This message is displayed if the NIC EEPROM contents have been corrupted. This can happen if the system is reset or powered down when the NIC EEPROM is being reprogrammed. If this message is displayed the PXE ROM will not boot.

PXE-E06: Option ROM requires DDIM support. This message should not be seen in a production BIOS. PCI option ROMs must always be installed as DDIM option ROMs (they must be installed into read/write upper memory).

PXE-E07: PCI BIOS calls not supported. This message should not be seen in a production BIOS. PCI BIOS must have PCI BIOS services.

PXE-E08: Unexpected API error. API: xxxxh Status: xxxxh. This message is displayed if a PXE API returns a status code that is not expected by the runtime loader.

PXE-E09: Unexpected UNDI loader error. Status: xxxxh. This message is displayed if the UNDI runtime loader returns an unexpected status code.

ARP Codes


PXE-E11: ARP timeout. The PXE ROM will retry the ARP request four times, if it does not get any valid ARP replies, this message is displayed. This error can be caused by a number of network and service configuration errors. The most common are:
  • Setting the DHCP Class Identifier (option 60) on the DHCP server and installing the proxyDHCP on a separate machine.
  • Using routers that do not respond to ARP requests.

BIOS and BIS Codes


PXE-E20: BIOS extended memory copy error. AH == nn
This message is displayed if the BIOS extended memory copy service returns an error. This should not happen on a production BIOS. nn is the BIOS error code returned by the BIOS extended memory copy service (Int 15h, AH = 87h)

PXE-E21: BIS integrity check failed.
This message is displayed if the BIS image in extended memory has been corrupted.

PXE-E22: BIS image/credential validation failed.
The downloaded image and credential do not match the client key.

PXE-E23: BIS initialization failed.
BIS could not be initialized. No more data is available.

PXE-E24: BIS shutdown failed.
BIS could not be shutdown. No more data is available.

PXE-E25: BIS get boot object authorization check flag failed.
Could not determine if BIS is enabled/disabled.

PXE-E26: BIS free memory failed.
Could not release BIS allocated memory.

PXE-E27: BIS get signature information failed.
Required BIS credential type information could not be determined.

PXE-E28: BIS bad entry structure checksum.
BIS entry structure in the SM BIOS table is invalid.

TFTP/MTFTP Codes


PXE-E32: TFTP open timeout.
TFTP open request was not acknowledged. Verify that the TFTP service is running.

PXE-E35: TFTP read timeout.
Next TFTP data packet was not received.

PXE-E36: Error received from TFTP server.
A TFTP error packet was received from the TFTP server.

PXE-E38: TFTP cannot open connection.
A hardware error occurred when trying to send the TFTP open packet out.

PXE-E39: TFTP cannot read from connection.
A hardware error occurred when trying to send a TFTP acknowledge packet out.

PXE-E3A: TFTP too many packages.
This message can mean one of two things. 1 – You are trying to download a file using TFTP that is larger than the allocated buffer. 2 – You started downloading a file as a slave client using MTFTP and the file increased in size when you became the master client.

PXE-E3B: TFTP error – File not found.
The requested file was not found on the TFTP server.

PXE-E3C: TFTP error – Access violation.
The request file was found on the TFTP server. The TFTP service does not have enough access rights to open/read the file.

PXE-E3F: TFTP packet size is invalid.
The TFTP packet received is larger than 1456 bytes.
BOOTP/DHCP Codes

PXE-E51: No DHCP or proxyDHCP offers were received.
The client did not receive any valid DHCP, BOOTP or proxyDHCP offers.

PXE-E52: proxyDHCP offers were received. No DHCP offers were received.
The client did not receive any valid DHCP or BOOTP offers. The client did receive at least one valid proxyDHCP offer.

PXE-E53: No boot filename received.
The client received at least one valid DHCP/BOOTP offer, but does not have a boot filename to download.

PXE-E55: proxyDHCP service did not reply to request on port 4011.
The client issued a proxyDHCP request to the DHCP server on port 4011 and did not receive a reply.

UNDI Codes


PXE-E60: Invalid UNDI API function number.
An API being used by the BaseCode is not implemented in the UNDI ROM.

PXE-E61: Media test failed, check cable.
Most likely the cable is not plugged in or connected. Could be a bad cable, NIC or connection.

PXE-E63: Error while initializing the NIC.
An error occurred while trying to initialize the NIC hardware. Try another NIC.

PXE-E64: Error while initializing the PHY.
An error occurred while trying to initialize the PHY hardware. Try another NIC.

PXE-E65: Error while reading the configuration data.
An error occurred while reading the NIC configuration data. Try another NIC.

PXE-E66: Error while reading the initialization data.
An error occurred while reading the NIC initialization data. Try another NIC.

PXE-E67: Invalid MAC address.
The MAC address stored in this NIC is invalid. Try another NIC.

PXE-E68: Invalid EEPROM checksum.
The EEPROM checksum is invalid. The contents of the EEPROM have been corrupted. Try another NIC.

PXE-E69: Error while setting interrupt.
The interrupt hardware could not be configured. Try another NIC.

Bootstrap and Discovery Codes


PXE-E74: Bad or missing PXE menu and/or prompt information.
PXE tags were detected but the boot menu and/or boot prompt tags were not found/valid.

PXE-E76: Bad or missing multicast discovery address.
Multicast discovery is enabled but the multicast discovery address tag is missing.

PXE-E77: Bad or missing discovery server list.
Multicast and broadcast discovery are both disabled, or use server list is enabled, and the server list tag was not found/valid.

PXE-E78: Could not locate boot server.
A valid boot server reply was not received by the client.

PXE-E79: NBP is too big to fit in free base memory.
The NBP is larger than the amount of free base memory.

PXE-E7A: Client could not locate a secure server.
This message is displayed when the client did not receive any security information from the boot server and BIS is enabled on the client.

PXE-E7B: Missing MTFTP server IP address.
This message is displayed when the ROM did not receive any PXE discovery tags or proxyDHCP offers and the DHCP SIADDR field is set to 0.0.0.0.

Miscellaneous Codes


PXE-EA0: Network boot canceled by keystroke.
User pressed or during DHCP/Discovery/TFTP.
BaseCode/UNDI Loader Codes

PXE-EC1: BaseCode ROM ID structure was not found.
UNDI boot module could not find the BaseCode ROM ID structure. If there is a BaseCode ROM image in the system, it has probably been corrupted.

PXE-EC3: BaseCode ROM ID structure is invalid.
The BaseCode ROM ID structure is invalid. The BaseCode ROM image has probably been corrupted.

PXE-EC4: UNDI ROM ID structure was not found.
The BaseCode loader module could not locate the UNDI ROM ID structure.

PXE-EC5: UNDI ROM ID structure is invalid.
The UNDI ROM image has probably been corrupted.

PXE-EC6: UNDI driver image is invalid.
The UNDI ROM image has probably been corrupted.

PXE-EC8: !PXE structure was not found in UNDI driver code segment.
The UNDI ROM image has probably been corrupted, or has not been initialized by the BIOS. This error is most often caused by one of three things:
A .NIC image was programmed into a BIOS when a .LOM image should have been used.
The memory allocated by the POST Memory Manager ($PMM) during PXE option ROM initialization has been corrupted or erased before PXE option ROM boot.
The UNDI_Loader structure was not properly initialized during option ROM initialization.

PXE-EC9: PXENV+ structure was not found in UNDI driver code segment.
The UNDI ROM image has probably been corrupted, or has not been initialized by the BIOS. This error is most often caused by one of three things:
A .NIC image was programmed into a BIOS when a .LOM image should have been used.
The memory allocated by the POST Memory Manager ($PMM) during PXE option ROM initialization has been corrupted or erased before PXE option ROM boot.
The UNDI_Loader structure was not properly initialized during option ROM initialization.

For more information on troubleshooting PXE boot please see:


Original article: https://community.landesk.com/support/docs/DOC-2785


Posted by at No comments:
Subscribe to: Posts (Atom)