Client Management Suite

Hi all,

I've been trying to deploy iPXE (ITMS 8.1 RU7) and have run into the following issue on my Windows Server 2008 R2 test site server: there is no servername in the URL to GetPxeScript.aspx (!!) (pic 1)

After running through the troubleshooting guide at https://support.symantec.com/en_US/article.TECH250831.html, Step 2.A.2.4, calling http://localhost:4433/iPXE/GetPxeScript.aspx) shows an error:
Could not load type 'Altiris.Deployment.Web.Services.GetPxeScript'.

I can see the site in IIS and the \bin directory does contain a Symantec.Deployment.Web.Services.dll, which I assume contains GetPxeScript.aspx.cs as referenced in the codebehind property of the ASP header tag.

If I add the missing servername, the URL resolves to a page of text with http references to various boot objects. For example:

http://${next-server}:4433/altiris/images/WinPE_iPXE/x64/pxeset.ini pxeset.ini initrd -n boot.wim

My guess is the unloaded ASP component is supposed to populate the ${next-server} value. I did check web.config,and the module reference is in place:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <location path="Altiris/Images">
        <system.webServer>
            <staticContent>
                <mimeMap fileExtension="." mimeType="application/octet-stream" />
                <mimeMap fileExtension=".*" mimeType="application/octet-stream" />
            </staticContent>
        </system.webServer>
    </location>
    <system.webServer>
        <modules>
            <add name="Altiris.Deployment.Web.Services.GetPxeScript" type="Symantec.Deployment.Web.Services" />
        </modules>
    </system.webServer>
</configuration>

That's where my diagnostics stopped. Happy to take any suggestions, advice, or solutions!

DMcG

Hi,

same here. I have a ticket open for a wile now, but no solution yet.

So far, everything I tried did not change anything:

 - Different Tower and Laptop models

 - Virtual Machines

 - Reinstalling SBS on Site Server

mafoe

Thanks mafoe, glad I'm not the only one.

Could we get someone from Symantec to confirm iPXE software requirements (like .NET versions)?

Encountered same issue today.

For the GetScript.aspx issue I had to restart the iPXE website via IIS, convert subfolder iPXE to an application and assign everything to SBSAppPool application pool.

The empty servername could be related to DHCP option 060 which was set to a specific value (other then PXEClient).
I have to wait till next week when the DHCP option will be removed from the DHCP scope before I can test again.

WireShark capture revealed that my computers are sending the value configured in option 060 and this is most likely causing confusement for iPXE.

Thanks LCode. I've gone through the IIS config as you've suggested, which seems to have addressed the missing codebehind when browsing the .aspx locally on the site server (a sanitsed copy of the browse result's source is in the codebox below). However, the client's iPXE session still attempts to hit a URL which does not include a server name, as per my earlier screenshot. A cursory examination of the below code would indicate ${next-server} is returning a null value.

For completeness, I should mention: we are using DHCP policies on Windows Server 2012 R2 to handle BIOS- and UEFI-mode PXE clients, so I'll also be investigating that configuration in coming days. I have another post on Symantec Connect about UEFI clients presenting "no offer received" messages on PXE boot - will be interersting to revisit and determine if that's related, but I believe my colleagues narrowed it down to a network configuration issue. If I can secure time on one of our remote, non-DHCP policy, servers, I'll run a few more tests to compare behaviour. Traditional TFTP-based PXE boot to WinPE continues to work perfectly.

DMcG

#!ipxe
menu Please select a PXE menu option to manually boot.
item --key 0 Local Local Disk/Next Device
item --key 1 Boot1 STDPXE x64
item --key 2 Boot2 STDPXE.dev x64
item --key 3 Boot3 EXT_iPXE x64
choose --default Local --timeout 10000 selection && goto ${selection}

:Boot1
kernel                    http://${next-server}:4433/altiris/images/wimboot/wimboot64 rawwim
initrd -n bootmgr.exe 	http://${next-server}:4433/altiris/images/STDPXE/x64/bootmgr.exe				bootmgr.exe	||
initrd -n bootmgfw.efi		http://${next-server}:4433/altiris/images/STDPXE/x64/bootmgfw.efi				bootmgfw.efi ||
initrd -n bootx64.efi		http://${next-server}:4433/altiris/images/STDPXE/x64/bootx64.efi				bootx64.efi ||
initrd -n bootia32.efi	http://${next-server}:4433/altiris/images/STDPXE/x64/bootia32.efi				bootia32.efi ||
initrd -n wgl4_boot.ttf	http://${next-server}:4433/Altiris/images/STDPXE/x64/boot/fonts/wgl4_boot.ttf	wgl4_boot.ttf
initrd -n bcd				http://${next-server}:4433/altiris/images/STDPXE/x64/boot/bcd					bcd
initrd -n pxeboot.bcd		http://${next-server}:4433/altiris/images/STDPXE/x64/pxeboot.bcd			pxeboot.bcd
initrd -n boot.sdi		http://${next-server}:4433/altiris/images/STDPXE/x64/boot/boot.sdi				boot.sdi
initrd -n pxeset.ini		http://${next-server}:4433/altiris/images/STDPXE/x64/pxeset.ini				pxeset.ini
initrd -n boot.wim		http://${next-server}:4433/altiris/images/STDPXE/x64/sources/boot.wim			boot.wim
boot

:Boot2
kernel                    http://${next-server}:4433/altiris/images/wimboot/wimboot64 rawwim
initrd -n bootmgr.exe 	http://${next-server}:4433/altiris/images/STDPXE.dev/x64/bootmgr.exe				bootmgr.exe	||
initrd -n bootmgfw.efi		http://${next-server}:4433/altiris/images/STDPXE.dev/x64/bootmgfw.efi				bootmgfw.efi ||
initrd -n bootx64.efi		http://${next-server}:4433/altiris/images/STDPXE.dev/x64/bootx64.efi				bootx64.efi ||
initrd -n bootia32.efi	http://${next-server}:4433/altiris/images/STDPXE.dev/x64/bootia32.efi				bootia32.efi ||
initrd -n wgl4_boot.ttf	http://${next-server}:4433/Altiris/images/STDPXE.dev/x64/boot/fonts/wgl4_boot.ttf	wgl4_boot.ttf
initrd -n bcd				http://${next-server}:4433/altiris/images/STDPXE.dev/x64/boot/bcd					bcd
initrd -n pxeboot.bcd		http://${next-server}:4433/altiris/images/STDPXE.dev/x64/pxeboot.bcd			pxeboot.bcd
initrd -n boot.sdi		http://${next-server}:4433/altiris/images/STDPXE.dev/x64/boot/boot.sdi				boot.sdi
initrd -n pxeset.ini		http://${next-server}:4433/altiris/images/STDPXE.dev/x64/pxeset.ini				pxeset.ini
initrd -n boot.wim		http://${next-server}:4433/altiris/images/STDPXE.dev/x64/sources/boot.wim			boot.wim
boot

:Boot3
kernel                    http://${next-server}:4433/altiris/images/wimboot/wimboot64 rawwim
initrd -n bootmgr.exe 	http://${next-server}:4433/altiris/images/EXT_iPXE/x64/bootmgr.exe				bootmgr.exe	||
initrd -n bootmgfw.efi		http://${next-server}:4433/altiris/images/EXT_iPXE/x64/bootmgfw.efi				bootmgfw.efi ||
initrd -n bootx64.efi		http://${next-server}:4433/altiris/images/EXT_iPXE/x64/bootx64.efi				bootx64.efi ||
initrd -n bootia32.efi	http://${next-server}:4433/altiris/images/EXT_iPXE/x64/bootia32.efi				bootia32.efi ||
initrd -n wgl4_boot.ttf	http://${next-server}:4433/Altiris/images/EXT_iPXE/x64/boot/fonts/wgl4_boot.ttf	wgl4_boot.ttf
initrd -n bcd				http://${next-server}:4433/altiris/images/EXT_iPXE/x64/boot/bcd					bcd
initrd -n pxeboot.bcd		http://${next-server}:4433/altiris/images/EXT_iPXE/x64/pxeboot.bcd			pxeboot.bcd
initrd -n boot.sdi		http://${next-server}:4433/altiris/images/EXT_iPXE/x64/boot/boot.sdi				boot.sdi
initrd -n pxeset.ini		http://${next-server}:4433/altiris/images/EXT_iPXE/x64/pxeset.ini				pxeset.ini
initrd -n boot.wim		http://${next-server}:4433/altiris/images/EXT_iPXE/x64/sources/boot.wim			boot.wim
boot

:Local
echo done

Hi all,

Spent most of today on this problem and I'm thrilled to say we've sorted out the UEFI-specific issue. An iPXE bootstrap is now booting into our WinPE session in mere seconds. Will post a write-up in the next day or two. 

EDIT: we've also found a workaround to a DHCP issue preventing BIOS-mode systems from loading the iPXE bootstrap. Answers coming soon.

So here's a run-down of what we did to get this going in our development environment (using Microsoft DHCP services on Windows Server 2012 R2):

For BIOS-mode PXE boot, we had to confirm that DHCP options 43, 60, 66, and 67 were populating correctly in the DHCP configuration, and that configuration is being received by clients. Our first problem was here - server-based DHCP options were being overridden by scope-targeted options (as we found out). We:

• installed Wireshark and VirtualBox on a host machine,
• created a test VM in VirtualBox with networking set to Bridged,
• started a packet capture on the host, then,
• booted the VM.

The log file revealed DHCP options 43 and 67 were being received by the client, but not 60 or 66. Once that was sorted, flat BIOS-mode PXE with TFTP was available in the environment. A solid starting point.

Next we looked at iPXE.

Our test NBS/package server (also Server 2012 R2) was missing a few IIS components, so we (very hastily) threw together a script which enabled all the features:

dism /online /norestart /enable-feature /featurename:"NetFx4Extended-ASPNET45"
dism /online /norestart /enable-feature /featurename:"IIS-ASPNET45" /all
dism /online /norestart /enable-feature /featurename:"IIS-NetFxExtensibility" /all
dism /online /norestart /enable-feature /featurename:"IIS-WebServerRole"
dism /online /norestart /enable-feature /featurename:"IIS-ISAPIExtensions"
dism /online /norestart /enable-feature /featurename:"IIS-ISAPIFilter"
dism /online /norestart /enable-feature /featurename:"IIS-ASPNET"
dism /online /norestart /enable-feature /featurename:"IIS-WindowsAuthentication"
dism /online /norestart /enable-feature /featurename:"IIS-ManagementConsole"
dism /online /norestart /enable-feature /featurename:"IIS-IIS6ManagementCompatibility"
dism /online /norestart /enable-feature /featurename:"IIS-Metabase"
dism /online /norestart /enable-feature /featurename:"IIS-ASP"
dism /online /norestart /enable-feature /featurename:"IIS-WMICompatibility"
dism /online /norestart /enable-feature /featurename:"IIS-LegacySnapIn"
dism /online /norestart /enable-feature /featurename:"IIS-LegacyScripts"

On the next Altiris policy refresh, the package server began offering files via both UNC and HTTP, as expected, but no iPXE virtual directory was visible (as per LCode's post above), even after the Deployment Package Server Components - Install policy had executed successfully. We ended up having to pull NBS from the server entirely (Altiris Console --> Settings --> All Settings --> Notification Server --> Site Server Settings --> Site Servers --> [Server] --> Install/remove Services --> Uncheck Network Boot Service --> Next --> OK) and redeploy.

Once NBS had reinstalled - and after a bit of a wait - the iPXE site eventually showed up under Sites in IIS. We fired up our VM and, hey presto, both our original and iPXE boot images were listed - and better still, they were both functional. Once the excitement wore off, we moved onto the next part...

Parallel UEFI- and BIOS-mode PXE booting

Our latest batch of PCs do not support "legacy" (BIOS) PXE boot options, so we've now been forced into pushing forward with UEFI-mode PXE. This is where we came unstuck, but eventually worked it out.

Starting with this fantastic walkthrough (skip to the Server 2012 section), we created and populated the Vendor Classes for...

• PXEClient:Arch:00000
• PXEClient:Arch:00006
• PXEClient:Arch:00007
• PXEClient:Arch:00009

....and created the associated DHCP policies. Two points of note from our tests:

• DHCP Option 43 should only be configured in the policy targeting PXEClient:Arch:00000. Adding Option 43 to the other policies targeting UEFI devices interfered with (read: broke) the client's ability to secure a DHCP lease.
• DHCP Policy processing order matters!!! Our inital DHCP policy sequence was originally configured to detect Arch:00000 first, then pass through Arch:00006, Arch:00007, and Arch:00009 (processing orders 1 through 4) - but for whatever reason, this prevented subsequent Arch:0000x types from securing a lease, so we moved Arch:00000 to the end of the policy list and, in the policy Conditions tab, changed the Vendor Class condition from Equals to Not Equals, then omitted each of the three other PXEClient:Arch:0000x options. (Pics below.) This worked.

Once this was in place, we were able to boot both BIOS- and UEFI-mode devices into PXE and then into WinPE, both via either the usual TFTP, or HTTP via the new iPXE bootstrap image.

Needless to say, we were well chuffed with the result and happy to put the episode behind us.

Addendum: I've since scripted the above operation in Powershell (for Windows Server 2012 R2), which automates the creation and configuration of relevant DHCP policies, options, associations, parameters, etc. It could do with a some commenting and a bit of tidying up but I'm happy to post it if there's any interest.

We've also noticed clients are a little slower to secure IP leases, presumably because our DHCP server is now iterating through a list of possible options whenever a request is made. (It's not a huge difference, but noticeable to those of us who operate from a place of panicked impatience.)

Aside from that, the entire setup works well. Big thanks to everyone who's provided input or advice - hopefully this guide helps others experiencing similar issues. (I might edit this post in coming days to add more screenshots or clarify the wording.)

Cheers

DMcG

yeah, please share the Powershellscript =)