Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ipxe -> symantec pxe chain
2019-05-07, 11:21 (This post was last modified: 2019-05-07 12:22 by wdriever.)
Post: #1
ipxe -> symantec pxe chain
Hallo all,

Could someone help me with the following?:

We boot our clients using ipxe, users get a menu to boot from.
One of the options is Altiris(symantec).

We chainload using the following command:
chain tftp://192.168.200.28/BSTrap/x86pc/BStrap.0, this works in BIOS.

For UEFI we use:
chain tftp://192.168.200.28/BTrap/X64/BStrap.efi

This give us the error:
Proxy offer not received Failed to initialize application
PXE-E16: No offer received.

If i leave out ipxe and directly boot Symantec via pxe in UEFI, it works after setting option 60 PXEClient.

Using wireshark without ipxe i see that symantec does a ProxyDHCP, some this does not work from ipxe.

Could someone help me with this i have tried a lot of things but i am not able to resolve it?

Thank you
Wietse

screenshot:
https://paste.pics/df00529da7cd222af435f9079762cd17
Find all posts by this user
Quote this message in a reply
2019-05-07, 13:33
Post: #2
RE: ipxe -> symantec pxe chain
iPXE does not start payloads with the same base endpoint as the standard EFI pxe stack.
The rationale being that bootloaders, such as BStrap.efi in this case, is to stupid,
iPXE is much better at loading data from http or other places, while the BStrap.efi here probably will try to load files over slow TFTP instead.

I would suggest that the real files and efi executable is loaded by iPXE instead, and then chained into, instead of using their loader.

You might be able to use EFI downgrade as described in http://git.ipxe.org/ipxe.git/commitdiff/a15c0d7

Read FAQ before first post!
Are relevant ipxe.org error urls and PCIIDs included?
Visit this user's website Find all posts by this user
Quote this message in a reply
2019-05-07, 14:42
Post: #3
RE: ipxe -> symantec pxe chain
Hi,

Thank you for your response.
I have created an ipxe.efi with EFI_DOWNGRADE_UX.

The error is gone, but now i receive the following error:
https://paste.pics/4760bf5efd3eff357e37c591ec9a0f66

I have tried multiple ways to set the filename from the command line.

Is this also fixable?

Wietse
Find all posts by this user
Quote this message in a reply
2019-05-07, 19:38
Post: #4
RE: ipxe -> symantec pxe chain
(2019-05-07 14:42)wdriever Wrote:  The error is gone, but now i receive the following error:
https://paste.pics/4760bf5efd3eff357e37c591ec9a0f66

Any chance you could post the error in text instead?
Have you read the ipxe.org url that is shown?

Read FAQ before first post!
Are relevant ipxe.org error urls and PCIIDs included?
Visit this user's website Find all posts by this user
Quote this message in a reply
2019-05-08, 07:19
Post: #5
RE: ipxe -> symantec pxe chain
Hi NiKiZe,

yes i did read the page from the url

"
Try using the latest version of iPXE. Your problem may have already been fixed.
You can contact the iPXE developers and other iPXE users.
Refresh this page after 24 hours. This page is actively monitored, and further information may be added soon.
"

I do use the lastest binary build with rom-o-matic.

PXE-E53: no boot filename received. There are a lot of topics on the internet about this but everything i try results in the same error.

Any additional tips would be appreciated.

Thank you.
Find all posts by this user
Quote this message in a reply
2019-05-08, 07:28
Post: #6
RE: ipxe -> symantec pxe chain
PXE-E53 is not an iPXE error and does not have an ipxe.org error url Wink
Seems to come from Symantec, but it simple dosen't get a boot filename, probably not seen in the cached DHCP packet
I would have understood that if it was in legacy PCBIOS, but would not expect it in EFI - you should contact Symantec about this and ask them what is the correct way to boot it from iPXE in EFI land from http without using TFTP, you can also mention this post and that the community is available for question and assistance, here on the forum, on the mailing list, and on IRC.

the iPXE error we are seeing are: Could not boot: http://ipxe.org/7f04828e
This is simply the EFI binary returning to iPXE with return code 8e

Read FAQ before first post!
Are relevant ipxe.org error urls and PCIIDs included?
Visit this user's website Find all posts by this user
Quote this message in a reply
2019-05-08, 10:46 (This post was last modified: 2019-05-08 11:16 by wdriever.)
Post: #7
RE: ipxe -> symantec pxe chain
Hi NiKiZe,

Thank you, i will continue my quest with symantec support and let you when i need further assistence.


symantec thread:
https://www.symantec.com/connect/forums/...ec_product
Find all posts by this user
Quote this message in a reply
2019-05-09, 11:11 (This post was last modified: 2019-05-09 11:17 by wdriever.)
Post: #8
RE: ipxe -> symantec pxe chain
Hi NiKiZe,

We are awaiting for a response from symantec.

Could you please help me understand a bit what could be within the symantec loader?
It is clearly to simple to think that ipxe is not passing all the dhcp properties to the symantec bootloader?

The same situatuation works in bios:
bios pxeboot->ipxe->symantec

Thanks
Find all posts by this user
Quote this message in a reply
2019-05-10, 18:30
Post: #9
RE: ipxe -> symantec pxe chain
I would never say that anything is "the same" between legacy PCBIOS and EFI, it is so much that is different on so many levels.
What is Symantec actually booting?
Maybe it is just Linux?

If so than in EFI it might be shim->grub->kernel, in that case just do iPXE->kernel instead
In pcbios mode maybe it is pxelinux instead

You might want to take a look on the server and see if you can find configuration files, textfiles, or anything else in the files that tells you what it actually is.
Is there any place where these files can be downloaded? maybe as a demo or something?

Read FAQ before first post!
Are relevant ipxe.org error urls and PCIIDs included?
Visit this user's website Find all posts by this user
Quote this message in a reply
2019-05-14, 09:42 (This post was last modified: 2019-05-14 09:47 by wdriever.)
Post: #10
RE: ipxe -> symantec pxe chain
Hi Nikize,

I did look at the server, there are wimboot files etc. But the before these are loaded altiris checks the server jobqueue to see if there is a install job in the queue(you can also press f8 for boot options). If there is no queue it will localboot, if there is a job it will load a boot.wim with an install environment.

Can i send you files privately? i have wireshark caps for a working and non-working situation, there is a clear difference in the caps(bootp and tftp). I can also send you the bootstrap file.
Find all posts by this user
Quote this message in a reply
2019-05-14, 10:20
Post: #11
RE: ipxe -> symantec pxe chain
In that case, just skip the bootloader, and start the boot.wim with wimboot directly instead?

Read FAQ before first post!
Are relevant ipxe.org error urls and PCIIDs included?
Visit this user's website Find all posts by this user
Quote this message in a reply
2019-05-14, 10:26
Post: #12
RE: ipxe -> symantec pxe chain
Hi,

This is not possible, altiris wakes machines by wake on lan. If we would use wimboot as the first boot option machines would enter a install/boot loop. We have thousands of machines that get reinstalled often. We cannot manually boot them and select the install environment as we have also multiple locations.
Find all posts by this user
Quote this message in a reply
2019-05-15, 20:51
Post: #13
RE: ipxe -> symantec pxe chain
you use ipxe, to call wimboot created by ipxe devs, just the same way as you select the symantec option in your menu

Read FAQ before first post!
Are relevant ipxe.org error urls and PCIIDs included?
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)