/build/static/layout/Breadcrumb_cap_w.png
06/01/2018 1160 views
I can get Legacy PXE Boot to work, but cannot get UEFI PXE Boot to work at all.  What can I do to get both working at the same time?

Here is our environment.  Central IT uses Infoblox for all our network DHCP management.  We have two subnets (A and B), with the KACE SDA (K2100s running version 5.1.84) being on one of them (let's say subnet B).  We use central IT for DHCP, instead of using the KACE SDA's built-in DHCP server.  Using Google, we've been able to have central IT configure InfoBlox so that Legacy PXE boot to the KACE SDA is working from Legacy clients in both subnets.  Our next step was to try and get UEFI PXE boot to do the same thing, at the same time.  Every attempt we've tried with UEFI PXE boot ends up with a PXE-E16 error.  Since Legacy PXE boot is fine, we know that all the TCP/UDP ports required for PXE are working fine.  For this example, I'll use 205.205.205.205 as the IP address of the KACE SDA.  The Legacy PXE clients can pull down undionly.kpxe with no problem using these settings


shared-network "subnet-a" {
    authoritative;

    subnet 205.205.204.0 netmask 255.255.255.0 {
        option routers 205.205.204.1      ;
        option subnet-mask 255.255.255.0;
        ddns-domainname = config-option domain-name;
        ddns-hostname = pick ( option fqdn.hostname,option host-name,
            concat ("dhcp-",binary-to-ascii(10,8,"-", leased-address)));
        option host-name = config-option server.ddns-hostname;

        if (substring(option
vendor-class-identifier,0,20)="PXEClient:Arch:00000") {
            # Option filter "Win-PXE-x64"
            option vendor-class-identifier "PXEClient";
            option vendor-encapsulated-options 01:04:00:00:00:00;
            server-name 205.205.205.205";
            next-server 205.205.205.205;
            filename "undionly.kpxe";
        }
    }
}


With this configuration working for Legacy PXE boot, we then started looking for info on adding UEFI PXE boot into the mix.  Using information found on these websites, we came up with a solution that theoretically made sense:

https://howdoilinux.com/2015/11/infoblox-dhcp-uefi/
https://community.infoblox.com/t5/DNS-DHCP-IPAM/UEFI-PXE-Boot/td-p/6210
https://support.quest.com/kace-systems-deployment-appliance/kb/155657/how-to-setup-infoblox-pxe-to-work-with-the-kace-systems-deployment-appliance


We then came up with this configuration that theoretically made sense:

shared-network "subnet-a" {
    authoritative;

    subnet 205.205.204.0 netmask 255.255.255.0 {
        option routers 205.205.204.1      ;
        option subnet-mask 255.255.255.0;
        ddns-domainname = config-option domain-name;
        ddns-hostname = pick ( option fqdn.hostname,option host-name,
            concat ("dhcp-",binary-to-ascii(10,8,"-", leased-address)));
        option host-name = config-option server.ddns-hostname;

        if (substring(option
vendor-class-identifier,0,20)="PXEClient:Arch:00000") {
            # Option filter "Win-PXE-x64"
            option vendor-class-identifier "PXEClient";
            option vendor-encapsulated-options 01:04:00:00:00:00;
            server-name 205.205.205.205";
            next-server 205.205.205.205;
            filename "undionly.kpxe";
        }
        elsif (substring(option
vendor-class-identifier,0,20)="PXEClient:Arch:00007") {
            # Option filter "Win-UEFI-x64"
            option vendor-encapsulated-options ff;
            option vendor-class-identifier "PXEClient";
            server-name 205.205.205.205";
            next-server 205.205.205.205;
            filename "ipxe.efi";
        }
    }
}

 

Legacy PXE boot continues to work perfectly after making these changes.  If I try to UEFI PXE boot, all I get is this message

Station IP Address is 205.205.204.99
PXE-E16: No offer received



I checked the TFTP logs on the KACE SDA, but the only entry that appears is this:

May 30 05:00:46 sog-deployments in.tftpd[15822]: tftp: client does not accept options


Am desperately looking for a solution! What is the missing puzzle piece!!!!!

Thanks


0 Comments   [ + ] Show comments

Comments


All Answers

0
"May 30 05:00:46 sog-deployments in.tftpd[15822]: tftp: client does not accept options"

Ignore this, unrelated to your issue.

TFTP log will log any iPXE forwarded from the DHCP to the appliance.

If your Legacy is working, you should see some entries  like:

RRQ from 192.168.10.2 filename undionly.kpxe

But, if you do not see a single entry with ipxe.efi, that means the KACE SDA is not getting any request for UEFI from your Infoblox DHCP.

Now PXE-E16: No offer received , does not look like an iPXE error (PXE is not iPXE, iPXE is what you are trying to use with the SDA), so.... Are you sure you don't have another Deployment tool configured in your DHCP responding to UEFI PXE attempts?

Such as Norton Ghost, MDT or Windows Deployment Services (WDS) , they don't necessary use Option 66 or 67.... or a Windows Server DHCP configured on the same network to send UEFI requests somewhere else.

Answered 06/01/2018 by: Channeler
Red Belt