Syslinux - Dec 2014 - Chain-loading from WDS to PXELinux on a different tftp server

> Date: Thu, 25 Dec 2014 07:07:52 +0000
> From: Luke Ledgerd <luke.ledgerd at niteco.se>
> To: "syslinux at zytor.com" <syslinux at zytor.com>
> Subject: [syslinux] Chain-loading from WDS to PXELinux on a different
>         tftp    server
> Message-ID: <17ba7ad419d54b6cab685c2cedc3de95 at NI-MAILEX.niteco.se>
> Content-Type: text/plain; charset="us-ascii"
>
> Hey guys,
>
> We are going with WDS to fire up first to get the benefits of targeted M$
deployments. If you have the "handle unknown computers" off on your M$
Distribution point, then you can still use regular WDS which runs next as a
PXE filter (DLL linked into WDS) to fire off anything you want to including
PXELinux.
>
> The stuff I was talking about before with PXELinux not working in EFI-64
was related to the EFI Network Boot Rom trying to connect to the DHCP
server on Port 4011 (PXE server). I could have kept hacking around with
DHCP options, or forced DHCPD to listen on that port, or set up a proper
PXEServer that complies with 3.X of the PXE spec, but it wasn't required
for what we wanted in this environment so I moved on, and let WDS
workaround the problem with EFI + PXELinux I had.
>
> Question.
> 1) Can you kick off PXELinux without a Unix DHCP Server (WDS), and make
it jump to a different tftp server from WDS? That's what I'm going for.
I
want the default PATH to include the IP address of a different TFTP server
in PXE Linux.
>
> The new implementation will have to have a separate folder for EFI64,
EFI32, PXE 2.1 because that's what I think WDS demands - or at least for
whatever chainloads the PXELinux off another TFTP
server.
>
> 2) As a fallback, PXEChain as I understand requires another DHCP server
>
>
http://www.vcritical.com/2011/06/peaceful-coexistence-wds-and-linux-pxe-servers/
> http://www.syslinux.org/wiki/index.php/Common_Problems#pxechain.com-2
>
> These docs look good by they don't explain how it all plays together
with
PXELinux dual booting with EFI/Non EFI shared
configuration.
>
> Does PXEChain do everything I want? Can it even a pass configuration file
for PXELinux to start with.pxechain
>
> This looks very interesting - This Russian knows what he is doing....
> http://sysmagazine.com/posts/175669/
>
>
> I'll let you know how I go today with it. We are going for the perfect
setup where SCCM does it's thing if it needs to - else throws back to WDS
-> PXELinux for a computer not targeted for any SCCM PXE Deployment task
sequences, so it's going to be a bit different from the above
article.
>
> Why a different TFTP server? We have a NAS that is already setup and
tested and it does a good job of mounting lots of loopback ISO's and
sharing them on TFTP, even if it doesn't support MTFTP and all
that.
>
> Cheers,
>
> Luke
Luke, I have considerable experience with this.  We use WDS at work for
PXE (MS-centric shop).  I use pxelinux at home.

I've got WDS working in our test lab w/ UEFI.  As you state, it strongly
wishes to do proxyDHCP (port 4011).  More on this in a bit.

It's quite common to segregate the DHCP server from the TFTP server.
Commonly,
it's because DHCP services is maintained why one team and PXE boot by
another.

What you're desiring is somewhat obscure -- you're wanting your WDS
server
to
provide the DHCP service, while you have another server provide TFTP.

Normally, it'd be the other way around; some other server would be providing
DHCP and WDS would be providing TFTP/PXE.  I'd argue for your setup what
you really want is straight MS DHCP service (to provide DHCP).  and point it
to your NAS (for TFTP).

Except that wouldn't work for your known servers.

About proxyDHCP.  I'm loading wdsmfg.efi as the network boot program (NBP).
So some of my tested configurations do the std D-O-R-A to the DHCP server
and
then immediately do a TFTP read request from my TFTP server.  Loading the
boot\x64\wdsmgfw.efi.

However, then it does RA - RA - RA to the WDS server (proxyDHCP port 4011).
I'm convinced it's the wdsmgfw.efi that's doing this.

Here's the best config I found:
   TFTP Server Name (option 66) -- set to WDS server's IP address
   Domain Name (option 15) -- set to DNS domain
   File Name    set to boot\x64\wdsmgfw.efi
   Next Server  set to WDS server's IP address

Also, you might try this config:
   Boot File Name (option 67) -- set to boot\x64\wdsmgfw.efi
   TFTP Server Name (option 66) -- set to WDS server's IP address
   Domain Name (option 15) -- set to DNS domain
   File Name    set to boot\x64\wdsmgfw.efi
   Next Server  set to WDS server's IP address

That second config doesn't work for me, because of a bug in the EFI boot
code of my Intel and Broadcom NICs.  It interprets option 67 as
boot\x64\wdsmgfw.efi\377 .  (Don't want to re-hash this; been discussed
thoroughly in this mailing list before).

Spike White

On Fri, Dec 26, 2014 at 03:32:21PM -0600, Spike White
wrote:
> > Date: Thu, 25 Dec 2014 07:07:52 +0000
> > From: Luke Ledgerd <luke.ledgerd at niteco.se>
> >
> > Hey guys,
> >
> > We are going with WDS to fire up first to get the benefits of
> > targeted MS deployments. If you have the "handle unknown
computers"
> > off on your MS Distribution point, then you can still use regular
> > WDS which runs next as a PXE filter (DLL linked into WDS) to fire
> > off anything you want to including PXELinux.
> >
> > The stuff I was talking about before with PXELinux not working in
> > EFI-64 was related to the EFI Network Boot Rom trying to connect to
> > the DHCP server on Port 4011 (PXE server). I could have kept hacking
> > around with DHCP options, or forced DHCPD to listen on that port, or
> > set up a proper PXEServer that complies with 3.X of the PXE spec, but
> > it wasn't required for what we wanted in this environment so I
moved
> > on, and let WDS workaround the problem with EFI + PXELinux I had.
> >
> > Question.
> > 1) Can you kick off PXELinux without a Unix DHCP Server (WDS),
> > and make it jump to a different tftp server from WDS?
PXELinux is agnostic about what provided the information
to get pxelinux.cfg

> > That's what I'm
> > going for. I want the default PATH to include the IP address of a
> > different TFTP server in PXE Linux.
> >
> > The new implementation will have to have a separate folder for EFI64,
> > EFI32, PXE 2.1 because that's what I think WDS demands - or at
least
> > for whatever chainloads the PXELinux off another TFTP server.
> >
> > 2) As a fallback, PXEChain as I understand requires another DHCP
> > server
> >
> >
http://www.vcritical.com/2011/06/peaceful-coexistence-wds-and-linux-pxe-servers/
> > http://www.syslinux.org/wiki/index.php/Common_Problems#pxechain.com-2
> >
> > These docs look good by they don't explain how it all plays
together
> > with PXELinux dual booting with EFI/Non EFI shared configuration.
> >
> > Does PXEChain do everything I want? Can it even a pass configuration
> > file for PXELinux to start with.pxechain
> >
> > This looks very interesting - This Russian knows what he is doing....
> > http://sysmagazine.com/posts/175669/
Previous in this thread there was `pxechn.c32` hinted,
see http://www.syslinux.org/wiki/index.php/Pxechn.c32 for information about it.

> > I'll let you know how I go today with it. We are going for the
perfect
> > setup where SCCM does it's thing if it needs to - else throws back
> > to WDS -> PXELinux for a computer not targeted for any SCCM PXE
> > Deployment task sequences, so it's going to be a bit different
from
> > the above article.
I looking forward for the webpage that documents such setup.

> > Why a different TFTP server? We have a NAS that is already setup and
> > tested and it does a good job of mounting lots of loopback ISO's
and
> > sharing them on TFTP, even if it doesn't support MTFTP and all
that.

IMHO: Having serveral TFTP servers is fine.
IOW: There is no reason to have only one TFTP server.
> >
> > Cheers,
> > Luke
> 
> Luke, I have considerable experience with this.  We use WDS at work for
> PXE (MS-centric shop).  I use pxelinux at home.
> 
> I've got WDS working in our test lab w/ UEFI.  As you state, it
strongly
> wishes to do proxyDHCP (port 4011).  More on this in a bit.
> 
> It's quite common to segregate the DHCP server from the TFTP server.
> Commonly, it's because DHCP services is maintained why one team
> and PXE boot by another.
> 
> What you're desiring is somewhat obscure -- you're wanting your WDS
server
> to provide the DHCP service, while you have another server provide TFTP.
What I understand from the original post is
reaching a limit/restriction of a Microsoft product.

> Normally, it'd be the other way around; some other server would be
providing
> DHCP and WDS would be providing TFTP/PXE.  I'd argue for your setup
what
> you really want is straight MS DHCP service (to provide DHCP).  and point
it
> to your NAS (for TFTP).
> 
> Except that wouldn't work for your known servers.
I expect that a mixture "DHCP servers" is needed
to get beyond the limit / restriction of MSFT  WDS
to serve the mixture "(DHCP) clients".

> About proxyDHCP.  I'm loading wdsmfg.efi as the network boot program
(NBP).
> So some of my tested configurations do the std D-O-R-A to the DHCP server
> and
> then immediately do a TFTP read request from my TFTP server.  Loading the
> boot\x64\wdsmgfw.efi.
> 
> However, then it does RA - RA - RA to the WDS server (proxyDHCP port 4011).
> I'm convinced it's the wdsmgfw.efi that's doing this.
> 
> Here's the best config I found:
>    TFTP Server Name (option 66) -- set to WDS server's IP address
>    Domain Name (option 15) -- set to DNS domain
>    File Name    set to boot\x64\wdsmgfw.efi
>    Next Server  set to WDS server's IP address
> 
> Also, you might try this config:
>    Boot File Name (option 67) -- set to boot\x64\wdsmgfw.efi
>    TFTP Server Name (option 66) -- set to WDS server's IP address
>    Domain Name (option 15) -- set to DNS domain
>    File Name    set to boot\x64\wdsmgfw.efi
>    Next Server  set to WDS server's IP address
> 
> That second config doesn't work for me, because of a bug in the EFI
boot
> code of my Intel and Broadcom NICs.  It interprets option 67 as
> boot\x64\wdsmgfw.efi\377 .  (Don't want to re-hash this; been discussed
> thoroughly in this mailing list before).
Mmm, I think I missed that ...

> Spike White

Groeten
Geert Stappers
-- 
Leven en laten leven

Thanks for your email. Yes it does provide some insight into why I could hack a
Linux DHCP server into providing enough PXE boot information for PXE 3 clients
but PXE 2.1 were happy (ROMs under many circumstances need to use proxy dhcp
4011 - as documented by IBM on the link I shared earlier).

It appears only the most latest Dell business systems have EFI 64 support, and
the best you can expect from models 2-3 years old is Legacy PXE ROM and only EFI
support for booting from USB/HDD - correct me if I'm wrong.

Moving on from that we NEED to use WDS as we have chosen SCCM+WDS to do our M$
deployments.
Many people say SCCM / Windows PE is "flakey" (source
whirlpool.net.au) but orders are orders. It does automate the deployment of
masses of Microsoft workstations, provided you spend twice as long fiddling with
the task sequences etc
http://forums.whirlpool.net.au/archive/2034700

"Pity that SCCM has got pxeboot.com hard coded in SMS pe.dll (the usual MS
vision of the world, us or nothing...)"
http://reboot.pro/topic/20145-pxe-chain-sccm-2012-r2-wds/
Hence why we don't use SCCM to manage "unknown computers", but let
WDS take over.

The goal to use the other TFTP server is because it's a NAS and it's
fast. The SCCM server on Hyper-V + iscsi back to the same NAs, it's
improving year by year.

I think I'd like to ask for a feature request to allow pxechn.c32 to work
with EFI too and to have the ability for PXELinux to have a ROOT path variable
(kind of like gpxelinux.0) that can either have HTTP or TFTP urls. That would be
a very useful addition to PXELinux.

Because of this I'm going to have to move over all the work setting up a
nice PXELinux boot menu with all our support tools and goodies over to the WDS
\RemoteInstall folder and have Microsoft NTFS file system over iscsi be use
deploying everything. I would give my left arm to avoid that if I could.

Peter, your thoughts?

Cheers,

Luke

-----Original Message-----
From: Syslinux [mailto:syslinux-bounces at zytor.com] On Behalf Of Spike White
Sent: Saturday, December 27, 2014 4:32 AM
To: For discussion of Syslinux and tftp-hpa
Subject: [syslinux] Chain-loading from WDS to PXELinux on a different tftp
server

Luke, I have considerable experience with this.  We use WDS at work for PXE
(MS-centric shop).  I use pxelinux at home.

I've got WDS working in our test lab w/ UEFI.  As you state, it strongly
wishes to do proxyDHCP (port 4011).  More on this in a bit.

It's quite common to segregate the DHCP server from the TFTP server.
Commonly,
it's because DHCP services is maintained why one team and PXE boot by
another.

What you're desiring is somewhat obscure -- you're wanting your WDS
server to provide the DHCP service, while you have another server provide TFTP.

Normally, it'd be the other way around; some other server would be providing
DHCP and WDS would be providing TFTP/PXE.  I'd argue for your setup what you
really want is straight MS DHCP service (to provide DHCP).  and point it to your
NAS (for TFTP).

Except that wouldn't work for your known servers.

About proxyDHCP.  I'm loading wdsmfg.efi as the network boot program (NBP).
So some of my tested configurations do the std D-O-R-A to the DHCP server and
then immediately do a TFTP read request from my TFTP server.  Loading the
boot\x64\wdsmgfw.efi.

However, then it does RA - RA - RA to the WDS server (proxyDHCP port 4011).
I'm convinced it's the wdsmgfw.efi that's doing this.

Here's the best config I found:
   TFTP Server Name (option 66) -- set to WDS server's IP address
   Domain Name (option 15) -- set to DNS domain
   File Name    set to boot\x64\wdsmgfw.efi
   Next Server  set to WDS server's IP address

Also, you might try this config:
   Boot File Name (option 67) -- set to boot\x64\wdsmgfw.efi
   TFTP Server Name (option 66) -- set to WDS server's IP address
   Domain Name (option 15) -- set to DNS domain
   File Name    set to boot\x64\wdsmgfw.efi
   Next Server  set to WDS server's IP address

That second config doesn't work for me, because of a bug in the EFI boot
code of my Intel and Broadcom NICs.  It interprets option 67 as
boot\x64\wdsmgfw.efi\377 .  (Don't want to re-hash this; been discussed
thoroughly in this mailing list before).

Spike White
_______________________________________________
Syslinux mailing list
Submissions to Syslinux at zytor.com
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux

Spike White, Sent: Saturday, December 27, 2014 4:32 AM
> 
> Luke, I have considerable experience with this.  We use WDS at work
> for PXE (MS-centric shop).  I use pxelinux at home.
> 
> I've got WDS working in our test lab w/ UEFI.  As you state, it
strongly
> wishes to do proxyDHCP (port 4011).  More on this in a bit.
> 
> It's quite common to segregate the DHCP server from the TFTP
> server. Commonly, it's because DHCP services is maintained why one
> team and PXE boot by another.
> 
> What you're desiring is somewhat obscure -- you're wanting your WDS
> server to provide the DHCP service, while you have another server
> provide TFTP.
> 
> Normally, it'd be the other way around; some other server would be
> providing DHCP and WDS would be providing TFTP/PXE.  I'd argue for
> your setup what you really want is straight MS DHCP service (to
> provide DHCP).  and point it to your NAS (for TFTP).
> 
> Except that wouldn't work for your known servers.
> 
> About proxyDHCP. I'm loading wdsmfg.efi as the network boot program
> (NBP).  So some of my tested configurations do the std D-O-R-A to
> the DHCP server and then immediately do a TFTP read request from my
> TFTP server.  Loading the boot\x64\wdsmgfw.efi.
> 
> However, then it does RA - RA - RA to the WDS server (proxyDHCP
> port 4011).  I'm convinced it's the wdsmgfw.efi that's doing
this.
> 
> Here's the best config I found:
>    TFTP Server Name (option 66) -- set to WDS server's IP address
>    Domain Name (option 15) -- set to DNS domain
>    File Name    set to boot\x64\wdsmgfw.efi
>    Next Server  set to WDS server's IP address
> 
> Also, you might try this config:
>    Boot File Name (option 67) -- set to boot\x64\wdsmgfw.efi
>    TFTP Server Name (option 66) -- set to WDS server's IP address
>    Domain Name (option 15) -- set to DNS domain
>    File Name    set to boot\x64\wdsmgfw.efi
>    Next Server  set to WDS server's IP address
> 
> That second config doesn't work for me, because of a bug in the EFI
> boot code of my Intel and Broadcom NICs.  It interprets option 67 as
> boot\x64\wdsmgfw.efi\377 .  (Don't want to re-hash this; been discussed
> thoroughly in this mailing list before).
> 
Thanks for your email. Yes it does provide some insight into why I could
hack a Linux DHCP server into providing enough PXE boot information
for PXE 3 clients but PXE 2.1 were happy (ROMs under many circumstances
need to use proxy dhcp 4011 - as documented by IBM on the link I shared
earlier).

It appears only the most latest Dell business systems have EFI 64 support,
and the best you can expect from models 2-3 years old is Legacy PXE ROM
and only EFI support for booting from USB/HDD - correct me if I'm wrong.

Moving on from that we NEED to use WDS as we have chosen SCCM+WDS to do
our MSFT deployments.
Many people say SCCM / Windows PE is "flakey" (source
whirlpool.net.au)
but orders are orders. It does automate the deployment of masses of
Microsoft workstations, provided you spend twice as long fiddling with
the task sequences etc http://forums.whirlpool.net.au/archive/2034700

"Pity that SCCM has got pxeboot.com hard coded in SMS pe.dll (the usual
MSFT vision of the world, us or nothing...)"
http://reboot.pro/topic/20145-pxe-chain-sccm-2012-r2-wds/
Hence why we don't use SCCM to manage "unknown computers",
but let WDS take over.

The goal to use the other TFTP server is because it's a NAS and it's
fast. The SCCM server on Hyper-V + iscsi back to the same NAS, it's
improving year by year.

I think I'd like to ask for a feature request to allow pxechn.c32 to
work with EFI too and to have the ability for PXELinux to have a ROOT
path variable (kind of like gpxelinux.0) that can either have HTTP or
TFTP urls. That would be a very useful addition to PXELinux.

Because of this I'm going to have to move over all the work setting up a
nice PXELinux boot menu with all our support tools and goodies over to
the WDS \RemoteInstall folder and have Microsoft NTFS file system over
iscsi be use deploying everything. I would give my left arm to avoid
that if I could.

Peter, your thoughts?

Cheers,

Luke