locked
Legacy PXE fine - UEFI not RRS feed

  • Question

  • Hi All,

    We've had pxe booting both legacy and UEFI without any issues until very recently. I re-imaged 160 laptops via UEFI without any issue. However just recently I can no longer boot UEFI (Legacy still works fine). We have a pretty straight forward setup. Servers and clients on same subnet. DHCP server on separate server to ConfigMgr. DHCP pointing to wdsnbp.com on ConfigMgr server.

    We just had a AV patch/update on our DHCP server recently so I think it may be to do with that but not sure. No AV on the ConfigMgr server at this time.

    Any clues?

    smspxe.log looks pretty ordinary - but noticed the log has been archived, and new smspxe.log created around the time that things started going haywire.

    Thanks,

    Michael

    Sunday, February 10, 2019 2:55 AM

Answers

All replies

  • Check this:

    https://www.youtube.com/watch?v=-qsA27m66go


    Windows IT MVP 2015 /2016 www.PelegIT.co.il Thank you!

    Sunday, February 10, 2019 1:15 PM
  • What exactly are your DHCP scope options pointed to? Is there a reason that you aren't using iphelpers?

    See https://techcommunity.microsoft.com/t5/Configuration-Manager-Blog/You-want-to-PXE-Boot-Don-t-use-DHCP-Options/ba-p/275562


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, February 11, 2019 12:39 AM
  • Hello Michael,
     
    Do not know how you configure your DHCP option, however, check the following article to see if it could help you.
     
    Using DHCP to Boot WDS to BIOS & UEFI with SCCM
    https://sccmcanuck.wordpress.com/2017/03/18/using-dhcp-to-boot-wds-to-bios-uefi-with-sccm/
     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray

    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 11, 2019 5:42 AM
  • I've looked at all the solutions provided to me in this thread, but I'm confused as to how there any explanation of how something could be working fine (as I said, I imaged over 160 laptops via UEFI) then not working.

    I have another site setup using the wdsnbp.com scope option that's working fine when PXE booting via UEFI. (These sites are essentially identical)

    I've tried setting the DHCP scope to bootmgfw.efi or wdsmgfw.efi to see if that worked but no success. The server and clients are all on the same subnet so didn't think IP helpers were necessary.

    I understand how different DHCP policies would be the correct way to set this up, but I'm not sure how it's the cause in this situation

    It's almost like the WDS files are corrupt maybe, however I'm not sure how to verify the health of those files.

    I enabled WDS debugging and I am getting 32771 and 24579 errors when attempting to PXE boot via UEFI



    Monday, February 18, 2019 11:20 AM
  • If the clients and PXE server are on the same VLAN, then you shouldn't use DHCP scope options either. Try removing those completely and seeing if the systems can PXE boot. If not, then you definitely need to move on to troubleshooting WDS itself which would start with the smspxe.log on the PXE enabled DP.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, February 18, 2019 4:20 PM
  • I've removed the DHCP scope options 66 & 67. I noticed that when trying to PXE UEFI boot it hangs now rather that quickly proceeding past.

     The SMSPXE log looks quite similar. I get the following:

    Prioritizing local MP http://CM01.ed.local. SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Client lookup reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="0" ServerName=""><Machine><ClientID/><NetbiosName/></Machine></Identification></ClientIDReply>
    SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    12:34:45:67:89:AB, 4C4C4544-0050-3810-8048-B4C04F325032: device is not in the database. SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Getting boot action for unknown machine: item key: 2046820353 SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Prioritizing local MP http://CM01.ed.local. SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Request using architecture 9. SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Client boot action reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID>0962c7bd-69ab-472f-9f9b-3129f9a0cf63</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="ED0200B7" OfferIDTime="22/11/2018 11:58:00 AM" PkgID="ED000039" PackageVersion="" PackagePath="http://CM01.ed.local/SMS_DP_SMSPKG$/ED000005" BootImageID="ED000005" Mandatory="0"/></ClientIDReply>
    SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    12:34:45:67:89:AB, 4C4C4544-0050-3810-8048-B4C04F325032: found optional advertisement ED0200B7 SMSPXE 19/02/2019 6:40:01 PM 6092 (0x17CC)
    Getting boot action for unknown machine: item key: 2046820353 SMSPXE 19/02/2019 6:40:04 PM 6092 (0x17CC)
    Prioritizing local MP http://CM01.ed.local. SMSPXE 19/02/2019 6:40:04 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:04 PM 6092 (0x17CC)
    Request using architecture 9. SMSPXE 19/02/2019 6:40:04 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:04 PM 6092 (0x17CC)
    Client boot action reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID>0962c7bd-69ab-472f-9f9b-3129f9a0cf63</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="ED0200B7" OfferIDTime="22/11/2018 11:58:00 AM" PkgID="ED000039" PackageVersion="" PackagePath="http://CM01.ed.local/SMS_DP_SMSPKG$/ED000005" BootImageID="ED000005" Mandatory="0"/></ClientIDReply>
    SMSPXE 19/02/2019 6:40:04 PM 6092 (0x17CC)
    12:34:45:67:89:AB, 4C4C4544-0050-3810-8048-B4C04F325032: found optional advertisement ED0200B7 SMSPXE 19/02/2019 6:40:04 PM 6092 (0x17CC)
    Getting boot action for unknown machine: item key: 2046820353 SMSPXE 19/02/2019 6:40:12 PM 6092 (0x17CC)
    Prioritizing local MP http://CM01.ed.local. SMSPXE 19/02/2019 6:40:12 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:12 PM 6092 (0x17CC)
    Request using architecture 9. SMSPXE 19/02/2019 6:40:12 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:12 PM 6092 (0x17CC)
    Client boot action reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID>0962c7bd-69ab-472f-9f9b-3129f9a0cf63</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="ED0200B7" OfferIDTime="22/11/2018 11:58:00 AM" PkgID="ED000039" PackageVersion="" PackagePath="http://CM01.ed.local/SMS_DP_SMSPKG$/ED000005" BootImageID="ED000005" Mandatory="0"/></ClientIDReply>
    SMSPXE 19/02/2019 6:40:12 PM 6092 (0x17CC)
    12:34:45:67:89:AB, 4C4C4544-0050-3810-8048-B4C04F325032: found optional advertisement ED0200B7 SMSPXE 19/02/2019 6:40:12 PM 6092 (0x17CC)
    Getting boot action for unknown machine: item key: 2046820353 SMSPXE 19/02/2019 6:40:28 PM 6092 (0x17CC)
    Prioritizing local MP http://CM01.ed.local. SMSPXE 19/02/2019 6:40:28 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:28 PM 6092 (0x17CC)
    Request using architecture 9. SMSPXE 19/02/2019 6:40:28 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 19/02/2019 6:40:28 PM 6092 (0x17CC)
    Client boot action reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID>0962c7bd-69ab-472f-9f9b-3129f9a0cf63</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="ED0200B7" OfferIDTime="22/11/2018 11:58:00 AM" PkgID="ED000039" PackageVersion="" PackagePath="http://CM01.ed.local/SMS_DP_SMSPKG$/ED000005" BootImageID="ED000005" Mandatory="0"/></ClientIDReply>
    SMSPXE 19/02/2019 6:40:28 PM 6092 (0x17CC)
    12:34:45:67:89:AB, 4C4C4544-0050-3810-8048-B4C04F325032: found optional advertisement ED0200B7 SMSPXE 19/02/2019 6:40:28 PM 6092 (0x17CC)

    The debug log under "Deployment-Services-Diagnostics" shows quite a number of 24579 & 32771 error codes

    Thanks,

    Michael


    Tuesday, February 19, 2019 8:29 AM
  • "hangs" as in never proceeds, or simply takes more time?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, February 19, 2019 3:30 PM
  • Sorry for the delay. I've been using bootable stand-alone media to get by this issue temporarily. So what I meant "hangs" is - after selecting boot PXE IPV4 via UEFI it says on the screen "start IPv4 via PXE" on the screen till eventually (after a good 45 seconds or so) it goes on to the next boot device. And Legacy PXE still boots OK Thanks, Michael
    Friday, March 22, 2019 12:18 AM
  • That means either the PXE enabled DP never sees the PXE request or chooses to ignore it.

    Is the above smspxe.log still representative of what's currently shown in the log when you try to PXE boot a system?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, March 22, 2019 9:01 PM
  • So after PXE Booting via UEFI just a moment ago, the following was shown in SMSPXE.log. It looks the same to me. 

    Prioritizing local MP http://CM01.ed.local. SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Client lookup reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="0" ServerName=""><Machine><ClientID/><NetbiosName/></Machine></Identification></ClientIDReply>
     SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    AA:BB:CC:DD:EE:FF, 4C4C4544-0057-4610-804A-CAC04F325032: device is not in the database. SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Getting boot action for unknown machine: item key: 2046820353 SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Prioritizing local MP http://CM01.ed.local. SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Request using architecture 9. SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Client boot action reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID>0962c7bd-69ab-472f-9f9b-3129f9a0cf63</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="ED0200B7" OfferIDTime="22/11/2018 11:58:00 AM" PkgID="ED000039" PackageVersion="" PackagePath="http://CM01.ed.local/SMS_DP_SMSPKG$/ED000005" BootImageID="ED000005" Mandatory="0"/></ClientIDReply>
     SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    AA:BB:CC:DD:EE:FF, 4C4C4544-0057-4610-804A-CAC04F325032: found optional advertisement ED0200B7 SMSPXE 28/03/2019 1:25:00 PM 6092 (0x17CC)
    Getting boot action for unknown machine: item key: 2046820353 SMSPXE 28/03/2019 1:25:04 PM 6092 (0x17CC)
    Prioritizing local MP http://CM01.ed.local. SMSPXE 28/03/2019 1:25:04 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:04 PM 6092 (0x17CC)
    Request using architecture 9. SMSPXE 28/03/2019 1:25:04 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:04 PM 6092 (0x17CC)
    Client boot action reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID>0962c7bd-69ab-472f-9f9b-3129f9a0cf63</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="ED0200B7" OfferIDTime="22/11/2018 11:58:00 AM" PkgID="ED000039" PackageVersion="" PackagePath="http://CM01.ed.local/SMS_DP_SMSPKG$/ED000005" BootImageID="ED000005" Mandatory="0"/></ClientIDReply>
     SMSPXE 28/03/2019 1:25:04 PM 6092 (0x17CC)
    AA:BB:CC:DD:EE:FF, 4C4C4544-0057-4610-804A-CAC04F325032: found optional advertisement ED0200B7 SMSPXE 28/03/2019 1:25:04 PM 6092 (0x17CC)
    Getting boot action for unknown machine: item key: 2046820353 SMSPXE 28/03/2019 1:25:12 PM 6092 (0x17CC)
    Prioritizing local MP http://CM01.ed.local. SMSPXE 28/03/2019 1:25:12 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:12 PM 6092 (0x17CC)
    Request using architecture 9. SMSPXE 28/03/2019 1:25:12 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:12 PM 6092 (0x17CC)
    Client boot action reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID>0962c7bd-69ab-472f-9f9b-3129f9a0cf63</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="ED0200B7" OfferIDTime="22/11/2018 11:58:00 AM" PkgID="ED000039" PackageVersion="" PackagePath="http://CM01.ed.local/SMS_DP_SMSPKG$/ED000005" BootImageID="ED000005" Mandatory="0"/></ClientIDReply>
     SMSPXE 28/03/2019 1:25:12 PM 6092 (0x17CC)
    AA:BB:CC:DD:EE:FF, 4C4C4544-0057-4610-804A-CAC04F325032: found optional advertisement ED0200B7 SMSPXE 28/03/2019 1:25:12 PM 6092 (0x17CC)
    Getting boot action for unknown machine: item key: 2046820353 SMSPXE 28/03/2019 1:25:28 PM 6092 (0x17CC)
    Prioritizing local MP http://CM01.ed.local. SMSPXE 28/03/2019 1:25:28 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:28 PM 6092 (0x17CC)
    Request using architecture 9. SMSPXE 28/03/2019 1:25:28 PM 6092 (0x17CC)
    Non-SSL - not using authenticator in request. SMSPXE 28/03/2019 1:25:28 PM 6092 (0x17CC)
    Client boot action reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID>0962c7bd-69ab-472f-9f9b-3129f9a0cf63</ClientID><NetbiosName/></Machine></Identification><PXEBootAction LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="ED0200B7" OfferIDTime="22/11/2018 11:58:00 AM" PkgID="ED000039" PackageVersion="" PackagePath="http://CM01.ed.local/SMS_DP_SMSPKG$/ED000005" BootImageID="ED000005" Mandatory="0"/></ClientIDReply>
     SMSPXE 28/03/2019 1:25:28 PM 6092 (0x17CC)
    AA:BB:CC:DD:EE:FF, 4C4C4544-0057-4610-804A-CAC04F325032: found optional advertisement ED0200B7 SMSPXE 28/03/2019 1:25:28 PM 6092 (0x17CC)

    So I guess it sees the request, but does nothing with it? I'm not really sure what to do next - Should I reinstall the WDS role? I'm not to sure if that'll require me to reinstall other parts of ConfigMgr.

    Thanks,

    Michael


    Thursday, March 28, 2019 3:06 AM
  • OK, so what exactly is shown on the client when you PXE boot?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Thursday, March 28, 2019 3:10 AM
  • i would suggest NOT to re-install WDS role. As asked by Jason, what is shown on the client machine. does the machine gets the IP? or any error like pxe aborted. 
    Thursday, March 28, 2019 9:54 AM
  • Alright, after having a look at the DHCP leases, the laptop is not getting an IP address via UEFI PXE. but it does get a IP address via legacy PXE
    Friday, March 29, 2019 1:19 AM
  • Hi Michael

    DHCP Scope option works for one scenario only either you can select Legacy machines or UEFI machines to image via PXE. because we can make only one entry in option 67 either it can be for BIOS machines (WDSNBP.COM) or it can be for UEFI machines (wdsmgfw.efi).

    You can try to change the scope option 67 to smsboot\x64\wdsmgfw.efiand see UEFI machines will start work.

    in order to make both working either DHCP WDS and client machine should be on same network or use IPHelper tables in router.

    :) hope this would be helpful. 

    Friday, March 29, 2019 12:06 PM
  • That's very odd (and outside the scope of visibility or control of ConfigMgr of course). You'll need to contact the NIC vendor if this is truly the case although a firmware update may address this.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, March 29, 2019 2:27 PM
  • So after many months of letting this slide, I finally got around to reinstall the WDS Role - but still no luck.

    In the end my solution was to set a DHCP delay on the scope

    https://social.technet.microsoft.com/Forums/ie/en-US/59e68dc9-8da9-42bc-98bc-ec7a514ce192/sccm-1606-very-intermittent-pxe-issue?forum=ConfigMgrCBOSD

    • Marked as answer by Michael.G.M Friday, October 18, 2019 3:19 AM
    Friday, October 18, 2019 3:19 AM