Jump to content











Photo

Diskless Windows 10 Connection Reset Error

windows10 ipxe diskless

  • Please log in to reply
21 replies to this topic

#1 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 05 August 2022 - 08:59 AM

Hi folks !

 

Very new here, in the boot world, I don't know much this area but i'm learning.

I'm developper in Qt/QML but I ant to know more about booting 

 

I try to boot a Windows 10 vhdx image with Tiny PXE Server but I got the following error :

Connection Reset (0f0a6039).

 

This is my config :

 

Server :

Laptop Latitude  E6540 (old one, but got only this for my tests) 

Windows Server 2022 Standard Evaluation

IP address 192.168.0.1/24

Get ccboot windows 10 image from : https://www.ccboot.com/super-image.htm

Convert with Hyper-V in .vhdx file
Add the feature ISCSI Server
Import .vhdx file, add the new target with MAC Address
Target name : iqn.1991-05.com.microsoft.w10server-nuc-target

The folder containing .vhdx file is in C:\ISCSI\w10.vhdx, shared with all read/write

Firewall : First, I only open the ISCSI connections from the Tiny PXE Server for both networks, and same for ISCSI Service / Target Group, but got this error: could not open SAN device (4c0a6035).

So, I disabled the firewall and get now another error: Connection Reset (0f0a6039).

 

iscsi.ipxe file :

#!ipxe
dhcp
set keep-san 1
set gateway 0.0.0.0
sanboot iscsi.192.168.0.1::::iqn.1001-05.microsoft.com:w10server-nuc-target
boot

Client : Intel NUC8BEH
Boot with PXE Legacy

 

 

 

When I boot my client :

Got iscsi.ipxe file from tftp server

Configuring  (net0 ...) ok

And.. BAM Could not open SAN device: Connection reset (http://ipxe.org/0f0a6039)

Got the .pcap file, how can I share this ?

 

 

I read almost all topics (especially misty and erwan) but i'm stuck. 

I missed something...



#2 alacran

alacran

    Platinum Member

  • .script developer
  • 2704 posts
  •  
    Mexico

Posted 05 August 2022 - 09:12 AM

I don't have any experience in remote booting, but I do know it is better to use a VHD, not a VHDX, even MS Azure ask the users to use VHD.

 

alacran



#3 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 05 August 2022 - 09:32 AM

Hi alacran !

 

Thanks for the reply, I'll give a try with the vhd conversion instead of vhdx.

 

I was using this type of file because I saw this video : 

And I didn't think the .vhdx file was not recommanded.

 

This may not solve the problem of Connection Reset, but things must be clean :).

 

Love u !

 

Edit:  Ok, I saw why this guy from the video used a .vhdx file :

 

My ISCSI manager from Windows Server can only import .vhdx files :) 

 

So, back to square one.


Edited by maxtylz, 05 August 2022 - 09:35 AM.


#4 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3029 posts
  • Location:Nantes - France
  •  
    France

Posted 05 August 2022 - 01:16 PM

 

Got the .pcap file, how can I share this ?

 

 

Hi,

 

Share the pcap over PM : i might be able to see what goes wrong.

 

Regards,

Erwan



#5 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 05 August 2022 - 01:59 PM

Sent,

 

I owe you one !

 

 

Max.



#6 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3029 posts
  • Location:Nantes - France
  •  
    France

Posted 05 August 2022 - 08:55 PM

Sent,

 

I owe you one !

 

 

Max.

 

nah, we do it for fun smile.png

 

Clearly your "server" (hosting TPS at least, running on 192.168.0.1) is rejecting iscsi connection (tcp port 3260).

 

"client" sends a SYN ("please humbly accept my connection...").

"server" sends a RST ("go to hell...").

 

Either because it does not run an iscsi server OR because you have a firewall.

What is your iscsi server?

Run "netstat -an" and see if you have a process listening on tcp port 3260.

If yes : firewall issue. If not : setup an iscsi target.

 

JMRzLNU.png



#7 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 06 August 2022 - 05:44 AM

Firewall disabled (I guess ?)
Sorry, french server

MK44uo7.png
 
netstat result (something listens 3260) :
QFaE5PI.png

I use the feature from Windows server for ISCSI :
uqTLS8G.png

.vhdx property:
C4oQ4Ll.png

Initiator property:
wXHCG6U.png

Client MAC Address
3FmT2cM.png


Maybe there is something wrong in this configuration ?

Edited by maxtylz, 06 August 2022 - 05:48 AM.


#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16057 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 August 2022 - 07:27 AM

iscsi.ipxe file :



#!ipxe
dhcp
set keep-san 1
set gateway 0.0.0.0
sanboot iscsi.192.168.0.1::::iqn.1001-05.microsoft.com:w10server-nuc-target
boot

 

Possibly not related, but microsoft.com is not the same as com.microsoft in your "Nom qualifiè" screenshot.

 

Isn't it possible :unsure: at least when troubleshooting/experimenting to use a "friendly" name?

 

 

:duff:

Wonko



#9 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 06 August 2022 - 07:34 AM

Hi Wonko !

 

Nice view  :D

 

 

My bad, I mistyped my code in the forum. I copypasted the line between my ISCSI properties and the real file, it's the same name. :ph34r:  

 

 

Max.


Edited by maxtylz, 06 August 2022 - 07:40 AM.


#10 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3029 posts
  • Location:Nantes - France
  •  
    France

Posted 06 August 2022 - 11:31 AM

Firewall disabled (I guess ?)Sorry, french serverMK44uo7.png netstat result (something listens 3260) :QFaE5PI.pngI use the feature from Windows server for ISCSI :uqTLS8G.png.vhdx property:C4oQ4Ll.pngInitiator property:wXHCG6U.pngClient MAC Address3FmT2cM.pngMaybe there is something wrong in this configuration ?

Iqn in first post differs from your screenshot.
Also please show the security tab of your iscsi target.
Same goes for the connexions tab.

Erwan

#11 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 06 August 2022 - 11:58 AM

I checked the iqn name, I mistyped in my post, I got the right name in my iscsi.ipxe and my iscsi server conf.

 

Nothing in security (nothing checked)

Nothing in connections

 

 

Tested another time (just in case), same error : Connection Reset :(.


Edited by maxtylz, 06 August 2022 - 12:00 PM.


#12 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3029 posts
  • Location:Nantes - France
  •  
    France

Posted 06 August 2022 - 01:27 PM

Although I am pretty sure your issue is low level network (since the syn is immediatey sent back a rst without any form of negotiation/discussion), please try the following :

 

-set an iqn in your ipxe script : set initiator-iqn iqn.2006-11.1

-change your initiators filtering to the below on your iscsi target (remove the mac filtering, filter only on the initiator iqn)

 

SB98Grh.png



#13 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3029 posts
  • Location:Nantes - France
  •  
    France

Posted 06 August 2022 - 01:32 PM

also, unless you have too (i.e specific known understood reason), drop the ipxe-undionly.kpxe and go for the standard ipxe boot loader aka ipxe.pxe.



#14 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 06 August 2022 - 02:26 PM

Ok, done !

Tiny pxe server config :
C0nNWP4.png
ipxe-undionly.kpxe was selected (no change)

iscsi file :
IfFZmC8.png
Add the line set initiator-iqn iqn.2006-11.1
Change the iqn master name

iscsi server config :
33oaLae.png
Delete the MAC Address filter
Add the IQN Name filter with iqn.2006-11.1
Modify the Qualified name by "master"
 
I tried to test another switch, or connect my two computers with a direct ethernet cable.

Always Connection reset :(.

 

When I try to use my other switch (connected on the internet, DHCP server on the network detected by Tiny pxe server), I got a Input/Output error.



#15 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3029 posts
  • Location:Nantes - France
  •  
    France

Posted 06 August 2022 - 03:02 PM

My best guess is that "something" is denying incoming iscsi connections on your host where both TPS and your iscsi target is running (192.168.0.1).

 

Show the result of: Netsh advfirewall show allprofiles or same as: netsh advfirewall show all state

 

side note : what kind of is 192.168.0.1? windows server 2022? hostname seems to be W10SERVER ?



#16 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 06 August 2022 - 03:53 PM

I fresh installed Windows Server 2022 from Microsoft website on my USB stick.
I changed the computer name to W10SERVER because the suffix "A7341DR"  was not my thing :D
Copy paste Tiny PXE Server
Installed the feature required for ISCSI Server
Add rules for Tiny PXE Server, Microsoft ISCSI Server in the firewall (for public and private groups)
Later, Disable firewall to be sure.
 
No other changes, just what I need for my tests ISCSI.
I just changed the langage to english for better understanding :).

Result of the two commands

PDXHgPP.png

9PK8SHa.png


my ipv4 configuration
Qn4jCWk.png

#17 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3029 posts
  • Location:Nantes - France
  •  
    France

Posted 07 August 2022 - 12:52 PM

disable your domain firewall : just to be sure.

normally this one applies only when in a domain, but you never know...

 

also, have a look at your pfirewall.log to see if you have evidences of denied traffic.

 

also, disable ipv6.

 

ensure you have no devices on the way to/from with a builtin firewall (router, modem, etc).

 

if this still does not work, at this stage, i am dry.

last one I could think of is to deinstall your iscsi target and reinstall it.

 

Cheers,

Erwan



#18 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 07 August 2022 - 01:50 PM

Hi !

 

 

disable your domain firewall : just to be sure.

normally this one applies only when in a domain, but you never know...

Done. Yes, we never know...

 

also, have a look at your pfirewall.log to see if you have evidences of denied traffic.

Logs are disabled, but I'll let them "ON" when I'm trying to boot my target to see if I saw something.

And I will enable firewall maybe if I don't see anything.

 

also, disable ipv6.

Done. Unchecked in Device Properties.

 

ensure you have no devices on the way to/from with a builtin firewall (router, modem, etc).

Direct cable between my two computers.

 

 

if this still does not work, at this stage, i am dry.

last one I could think of is to deinstall your iscsi target and reinstall it.

 

Cheers,

Erwan

 

Always Connection reset, same pcap SYN/RST

 

I will try with another machine, If I can get one. Or see if I can get an information from firewall logs.

 

 

Thanks !



#19 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 07 August 2022 - 02:06 PM

So after more tries :

 

 

 

Firewall off 

Same error

 

 

Firewall on (block inboud, allow outbound)

Add the rule for allow Tiny Pxe Server on public and private networks.

Enable logs for all networks

 

Copy/paste from  pfirewall.log

#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path pid


                                                                                                                                                                                                                    

2022-08-07 15:51:32 ALLOW TCP ::1 ::1 49676 445 0 - 0 0 0 - - - SEND 4
2022-08-07 15:51:32 ALLOW TCP ::1 ::1 49676 445 0 - 0 0 0 - - - RECEIVE 4
2022-08-07 15:52:03 ALLOW UDP 192.168.0.1 255.255.255.255 68 67 0 - - - - - - - SEND 4604
2022-08-07 15:52:12 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 15:52:12 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 15:52:12 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 15:52:12 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4
2022-08-07 15:52:22 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 15:52:22 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 15:52:22 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 15:52:22 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4
2022-08-07 15:52:33 ALLOW UDP 0.0.0.0 255.255.255.255 68 67 0 - - - - - - - RECEIVE 4604
2022-08-07 15:52:33 ALLOW ICMP 192.168.0.1 192.168.0.2 - - 0 - - - - 8 0 - SEND 4
2022-08-07 15:52:33 ALLOW UDP 192.168.0.1 255.255.255.255 67 68 0 - - - - - - - SEND 4604
2022-08-07 15:52:34 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 15:52:34 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 15:52:34 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 15:52:34 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4
2022-08-07 15:52:37 ALLOW UDP 192.168.0.2 192.168.0.1 2070 69 0 - - - - - - - RECEIVE 4604
2022-08-07 15:52:37 ALLOW UDP 192.168.0.1 192.168.0.2 49669 2070 0 - - - - - - - SEND 4604
2022-08-07 15:52:44 ALLOW ICMP 192.168.0.1 192.168.0.3 - - 0 - - - - 8 0 - SEND 4
2022-08-07 15:52:45 ALLOW ICMP 192.168.0.1 192.168.0.4 - - 0 - - - - 8 0 - SEND 4
2022-08-07 15:52:45 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 15:52:45 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 15:52:45 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 15:52:45 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4
2022-08-07 15:52:47 ALLOW UDP 192.168.0.4 192.168.0.1 52342 69 0 - - - - - - - RECEIVE 4604
2022-08-07 15:52:47 ALLOW UDP 192.168.0.1 192.168.0.4 49670 52342 0 - - - - - - - SEND 4604
2022-08-07 15:52:47 ALLOW ICMP 192.168.0.1 192.168.0.5 - - 0 - - - - 8 0 - SEND 4
2022-08-07 15:52:48 ALLOW ICMP 192.168.0.1 192.168.0.6 - - 0 - - - - 8 0 - SEND 4
2022-08-07 15:53:15 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 15:53:15 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 15:53:15 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 15:53:15 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4
2022-08-07 15:53:56 ALLOW UDP 192.168.0.1 192.168.0.255 138 138 0 - - - - - - - SEND 4
2022-08-07 15:53:56 ALLOW UDP 192.168.0.1 192.168.0.255 138 138 0 - - - - - - - RECEIVE 4

I do not see 3260 port used in logs. Maybe it's a new track to follow.

If firewall enabled, I got the error Connection timed out (http://ipxe.org/4c0a6035)

 

 

Firewall on (allow inboud, allow outbound)

Connection timed out.

 

But the log is different :

2022-08-07 16:03:36 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 16:03:36 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 16:03:36 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 16:03:36 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4
2022-08-07 16:03:44 DROP UDP 0.0.0.0 255.255.255.255 68 67 576 - - - - - - - RECEIVE 4604
2022-08-07 16:03:47 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 16:03:47 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 16:03:47 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 16:03:47 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4
2022-08-07 16:03:48 ALLOW UDP 0.0.0.0 255.255.255.255 68 67 0 - - - - - - - RECEIVE 4604
2022-08-07 16:03:48 ALLOW ICMP 192.168.0.1 192.168.0.2 - - 0 - - - - 8 0 - SEND 4
2022-08-07 16:03:48 ALLOW UDP 192.168.0.1 255.255.255.255 67 68 0 - - - - - - - SEND 4604
2022-08-07 16:03:52 ALLOW UDP 192.168.0.2 192.168.0.1 2070 69 0 - - - - - - - RECEIVE 4604
2022-08-07 16:03:52 ALLOW UDP 192.168.0.1 192.168.0.2 49671 2070 0 - - - - - - - SEND 4604
2022-08-07 16:03:58 ALLOW ICMP 192.168.0.1 192.168.0.3 - - 0 - - - - 8 0 - SEND 4
2022-08-07 16:03:59 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 16:03:59 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 16:03:59 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 16:03:59 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4
2022-08-07 16:03:59 ALLOW ICMP 192.168.0.1 192.168.0.4 - - 0 - - - - 8 0 - SEND 4
2022-08-07 16:04:01 ALLOW UDP 192.168.0.4 192.168.0.1 49357 69 0 - - - - - - - RECEIVE 4604
2022-08-07 16:04:01 ALLOW UDP 192.168.0.1 192.168.0.4 49672 49357 0 - - - - - - - SEND 4604
2022-08-07 16:04:01 ALLOW ICMP 192.168.0.1 192.168.0.5 - - 0 - - - - 8 0 - SEND 4
2022-08-07 16:04:02 ALLOW ICMP 192.168.0.1 192.168.0.6 - - 0 - - - - 8 0 - SEND 4
2022-08-07 16:04:30 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - SEND 2288
2022-08-07 16:04:30 ALLOW UDP 192.168.0.1 224.0.0.251 5353 5353 0 - - - - - - - RECEIVE 2288
2022-08-07 16:04:30 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - SEND 4
2022-08-07 16:04:30 ALLOW UDP 192.168.0.1 192.168.0.255 137 137 0 - - - - - - - RECEIVE 4

 

 

 

I saw a "Drop UDP"

2022-08-07 16:03:44 DROP UDP 0.0.0.0 255.255.255.255 68 67 576 - - - - - - - RECEIVE 4604



#20 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 17 August 2022 - 07:34 AM

Hi !
 
 
Some news :
 
I installed my server on VirtualBox, and... TADAM It's working !
I suppose my hardware was not compatible with Windows Server (2008/2016 and 2022, a lot a drivers were not installed).
 
But i'm stucked just after when iPXE saying :
Registered SAN device 0x80
Booting from SAN device 0x80
 
Nothing happen :(
 
Edit: 
Wireshark
Ke1bfOa.png


Edited by maxtylz, 17 August 2022 - 08:21 AM.


#21 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3029 posts
  • Location:Nantes - France
  •  
    France

Posted 19 August 2022 - 04:33 PM

How did you build/prepare your iscsi image? a clone of an existing local installation or an installation straight to the iscsi target?

 

Try with an image which :

-has a filesystem already

-is bootable (active partition and a boot loader)

 

Cheers,

Erwan



#22 maxtylz

maxtylz

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 19 August 2022 - 04:37 PM

I downloaded this image : https://www.ccboot.com/super-image.htm

Converted in .vhdx with Hyper-V







Also tagged with one or more of these keywords: windows10, ipxe, diskless

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users