Hello,
Sorry for my rookie questions, we had a plan to leverage Microsoft WDS for distribution of images, but due to $$$ we were unable to do so. Now I am rushing to replace WDS with an alternate PXE solution.
We have created our base images using MDT and they can be successfully deployed via WDS and PXE to BIOS, UEFI and UEFI with Secure Boot.
I am trying to distribute the same via Tiny PXE > ipxe > wimboot. I have been successful for BIOS and UEFI, but not UEFI with Secure Boot. (for BIOS I am using "filename=ipxe.pxe" and for UEFI "filename=ipxe-x86_64.efi")
All imaging is being performed with target on the same subnet as the PXE server and no changes to DHCP have been made. The subnets all have DHCP provided by a network device and I have Tiny PXE set as proxyDHCP.
When I PXE boot a UEFI w/ Secure Boot client I very briefly see "Downloading NBP file..." and it immediately returns to the hosts boot menu.
Can anyone advise? What am I missing for Secure Boot?
Notes/configs are below for reference.
Thank you!
Config.ini (removed comments where the settings aren't configured to reduce size - no active settings removed)
[arch] [dhcp] ;below is applicable only if proxydhcp=0 rfc951=1 ;needed to tell TFTPd where is the root folder root=E:\pxesrv\files\ filename=ipxe-x86_64.efi ;alternative bootp filename if request comes from ipxe or gpxe altfilename=menu.ipxe ;start HTTPd httpd=1 binl=0 start=0 dnsd=0 ;if you have a dhcp server on your lan, set proxydhcp=1 proxydhcp=1 ;default=1 bind=1 ;tftpd=1 by default ;will share (netbios) the root folder as PXE smb=0 ;will log to log.txt log=0 optextra=175.6.1.1.1.8.1.1 ;if log=1, will log to log.txt - not recommended, rather, use the syslog feature log=0 opt1=255.255.255.0 opt3=10.11.108.1 opt6=10.11.108.10 opt28=10.11.108.255 opt43=0 opt51=3600 opt54=10.11.108.228 next-server=10.11.108.228 opt60=PXEClient poolstart=10.11.108.229 poolsize=10 syslog=127.0.0.1 [web] port=80 ;php-5.6.38-nts-Win32-VC11-x86 tested with success php=c:\php\php.exe ;cscript.exe file.vbs param1=value1 //nologo vbs=C:\Windows\System32\cscript.exe js=C:\Windows\System32\cscript.exe ;python.exe file.py param1=value1 py=C:\Python27\python.exe ;the below will be used if you turn on dnsd [mydomain.fr] ip=10.0.0.254 [10.0.0.253] host=mydomain2.fr [frmDHCPServer] top=182 left=182
Menu.ipxe (removed comments where the settings aren't configured to reduce size - no active settings removed)
#!ipxe # WORKING - BIOS & UEFI (non-Secure) ## Using two different config.ini for BIOS/UEFI ## UEFI set "filename=ipxe-x86_64.efi" ## BIOS set "filename=ipxe.pxe" set boot-url http://${next-server} # Setup some basic convenience variables set menu-timeout 10000 set submenu-timeout ${menu-timeout} # Ensure we have menu-default set to something isset ${menu-default} || set menu-default exit ######## MAIN MENU ################### :start menu Welcome to iPXE's Boot Menu item item --gap -- ------------------------- Utilities ------------------------------ item winpe WinPE ########## UTILITY ITEMS #################### ################################# winpe :winpe menu Boot WinPe item wimboot Boot WinPE via wimboot item back Back to top menu... iseq ${menu-default} menu-recovery && isset ${submenu-default} && goto menu-recovery-timed || choose selected && goto ${selected} || goto start :menu-recovery-timed choose --timeout ${submenu-timeout} --default ${submenu-default} selected && goto ${selected} || goto start :wimboot kernel ${boot-url}/wimboot pause initrd -n bootmgr.exe ${boot-url}/BOOTMGR bootmgr || initrd -n bootx64.efi ${boot-url}/BOOTx64.EFI bootx64.efi || initrd -n bcd ${boot-url}/BOOT/BCD bcd initrd -n boot.sdi ${boot-url}/BOOT/BOOT.SDI boot.sdi initrd -n boot.wim ${boot-url}/BOOT/LiteTouchPE_x64.WIM boot.wim boot || goto failed goto start
Booting a VMware VM that is UEFI w/ Secure Boot enabled
12:50:35 PM DHCPc:discovering for another DHCPd on LAN 12:50:35 PM ROOT=E:\pxesrv\files\ 12:50:35 PM DHCPd 10.11.108.228:4011 started... 12:50:35 PM DHCPd 10.11.108.228:67 started... 12:50:35 PM TFPTd 10.11.108.228:69 started... 12:50:35 PM HTTPd:80 started... 12:50:40 PM DHCPc:another DHCPd detected on your LAN @ 10.11.108.1 12:51:19 PM DHCPd:DISCOVER received, MAC:00-50-56-BC-6A-DE, XID:887D8425 12:51:19 PM DHCPd:OFFER sent, IP:0.0.0.0, XID:887D8425 12:51:23 PM DHCPd:REQUEST discarded, MAC:00-50-56-BC-6A-DE, XID:887D8425 12:51:23 PM PDHCPd:REQUEST received, MAC:00-50-56-BC-6A-DE, IP:10.11.108.205, XID:631C1C88 12:51:23 PM Proxy boot filename empty? 12:51:23 PM PDHCPd:DHCP_ACK sent, IP:10.11.108.205:4011, xid:631C1C88 12:51:24 PM TFTPd:DoReadFile:ipxe-x86_64.efi B:1468 T:0
Booting a VMware VM that is UEFI without Secure Boot (working)
1:21:50 PM DHCPc:discovering for another DHCPd on LAN 1:21:50 PM ROOT=E:\pxesrv\files\ 1:21:50 PM DHCPd 10.11.108.228:67 started... 1:21:50 PM DHCPd 10.11.108.228:4011 started... 1:21:50 PM TFPTd 10.11.108.228:69 started... 1:21:50 PM HTTPd:80 started... 1:21:55 PM DHCPc:another DHCPd detected on your LAN @ 10.11.108.1 1:22:01 PM DHCPd:DISCOVER received, MAC:00-50-56-BC-6A-DE, XID:55AA9007 1:22:01 PM DHCPd:OFFER sent, IP:0.0.0.0, XID:55AA9007 1:22:05 PM DHCPd:REQUEST discarded, MAC:00-50-56-BC-6A-DE, XID:55AA9007 1:22:05 PM PDHCPd:REQUEST received, MAC:00-50-56-BC-6A-DE, IP:10.11.108.205, XID:FF8059DE 1:22:05 PM Proxy boot filename empty? 1:22:05 PM PDHCPd:DHCP_ACK sent, IP:10.11.108.205:4011, xid:FF8059DE 1:22:06 PM TFTPd:DoReadFile:ipxe-x86_64.efi B:1468 T:0 1:22:12 PM DHCPd:DISCOVER received, MAC:00-50-56-BC-6A-DE, XID:4688D620 1:22:13 PM DHCPd:iPXE user-class detected 1:22:13 PM DHCPd:OFFER sent, IP:0.0.0.0, XID:4688D620 1:22:13 PM DHCPd:REQUEST discarded, MAC:00-50-56-BC-6A-DE, XID:4688D620 1:22:16 PM TFTPd:DoReadFile:menu.ipxe B:1432 T:2087 1:22:25 PM HTTPd:Connect: 10.11.108.239, TID=7864 1:22:25 PM HTTPd:Client: 10.11.108.239 [GET] /wimboot 1:22:25 PM HTTPd:Server : Returning /wimboot 1:22:25 PM HTTPd:Client: 10.11.108.239 [GET] /BOOTMGR 1:22:25 PM HTTPd:Server : Returning /BOOTMGR 1:22:25 PM HTTPd:Client: 10.11.108.239 [GET] /BOOTx64.EFI 1:22:25 PM HTTPd:Server : Returning /BOOTx64.EFI 1:22:25 PM HTTPd:Client: 10.11.108.239 [GET] /BOOT/BCD 1:22:25 PM HTTPd:Server : Returning /BOOT/BCD 1:22:25 PM HTTPd:Client: 10.11.108.239 [GET] /BOOT/BOOT.SDI 1:22:25 PM HTTPd:Server : Returning /BOOT/BOOT.SDI 1:22:25 PM HTTPd:Client: 10.11.108.239 [GET] /BOOT/LiteTouchPE_x64.WIM 1:22:25 PM HTTPd:Server : Returning /BOOT/LiteTouchPE_x64.WIM 1:22:47 PM HTTPd:DisConnect: TID=7864