Jump to content











Photo
- - - - -

[Solved] UEFI PXE --> iPXE.efi --> wimboot WinPE W10 1607 error 0xc000000f


Best Answer misty , 12 February 2017 - 07:28 AM

@sebus
In uefi mode, wimboot does not appear to tolerate files with different than expected being mapped. It is expecting boot.wim and the original file being mapped as boot.wim must also be named boot.wim.

E.g.

initrd http://10.0.0.55/wim/wim/Win10PESE_x64.WIM BOOT.WIM
.
Will not work. However...
initrd http://10.0.0.55/wim/wim/Win10PESE_x64/BOOT.WIM BOOT.WIM
.
....should work fine.

Give it a go and feedback.

Regards,

Misty

EDIT - this needs further experimentation. My own UEFI system appears to have poorly implemented UEFI - e.g. no firmware support for network boot unless CSM is enabled.

I can't remember whether a wim file not using the default/standard boot.wim naming convention worked at all - even when the BCD store specified the different name. Hope this makes sense. Go to the full post


  • Please log in to reply
37 replies to this topic

#26 sebus

sebus

    Frequent Member

  • Advanced user
  • 305 posts

Posted 11 February 2017 - 08:13 PM

Let me try again, I never previously used UEFI, hence the previous setup was not anything I tested.

Up to now I only used legacy BIOS PXE in following way (which still works perfectly)

 

PXE->iPXE.kpxe (via MS DHCP options 60/66/67) -> pxelinux.0 for menu -> lkrnl.pxe -> wimboot (bootmgr.exe -> BCD (pointing to winload.exe) -> Boot.wim (x64))

 

All I am trying NOW to do is: (with menu from iPXE itself)

 

Server 1 = SCCM/WDS

Server 2 = DHCP

Server 3 = TPS (and separate TFTP service provided by Bootix TFTP server)

 

To run TSP on Server 3 I disable WDS (block UDP 4011 on Server 1 firewall)

 

Testing on

 

Client 1 = Hyper-V VM Gen 2

Client 2 = Physical Optiplex 3040

 

UEFI PXE -> IPXE.efi (build from source) -> menu.ipxe -> wimboot -> (bootmgr.efi -> BCD (pointing to winload.efi) ->Boot.wim (x64))

 

ALL downloads fine, and on boot it just errors out 0xc000000f

#!ipxe
kernel http://10.0.0.55/wim/BOOT/wimboot252 gui
initrd http://10.0.0.55/wim/boot/fonts/segmono_boot.ttf segmono_boot.ttf
initrd http://10.0.0.55/wim/boot/fonts/segoe_slboot.ttf segoe_slboot.ttf
initrd http://10.0.0.55/wim/boot/fonts/segoen_slboot.ttf segoen_slboot.ttf
initrd http://10.0.0.55/wim/boot/fonts/wgl4_boot.ttf wgl4_boot.ttf
initrd http://10.0.0.55/wim/BOOT/bootmgr.efi bootmgr.efi
initrd -n BCD http://10.0.0.55/wim/EFI/Microsoft/Boot/BCD BCD
initrd http://10.0.0.55/wim/BOOT/BOOT.SDI BOOT.SDI
initrd http://10.0.0.55/wim/wim/Win10PESE_x64.WIM BOOT.WIM
boot

wimboot_efi.png

 

BCD is being read, as I can chose the correct Windows Boot Manager by Enter at error screen (which then fails again)

 

RDO.png

 

There really is nothing to my setup



#27 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1918 posts
  • Location:Nantes - France
  •  
    France

Posted 11 February 2017 - 11:48 PM

Remove the wim folder.

You should have from the root pxe folder:
Boot
Efi/Microsoft/boot
Sources

And use my ipxe script as is.
Only update the ip, nothing else.

Use my bcd as well.

#28 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 12 February 2017 - 07:28 AM   Best Answer

@sebus
In uefi mode, wimboot does not appear to tolerate files with different than expected being mapped. It is expecting boot.wim and the original file being mapped as boot.wim must also be named boot.wim.

E.g.
initrd http://10.0.0.55/wim/wim/Win10PESE_x64.WIM BOOT.WIM
.
Will not work. However...
initrd http://10.0.0.55/wim/wim/Win10PESE_x64/BOOT.WIM BOOT.WIM
.
....should work fine.

Give it a go and feedback.

Regards,

Misty

EDIT - this needs further experimentation. My own UEFI system appears to have poorly implemented UEFI - e.g. no firmware support for network boot unless CSM is enabled.

I can't remember whether a wim file not using the default/standard boot.wim naming convention worked at all - even when the BCD store specified the different name. Hope this makes sense.

#29 sebus

sebus

    Frequent Member

  • Advanced user
  • 305 posts

Posted 12 February 2017 - 07:58 AM

Remove the wim folder.

You should have from the root pxe folder:
Boot
Efi/Microsoft/boot
Sources

And use my ipxe script as is.
Only update the ip, nothing else.

Use my bcd as well.

 

No, the layout makes no difference, that is not the issue!



#30 sebus

sebus

    Frequent Member

  • Advanced user
  • 305 posts

Posted 12 February 2017 - 08:02 AM

@sebus
In uefi mode, wimboot does not appear to tolerate files with different than expected being mapped.

 

Absolutely SPOT on, thanks. I could not find this info anywhere else!

Of course I can have only a single file with a name in folder, but there can be many subfolders & it does indeed work fine

 

 

EDIT - this needs further experimentation. My own UEFI system appears to have poorly implemented UEFI - e.g. no firmware support for network boot unless CSM is enabled.

I can't remember whether a wim file not using the default/standard boot.wim naming convention worked at all - even when the BCD store specified the different name. Hope this makes sense.

 

 

It works fine with no CSM enabled

 

I will test with different names in BCD & report back

 

Many thanks again (it was so simple after all!)



#31 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1918 posts
  • Location:Nantes - France
  •  
    France

Posted 12 February 2017 - 11:17 AM

Can you summarize what was your issue and detail your corrective actions ?

 

If your ipxe script was the issue, following my advice in post #27, should have done the trick.

And use my ipxe script as is.
Only update the ip, nothing else.


#32 sebus

sebus

    Frequent Member

  • Advanced user
  • 305 posts

Posted 12 February 2017 - 01:59 PM

In uefi mode, wimboot does not appear to tolerate files with different than expected being mapped.

 

All that is, the .wim filename must be boot.wim (if that what is referenced in BCD)

It does NOT matter where it gets downloaded from (it does NOT have to be from sources folder)



#33 ndog37

ndog37

    Member

  • Members
  • 75 posts
  •  
    New Zealand

Posted 19 February 2017 - 11:55 AM

Could you please trying using create_bcd_reg.cmd by NiKiZe to generate your bcd files? I can't believe cdob didn't come up with this.

 

https://github.com/N...ate_bcd_reg.cmd

 

Also if you want to move boot.wim you can just nest it under a different folder name, eg wim/wds/boot.wim or wim/fixwinpe/boot.wim

 

Thanks


Edited by ndog37, 19 February 2017 - 11:56 AM.


#34 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1918 posts
  • Location:Nantes - France
  •  
    France

Posted 19 February 2017 - 01:15 PM

Could you please trying using create_bcd_reg.cmd by NiKiZe to generate your bcd files? I can't believe cdob didn't come up with this.

 

https://github.com/N...ate_bcd_reg.cmd

 

Also if you want to move boot.wim you can just nest it under a different folder name, eg wim/wds/boot.wim or wim/fixwinpe/boot.wim

 

Thanks

 

What does this batch which you cannot do with bcdedit?

Also, I miss the nointegritychecks option in the bcd you point to. 

 

Why not simply use the bcd which comes with winpe or window dvd/iso ?



#35 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 19 February 2017 - 01:35 PM

See here and a basic BCD store here and script used to create the BCD store here

Misty

P.s. erwan is correct - using the BCD store from WinPE or Windows DVD/ISO sources will also work fine.

P.p.s. My store is also missing the nointegritychecks option - it was still working fine in the VMs I used for testing.
  • sebus likes this

#36 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1918 posts
  • Location:Nantes - France
  •  
    France

Posted 19 February 2017 - 03:06 PM

nointegritychecks=yes is for UEFI booting



#37 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 19 February 2017 - 03:58 PM

nointegritychecks=yes is for UEFI booting[/size]

Will retest later (I'm currently on a tea break from decorating!), however I'm sure I tested the BCD without nointegritychecks in VMWare Player using a VM in UEFI mode.

Misty

#38 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1918 posts
  • Location:Nantes - France
  •  
    France

Posted 19 February 2017 - 04:38 PM

Will retest later (I'm currently on a tea break from decorating!), however I'm sure I tested the BCD without nointegritychecks in VMWare Player using a VM in UEFI mode.

Misty

 

Enjoy your tea break : UK tea is best ! :)

 

About nointegritychecks, see original discussion here.

 

My experience in UEFI world :

-with secureboot enabled, no way to boot any other bootloader than a signed one (and we dont have a signed IPXE)

-without secureboot enabled, you can boot an unsigned bootloader (IPXE) only if nointegritychecks=yes or else you get "error code 0xc0000428 (The digital signature for this file couldn’t be verified).".

 

Note from here, that parameter only applies to win10 and up:

nointegritychecks [ on | off ]

Disables integrity checks. Cannot be set when secure boot is enabled. This value is ignored by Windows 7 and Windows 8.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users