Deployment Solution

Hello guys,

We have environment with several subnets/VLANs. We're experiencing a lot of problems with clients receiving boot menu from PXE server.

We're controlling services like DHCP, but routers/switches/bridges are operated by our customer's own IT staff.

I have read about PXE Forced Mode Utility

http://www.symantec.com/docs/HOWTO5258

and it sounded answer to my prayers! If I create scripts with this tool and run them on our DHCP (Windows Server 2003/2008) servers, does it mean that I don't have to worry about configuring ip helpers, portfast etc. to switches/routers ever again? That clients receive all necessary information from DHCP scope options?

Is there any downsides using PXE Forced Mode Utility? I understood that it's not supported by Symantec? How many of you uses it to set up your PXE infrastructure?

Thanks everybody!

This is a very handy tool, hoqwever there are a few things you should know!

1) The script it generates is a simple bat file, and it sets the options as global options on your DHCP server, not a particular scope. I prefer to apply this to only scopes that need it as we use a dedicated vlan strictly for builds, so I enter the options generated by the utility into a particular scope rather than global. This is especially important if you have multiple datacenters and want to keep your traffic local.

2) If you are going to have several remote PXE servers (I have 5), you only need to enter the IP of the DSSERVER and the remote PXE server for that DC. If you enter all your PXE servers then the response ordering can get messed up as to which PXE server responds. PXE forced mode is for DHCP to tell a client what server to make a TFTP request from, not broadcast, so this is something we found and wasn't documented, or was very unclear to me and my team.

3) Your customers will have to have the IPhelper on their routers. the IPHelper is the DHCP server. PXE Forced mode won;t work if they do not.

It is still a great utility and reqally takes the pain and trial and error of generating your opwn hash for option 43.

Fully agree with Andywe although i have some things i would like to make clearer...

Andy's point bullet nr. 3, it is completely correct that your customer needs to have IPHelpers configured, but they only need to have IPHelpers to the DHCP and not one for PXE also. (with forced mode, you only need the 1 IPHelper and not 2)

Regarding the "portfast" part of your question.
Portfast is as far as i know, a part of "spanning-tree" which i used to find out if the ethernet cord you attached to the switch is in fact another switch and need to have some mac address information.
I know cisco earlier allways had their switches set to "spannning-tree default" which means when you get link it takes 30 secs. before the port switches to active.
This is something you still need to pay attention to, your PXE in forced mode wont fix this particular problem.

We have 1 customer who has this setup which is working without problems, so the solution is okay to use.
But as andy says it's not easy to use if you have more than one DHCP server.

Kind Regards
Morten Leth