Ghost Solution Suite

 View Only
  • 1.  Clients get PXE menu in legacy mode, not in UEFI mode

    Posted Jun 07, 2018 10:04 AM

    I'm at a loss here.

    I PXE boot computer labs for imaging.  My Ghost (3.2 R3 at the moment) PXE server lives on a Windows 2008 R2 server that I use for Ghost.  DHCP is managed by central IT, and I have applicable DHCP options set to make PXE go.  PXE works fine when I boot a machine in legacy BIOS mode.  It gets a link, gets an IP address, downloads the PXE boot menu, times out appropriately, it's all good.

    I'm trying to make it work with UEFI because legacy BIOS functionality is getting slimmer and slimmer on new hardware.  It's time.

    I changed the bootfile name in DHCP from BStrap/X86PC/BStrap.0 to BStrap/X86PC/BStrap.efi.  I try to PXE a machine in UEFI mode, it gets a link, gets an IP address, downloads the NBP file successfully, and then exits without an error.

    I've tried pointing the bootfile name at BStrap/x64/BStrap.efi (which does exist), which results in a "PXE-E16 No offer received" error.

    Thoughts?



  • 2.  RE: Clients get PXE menu in legacy mode, not in UEFI mode

    Posted Jun 08, 2018 02:39 AM

    Hi Arcanum,

    Have you read the info on the links below to see if there is anything you're missing in the configuration?

    https://support.symantec.com/en_US/article.HOWTO124443.html

    https://support.symantec.com/en_US/article.HOWTO1071.html

    https://www.symantec.com/connect/forums/client-wont-boot-ghost-server-pxe

    Thanks!



  • 3.  RE: Clients get PXE menu in legacy mode, not in UEFI mode

    Broadcom Partner
    Posted Jun 08, 2018 04:00 AM

    Hi Arcanum,

    I recommend to check these two KB Articles...

    PXE Forced Mode doesn't work in mixed BIOS and UEFI network



  • 4.  RE: Clients get PXE menu in legacy mode, not in UEFI mode

    Posted Jun 08, 2018 01:36 PM

    My organization's DHCP server isn't Windows (it's ISC DHCP on some Linux, I believe), and I don't have direct access to change settings.  However, I can get DHCP options set for an entire subnet, and can add and override those options on a per-machine basis.  So I have to do some translation from the Windows-centric "Setting up Vendor-specific PXE Forced Mode" article.

    The relevant subnet-level options are:

    bootfile-name	BStrap/X86pc/BStrap.0
    next-server	129.21.20.22
    vendor-encapsulated-options	\006\001\013\010\007\252\252\001\201\025\024\026\000

    (Yeah, I know, vendor-encapsulated-options looks weird. It's in octal because of the weird way our web-based DHCP config tool works.)

    This works correctly for legacy BIOS booting.

    For the specific computer I'm testing, I change bootfile-name (option 67) to "BStrap/x64/BStrap.efi".  This overrides the subnet-level option.  It almost works.

    As I said in my original post, the PXE client starts, gets an address, connects to the server, and downloads the BStrap.efi file.  I can look at the server logs (TFTP server logs set to "all") and see the download.  It doesn't seem to get an actual menu, though.  For a bootfile of "BStrap/x64/BStrap.efi", I get a "PXE-E16 No offer received" error, and for "BStrap/x64/BStrap.efi" I get nothing.

    I'll also note that I only have the one PXE server, and all my boot images are x64.



  • 5.  RE: Clients get PXE menu in legacy mode, not in UEFI mode

    Posted Jun 20, 2018 07:42 PM

    Are these Dell computers? If so, is Enable UEFI network stack? You may have to also play with Enable Legacy Option Roms and enable / disable secure boot.

    Maybe even flashing the BIOS to a newer verison.



  • 6.  RE: Clients get PXE menu in legacy mode, not in UEFI mode
    Best Answer

    Trusted Advisor
    Posted Jul 06, 2018 12:32 PM

    Hi,

    Is it right that you are trying to boot a 32-bit WinPE environment on a UEFI machine? I'm not sure that's going to work. Firstly, as I think that GSS didn't until maybe RU6 create the UEFI files correctly. You might also find that the hardware won't support booting a 32-bit OS from UEFI.

    Try creating a 64-bit WinPE environment and see if that helps resolve your automation issues on UEFI firmware.

    Kind Regards,
    Ian./

     

     

     



  • 7.  RE: Clients get PXE menu in legacy mode, not in UEFI mode

    Posted Jul 11, 2018 05:16 PM

    Hey Arcanum,

    Ian is correct, when I originally read this post, I somehow missed that the paths where you were altering the bootstrap files are in fact the paths for a 32-Bit WinPE environment.  For whatever reason, it seems the folks at Symantec decided that GSS would not consider 32-Bit UEFI systems to be a valid or proper configurations and at this time, GSS does not support 32-Bit UEFI systems.  If you are in fact trying to service a system that is 32-Bit UEFI only, GSS will not work for you.  As Ian already mentioned 64-Bit UEFI is considered proper by GSS and will work without issue. There are some configurations that might cause you some grief and just in case you hadn't already encountered these yourself, some things that could prevent this from working for you are listed below:

    1.  The WinPE environment you are using to attempt to boot UEFI systems must be of 64-Bit Architecture and must be at least WinPE 4.0 or higher.

         Reason: Older WinPEs such as 3.0/3.1 to my knowledge are legacy only and will not allow you to service UEFI systems natively.

    2.  In the Altiris Console, open the PXE Configuration Utility and go to the Multicast Tab.  Uncheck the first box from the top "Enable MTFTP."

         Reason: A few years back we received some devices with newer Intel Chipsets and these devices would not respond to the Altiris server if this value was enabled.

    3.  If you are attempting to test this on UEFI Virtual Machines, you must disable Secure Boot to get the GSS server to respond to the Virtual Machines.  In my experience this is true of Hyper-V as well as VMWare.  I have not tested Virtual Box, but I suspect the same is true.

         Reason: Again im not sure why but GSS only responds to UEFI VMs if Secure Boot is turned off in the virtual firmware.


    The sad part about how GSS selectively services UEFI Systems is that Microsoft does not suffer from the same limitations.  A Windows Server running Windows Deployment Services will respond to, and fully service 32-Bit or 64-Bit UEFI Systems.  WDS also does not require you to disable Secure Boot to get a response from the server and I hope that GSS figures out how to implement this soon because frankly its frustrating.

    If you want to confirm UEFI functionality on systems you suspect are 32-Bit only, I encourage you to spin up a wds server and add boot media to it.  This would also allow you to service such devices in the interim while GSS plays catch up.

    PS: For examples of 32-Bit UEFI only systems, here are just a few we have had to deal with in the past.

    HP Elitepad 900
    HP ProTab 480
    HP Stream 7
    Acer Iconia W4
    Acer Iconia W1-810

    Here are also some 64-Bit UEFI only systems:

    All Surface Pros (Non-RT)
    HP Elitepad 1000
    HP Stream 11

    Hopefully this helps you out some, If this happens to solve your issue, kindly mark it as a solution. Good Luck! :)

     



  • 8.  RE: Clients get PXE menu in legacy mode, not in UEFI mode

    Trusted Advisor
    Posted Jul 27, 2018 01:40 AM

    Arcanum, do you have an update for us?