iPXE Release Notes

book

Article ID: 171994

calendar_today

Updated On:

Products

Deployment Solution

Issue/Introduction

iPXE integration into Deployment Solution is a new feature using the open source boot firmware of the iPXE project https://ipxe.org/. This is not a PXE server replacement in Deployment Solution, but is an optional replacement of the PXE boot image boot loader.

Resolution

iPXE Release Notes

 

Overview:

iPXE integration into Deployment Solution is a new feature using the open source boot firmware of the iPXE project https://ipxe.org/. This is not a PXE server replacement in Deployment Solution, but is an optional replacement of the PXE boot image boot loader.

Note: The existing boot loaders are still available and supported along with the new iPXE boot loader for use when creating a PXE boot image.

 

Purpose:

The purpose of adding iPXE support in Deployment Solution is to increase download and boot up performance of large WinPE preboot images.

TFTP is used in the existing PXE architecture to download the bstrap and WIM files.  Because a BIOS or UEFI firmware system doesn’t have the ability to support a full network stack, TFTP is used as it doesn’t require the complete network stack.  The drawback to using a simple protocol like TFTP is that it can be slow in some network environments.

 iPXE is also a small lightweight boot loader but it provides a full network stack of protocols such as TFTP, SAN, and HTTP and has support for multiple NIC drivers. The implementation of iPXE in Deployment Solution uses HTTP specifically, which has much higher network performance than TFTP, and speeds up the download and boot up of clients into their PXE boot image.

 

Requirements:

IIS needs to be installed prior to installation of iPXE on any system that will be acting as a PXE Server.

When the PXE server is installed or upgraded it will create a new website on TCP port 4433 which will be used for iPXE client/server communication. This will allow clients that are PXE booting to access a new web service which gives instructions to the client on how to act, such as if a job is assigned. It also allows those clients access to the PXE “Images” directory so that files can be downloaded over HTTP.

If IIS is not available on the PXE server when it is installed or upgraded, boot images with the iPXE boot loader will fail to boot from that server.  Client systems will then boot to the next available device in the BIOS/UEFI boot order.

 

 

Enabling or disabling the feature:

A PXE boot image needs to add the iPXE client boot loader to enable this feature. This can be done in the console, but can also be done manually in the file system.

 

Implementing via the Console

When creating a new preboot configuration or editing an existing configuration there is a new option checkbox “Use iPXE with this boot configuration”.

 

 

If this option is checked it will cause the iPXE client side boot loader file (“ipxe64.efi” for a 64-bit WinPE, “ipxe32.efi” for a 32-bit WinPE image, and “zipxe.0” for BIOS on all boot images) to be included with that PXE boot image.

 

Manual:

On an individual PXE Boot Image basis copy the proper file, “ipxe64.efi” for a 64-bit WinPE, “ipxe32.efi” for a 32-bit WinPE image, and “zipxe.0” for BIOS on all boot images, from

 

              C:\ProgramFiles\Altiris\Deployment\BDC\bootwiz\Platforms\iPXE\

 

to the proper PXE image folder under

 

C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images\

 

Deleting the files will in turn disable IPXE for the specific PXE Boot image.

 

Troubleshooting:

The following are common tips that will help in troubleshooting issues dealing with iPXE integration.

  1. Verify installation of client iPXE files in boot image. The source iPXE client files are located in the following directory on the main Notification Server:

C:\Program Files\Altiris\Deployment\BDC\bootwiz\Platforms\iPXE\

The actual PXE boot image for a specific option will be located on the PXE server at this directory:

C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images\

 

Double check that the correct client files are included.If they are not, manually copy them in place or rebuild the Image with the option in the console selected.

 

  1. Verify the existence of the new website in IIS on the PXE server, and test the web service.
    1. Open IIS manager on the PXE server
      1. Verify under “Sites” that the “Default Web Site” as well as “iPXE” are available and running.
        1. If not available reinstall PXE (or manually create the iPXE app based on a known good iPXE installation0
      2. Browse the web service GetPxeScript.aspx and verify that it gives proper output, and not an error.
        1. Go to IIS
        2. Click on the PXE folder
        3. Click on the GetPXEScript.aspx
        4. Click on Browse on the right hand side (http://localhost:4433/Altiris/iPXE/GetPxeScript.aspx)

 

If no tasks have been assigned via the notfication server this call will return a list of all  available pxe boot options similar to the graphic below:

Check IIS configuration if the correct values are not returned.

 

Initial Boot Process

The initial boot process for iPXE is the same as traditional PXE:  a broadcast discovery packet from the client is sent and a return offer from a DHCP and PXE Server is returned. 

The PXE Server then uses TFTP to deliver the initial bstrap.0 or bstrap.efi file and the appropriate iPXE bootloader needed for the system- “ipxe64.efi” for a 64-bit EFI system, “ipxe32.efi” for a 32-bit EFI system and “zipxe.0” for BIOS client systems.

 

Limitations:

  1. If a system is manually booted into PXE by pressing F8, two PXE boot menus will be displayed.  This does NOT occur if the system is booted into PXE via a 'boot to' task.
  2. iPXE does not work with https.  Secure boot is supported using http only.
    1. iPXE with SSL requires creating a certificate with the computer name of the PXE Server embedded into the certificate and then compiling the iPXE client with this certificate embedded into the file.
    2. To manually implement, customers would need to setup a Linux box, download iPXE source code, make the changes, compile and then put in their enironment.
    3. Because the cert files would not be signed by Microsoft, Secure Boot would not work and customers would have to have Microsoft sign the file.
  3. iPXE is installed on port 4433 for customers who have restricted port 80.
  4. When the iPXE preboot is set to 'auto', it detects VMWare x64 systems as x86. Workaround:  Select x64 in the UI for the preboot.

Attachments