PXE menu doesn't contain any preboot options other than 'next device'

Products

Deployment Solution

Issue/Introduction

When sending a boot to PXE task or manually booting the client into automation and pressing F8, the only preboot option displayed is 'Next device'.

The error below is shown in the 'sbslog_pxe.txt' file:

Tue Jan 29 15:51:46 2019 9300 SbsHttpClient.cpp Sbs::SbsHttpClient::OperationDone 133 Error NS response parse failure, bytes read 1431, 'HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-UA-Compatible: IE=EmulateIE8
X-Frame-Options: SAMEORIGIN
Date: Tue, 29 Jan 2019 20:51:45 GMT
Content-Length: 1233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style> .wolkenCSSv8r5 <!--body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} .wolkenCSSv8r5 fieldset{padding:0 15px 10px 15px;} .wolkenCSSv8r5 h1{font-size:2.4em;margin:0;color:#FFF;} .wolkenCSSv8r5 h2{font-size:1.7em;margin:0;color:#CC0000;} .wolkenCSSv8r5 h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} .wolkenCSSv8r5 #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;} .wolkenCSSv8r5 #content{margin:0 0 0 2%;position:relative;} .wolkenCSSv8r5 .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} </style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
'

The sbslog_pxe.txt has also been observed to contain this:

GET /altiris/Deployment/Services/GetPXEBootInfo.aspx?xml=<request><GetPXEBootInfo><UniqueID>2052434E-0000-0000-0000-020058857515</UniqueID><MacAddress>client mac address shown here</MacAddress><SerialNumber></SerialNumber><IPAddress>client IP shown here</IPAddress></GetPXEBootInfo></request> HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Symantec NBS
Host: SMPfqdn
Connection: Keep-Alive

Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 62 Debug Socket connection not open. Calling TcpSocket::Create() and AioBind()
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 64 Debug TcpSocket::Create() returned a result of :0
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 68 Debug AioBind() returned a result of :0
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 73 Debug BeginConnect() returned a result of :0
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 90 Debug Exiting SendRequest with a result of :0
Fri Apr 15 08:29:59 2022 12628 SbsHttpRequestHandler.cpp Sbs::SbsHttpRequestHandler::ProcessRequest 103 Debug Send Request completed with return code of:0 on retry #1
Fri Apr 15 08:30:05 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::Error 271 Error Error received for operation 2, errorcode: 121
Fri Apr 15 08:30:05 2022 12628 SbsPxeInterface.cpp Sbs::SbsPxeInterface::OperationDone 82 Debug Function called
Fri Apr 15 08:30:05 2022 12628 SbsPxeInterface.cpp Sbs::SbsPxeInterface::SendPxeResponse 462 Debug Function called
Fri Apr 15 08:30:05 2022 7548 SbsPxeInterface.cpp Sbs::SbsPxeInterface::OperationDone 82 Debug Function called
Fri Apr 15 08:30:05 2022 7548 SbsPxeInterface.cpp Sbs::SbsPxeInterface::SendDone 750 Debug Function called
Fri Apr 15 08:30:08 2022 7548 SbsHttpClient.cpp Sbs::SbsHttpClient::Error 271 Error Error received for operation 2, errorcode: 121

Environment

DS 8.x

Cause

This issue was caused because the SBSServer was trying to connect to the NS server over port 80 and the NS was communicating over port 443.

When the Symantec Installation Manager installs the product for the first time it sets values in the registry for the port that NS should use and whether or not communication over SSL is required.

This is set using the following registry keys on the SMP/Notification server:

Port: HKLM\SOFTWARE\Altiris\AIM\Configuration\Nsconfiguration\NSWebSitePort

Use SSL: HKLM\SOFTWARE\Altiris\AIM\Configuration\Nsconfiguration

In most situations, these values get to set '80' and 'False' respectively when customers do an initial installation of the SMP without specifying HTTPS. When customers decide to use HTTPS they make the changes through the SMP Console. The registry keys noted above DO NOT GET changed.

Because these keys are not changed after migrating to HTTPS the SBS server reads these values and communicates over HTTP causing communication to fail.

Note: Restarting SIM may cause the registry values to be changed back to port 80 and false after being changed. This has not been 100% verified.

Resolution

On the NS:

Open the registry using regedit
Change the registry keys to use the port and SSL settings desired:

For HTTPS support:

Port: HKLM\SOFTWARE\Altiris\AIM\Configuration\Nsconfiguration\NSWebSitePort : set to 443

Use SSL: HKLM\SOFTWARE\Altiris\AIM\Configuration\Nsconfiguration: set to True

3. Open the NBS General Settings through the SMP Console and make any change:

Settings > Deployment > NBS General Settings

4. The SBS server will update its configuration and the communication methods will be updated in the sbsconfiguration.xml file.