iPXE with MAC based network Authentication is not working
search cancel

iPXE with MAC based network Authentication is not working

book

Article ID: 274199

calendar_today

Updated On:

Products

Deployment Solution

Issue/Introduction

The Customer is having problems with remote site and iPXE booting (Regular PXE is working)

They are getting error PXE-E53: No boot filename received

The customer tested a client in the same subnet as iPXE and it worked, after taking out a physical machine in the same subnet we experienced the same problem again.

The customer is using a "mac-based" network authentication for PXE boot (After the start of Windows they use 802.x with certificates). They switched off the authentication for one port and iPXE boot worked after that.
When they have authentication "enabled", they found the following in the logs in the switch:

So from the logs, it seems it tries to re-authenticate when iPXE starts and the waiting time is a bit too short until the port is authenticated again and communication allowed.

Environment

Deployment Solution 8.6, 8.7

Cause

The PXE-E53 error message typically originates from the firmware, iPXE itself also doesn't display any error.

The main problem is related to the 802.1x authentication.

 

Resolution

Workaround:  You will need to disable secure boot in the BIOS.

What was changed?  - unnecessary sleeps removed and retries added.

For Deployment Solution:

How to Install:

It is needed to substitute existing loaders for created Boot menus.  You can find this on your PXE servers located on the install directory under \Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images\MenuOptionXXX\X64\.   Where Menu MenuOptionXXX is the name of the preboot configuration that is being selected during the PXE boot process.

Stop the Symantec Network Boot Service and the Symantec Network Boot Service (TFTP) services

In this example my iPXE preboot configuration is called ipxepreboot. This is for an EFI system.

On my site server I navigate to \Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images\ipxepreboot\X64\.

I find the name of my preboot configuration ipxepreboot.efi file and move it into a different directory to back it up. 

From the attached ZIP file extract the following files and copy them as follows:

 - for EFI: Copy either ipxe.efi or snponly.efi into the folder.  You may need to first try ipxe.efi and if that does not work copy in snponly.efi and remove ipxe.efi.

For a regular BIOS system I would first copy out ipxepreboot.0 to a different directory to back it up.

 - for BIOS: Copy ipxe.pxe or undionly.kpxe.  Again you may need to first try ipxe.pxe and if that does not work, remove that, and try undionly.kpxe

FYI, the files attached are not signed by Microsoft, thus SecureBoot will not work with them.  The attached ipxe_CRE-13591.zip contains iPXE 64bit EFI and BIOS binaries (it also contains snponly/undionly). 

For Ghost Solution Suite:

The steps are the same except on the PXE server the directory is C:\Program Files (x86)\Altiris\eXpress\Deployment Server\PXE\Images.

Attachments

ipxe_CRE-13591_1695744450062.zip get_app