iPXE with MAC based network Authentication is not working
search cancel

iPXE with MAC based network Authentication is not working

book

Article ID: 274199

calendar_today

Updated On:

Products

Deployment Solution

Issue/Introduction

There are problems with a remote site and iPXE booting (Regular PXE is working)

The following error is seen: error PXE-E53: No boot filename received

When testing a client in the same subnet as iPXE it worked, after taking out a physical machine in the same subnet the same problem is seen again.

When using a "mac-based" network authentication for PXE boot (After the start of Windows they use 802.x with certificates) and it is switched off the authentication for one port and iPXE boot worked after that.
When having authentication "enabled" the following is seen in the logs of the switch:

So from the logs, it seems it tries to re-authenticate when iPXE starts and the waiting time is too short until the port is authenticated again and communication allowed.

Environment

Deployment Solution 8.6, 8.7

Cause

The PXE-E53 error message typically originates from the firmware and iPXE itself also doesn't display any error.

The main problem is related to the 802.1x authentication.

Resolution

Workaround:  You will need to disable secure boot in the BIOS.

What was changed?  - unnecessary sleeps removed and retries added.

For Deployment Solution the following shows how to install:

It is needed to substitute existing loaders for created Boot menus.  You can find this on your PXE servers located on the install directory under \Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images\MenuOptionXXX\X64\.   Where Menu MenuOptionXXX is the name of the preboot configuration that is being selected during the PXE boot process.

Stop the Symantec Network Boot Service and the Symantec Network Boot Service (TFTP) services

In this example my iPXE preboot configuration is called ipxepreboot. This is for an EFI system.

On my site server I navigate to \Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images\ipxepreboot\X64\.

I find the name of my preboot configuration ipxepreboot.efi file and move it into a different directory to back it up. 

From the attached ZIP file extract the following files and copy them as follows:

 - for EFI: Copy either ipxe.efi or snponly.efi into the folder.  You may need to first try ipxe.efi and if that does not work copy in snponly.efi and remove ipxe.efi.

For a regular BIOS system I would first copy out ipxepreboot.0 to a different directory to back it up.

 - for BIOS: Copy ipxe.pxe or undionly.kpxe.  Again you may need to first try ipxe.pxe and if that does not work, remove that, and try undionly.kpxe

FYI, the files attached are not signed by Microsoft, thus SecureBoot will not work with them.  The attached ipxe_CRE-13591.zip contains iPXE 64bit EFI and BIOS binaries (it also contains snponly/undionly). 

For Ghost Solution Suite:

The steps are the same as above except on the PXE server the directory is C:\Program Files (x86)\Altiris\eXpress\Deployment Server\PXE\Images.

Additional DS (Deployment Solution) and GSS (Ghost Solution Suite) files:
Note:
It is not pointfix but a new version available that you may want to consider for an updated 64-bit ipxe.efi (ipxe v1.21.1+) binaries signed by Microsoft:
"updated 64-bit ipxe.efi (ipxe v1.21.1+) binaries" (KB 280113)

Attachments

ipxe_CRE-13591_1695744450062.zip get_app
Powered by Wolken Software