13 Replies Latest reply on Mar 23, 2017 11:00 AM by Dave Johnston

    LDMS 2016.3 PXE Deployment problems

    carlos Expert

      Hello, I have been troubleshooting the PXE for over a week now, (I have a ticket open) but no luck.

       

      1. Current State doesn't change to Enable even when Certificates have been MANUALLY approved.

      2. Wim boot files are not copied to PXE server.

      3. LANDESK PXE MTFTP Service doesn't start.

       

      Has any of you experienced similar problems?

      I'm considering just discard 2016.3 and go back to 9.6

       

      Any help is appreciated.

        • 1. Re: LDMS 2016.3 PXE Deployment problems
          phoffmann SupportEmployee

          Does the system in question have WiFi NIC's?

           

          If we detect WiFi NIC's we're not going to put down certain things, because PXE + WiFi == bad mojo. Similar thing with laptops (limited disk space, "going walkies at a moment's notice", etc makes laptops bad candidates).

           

          I've already requested to get better logging on the election process (i.e. "I discarded myself from the election because I have ..." type stuff) to help make better sense of this stuff (so you won't necessarily see this stuff at the moment).

           

          If I'd hazard a guess, you're getting tripped up by that logic on our end (which is why I want it in the logs, so that it doesn't trip people up).

          • 2. Re: LDMS 2016.3 PXE Deployment problems
            bcstring SupportEmployee

            Carlos,

             

              The fact that PXE MTFTP service does not start is a result of the WIM's not getting downloaded to the device. The PXE MTFTP service will not start until those files are ready. Look at you C:\Programdata\landesk\log\pxesvc.log to see if it is erroring when trying to download the WIM files. Also, if you have not heard back on your case, please call in to our support line.

             

            Thanks,

             

            Bryce

            • 3. Re: LDMS 2016.3 PXE Deployment problems
              carlos Expert

              phoffmann the machine does not have a Wi-Fi network Card, however it is in a VMWARE Hypervisor.

              The hardware itself is set to only use 1 Nic.

              I have changed the block size to 1456 as described here:  How to configure Self Electing PXE services in LDMS 2016.3 or higher  and tried to follow all recommendations here:  How to Troubleshoot Self-Electing PXE Services  y also enable xTrace as mentioned here: How To: Enable XTrace Diagnostic Logging for the LANDESK Core and Clients

               

              bcstring

              The pxesvc.log says:

               

              ******* Entering GetWimFiles: Attempting to get latest boot images for Windows. *******

              Mon, 06 Feb 2017 08:44:55 Could not find the images directory.

              Mon, 06 Feb 2017 08:44:55 ******* Entering GetNetbootFiles: Attempting to get latest Netboot files for Mac. *******

              Mon, 06 Feb 2017 08:44:55 GetNetbootFiles: invoke OptFunc().

              Mon, 06 Feb 2017 08:44:55 Made the Web request. result: 0

              Mon, 06 Feb 2017 08:44:55 ResultCount: 0

              Mon, 06 Feb 2017 08:44:55 GetNetbootFiles: OptFunc returned success.

              Mon, 06 Feb 2017 08:44:55 GetNetbootFiles: Could not find the images directory.

               

              My support engineer knows this, but haven't been able to figure out why.

              I can reach the servers shares just fine from the PXE.

               

              SelfElectControllerLog:

               

              Mon, 06 Feb 2017 08:44:50 ________________Entering election for each managed service

              Mon, 06 Feb 2017 08:44:50 SelfElect::WhoProvidesService - Starting our check

              Mon, 06 Feb 2017 08:44:51 SelfElect::WhoProvidesService - Success. We are elected

              Mon, 06 Feb 2017 08:44:51 ________________Election Results:  PXE_SVC  WON with a score of 261

              Mon, 06 Feb 2017 08:44:55 ServiceActionThreadProc:  Verifying state for all managed services

              Mon, 06 Feb 2017 08:44:55 ServiceActionThreadProc:  Setting state for ALS_SVC

              Mon, 06 Feb 2017 08:44:55 SetProperState:  ALS_SVC  election result = Not Elected, current service election state = Not Elected

              Mon, 06 Feb 2017 08:44:55 SetProperState:  ALS_SVC  Service is NOT managed

              Mon, 06 Feb 2017 08:44:55 ServiceActionThreadProc:  Setting state for PXE_SVC

              Mon, 06 Feb 2017 08:44:55 SetProperState:  PXE_SVC  election result = Elected, current service election state = Elected

              Mon, 06 Feb 2017 08:44:55 Start service LANDesk(R) PXE Service

              Mon, 06 Feb 2017 08:44:56 Successfully controlled the service LANDesk(R) PXE Service.

              Mon, 06 Feb 2017 08:44:56 ServiceActionThreadProc:  Setting state for XDD_ARP

              Mon, 06 Feb 2017 08:44:56 SetProperState:  XDD_ARP  election result = Not Elected, current service election state = Not Elected

              Mon, 06 Feb 2017 08:44:56 SetProperState:  XDD_ARP  Service is NOT managed

              Mon, 06 Feb 2017 08:44:56 ServiceActionThreadProc:  Setting state for XDD_WAP

              Mon, 06 Feb 2017 08:44:56 SetProperState:  XDD_WAP  election result = Not Elected, current service election state = Not Elected

              Mon, 06 Feb 2017 08:44:56 SetProperState:  XDD_WAP  Service is NOT managed

               

              tmcsvc.log

               

              Mon, 06 Feb 2017 08:43:50 Received request message for my public certificate

              Mon, 06 Feb 2017 08:43:50 SendOutMyCertificate():  Sending out my client public cert

              Mon, 06 Feb 2017 08:44:02 Local AmIRepForSelfElectID called with: SelfElectId 7XXXXe92-d9c2-4e1f-XXXX-1c1d8a9cd86a, score 261

              Mon, 06 Feb 2017 08:44:02 Is Rep - (Still chosen)

              Mon, 06 Feb 2017 08:44:13 BuildMaps: found interface {9868BD27-AA57-4859-XXXX-85A3B3CCBDD6} address 192.168.20.194, adding to map

              Mon, 06 Feb 2017 08:44:14 Local AmIRepForSelfElectID called with: SelfElectId 7XXXXXX2-XXXX-4XXf-9XXd-1c1d8a9cd86a, score 261

              Mon, 06 Feb 2017 08:44:14 ProcessMulticastMessages: received signed message

              Mon, 06 Feb 2017 08:44:14 Client public cert not found in cache. Sending request for certificate to: 192.168.20.194

              Mon, 06 Feb 2017 08:44:14 Found match for 192.168.20.194 - interface address is 192.168.20.194 InterfaceType = 0

              Mon, 06 Feb 2017 08:44:14 ProcessMulticastMessages - Could not verify message from 192.168.20.194

              Mon, 06 Feb 2017 08:44:14 Is Rep - (Still chosen)

              Mon, 06 Feb 2017 08:44:14 Received request message for my public certificate

              Mon, 06 Feb 2017 08:44:14 SendOutMyCertificate():  Sending out my client public cert

              Mon, 06 Feb 2017 08:44:26 Local AmIRepForSelfElectID called with: SelfElectId 7XXXXXXXX-dXX2-4e1f-XXXX-1c1d8a9cd86a, score 261

              Mon, 06 Feb 2017 08:44:26 Is Rep - (Still chosen)

              Mon, 06 Feb 2017 08:44:38 Local AmIRepForSelfElectID called with: SelfElectId 7XXXXXXXX-dXX2-4e1f-XXXX-1c1d8a9cd86a, score 261

              Mon, 06 Feb 2017 08:44:38 ProcessMulticastMessages: received signed message

              Mon, 06 Feb 2017 08:44:38 Client public cert not found in cache. Sending request for certificate to: 192.168.20.194

              Mon, 06 Feb 2017 08:44:38 Found match for 192.168.20.194 - interface address is 192.168.20.194 InterfaceType = 0

              Mon, 06 Feb 2017 08:44:38 ProcessMulticastMessages - Could not verify message from 192.168.20.194

              Mon, 06 Feb 2017 08:44:38 Is Rep - (Still chosen)

              Mon, 06 Feb 2017 08:44:38 Received request message for my public certificate

              Mon, 06 Feb 2017 08:44:38 SendOutMyCertificate():  Sending out my client public cert

               

               

              Thank you for your help.

              • 4. Re: LDMS 2016.3 PXE Deployment problems
                bcstring SupportEmployee

                Judging from the certificate messages in the logging, I would verify that your certificates are installed on the core. You can follow the instructions for this document: Understanding Vulscan and SSL Verification in 2016

                This document is primarily written from a vulscan perspective, but applies to any part of Management Suite that requires the client to validate the communication with certificates.

                 

                Bryce.

                • 5. Re: LDMS 2016.3 PXE Deployment problems
                  carlos Expert

                  Hello, yes, that was a problem, I had to do dome changes in the cert store for vulscan to pass. After doing this and some other stuff and restarted the PXE the 2 services started working, however the PXE is still not working:

                   

                  1. This morning the services were turned off, I have to restart the PXE for them to start up again (Is this normal?)

                  2. Even with the services running i keep getting the error PXE-E53 Error: PXE-E53: No boot filename received

                      PXE is deployed and services running

                      Firewall is Off completely on the PXE

                      WDS is not running on the PXE

                      pxesvc.exe is the only service running on Port 67

                  3. When referring to having a PXE on each SubNet, is LANDESK referring to the SubNet Mask or the Gateway? (I'm not a network admin myself)

                     

                  I ask because my PXE server shows:

                  IP address: 192.168.20.19

                  SubNet Mask: 255.255.255.0

                  Gateway: 192.168.20.1

                   

                  The Machine I'm trying to PXE boot shows:

                  IP address: 192.168.30.28

                  SubNet Mask: 255.255.255.0

                  Gateway: 192.168.30.1

                   

                  In the core, under self-electing SubNet Services the Gateways are the ones showing.

                  Do I need to have a PXE rep per Gateway, meaning on the 192.168.20.XXX

                  or SubNet (As they are now 255.255.255.0)?

                  or I have these names mixed?

                  subnet.JPG

                   

                  -Regards

                  • 6. Re: LDMS 2016.3 PXE Deployment problems
                    bcstring SupportEmployee

                    Hi Carlos,

                     

                      The size of a subnet is controlled in the subnet mask, a subnet mask of 255.255.255.0 means that the first three octets of the IP address are locked in, and only the last octet can be dynamic. That last octet can range between from 2-254 (1 is already occupied by the gateway, and 255 is the subnet broadcast address). So all the clients on your ".30" subnet will have an IP ranging from 192.168.30.2-192.168.30.254, there are other variables that control what addresses will be assigned such as DHCP scoping and\or exclusions, but the subnet mask sets the basic range of possible IPs.

                     

                       The two subnets you mention (.20 and .30) are separate and a PXE Rep on one will not be able to boot devices on the other. You need to have a PXE Rep on the .30 as well if that is where the clients are located. In the vast majority of environments the PXE communication is dropped at the router, which is where your cross subnet communication happens. It is possible to use IP Helpers and setup a single PXE to be used on multiple subnets, however this is a network configuration change and as such is not supported by Ivanti, we cannot advise on making that change, you would need to discuss that with your networking team\vendor.

                     

                    Thanks,

                     

                    Bryce.

                    • 7. Re: LDMS 2016.3 PXE Deployment problems
                      carlos Expert

                      bcstring  That makes sense, so basically when LANDESK refer to a SubNet, it refers to what in my machines shows as Gateways (Nice to know and understand this)

                      I'll try:

                       

                      1. Boot a machine that is in my .20 (This should work since my PXE is in the .20)

                      2. Add a PXE on my .30 and try booting my current Test machine, this should work as well.

                       

                      Once that is working, then I can investigate the IP Helpers that I have seen mentioned so much in other posts.

                      Tnx for your help, I'll report back.

                       

                      -CS

                      • 8. Re: LDMS 2016.3 PXE Deployment problems
                        phoffmann SupportEmployee

                        *Technically* the correct term to use would be "Broadcast domain" (i.e. - the boundary that a network packet (usually UDP) may/will not cross).

                         

                        A broadcast domain *COULD* be one more subnets (some weird environments do forward those packets on).

                         

                        A broadcast domain is *usually* a single subnet, but may hold several (again - forwarding of packets).

                         

                        In essence, it's about "trying to keep things straight forward / understandable" at the cost of technical accuracy. In 99% of cases it's fine (as 1 site == 1 subnet) but that's no always the case .

                         

                        Hope that helps (pendantic mode shutting down) .

                        • 9. Re: LDMS 2016.3 PXE Deployment problems
                          carlos Expert

                          Hey, please keep the teacher Hat on! I like it since there is so much to learn!

                           

                          I did run a test:

                           

                          1. Boot a machine that is in my .20 (This should work since my PXE is in the .20)

                               This didn't work, I get the same error

                          2. Add a PXE on my .30 and try booting my current Test machine, this should work as well.

                               My NetAdmin hasn't been able to create a .30 Network that I can use to test, but if point 1 didn't work that would be in a sense the exact same scenario.

                           

                          I guess at this point I have to start checking wireshark and start looking at logs....

                          Any other ideas?

                           

                          Best.

                          • 10. Re: LDMS 2016.3 PXE Deployment problems
                            phoffmann SupportEmployee

                            Not really - debugging PXE pretty much always means using Wireshark, since you've got very little to no information (except from the logs on the PXE rep and the IIS logs on the Core) to trace where comms is / isn't going to. So you've got the right approach.

                            • 11. Re: LDMS 2016.3 PXE Deployment problems
                              Dave Johnston Apprentice

                              carlos did you ever get this resolved?  I'm having an issue where my devices are becoming active as self-electing PXE reps, and then days later, they are no longer available.  This has happened more than once, and I'm really struggling with this, as I did not have to worry about this type of thing in 9.6.  I have specific servers designated for this at each of my locations, and IP helpers setup on the local network to get to them from any of the site subnets, so maybe it has something to do with my configuration.  Just wondering if you found anything while troubleshooting that might be worth checking in my environment as well.

                              • 12. Re: LDMS 2016.3 PXE Deployment problems
                                carlos Expert

                                Dave, no I could not fix it, and I spent a lot of time on it.

                                I basically gave up on it, I'm using a USB to manually boot, one day, when I don't have anything else to do I'll try again.

                                 

                                -Best luck to you.

                                • 13. Re: LDMS 2016.3 PXE Deployment problems
                                  Dave Johnston Apprentice

                                  Fair enough, thanks for the quick reply!