Configuration Manager 2007 OSD - PXE Boot across Subnets

Article
06/22/2009

In this blog, i will discuss about "How to allow a DHCP broadcasts across subnets or VLAN's to PXE boot clients"

As far as subnets or VLAN’s are considered, it should allow DHCP broadcasts at port 67 to the WDS / RIS Server for the PXE client to indicate the RIS / WDS Server that it is looking to be serviced. If this doesn’t happen the WDS will not be able to reply back to the PXE client with the boot file. Alternatively if broadcasts cannot be allowed to RIS / WDS, the DHCP should inform the PXE client and make it aware of where the RIS/ WDS Server is located and where it can obtain the boot files from.

Note: If a DHCP Server is running on the Windows Deployment Services Server, WDS must be configured to not listen on port 67 and DHCP option tag 60 must be added to all DHCP scopes on your DHCP Server. Non-Microsoft DHCP Servers require manual configuration of the DHCP option tag 60.

These settings can be defined from the WDS Server properties -- DHCP tab.

How the PXE Remote Boot Technology Works

Pre-Boot execution Environment (PXE), provides companies with the ability to use their existing TCP/IP network infrastructure with the Dynamic Host Configuration Protocol (DHCP) to discover remote installation servers on the network. Net PC/PC98-compliant systems, and computers equipped with network interface cards (NICs) supported by the RIS remote boot disk can take advantage of the remote boot technology included in the Windows 2003 operating system.

When a PXE-enabled client computer is turned on, the PXE-based ROM (NIC) requests an IP address from a DHCP server using the normal DHCP discovery process. As part of the initial DHCP discover request, the client computer also identifies itself as being PXE-enabled, which indicates to the remote installation servers on the network that it is looking to be serviced. Any available RIS / WDS server on the network can respond by providing the client with its IP address, and the name of a boot file the client should request if that client wants service from that server.

Test Performed in LAB

To demonstrate the flow of packets when a bare metal machine PXE boots and how it locates the ConfigMgr PXE point, the following lab test was done and a network trace was taken at the time of deployment.

SCCM Server with PXE role configured

NetBIOS: SCCM2007-01

IP Address: 52.0.0.9

Domain Controller, DHCP Server

NetBIOS: CorpBDC01

IP Address: 52.0.0.1

PXE Client

IP Address : 52.0.0.12 assigned by DHCP.

SCCM Server (Network trace)

2 9.218750 52.0.0.9 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = OFFER, TransactionID = 0x5E4F2506

3 9.218750 0.0.0.0 255.255.255.255 DHCP DHCP: Boot Request, MsgType = DISCOVER, TransactionID = 0x5E4F2506

4 9.218750 52.0.0.9 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = OFFER, TransactionID = 0x5E4F2506

5 9.218750 52.0.0.1 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = OFFER, TransactionID = 0x5E4F2506

6 13.234375 0.0.0.0 255.255.255.255 DHCP DHCP: Boot Request, MsgType = REQUEST, TransactionID = 0x5E4F2506

7 13.234375 52.0.0.1 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = ACK, TransactionID = 0x5E4F2506

8 13.234375 52.0.0.12 52.0.0.9 DHCP DHCP: Boot Request, MsgType = REQUEST, TransactionID = 0x5E4F2506

9 13.234375 52.0.0.9 52.0.0.12 DHCP DHCP: Boot Reply, MsgType = ACK, TransactionID = 0x5E4F2506

12 13.828125 52.0.0.12 52.0.0.9 DHCP DHCP: Boot Request, MsgType = REQUEST, TransactionID = 0x5E4F2506

13 13.859375 52.0.0.9 52.0.0.12 DHCP DHCP: Boot Reply, MsgType = ACK, TransactionID = 0x5E4F2506

DHCP Server (trace)

2 12.671875 0.0.0.0 255.255.255.255 DHCP DHCP: Boot Request, MsgType = DISCOVER, TransactionID = 0x5E4F2506

3 12.671875 52.0.0.1 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = OFFER, TransactionID = 0x5E4F2506

4 12.671875 52.0.0.9 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = OFFER, TransactionID = 0x5E4F2506

5 16.687500 0.0.0.0 255.255.255.255 DHCP DHCP: Boot Request, MsgType = REQUEST, TransactionID = 0x5E4F2506

6 16.687500 52.0.0.1 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = ACK, TransactionID = 0x5E4F2506

7 170.890625 0.0.0.0 255.255.255.255 DHCP DHCP: Boot Request, MsgType = DISCOVER, TransactionID = 0xA06341EC

8 170.890625 52.0.0.1 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = OFFER, TransactionID = 0xA06341EC

9 170.890625 0.0.0.0 255.255.255.255 DHCP DHCP: Boot Request, MsgType = REQUEST, TransactionID = 0xA06341EC

10 170.890625 52.0.0.1 255.255.255.255 DHCP DHCP: Boot Reply, MsgType = ACK, TransactionID = 0xA06341EC

11 174.281250 52.0.0.12 52.0.0.1 DHCP DHCP: Boot Request, MsgType = REQUEST, TransactionID = 0xC1EF01A0

12 174.281250 52.0.0.1 52.0.0.12 DHCP DHCP: Boot Reply, MsgType = ACK, TransactionID = 0xC1EF01A0

Exploded view of frames 8-9, 12-13 of SCCM Server

Frame:

+ Ethernet: Etype = Internet IP (IPv4)

+ Ipv4: Next Protocol = UDP, Packet ID = 2, Total IP Length = 576

+ Udp: SrcPort = BOOTP client(68), DstPort = 4011, Length = 556

- Dhcp: Boot Request, MsgType = REQUEST, TransactionID = 0x5E4F2506

OpCode: Boot Request, 1(0x01)

Hardwaretype: Ethernet

HardwareAddressLength: 6 (0x6)

HopCount: 0 (0x0)

TransactionID: 1582245126 (0x5E4F2506)

Seconds: 4 (0x4)

+ Flags: 0 (0x0)

ClientIP: 52.0.0.12

YourIP: 0.0.0.0

ServerIP: 0.0.0.0

RelayAgentIP: 0.0.0.0

+ ClientHardwareAddress: 00-15-5D-4F-25-06

ServerHostName:

BootFileName: à Requesting for boot file

MagicCookie: 99.130.83.99

+ MessageType: REQUEST

+ ParameterRequestList:

+ MaxDHCPMessageSize: 1260 UINT8(s)

+ Generaloption: UUID/GUID based Client Identifier

+ Generaloption: Client System

+ Generaloption: Client Network Device Interface

+ VendorClassIdentifier: PXEClient:Arch:00000:UNDI:002001

+ End:

Frame:

+ Ethernet: Etype = Internet IP (IPv4)

+ Ipv4: Next Protocol = UDP, Packet ID = 10900, Total IP Length = 367

+ Udp: SrcPort = 4011, DstPort = BOOTP client(68), Length = 347

- Dhcp: Boot Reply, MsgType = ACK, TransactionID = 0x5E4F2506

OpCode: Boot Reply, 2(0x02)

Hardwaretype: Ethernet

HardwareAddressLength: 6 (0x6)

HopCount: 0 (0x0)

TransactionID: 1582245126 (0x5E4F2506)

Seconds: 4 (0x4)

+ Flags: 0 (0x0)

ClientIP: 52.0.0.12

YourIP: 0.0.0.0

ServerIP: 52.0.0.9

RelayAgentIP: 0.0.0.0

+ ClientHardwareAddress: 00-15-5D-4F-25-06

ServerHostName:

BootFileName: smsboot\x86\wdsnbp.com à PXE Client receives the first bootable file which is downloaded

MagicCookie: 99.130.83.99

+ MessageType: ACK

+ ServerIdentifier: 52.0.0.9

+ Generaloption: UUID/GUID based Client Identifier

+ VendorClassIdentifier: PXEClient

+ Generaloption: Continuation Option

+ End:

Frame:

+ Ethernet: Etype = Internet IP (IPv4)

+ Ipv4: Next Protocol = UDP, Packet ID = 60, Total IP Length = 327

+ Udp: SrcPort = BOOTP client(68), DstPort = 4011, Length = 307

- Dhcp: Boot Request, MsgType = REQUEST, TransactionID = 0x5E4F2506

OpCode: Boot Request, 1(0x01)

Hardwaretype: Ethernet

HardwareAddressLength: 6 (0x6)

HopCount: 0 (0x0)

TransactionID: 1582245126 (0x5E4F2506)

Seconds: 0 (0x0)

+ Flags: 0 (0x0)

ClientIP: 52.0.0.12

YourIP: 0.0.0.0

ServerIP: 0.0.0.0

RelayAgentIP: 0.0.0.0

+ ClientHardwareAddress: 00-15-5D-4F-25-06

ServerHostName:

BootFileName: à Request for second file

MagicCookie: 99.130.83.99

+ MessageType: REQUEST

+ VendorClassIdentifier: PXEClient

+ Generaloption: UUID/GUID based Client Identifier

+ Generaloption: Client System

+ Generaloption: Continuation Option

+ ParameterRequestList:

+ Generaloption: Continuation Option

+ End:

Frame:

+ Ethernet: Etype = Internet IP (IPv4)

+ Ipv4: Next Protocol = UDP, Packet ID = 10957, Total IP Length = 538

+ Udp: SrcPort = 4011, DstPort = BOOTP client(68), Length = 518

- Dhcp: Boot Reply, MsgType = ACK, TransactionID = 0x5E4F2506

OpCode: Boot Reply, 2(0x02)

Hardwaretype: Ethernet

HardwareAddressLength: 6 (0x6)

HopCount: 0 (0x0)

TransactionID: 1582245126 (0x5E4F2506)

Seconds: 0 (0x0)

+ Flags: 0 (0x0)

ClientIP: 52.0.0.12

YourIP: 0.0.0.0

ServerIP: 52.0.0.9

RelayAgentIP: 0.0.0.0

+ ClientHardwareAddress: 00-15-5D-4F-25-06

ServerHostName:

BootFileName: smsboot\x64\pxeboot.n12 à you get option to press F12 and gets the pxeboot.n12 file

MagicCookie: 99.130.83.99

+ MessageType: ACK

+ ServerIdentifier: 52.0.0.9

+ Generaloption: UUID/GUID based Client Identifier

+ VendorClassIdentifier: PXEClient

+ Generaloption: UNHANDLED DHCP OPTION CODE

+ WPAD: \SMSTemp\2008.08.28.18.45.27.06.{65B31783-614D-43BE-9CD0-A57B75F2ADBC}.boot.bcd

+ End:

How to allow a DHCP Server that is located in a different subnet to respond to a PXE client

So here is the answer:

If DHCP is installed on a server that is located in a different subnet, then you will need to do one of the following:

· (recommended) Configure your IP Helper tables. All DHCP broadcasts on UDP port 67 by client computers should be forwarded directly to both the DHCP server and the Windows Deployment Services PXE server. Also, all traffic to UDP port 4011 from the client computers to the Windows Deployment Services PXE server should be routed appropriately (these requests direct traffic to the server, not broadcasts).

· Add DHCP options 66 and 67. Option 66 should be set to the Windows Deployment Services server, and option 67 should be set to smsboot\x86\wdsnbp.com.

As suggested configure IP Helper tables to Allow all DHCP broadcasts on UDP port 67 to the SCCM PXE point

Or else

configure the Add DHCP options 66 and 67. Option 66 should be set to the SCCM PXE server, and option 67 should be set to smsboot\x86\wdsnbp.com.

Note: You can also configure IP Helper table along with DHCP option 66 & 67 together to allow redundancy.

Reference links

Step-by-Step Guide for Windows Deployment Services in Windows Server 2003

https://technet.microsoft.com/en-us/library/cc766320.aspx

Sample Operating System Deployment Task Sequence Scenarios

https://technet.microsoft.com/en-us/library/bb633208.aspx

Operating System Deployment in Configuration Manager

https://technet.microsoft.com/en-us/library/bb632767.aspx

Troubleshooting Operating System Deployment