Solving PXE boot problems on ZCM 11

pxe boot blogDuring the last week I’ve been having a look at ZCM 11.3 in preparation for when we upgrade our production zone from 11.2.3a. I wanted to check that imaging was still going to work in the same way as before as well as testing some of our new hardware that doesn’t work with the current PXE drivers.

The test environment makes use of some of our old server and comms kit including some Dell PE2950 servers running ESXi hooked up via Cisco 3750 switches.

The DHCP server was installed on a Windows Server 2012 R2 virtual machine.
I downloaded the ZCM 11.3 appliance, imported it and ran through the setup wizard, all pretty painless so far.

With the zone configured I then tried to PXE boot a client PC but it disappointingly failed with an error

“PXE-E51 No DHCP or DHCP Proxy Offers received”

In the end a series of fixes were required to get PXE working, not all of them present in the official Novell documentation so I figured it might be useful to pull everything together in one place

Server services

By default the ZCM server doesn’t have the Proxy DHCP service enabled. Without this you’re going nowhere so log onto the server with Putty \ console and type the following

service novell-pbserv start

check it with

service novell-pbserv status

While you’re there it’s also worth setting it to auto-start using chkconfig otherwise it’s an easy step to forget if you reboot the server at some point in the future.

Firewall

The appliance also ships with the firewall enabled but this seems to block PXE boot (!)
Solution: turn it off using the YaST tool (console onto the GUI of the ZCM server for this)

Ref: https://www.novell.com/support/kb/doc.php?id=7005130

VLAN environment pre-requisites

My dev environment was set up as a series of VLANs, in this scenario make sure you have ip helper-adress configured on each VLAN interface. According to the Novell documentation you need two entries, one for your DHCP server’s address and the other for the ZCM server that’s providing the PXE service.

Ref: https://www.novell.com/documentation/zenworks11/zen11_cm_preboot_imaging/data/bve6kpq.html

You also need ip-forward rules set up on your router \ L3 switch

ip forward-protocol udp 67
ip forward-protocol udp 68

Cisco switch port settings

Despite all the fixes above the client device still wouldn’t boot from the network and was beginning to wonder if it was ever going to work. The missing link was that Portfast needs to be enabled on Cisco switches (might apply in a similar way to other vendors) to ensure the port comes up quickly enough for the PXE service to work.

Ref: https://www.novell.com/support/kb/doc.php?id=3131242

PortFast has been known to have been switched off and this has caused issues on the PXE boot sequence. PXE tends to boot faster and request DHCP faster than the switch can handle.
PortFast has been enabled so that the Switch can start talking to a device without going through the process of waiting for the switch and device to decide what speed they will communicate, by enabling Portfast the switch will open the port and enable packets to flow.
The normal time period for the Switch to open up a port is around 30 seconds, with PortFast enabled the clients can start talking as soon as they are switched on, and in the case of PXE boot services it would not wait for 30 seconds.
 

Troubleshooting tips

The server logs can be useful to help figure out how far along the path the packets are getting (or not) so you know if the problem is on the networking side or the server. To check if your DHCP requests are getting through have a look in

/var/opt/novell/log/novell-proxydhcp.log

and you should see a line like this, where 192.160.0.X is the server VLAN’s IP address.

Received packet on 0.0.0.0:68
Received packet on 192.168.0.X:67 from relay agent 192.168.0.X

You should also be able to see workstation information as they check in to the imaging system, this log file is a little further into the folder tree

/var/opt/novell/log/zenworks/preboot/novell-pbserv.log

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: