Hi Team,
I am able to Image machine in UEFI mode with Secure boot off. But facing issues to image by keeping Secure boot ON.
We need to keep Secure Boot ON for imaging.
I did the configuration as mentioned in the document.
Can someone guide me the steps for Imaging machine with Secure Boot ON. in UEFI mode.
Thanks
Swap
What document sre you referencing? Have you configured “WinPE Direct Boot on UEFI mode”? How far is it getting, and what kind of errors are you seeing?
Without more detail all I could really do is to refer you back to the documentation.
There are 3 things which i configured.
Do we need anything else to configure.
Regards
Swap
That looks good so far, where are you hitting a problem? Il
When i do PXE boot it does not connect to PXE Server.
Ok, that’s what I was trying to find. Is the client on the same subnet as the server? I’ve seen that some UEFI PXE ROMs need different DHCP options (not recognizing Option 43, they need values for option 67 & one other.) I should be able.to send some notes later today.
Sure.
My Current DHCP options are 60,43, 67 and 66.
The UEFI boot works if i disable Secure boot. Once i Enable Secure boot it does not work.
Also the OSD Server and Client are not in same subnet. As we different VLAN’s for Servers and Laptop.
Thanks
That’s all great info. What value are you sending for option 67 (boot filename)?
Edit: Also what DHCP server are you using? What version?
Edit2: where I’m going with that is that I’ve had some problems booting UEFI Secure when option 43 had a value. If you can test, try removing option 43 entirely. If that works we can use DHCP Policies to send option 43 only to BIOS clients, and option 66/67 only to UEFI clients.
The Option 67 is Rembo-x64UEFI
We dont have seperate DHCP Server its in CISCO Switch.
I can try removing option 43 and check tomorrow.
Ok let me know if that works. I’m checking my working document now and yes I’ve definitely had problems booting UEFI clients with Option 43 present. I’ve been working on a document to describe configuring DHCP Policies on Windows DHCP and ISC DHCP on Linux to send separate options depending on the client type (option 43 for BIOS, and 66/67 for UEFI).
With Cisco DHCP, test first to see if removing Option 43 works. If it does, the simplest thing would be to have the Cisco devices forward DHCP requests directly to the Bare Metal Server, and remove options 43, 60, 66, and 67 from the Cisco entirely. The Cisco would then only provide IP/route/DNS information, and also forward the request to the OSD server. The OSD server should automatically provide the rest to the client. On the Cisco, in a global or VLAN definition, you’d add
ip helper-address 192.168.1.100
(with the IP address of your Bare Metal Server. You can use multiple ip helper-address lines if you have multiple servers).
Hello,
which is the complete version of MDT Bundle?
When you say that it does not connect to PXE Server, when does it exactly fail?
It cannot start the download of WinPE or it can download the WinPE but then the script running in WinPE cannot connect to the bare metal server?
Could you please send some screenshot?
Thanks.
Great to hear!
Do you need any further assistance on the DHCP options, or are you planning to go forward using the IP Helper-address configuration I mentioned earlier?
If you end up setting dhcp policies on the Cisco equipment to send option s 60/43 to BIOS clients, and 66/67 to UEFI clients, I’d like to hear how that works and how it’s configured. I’d include that in my document but don’t have any Cisco gear to try it on.