Jump to content

PXE: how to I point to \boot\BCD using option 252 (wpad) ?


doestergaard

Recommended Posts

Hi

 

Im trying to get rid of that multi-second delay there is, while pxe booting into WinPE. (Without WDS)

 

I have read here: http://www.syslinux.org/archives/2010-March/014174.html that you will use dhcp option 252 to point to a wpad.dat file on a webserver, which contains the path to the BCD file, so the bootmgr.exe knows where to find it.

 

Has anyone here experienced with this? Heck, I dont even know if I have done it right? My dhcp is currently

 

next-server 192.168.1.3

bootfile boot\pxeboot.n12

option 252 ascii "192.168.1.3:85/wpdat.dat"

 

The above configuration is from my cisco router, which does give me the opportunity to experience with this

 

My wpad.dat file:

"boot\BCD, bootmgr.exe"

 

Im not sure what Im doing wrong? Any help will be very appreciated guys!  :yes:

 

 

Thanks in advance

Edited by doestergaard
Link to comment
Share on other sites


 

 

My wpad.dat file:

"boot\BCD, bootmgr.exe"

 

Well, surely you miss a leading backslash and you have "wrong" quotes (when compared to the given source):

http://www.syslinux.org/archives/2010-March/014174.html

Option 1) If DHCP option 252 (wpad) has been provided in the format "\path\to\BCD\file", "bootmgr.exe" will simply load that file from the TFTP server and use that as the BCD-file.

 

You can try with:

"\boot\BCD", "bootmgr.exe"

but cannot say if the issue is that one. :unsure:

 

As a side note, if you use a DHCP server that has been developed to provide among others that option through BINL, you should have not the issue, and if at the end of the day what you are looking for is a faster PXE booting, you may want to experiemnt with alternative approaches, http/sanboot or wimboot:

http://reboot.pro/files/file/303-tiny-pxe-server/

 

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

@jaclaz

 

Thank you for your reply. I have done some more research on this topic. And as far as I understand, it seems like you don't need a wpad.dat file at all for this procedure to work, but set the string to \boot\BCD.

 

Taking Tiny-PXE-server into perspective, you can see, here: http://labalec.fr/erwan/?cat=28 that under option 252 he directly points to the bcd file. However, trying the same thing on my cisco router, it does not work.

 

 

If you or anyone can see what is missing from this configuration, it may help getting further. 

 

 

My current router config works, but I still have the long delay of loading boot.wim.

 

Configuration of my router:

 

 

!

ip dhcp pool ADM-NET

   network 192.168.1.0 255.255.255.224

   default-router 192.168.1.1 

   dns-server 212.10.10.4 212.10.24.252 

   option 67 ascii "pxeboot.n12"

   option 252 ascii "\boot\BCD"

!

interface Vlan10

 ip dhcp relay information trusted

 ip address 192.168.1.1 255.255.255.224

 ip helper-address 192.168.1.3

Edited by doestergaard
Link to comment
Share on other sites

Well, no. :no:
 
A given DHCP/TFTP/PXE/BINL server like the mentioned TinyPXE can point to a given file, another server (like your Cisco one) may or may not provide the same feature, if you prefer the specific TinyPXE server has a built-in provision simplifying the use of option 252 for PXE booting.
 
You posted here about using the wpad.dat file but using in it a string that was different from the one suggested in the resource you cited, and I highlighted only this fact.
 
The WPAD protocol:
https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
is in this case used "improperly" (but still the file that needs to be passed as option 252 is a wpad.dat, as this AFAICU is the only way to tell the thingy to get two files, the bootmgr.exe and the \boot\BCD).
 
Additionally, seemingly (at least some version of) Cisco iOS have a bug in the parsing, see here:
https://supportforums.cisco.com/discussion/10074211/dhcp-option-252
 

Please find below the configuration on how to configure option 252 on a DHCP scope for a Cisco Switch or Router.
It look quite simple but please focus on the following:
When configuring the path of the wpad file in the option you will need to configure it with the (“) as per this example:

option 252 ascii "http://X.X.X.X/wpad.dat "

NOW:
Make sure after the .dat at the end there is a space before configuring the closing (“).

This is a flaw in Cisco. If you don’t include the space it reads the .dat as a .da –(WPAD will not work)
But by including the space it reads the .dat as .dat
Tested and this works!!

 

Try again with the suggested space after and with the contents of the wpad.dat EXACTLY as in the cited source. :unsure:

 

See also this:

https://proxyadvices.wordpress.com/2011/02/27/how-automatic-proxy-detection-really-works/

the way a CISCO iOS will parse (and thus serve) the string needs to be checked.

 

jaclaz

Link to comment
Share on other sites

@jaclaz

 

Oh, Wow! This is not an easy task  :} OK, so I have change my DHCP option on my Cisco Router to hand out the wpad.dat file:

 

!

ip dhcp pool ADM-NET

   network 192.168.1.0 255.255.255.224

   default-router 192.168.1.1 

   dns-server 212.10.10.4 212.10.24.252 

   option 67 ascii "pxeboot.n12"

   option 252 ascii "http://192.168.1.3:85/wpad.dat "

!

 
I tried to go to a browser and type in the address, and i gives me back the content of the wpad.dat, so my guess would be it works.
 
Well the content of wpad.dat is as of now "\boot\BCD", "bootmgr", however, giving the source you posted, It looks like you have to write a script, so it would look like:
 
function FindProxyForURL(url, host) {if (isInNet(host, “192.168.0.0”, “255.255.0.0”) ||

isInNet(host, “10.11.0.0”, “255.255.0.0”) ||
dnsResolve(host)==”127.0.0.1″ ||
isPlainHostName(host)) { return “DIRECT”; }if ( shExpMatch(url, “*193.195.121.106*”) ||
shExpMatch(url, “ftp://*.site1.co.uk/*”) ||
shExpMatch(url, “
http://*.site2.com/

 

My question is now, where will I put the bcd and bootmgr in this script and what function should be used to do this? I tried to search on wpad and bcd but it didn't give back any result.

 

Again, thank you very much for helping me out here :)

Link to comment
Share on other sites

Well, now that you are pretty sure that your configuration does serve properly the wpad.dat :thumbup you should try with the same "plain" contents as in the originally cited post:
http://www.syslinux.org/archives/2010-March/014174.html
or try following this (that provides two possible approaches):
http://www.0xf8.org/2012/04/the-30-second-delay-in-booting-windows-pes-pxeboot-com-via-pxelinux/

This latter clarifies that the question was more abut avoiding the need to set the option 252 on the server, I completely missed that.

However, as said, the use of WPAD this way is not "standard", the script is for the "browser use" or "canonical" use of WPAD as proxy redirector, the script is to be interpreted by the browser and I don't think that PXE has this capabilities.

It is possible that we are (I am) mis-reading the original post, as it is ambiguous :unsure::

Option 1) If DHCP option 252 (wpad) has been provided in the format "\path\to\BCD\file", "bootmgr.exe" will simply load that file from the TFTP server and use that as the BCD-file.

 


It is possible that you are right, that is you should have:

option 252 ascii "\boot\BCD"

or:

option 252 ascii "http://192.168.1.3:85/boot/BCD"

or:

option 252 ascii "/boot/BCD"

which IF the issue is the CISCO parsing bug will become:

option 252 ascii "\boot\BCD "

option 252 ascii "http://192.168.1.3:85/boot/BCD "

option 252 ascii "/boot/BCD "

(with the space at the end).

Generally speaking it wouldn't be the first (nor the last) time when the forward slash vs backslash has created issues ....

 

jaclaz

Link to comment
Share on other sites

@jaclaz

 

Im not even sure if option 252 even works at all anymore. Have tried all what is suggested (other than trying the alternatives, as I dont have the gear for it), still bootmgr tries to contact the WDS server (which causes the delay in the first place) as its first option

 

Also tried the different configuration with the slashed, and placing the bcd file on my webserver - no results  :o

 

Or I can seem to find the logic in how bootmgr is operating, it would be nice to see if I could monitor the dhcp to see what options actually are getting through.

I will try to see what I can find.

 

I will post the results here

 

Once again, thank you so much jaclaz  :thumbup

Edited by doestergaard
Link to comment
Share on other sites

Maybe/MaybeNot OT. INF/BAT files have been known (in the past, maybe today?) for wanting/needing x"0D0A" immediately following a character string so the parsing will recognize "DOH! All done with this." (typically after the last line). The Hex string is basically "Press Enter" at the end of the string. I may be completely wrong here (I've been known to be) but would that be worth trying? :unsure:

Link to comment
Share on other sites

Okay, here is the result from the TFTP server log:

No surprise is, that when bootmgr.exe gets loaded right after pxeboot.n12, then it takes 16 seconds before any further activity happens. Im still trying to find a way of capturing the DHCP output.

 

Will post these results later

 

 

TFTP Server SinglePort Version 1.62 Unix Built 1621

 
 
[05-Jul-15 19:32:16] starting TFTP service
 
[05-Jul-15 19:32:16] username: admin
 
[05-Jul-15 19:32:16] alias / is mapped to /share/MD0_DATA/PXE/
 
[05-Jul-15 19:32:16] permitted clients: all
 
[05-Jul-15 19:32:16] max blksize: 65464
 
[05-Jul-15 19:32:16] default blksize: 512
 
[05-Jul-15 19:32:16] default timeout: 3
 
[05-Jul-15 19:32:16] file read allowed: Yes
 
[05-Jul-15 19:32:16] file create allowed: Yes
 
[05-Jul-15 19:32:16] file overwrite allowed: Yes
 
[05-Jul-15 19:32:16] logging: all
 
[05-Jul-15 19:32:16] listening on: 127.0.0.1:69
 
[05-Jul-15 19:32:16] listening on: 192.168.1.3:69
 
[05-Jul-15 19:32:24] Client 192.168.1.21:2070 /share/MD0_DATA/PXE/pxeboot.n12, Error 0 at Client, TFTP Aborted
 
[05-Jul-15 19:32:24] Client 192.168.1.21:2071 /share/MD0_DATA/PXE/pxeboot.n12, 19 Blocks Served
 
[05-Jul-15 19:32:24] Client 192.168.1.21:2072 /share/MD0_DATA/PXE/bootmgr.exe, 361 Blocks Served
 
[05-Jul-15 19:32:24] Client 192.168.1.21:8933 /share/MD0_DATA/PXE/Boot/Fonts/wgl4_boot.ttf, No Such File/No Access
 
[05-Jul-15 19:32:24] Client 192.168.1.21:8934 /share/MD0_DATA/PXE/boot.ini, No Such File/No Access
 
[05-Jul-15 19:32:40] Client 192.168.1.21:8935 /share/MD0_DATA/PXE/boot/BCD, Error 0 at Client, TFTP Aborted
 
[05-Jul-15 19:32:40] Client 192.168.1.21:8936 /share/MD0_DATA/PXE/boot/BCD, 10 Blocks Served
 
[05-Jul-15 19:32:40] Client 192.168.1.21:8937 /share/MD0_DATA/PXE/Boot/Fonts/wgl4_boot.ttf, No Such File/No Access
 
[05-Jul-15 19:32:40] Client 192.168.1.21:8938 /share/MD0_DATA/PXE/hiberfil.sys, No Such File/No Access
 
[05-Jul-15 19:32:40] Client 192.168.1.21:8939 /share/MD0_DATA/PXE/boot/boot.wim, Error 0 at Client, TFTP Aborted
 
[05-Jul-15 19:32:40] Client 192.168.1.21:8940 /share/MD0_DATA/PXE/boot/boot.sdi, Error 0 at Client, TFTP Aborted
 
[05-Jul-15 19:32:54] Client 192.168.1.21:8941 /share/MD0_DATA/PXE/boot/boot.sdi, Timeout
 
[05-Jul-15 19:34:16] Client 192.168.1.21:8942 /share/MD0_DATA/PXE/boot/boot.wim, 35631 Blocks Served
Link to comment
Share on other sites

@jaclaz

 

Okay, I think I found out that option 252 doesn't even get send at all from the DHCP server

 

 

From WireShark:

 

Sk_rmbillede_2015_07_05_kl_23_35_33.png

 

 

RouterConfig:

 

!

ip dhcp pool ADM-NET

   network 192.168.1.0 255.255.255.224

   default-router 192.168.1.1 

   dns-server 212.10.10.4 212.10.24.252 

   option 66 ip 192.168.1.3 

   option 67 ascii "pxeboot.n12"

   option 252 ascii \boot\BCD, bootmgr.exe

!

 
!

interface Vlan10

 ip address 192.168.1.1 255.255.255.224

 ip helper-address 192.168.1.3

!

 
 
Any idea why? :s
Link to comment
Share on other sites

I really don't know. :(

 

Cisco iOS is often like a black box, a sorcerer (i.e. a "certified Cisco engineer") makes some spells on it and suddenly (correct) packets start flowing out from it, you try the same (but without knowing the exact magic words) and it sits there doing nothing.

I have spent more than one sleepless nights to just change a few addresses/options in an already configured router and managed switch, and it took many more to tame it into doing what I wanted to do, the language is clearly powerful and direct /and once properly set and working the thingies are exceptionally robust) but in my experience it is extremely picky on syntax and as seen it has it's own "queer" parsing ways.

 

The Wireshark trace definitely misses the option 252, here is a similar trace with option 252 working (for comparison):

http://xyfon.com/tech-tips/how-to-configure-dhcp-custom-options-on-a-fortinet-fortigate/

 

You can try starting again from scratch, deleting the DHCP pool :unsure:, this reportedly worked to solve the opposite problem (removing option 252):

http://www.airheads.eu/t5/Unified-Wired-Wireless-Access/There-is-probably-a-simple-answer-DHCP-option-252/td-p/87678

 

jaclaz

Link to comment
Share on other sites

Okay, i did some digging. Apparently, option 252 only gets offered when clients asks for an IP-address, like "ipconfig /renew". I found all the dhcp options available om the cisco site. I noticed, that only a few options is available for Bootstrap Protocol (BOOTP) - which I think is used by PXE. So, I filtered out the options available on BOOTP, and tried to configure some of them, and they do indeed get offered by the dhcp server.

 

So, digging through the options i see that there is a option 18 "Extentions path", which is descriped as path to a file on a tftp server.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/network_registrar/6-1-1/user/guide/users/UserApB.html#wp1024768

 

I got excited and tried to put in that option, but no luck so far - still slow pxe -.-

 

As far as i understand, option 18 has to be configured like:

 

option 18 ascii "/path/to/filename"

 

But doing so, nothing happens, at all :)

 

But at least we know now, that option 252 will never ever get offered by the dhcp server when pxe booting, cause it is not part of the bootstrap protocol

Edited by doestergaard
Link to comment
Share on other sites

Good, which means bad in this case. :(

 

If you have to use that Cisco thingy as DHCP server you will then need to use one of the alternatives (client side):

http://www.0xf8.org/2012/04/the-30-second-delay-in-booting-windows-pes-pxeboot-com-via-pxelinux/

though cannot say exactly how they can be implemented, the referenced post is not fully clear (to me at least).

We had a very similar thread here, but it was not finalized/it is not fully clear what works or how exactly:

http://www.msfn.org/board/topic/158363-slow-pxeboot0-with-3rd-party-tftp/

 

 

Personally I would use (as always) grub4dos:

http://diddy.boot-land.net/grub4dos/files/pxe.htm

but really-really I would try (if it suites your needs) as suggested in the other thread the iPxe/http/wimboot booting:

http://reboot.pro/topic/17520-booting-winpe-via-http/

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

@jaclaz

 

Yeah, unfortunately is bad. My head just can't get around it. I have seen som third party deployment solutions do this with no problem what so ever. And its not even PXELinux or anything like that. Simple DHCP TFTP, and the boot.wim get loaded instantly without delay.

 

I think i will stick to my current configuration and live with that 10-15 seconds delay, rather than setting up a third party pxe.

 

But anyways, thank you so much for helping me out. :)

 

daniel

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...