Typically these devices run some sort of *nix and gets booted from that without any issues. What I have seen issues with as well is when Option43 is set for these to work, and since MS DHCP couldn't dynamically assign options until 2012 you were up "foul word" creek. Basically each device these days require its own set of options, so the MS policy thing is great.
As per the 3rd party PXE stack, that's a great way to deal with this. Ip helpers won't help if you share phones/devices on the same subnet requiring other boot devices etc. It will just make things even more confusing having several ip-helpers per subnet. Removed "b*ll*cks" from the email thread as that seemed to have blocked a few peeps over the pond with vigorous security people. //A From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Deepak Kumar Sent: den 6 januari 2015 19:58 To: mssms@lists.myitforum.com Subject: [mssms] RE: PXE Service Point from DHCP Scope It is not only the PC BIOS and NIC, there are all kinds of IP phones and devices out there now, which use PXE to "boot up", and I've seen plenty of issues with the way they use DHCP scope options. >From what I've seen in practice, configuring IP helpers is worth the effort >for building a stable long term infrastructure, unless you're using a 3rd >party PXE stack, and I can see why Microsoft wouldn't want to pay the support >cost for other peoples' devices. thanks, Deepak Kumar, Chief Technology Officer, Adaptiva. Seattle, WA - 98033. Tel: 425-823-4500, Cell: 425-647-9095 http://www.adaptiva.com/onesite-deep-dive/ [Description: Description: adaptiva_logo4c-small] Simply Works! [email-signature-awards] From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys Sent: Tuesday, January 06, 2015 9:41 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope They support the WDS portion of course because that's their code and based on industry standards, they "support" ip helpers. If there truly is something wrong with your network forwarding DHCP/PXE broadcasts/traffic or the NIC initiating PXE (or downloading content using TFTP), there's nothing they can possibly do about it no matter what. That's the hardware vendors code and hardware. And that's why they recommend ip helpers. The problems most folks have seen in the past with PXE booting using DHCP scope options have to do with the NIC not doing the right thing. It had nothing to with DHCP itself. There are still problems today with slow PXE boot because the NIC microcode was not efficient enough or correct - even the Surface 3 suffered from this issue - and the only thing that could be done about it was going to the hw vendor and hoping that they had an updated BIOS for the NIC itself. With ip helpers, the NIC doesn't have to do anything special. That's not to say that the NIC still can't mess it up, but it's something that I've never seen happen whereas with DHCP scope options, I have. Remember what "support" means here also: it's what they tested successfully with and against. It doesn't mean they can fix it if it's broken. Just like they support Windows but if your hard drive or motherboard is bad, they can't fix it and will send you to the hardware vendor to fix it. Now, throwing UEFI into the mix changes the conversation here a little but it still comes down to the problem above: the have been problems in the past with NICs not PXE booting properly with DHCP scope options in use. J From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld Sent: Tuesday, January 6, 2015 10:43 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope So how can they support a WDS boot at all? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys Sent: den 6 januari 2015 17:20 To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope But Microsoft cannot support it, it's not their process. The reason it's problematic has nothing to do with DHCP, it has to do with the NIC vendors. The DHCP portion is not the problem here and is ultimately a small portion of the PXE boot process. The vast majority of PXE boot is between the NIC and the network which Microsoft has no control over or influence upon. How could they support it? Thus, it's not shifting blame, it's pointing out that they can't do anything about it. J From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Phil Wilcock Sent: Tuesday, January 6, 2015 10:06 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope Would be nice if MSFT could update the docs to include this info, as it's a bit vague as to what is 'supported' and what isn't. In this WP - http://www.microsoft.com/en-us/download/details.aspx?id=44598 it states: An alternative to using IP Helpers is setting DHCP Options on the DHCP server, specifically DHCP Options 60 (PXE Client), 66 (Boot Server Host Name), and 67 (Boot file Name). However, DHCP Options can be problematic and may not work reliably or consistently. Furthermore the use of DHCP Options to control PXE requests in Configuration Manager 2012 is not supported by Microsoft. Therefore the recommended and supported method of PXE booting client PCs that are on a different subnet than the DHCP or WDS/PXE Service Point servers is the use of IP Helpers. But in here http://technet.microsoft.com/en-us/library/cc732351(WS.10).aspx#Using it says that Microsoft 'does not recommend' this method. Bottom line here seems to be that it's a bit complicated and therefore we'll shift blame over to the HW vendors and not support it. Which is a shame because who wants to go to their Network guys and ask them to config thousands of routers? MS own all the bits here - make em play nice together! Senior 2Pint From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld Sent: 06 January 2015 13:11 To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope Todd, we were wrong. DCHP server in Server 2012 got something called Policies, which can control the response behavior. This means you can control what we should reply to who. Just discovered this but think I can get it to send different boot loaders to different HW capabilities. I can definitely set it to send my iPXE boot loader a different TFTP server in option 66, so should be doable. If so, I will blog about it. So I will have to retract my statement, the MS DHCP server is pretty capable. //A From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld Sent: den 5 januari 2015 08:18 To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope Yeah, MS DHCP is pretty much the same since NT4. I would consider moving of MS DHCP to something like ISC since UEFI is unavoidable. //A From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd Sent: den 5 januari 2015 00:15 To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope Yea, I don't think MS DHCP has changed in quite a while. It would be nice to see an architecture aware update for MS DHCP in Win10 server maybe, but that's probably reaching. I'll defer crossing the UEFI river as long as I can. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld Sent: Sunday, January 4, 2015 1:06 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope Yeah, since the PXE standard is a bit soft around the edges I can see why. It's been interesting working with the Linux/*nix PXE people, they taught me a lot about this. And they do it all by DHCP, not proxy at all, and never had any issues. :-/ But their DHCP servers are way more sophisticated/complicated than MS DHCP. Below is an example of ISC DHCP config: allow bootp; allow booting; next-server 10.1.1.2; # core.smidsrod.lan # Disable ProxyDHCP, we're in control of the primary DHCP server option ipxe.no-pxedhcp 1; # Make sure the iPXE we're loading supports what we need, # if not load a full-featured version if exists ipxe.http and exists ipxe.menu and exists ipxe.nfs and ( ( exists ipxe.pxe and exists ipxe.bzimage and exists ipxe.elf and exists ipxe.comboot and exists ipxe.iscsi ) or ( exists ipxe.efi ) ) { filename "nfs://nas.smidsrod.lan/raid/boot/boot.ipxe"; #filename "http://boot.smidsrod.lan/boot.ipxe";; } elsif exists user-class and option user-class = "iPXE" { # We're already using iPXE, but not a feature-full version, # and possibly an out-of-date version from ROM, so load a more # complete version with native drivers # Allow both legacy BIOS and EFI architectures if option arch = 00:06 { filename "ipxe-x86.efi"; } elsif option arch = 00:07 { filename "ipxe-x64.efi"; } elsif option arch = 00:00 { filename "ipxe.pxe"; } } elsif exists user-class and option user-class = "gPXE" { # If someone has an old version of gPXE burned into their ROM, # load a more recent iPXE filename "ipxe.pxe"; } elsif option arch = 00:06 { # EFI 32-bit # I like to use iPXE-provided drivers, so therefore give ipxe.efi # to all non-iPXE clients, use snponly.efi if you have unsupported # or misbehaving NICs filename "ipxe-x86.efi"; #filename "snponly-x86.efi"; } elsif option arch = 00:07 { # EFI 64-bit # I like to use iPXE-provided drivers, so therefore give ipxe.efi # to all non-iPXE clients, use snponly.efi if you have unsupported # or misbehaving NICs filename "ipxe-x64.efi"; #filename "snponly-x64.efi"; } elsif option arch = 00:00 { # Legacy BIOS x86 mode # I like to use iPXE-provided drivers, so therefore give ipxe.pxe # to all non-iPXE clients, use undionly.kpxe if you have unsupported # or misbehaving NICs filename "ipxe.pxe"; #filename "undionly.kpxe"; } else { # Unsupported client architecture type, so do nothing } //A From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd Sent: den 4 januari 2015 19:18 To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope Unfortunately, I don't control which networks all of our systems get put on. All Windows on one network and all of our *nix systems on separate ones to make use of IPHelpers is unrealistic here. I use DHCP to control whether to PXE to SCCM, WDS, or Cobbler for *nix, on a per system basis with reservation options, or scope with scope options where it makes sense. It's worked great for a number of years, and we've never had any issues with it. And Michael is right, any problems I've ever seen with WDS/PXE/DHCP/SCCM have all been endpoint problems. i.e. PXE code on/in the NIC on the device being PXE booted. When I get complaints about WDS not working, my first response is always "Have you updated the BIOS on your computer?" And that usually clears it up. We're a Dell/VMware shop mostly, and homogeneity helps a ton in this regard. We haven't come to the UEFI vs. non-UEFI bridge yet, so we haven't had to come up with a way to cross it. I suspect it's closer than I'd like though. Todd From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Niehaus Sent: Sunday, January 4, 2015 12:06 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope The problem with the statement is that it doesn't say "why." There have been a number of support cases opened where DHCP options didn't work correctly (and in some configurations, extra complications for UEFI vs. non-UEFI); these have been traced back to problematic firmware revisions on random PCs. So it's much easier to say "not supported" than to say "use at your own risk and don't call us if it doesn't work." Thanks, -Michael From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld Sent: Sunday, January 4, 2015 4:59 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: PXE Service Point from DHCP Scope Senior found it: http://www.microsoft.com/en-us/download/details.aspx?id=44598 "All bad" as the americans would say though: "Furthermore the use of DHCP Options to control PXE requests in Configuration Manager 2012 is not supported by Microsoft. Therefore the recommended and supported method of PXE booting client PCs that are on a different subnet than the DHCP or WDS/PXE Service Point servers is the use of IP Helpers. " I think the quote from the *nix community is more spot on: "As I see it in the windows world nobody actually know how DHCP works - or are just too lazy to try to understand it. And it is impossible to configure WDS and it breaks if you even try to look at it." So what we have here is a failure to communicate... //Andreas From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld Sent: den 4 januari 2015 13:05 To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] PXE Service Point from DHCP Scope Hey, I seem to recollect a discussion where it was mentioned that it wouldn't work booting from a PSP using DHCP options or was that just a "not supported" clarification? Been doing some oogling on it but seems like people are confused mostly? //A Best regards, //Andreas Co-Founder +46 727 253995 http://2pintSoftware.com https://twitter.com/AndHammarskjold
