Jump to content


jfdensmore

Is there a new PXE configuration for CB?

Recommended Posts

What i mean is, i had PXE working just fine using DHCP Scope options. Just last week i converted my Site to "HTTPS Only" and everything went great and is working well except for PXE Booting. Currently I can get a computer to PXE and then get to the SCCM Splash screen, put in a password, then it sits there at retrieving policy for a few minutes, then reboots.    After trouble shooting this for a bit im wondering if i need to rethink how i configure PXE booting.  Is the DHCP WDS method outdated?  Or perhaps does it not work with HTTPS?

is there a definitive guide out there to set this up??  Working with HP Switches. 

Thank you for taking some time to check this out, Appreciate all your help out there!

Share this post


Link to post
Share on other sites

To get PXE working with HTTPS read my guide here (two parts, here's part 1.) You are more than likely missing the osd certs.

 

but to answer your question, is there a new PXE type, yes, ConfigMgr can manage PXE boot using it's own service instead of the Windows Server Service called Windows Deployment Services Service. Also, I'd recommend that you don't configure DHCP scope options, and use IP Helpers instead.

Share this post


Link to post
Share on other sites

Thank you! I will check this out asap!  

Before i go too far, which of these methods do you recommend?  Our environment consists of 3 physical locations that in the future will each contain their own distribution point,  one central server ("To rule them all"), and i would to PXE at these other locations at some point as well.   Any advice would be greatly appreciated!


@anyweb  Do you guys recommend any training courses for SCCM?  I have been using SCCM for about 6 years now and i love it for what we use it for. But i feel like i have never been able to get completely comfortable with all it can do. Currently i have learned all i know from awesome people like you and those on these sites. But say i wanted to become Certified in it which route should i take?

 

 

Share this post


Link to post
Share on other sites

the central server is just a Primary server, avoid a CAS if at all possible, it will only cause grief, you can have DP's at your 3 locations no problem, if you want to get certified then take training with Kent Agerlund or Johan Arwidmark, both offer training via their companies, i would also try and get trained up on Microsoft Intune as that is where a lot of focus (and companies) are moving towards,

on-premise management is via SCCM

cloud management=Intune

mix of both=SCCM co managed with Intune

cheers

niall

Share this post


Link to post
Share on other sites

Sorry bad terminology on my part, we run primary, not CAS.   Thanks for the info!  I have actually seen some of Johan's trainings, i will take you up on that and see what i can get my work to approve!

I actually do have intune installed doing co-management, but i don't do anything with it as i haven't had time to educate myself. SCCM and Intune is a big project for me in the near future. 

Back to initial problem, I have verified your instructions and i appear to have everything correct.    Still not getting past the Splash screen. 

  Ill try to locate your guide on using ConfigMgr to handle our PXE Service. That sounds like the proper way to do it. 

 

Share this post


Link to post
Share on other sites

Perhaps this will tell you something:

When i look at my smspxe.log i get:

WARNING: _SMSTSRootCACerts Not Set. This might cause client failures in native mode.    SMSPXE    8/28/2019 7:41:03 AM    14064 (0x36F0)
WARNING: _SMSTSCertStoreName Not Set. This might cause client failures in native mode.    SMSPXE    8/28/2019 7:41:03 AM    14064 (0x36F0)
WARNING: _SMSTSCertSelection Not Set. This might cause client failures in native mode.    SMSPXE    8/28/2019 7:41:03 AM    14064 (0x36F0)
 

Share this post


Link to post
Share on other sites

4 hours ago, anyweb said:

if you are not getting the screen press f8 as soon as you can, grab the smsts.log and attach it here i'll take a look

I try this, but f8 does nothing for me, i have updated my boot images to 1903 , and verified the option is checked.  

Wow Noob moment there, I have to hit the FN key for F8 to function properly..... Sorry, checking log now. THanks. 

Share this post


Link to post
Share on other sites

Well i thought it might be a time issue, since it was set to PST, So i changed it to our local time and it still failed. I do still see this in the SMSTS.log:

SyncTimeWithMP() failed. 80072f8f.    TSPxe    8/28/2019 12:46:36 PM    1100 (0x044C)
 

Attached is complete SMSTS.log. 

smsts1.log

Share this post


Link to post
Share on other sites

hi, i've fired up one of my HTTPS configmgr labs and verified that all the certs are working, then i pxe booted and compared my smsts.log to yours, have a look here, it looks like you are missing certificates in the boot image as suspected. You log to the left, my working vm on the right. I'd double check you've done everything in my converting sccm from http to https guides again.pxe boot ssl.PNG

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.