Bootpd, DHCP and OS X Server 2.2

Question

Level 1

9 points

Bootpd, DHCP and OS X Server 2.2

I have a Mac Mini running OS X Server in Mountain Lion that I use for imaging via DeployStudio. A couple of days ago, I tried to boot a MacbookPro using Netboot by going to Start-up Disks, and selecting the Netboot image. When the machine restarted, it just sat at the grey screen for about a minute, then it started flashing the globe icon, as it was trying to find the Mini. After about a minute of that, it would give up and then boot back to the OS. I tried this with a NetInstall image, another NetBoot image, another machine, and so on. All of them had the same behavior.

After going through some logs and looking at the documentation, it turned out that the machines really couldn't find the Mini to boot from. Basically, if the DHCP service wasn't turned on, and configured for the same subnet that the Mini was on, then nothing could find the Mini to boot from it. This was bad, really bad, as l work for a large achadimc instatution where they run their own DHCP services for all of the subnets.

The issue turnes out to be that as of 2.2 of OS X Xerver, that the bootpd service doesn't launch by itself anymore. The DHCP service must be running for bootpd to launch. Netboot needs bootpd for the clients to find the host. The solution that I came up with was to modify the /etc/bootpd.plist file.

There are, as of when I am writting this, two versions of Netboot. Netboot 1, or old Netboot, allows the bootpd service to run without DHCP, and Netboot 2 that requires DHCP to be on for bootdp to launch. I went into the /etc/bootpd.plist file and added the following lines to the bottom, just before the closing </dict> tag:

<key>old_netboot_enabled</key>

<array>

</array>

This turns on the old netboot so bootpd could run on its own. You'll have to restart the machine running OS X Server for the change to take affect.

There a couple of downsides to this method. One is if you turn on Internet Sharing in the Sharing system pane, or if you happen to turn on or change the DHCP settings in any way, your changes will be wipped out.

I hope this helps somebody out that that had the same issues that I had.

Micah

OS X Server, 2.2

Posted on Feb 15, 2013 7:59 AM

Reply

Answer 1

Micah Hunter Author

Level 1

9 points

Feb 18, 2013 1:13 PM in response to Micah Hunter

Update: It turns out that there is a cache somewhere that allows a computer that has connected to NetBoot somewhere to be able to connect again with out DHCP running. This is not true with new computers. DHCP needs to be on on the first boot, then after that can be turned off and have units boot to the NetBoot server with the above hack. This is still not good in my enviornment, as far as I can tell, I can't use DHCP at all.

I do know that I can, with a USB network adapter, can create a private subnet only for imaging, but I would be limited on speed. This could also be an option if I can't get NetBoot to work with the main network.

Reply

Answer 2

Feb 19, 2013 7:55 AM in response to Micah Hunter

DHCP must be available somewhere on the network. You should not have multiple DHCP servers... this will confuse NetBoot. You do not have to have DHCP running on the NetBoot Server. It's not running on (any of) mine.

Reply

Answer 3

Micah Hunter Author

Level 1

9 points

Feb 19, 2013 10:49 AM in response to Brian Nesse

DHCP is being supplied by the campus. As it comes out of the box, Netboot won't work with out DHCP running on the server, at least on the nework I have to work with. I my issue is to not have two DCHP servers runnin go the same network. This leads to bad things, not to mention getting my server banned from the network.

I have came up with a better solution since my last post. I found out, after more testing, its that what I had written below concerning the old_netboot_enabled was half true. It turns out that it only worked if the machines had booted under DHCP running on the server, and was given a lease. They where able to see the Netboot server after that while the lease was valid, whether DHCP was running or not.

After some more research, I have came up with a better solution that allows the Netboot server to use NAU's DHCP servers for Netboot. The only issues are that the server and the client have to be on the same router port, as booted by default is not routed, and that the client has to be registered with NAU's network so it will get an IP.

Go to /etc/bootpd.plist and make a backup copy. Then make sure that DHCP, and internet sharing isn't running on the server. Then create a new booted.plist with your favorite plain text editor. Then copy in the following:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>NetBoot</key>

<dict>

<key>startTime</key>

</dict>

<key>Subnets</key>

<key>allow</key>

<key>bootp_enabled</key>

<array>

</array>

<key>detect_other_dhcp_server</key>

<true/>

<key>dhcp_enabled</key>

<key>netboot_enabled</key>

<array>

</array>

</dict>

</plist>

Give ownership to the new bootpd.plist file to the system and making it belong to the wheel group, and everybody else read only rights. Restart the machine, and you should be able to boot macs into Netboot or DeployStudio.

I have tried this on 9 different laptops, some that the Netboot server has seen before, and some that it hasn't. It works with the machines being on either subnets in the Gammage building. Just be aware that the client may not atomically see the Netboot images when holding down the Option key or 'N' key on startup, and you may have to go into System Preferences > Startup Disk to choose the Netboot image before the client will boot to it.

I hope this helps.

Reply

Answer 4

techudl

Level 1

0 points

Mar 18, 2013 1:40 AM in response to Micah Hunter

Hi Micah,

I have try your solution but it doesn't work.

First Excuse me for my english writing 'cause I'm french...
So the problem is complex, here is my Situation :

Netboot Server : A brand new mac mini server with 10.8.2 server (late 2012, macmini 6,2), 2 terabyte hard drives of each and DeployStudioServer 1.5.16
The services Netinstall, OpenDirectory (master mode) and AFP file sharing are all ok !

I have an external DHCP (linux) server. The DHCP server is on a vlan and the netboot server and netboot clients are on another clan, so I have
add ip address of my netboot server as a ip-helper address in the cisco router configuration of the dhcp server vlan.

And HERE IS MY PROBLEM :

I have used three kinds of netboot's client :

1. a macbook pro 17" (macbookpro 5,2, 17" early 2009) with mac os 10.6.8
2. a macbook pro 13" (macbookPro 9,2 13" mid 2012) with mac os 10.8.2
3. a Mac mini late 2012 ( macmini 6,1) with mac os 10.8.2

I have generate 2 DeployStudio Netboot sets, one for the macbook pro 13 " (10.8.2) and one for the mac mini late 2012 (10.8.2)

SO, It works without problem when I netboot with macbook pro 17" which use for example the netboot set of macboo pro 13" but the other machines don't net boot ! Why ???

In the netinstall logs and when I netboot with macbook pro 17 under 10.6.8, I saw the lines :

b 18 08:43:23 [my-netboot-server] bootpd[2825]: BSDP DISCOVER [en0] 1,0:26:4a:c:d1:8 NetBoot002 arch=i386 sysid=MacBookPro5,2
Feb 18 08:43:23 [my-netboot-server] bootpd[2825]: replyfile /private/tftpboot/NetBoot/NetBootSP0/mbpro-13-1082.nbi/i386/booter
Feb 18 08:43:23 [my-netboot-server] bootpd[2825]: replying to 0.0.0.0
Feb 18 08:43:23 [my-netboot-server]bootpd[2825]: BSDP OFFER sent [1,0:26:4a:c:d1:8] pktsize 360

but when I netboot with macbook pro 13" under 10.8.2, I see only the lines (for example ) :

Feb 18 09:01:07 [my-netboot-server] bootpd[2968]: service time 0.000015 seconds
Feb 18 09:01:40 [my-netboot-server] bootpd[2968]: service time 0.000015 seconds
Feb 18 09:01:40 [my-netboot-server] bootpd[2968]: service time 0.000004 seconds
Feb 18 09:01:52 [my-netboot-server] bootpd[2968]: service time 0.000015 seconds
Feb 18 09:01:52 [my-netboot-server] bootpd[2968]: service time 0.000010 seconds
Feb 18 09:02:08 [my-netboot-server] bootpd[2968]: service time 0.000015 seconds

PLEASE HELP ME, I DON'T UNDERSTAND WHY IT WORKS WITH A "10.6.8" OLD CLIENT AND NOT WITH MY NEW MACS UNDER MOUNTAIN LION ?
HAVE YOU ANY IDEA ?

THANKS IN ADVANCE TO ALL FOR YOUR HELP
BEST REGARDS

Reply

Answer 5

techudl

Level 1

0 points

Mar 18, 2013 1:44 AM in response to techudl

Excuse me Micah, I have another question :

If the client may not atomically see the Netboot images when holding down the Option key or 'N' key on startup, how can I deploy a fresh "image" of a macintosh on a new machine ?

Must I install a basic system and only after that, to deploy a entire image (with apps and others) ?

Best Regards

Reply

Answer 6

Mar 18, 2013 3:14 AM in response to Micah Hunter

The Mac server acting as the NetBoot server does not have to be the full-blown DHCP server. As others have said you should only normally have one DHCP server on a network.

The way things work if you have a different server acting as your DHCP server, i.e. not the NetBoot server is that when the client is turned on it will initially ask the network for any DHCP server to issue it an IP address, the DHCP server will then issue an IP address, the client Mac if in NetBoot mode then sends another different type of DHCP request asking for the details of the NetBoot server, the NetBoot server then replies with this information and the client Mac can then boot from the NetBoot server.

Are you connecting the client Macs via Ethernet or Wi-Fi? Normally because Wi-Fi requires authenticating to the network you cannot NetBoot via it. Other common issues are having a NetBoot image that is not compatible with your model of client Mac, for example if the NetBoot image is an older one it will not be able to boot the latest model Macs, similarly for PowerPC vs. Intel Macs. It is possible to have multiple different NetBoot images (but only one default one), so with multiple NetBoot images you can then cover all the different models you need. Also generally a NetBoot built from the latest model will support older models as well - within limitations, a Mountain Lion NetBoot image will not work on models that do not support Mountain Lion, e.g. the original MacBook Air model which can only run Lion or earlier.

As you are using DeployStudio did you build the NetBoot set using DeployStudio?

Reply

Answer 7

techudl

Level 1

0 points

Mar 18, 2013 5:21 AM in response to John Lockwood

Hi John,

I am connecting the client Macs only via Ethernet. So I have create multiple image with the latest model like a macbook pro 13 inchs or a the latest model of mac mini !

I don't understand why my netboot server don't permit "latest" models to start with a deploystudio netinstall image.

A old model like a 17 inch macbook pro works even if I use external DHCP with multiples VLANS.

Do you have another idea ?

Best Regards

Reply

Answer 8

Micah Hunter Author

Level 1

9 points

Mar 19, 2013 8:10 AM in response to techudl

I have never had the 'N' key option work for me in my enviroment. I came accross another hurdle that I can't get around. I have a bunch of MacBookPros (Late 2010) that I have to manage. Once they received the latest EMC update, they can't boot via NetBoot anymore. They just don't like the network enviroment that the university has set up. Although I can boot older machines with the configuration that I have mentioned above, the newer machines can not. I was not able to find a configuration that worked with out running my own DHCP server, which I have stated above, I can't because of the university's network wide DHCP service.

I use DeployStudio. My soution to this issue was to use DeployStudio to create a bootable USB memory stick. This gets around all of the requirements that come with trying to NetBoot. All it has to do is just have find the server after the computer has booted. It is not as convinent as booting from the network, as you need a memory stick for every machine you boot if you want to boot multiple machines at once, but it does get around the DHCP issue for me.

Another thing to note, is that in my network, BootP is not routable, meaning that all of my machines that I want to manage have to be off the same router port. I use some unmanaged Linksys switches to connect my machines and NetBoot server to.

I hope this helps.

Reply

Answer 9

Mar 19, 2013 8:28 AM in response to Micah Hunter

I am currently running DeployStudio on a Mac mini with the DHCP server being a Windows 2008R2 server. I do have to have the client Mac on the same network switch as the Mac mini server but this is because of the routing you mention and also firewalls.

Reply

Answer 10

techudl

Level 1

0 points

Mar 19, 2013 8:33 AM in response to John Lockwood

Thanks a lot Micah and John ! I am frustated that Apple don't make efforts to resolve this problem of netboot accross subnet with the latest models of macintosh.

I use Deploystudio since several years to deploy many machines or rooms and all was ok but today It don't works once the macs received EMC or EFI update.

Best Regards

Reply

Answer 11

Mar 20, 2013 2:53 AM in response to techudl

techudl wrote:

Thanks a lot Micah and John ! I am frustated that Apple don't make efforts to resolve this problem of netboot accross subnet with the latest models of macintosh.

I use Deploystudio since several years to deploy many machines or rooms and all was ok but today It don't works once the macs received EMC or EFI update.

Best Regards

Imaging a computer means sending multiple gigabytes of data across the network, you would not really want to have (or risk having) that go across multiple network segments. I am therefore perfectly happy to have to have the client device local the the NetBoot server.

If you need to do this in multiple sites then an option is to have multiple netboot servers.

Reply

Answer 12

Apr 19, 2013 3:31 AM in response to Micah Hunter

Dear All

First of all, let me describe my own situation.

In my scool, I'm during to install a netboot / deploy studio solution for a single subnet, accross subnet.

The server, a Macmini6.2, is on a "server" subnet where there's no DHCP.

Clients are on an other subnet which have DHCP.

"Bonjour" protocole is not routed so the startup preferences pane of the client don't see the server images

We have CISCO router with DHCP snooping. This mean even if I install the netboot server on the same DHCP subnet than clients, DHCP INFORM and DHCP ACK are blocked by the router which allow only one server to talk on DHCP ports. So John, your solution to work on the same subnet is not possible for me.

This DHCP is centralized, I've made a request to the network admin and he addded netboot information on the DHCP server. The Cisco router is acting as DHCP relay. It's clean and efficient.

The problem :

It's working perfectly with newest machines, but _not_ with olders.

(not so old : Macmini5.2 for example)

Yes, John, I'm aware about system compatibility. I've checked that NBImageInfo.plist basically contain the correct model name without modifications. I tried multiple images too.

In fact older clients start but crash before the end of the netboot process. I havn't identified yet at which step it crash.

What I expect is that threr's a difference between informations needed for "old" models and for newest models. I suggest we share our tcpdump result to try to find out what's the difference.

I suppose you all know the Bombich tips : <http://afp548.com/static/mactips/nbas.html>

I propose you capture tcp packet whith this methode : <http://www.macenterprise.org/articles/troubleshootingnetbootnetinstallnetrestore>

Here's the copy of Wirehsark entry about DHCP ACK :

Server host name: netbootserver.ici.ch

Boot file name: NetBoot/NetBootSP0/NetBoot.nbi/i386/booter

Root Path: nfs:128.178.59.50:/Library/NetBoot/NetBootSP0:NetBoot.nbi/NetInstall.dmg

If you have the same kind of entry, I'll have to search in an other way.

I'm not sure if at one step, there's no Bonjour used, for example for the NetBootClient0 address.

If you have information about it, welcome 🙂

Thanks !!!

Reply

Answer 13

May 22, 2013 7:03 AM in response to nicolas michel

Dear all

I'm still having an issue whith netboot accross subnet.

It works fine whith a MacMini6.2 client but not whith a MacMini5.2 client.

Config server : macmini6.2 10.8.3

DHCP relay from cisco router whith dhcp snooping that point on a third party DHCP server.

As I can't find a correct diagnostic, I tried to use an other subnet where there's no DHCP inform and no dhcp snooping. (whith no broadcast between the server and the client)

If I write the full bless command including the kernelcache address, it works.

If I write the bless command whithout the kernelcache option, it doesn't work.

Here's the bless command that works :

sudo bless --netboot --booter tftp://123.123.123.123/NetBoot/NetBootSP0/NetBoot.nbi/i386/booter \

--options "rp=nfs:123.123.123.123:/private/tftpboot/NetBoot/NetBootSP0:NetBoot.nbi/NetBoo t.dmg" \

--kernelcache tftp://123.123.123.123/NetBoot/NetBootSP0/NetBoot.nbi/i386/x86_64/kernelcache

The great doc of Mike Bombich (thanks to him) is a bit old and doesn't specify kernelcache which is a 10.7 and 10.8 option.

So my question is : What should be the exact "dhcp inform" part for the kernelcache option ?

the RFC 1497 doesn't specify the content of the "BOOTP Vendor Information Extensions", just the format and it's not opensource anymore, does Apple provide any information about that ?

Thanks !!!

Reply

Answer 14

May 22, 2013 9:34 AM in response to nicolas michel

Hi again

Finally I found this option :

$ nvram boot-args="-v"'

That show the boot process.

https://groups.google.com/forum/?fromgroups#!msg/macenterprise/y1RnrjpvSr4/UlZII FVx2dQJ

And I see that it boot :

- the booter is found

- the kernelcache is found

- the nfs mount is done

- the netboot.dmg is booted

- but finally it crash

From an other subnet it works, it's weird.

Reply

Answer 15

May 23, 2013 3:11 AM in response to nicolas michel

To show that text hold down command-v when booting, or type 'sudo dmesg' into a command line shortly after booting.

Reply