PXE boot not properly mounting to Altiris eXpress share

Hello.
I am using Altiris Deployment Solution 6.8 SP2 for Dell servers. I am trying to set up PXE boot and am having some problems.

With the Deployment Server installed on a Windows 2003 server in workgroup mode, the PXE image loads fine, and the automation agent is able to connect to the eXpress share and create or receive images. However, once the Deployment Server is joined to a domain, it no longer works.  It gives an error at the target server console when loading PXE:

cifs_mount failed w/ return code = -13
mount error 13 - Permission denied

I looked in the event log on the server with the eXpress share, and found:

Event id 529
Failure audit
Unknown username or password.  

I reconfigured the PXE boot image to use a domain user and password that has access to that share and verified I entered the password correctly.  The userid showing up in the event log error is the correct one.

What could I be doing wrong?

Thanks in advance.
LVL 2
CanHasCheezburgerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

HokieTim21Commented:
Interesting problem.  I saw that today with my own eyes.  Someone here has to know the reason!!  

Keep digging Sparky!
0
igor-1965Commented:
I think it will be faster to reinstall DS but... let's start with the basic checking:

1) Check the express share permissions - we have Everyone allowed to read and write.
2) Check express folder (and subfolders) NTFS permissions - same as above goes

3) Check out if PXE is not a culprit: start PXE configuration and find out the location where your boot image is saved (somewhere under \PXE\Images\MenuOption...) look for the file with the size 1.474.560 bytes. Hve it copied to your computer.

Download WinImage (http://www.winimage.com/winimage.htm) it will allow you to make a normal floppy from the file you just get above. Boot a computer with this floppy - you will be able to manually try mapping / username / password.
0
CanHasCheezburgerAuthor Commented:
igor-1965...
 Thanks for the response... I tried your first suggestion and no dice.. same problem...
I also cannot find any file that is that size under the PXE folder, however, even if I did, I probably could not use the winimage software as it would need approval to be used in our environment.

If I could figure out how to get the PXE image to boot and stop instead of rebooting I may be able to test some more.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

igor-1965Commented:
Create a job that consist of a single task. It will be a script  with the single line COMMAND, it must be a DOS task. Boot up a computer you would like to run test to PXE, press F8 to launch PXE boot menu, drop the job on a computer, then on computer select DOS Managed (or whatever you have called it) option from PXE menu.

The job should be launching DOS command interpreter and then will just accept whatever you entered. For example:
a:
cd \net
net use f: \\<yourserver_name>\express
0
CanHasCheezburgerAuthor Commented:
igor.  We're using the Linux boot images to mount.... Is there a way to get the linux one to not reboot?
0
igor-1965Commented:
Are you using Linux on your computers or it is just for PXE boot image?
I never tried to use Linux for this purpose so can't give you any advise.

For me , it is much easier to use DOS as I still remember how to configure autoexec.bat and config.sys by bare hands :)))
0
HokieTim21Commented:
When added to the domain, it is taking group policies from the domain.  Depending upon the security options you have set (NTLM, encryption, etc.) this could be stopping the CIFS share authentication.

When the server was not part of the domain, it had default ploicies which did not block this.  Once added, higher security settings could be in place which block NTLM v1 or require encryption, which your Linux boot environmnet are not doing.

So try this, create a new GPO for that server (meaning, place that server in its own Organizational Unit (OU) and create a new group policy object).  In the "Computer Configuration - Windows Settigs - Security settings - Local Policies - Security Options" change the "Network security: LAN manager authentication level" to "Send LM and NTLM, negotiate V2."

In the same GPO, also In the "Computer Configuration - Windows Settigs - Security settings - Local Policies - Security Options" change the "Network security: Minimum session security for NTLM SSP based (including secue RPC) clients" to have all 4 boxes unchecked.

Now apply this GPO to the OU, move the Altiris Deployment server to the OU, and reboot the server.  Then, try again to see if it works.

**********A side note here, you must use a local account on that server for authentiacation.  If you use a domain account, that account tries to authenticate against the domain controller, and in that case, would still fail.  Because the DC still has the higher NTLM and security settings.  Therefore, use an account that is local to that server and see if it works.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CanHasCheezburgerAuthor Commented:
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.