?
Solved

PXE boot not properly mounting to Altiris eXpress share

Posted on 2008-11-19
8
Medium Priority
?
5,348 Views
Last Modified: 2013-12-12
Hello.
I am using Altiris Deployment Solution 6.8 SP2 for Dell servers. I am trying to set up PXE boot and am having some problems.

With the Deployment Server installed on a Windows 2003 server in workgroup mode, the PXE image loads fine, and the automation agent is able to connect to the eXpress share and create or receive images. However, once the Deployment Server is joined to a domain, it no longer works.  It gives an error at the target server console when loading PXE:

cifs_mount failed w/ return code = -13
mount error 13 - Permission denied

I looked in the event log on the server with the eXpress share, and found:

Event id 529
Failure audit
Unknown username or password.  

I reconfigured the PXE boot image to use a domain user and password that has access to that share and verified I entered the password correctly.  The userid showing up in the event log error is the correct one.

What could I be doing wrong?

Thanks in advance.
0
Comment
Question by:CanHasCheezburger
  • 3
  • 3
  • 2
8 Comments
 
LVL 1

Expert Comment

by:HokieTim21
ID: 23001136
Interesting problem.  I saw that today with my own eyes.  Someone here has to know the reason!!  

Keep digging Sparky!
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 23001938
I think it will be faster to reinstall DS but... let's start with the basic checking:

1) Check the express share permissions - we have Everyone allowed to read and write.
2) Check express folder (and subfolders) NTFS permissions - same as above goes

3) Check out if PXE is not a culprit: start PXE configuration and find out the location where your boot image is saved (somewhere under \PXE\Images\MenuOption...) look for the file with the size 1.474.560 bytes. Hve it copied to your computer.

Download WinImage (http://www.winimage.com/winimage.htm) it will allow you to make a normal floppy from the file you just get above. Boot a computer with this floppy - you will be able to manually try mapping / username / password.
0
 
LVL 2

Author Comment

by:CanHasCheezburger
ID: 23004351
igor-1965...
 Thanks for the response... I tried your first suggestion and no dice.. same problem...
I also cannot find any file that is that size under the PXE folder, however, even if I did, I probably could not use the winimage software as it would need approval to be used in our environment.

If I could figure out how to get the PXE image to boot and stop instead of rebooting I may be able to test some more.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:igor-1965
ID: 23004645
Create a job that consist of a single task. It will be a script  with the single line COMMAND, it must be a DOS task. Boot up a computer you would like to run test to PXE, press F8 to launch PXE boot menu, drop the job on a computer, then on computer select DOS Managed (or whatever you have called it) option from PXE menu.

The job should be launching DOS command interpreter and then will just accept whatever you entered. For example:
a:
cd \net
net use f: \\<yourserver_name>\express
0
 
LVL 2

Author Comment

by:CanHasCheezburger
ID: 23004689
igor.  We're using the Linux boot images to mount.... Is there a way to get the linux one to not reboot?
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 23004906
Are you using Linux on your computers or it is just for PXE boot image?
I never tried to use Linux for this purpose so can't give you any advise.

For me , it is much easier to use DOS as I still remember how to configure autoexec.bat and config.sys by bare hands :)))
0
 
LVL 1

Accepted Solution

by:
HokieTim21 earned 2000 total points
ID: 23087516
When added to the domain, it is taking group policies from the domain.  Depending upon the security options you have set (NTLM, encryption, etc.) this could be stopping the CIFS share authentication.

When the server was not part of the domain, it had default ploicies which did not block this.  Once added, higher security settings could be in place which block NTLM v1 or require encryption, which your Linux boot environmnet are not doing.

So try this, create a new GPO for that server (meaning, place that server in its own Organizational Unit (OU) and create a new group policy object).  In the "Computer Configuration - Windows Settigs - Security settings - Local Policies - Security Options" change the "Network security: LAN manager authentication level" to "Send LM and NTLM, negotiate V2."

In the same GPO, also In the "Computer Configuration - Windows Settigs - Security settings - Local Policies - Security Options" change the "Network security: Minimum session security for NTLM SSP based (including secue RPC) clients" to have all 4 boxes unchecked.

Now apply this GPO to the OU, move the Altiris Deployment server to the OU, and reboot the server.  Then, try again to see if it works.

**********A side note here, you must use a local account on that server for authentiacation.  If you use a domain account, that account tries to authenticate against the domain controller, and in that case, would still fail.  Because the DC still has the higher NTLM and security settings.  Therefore, use an account that is local to that server and see if it works.
0
 
LVL 2

Author Closing Comment

by:CanHasCheezburger
ID: 31518368
Thanks!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question