Installation and Configuration

Installation and Configuration

Pre-Requisites

The following items must be installed and configured on the 2PXE Server regardless of which handler you will be using (Configuration Manager or PowerShell)

  • The .NET Framework 4.6.2 or above must be installed.

  • If you want to use Configuration Manager the 2PXE Software must be installed onto a CM Distribution Point.

Configuration Manager – Distribution Point

As stated previously, in an ideal setup, a dedicated Configuration Manager Distribution Point (DP) will be installed to handle all iPXE Anywhere PXE Booting.

Best practice:

  • BranchCache has been configured in your environment

  • DO NOT install WDS or a PXE Service Point on this system. The 2PXE server replaces that functionality and operate on the same ports (69 and 4011).

Configuration Manager – Security

Allowing Access to the Configuration Manager SQL Database

2PXE uses SQL as the fastest way to retrieve boot actions for a system. Add the service account (default the machine account of the Distribution Point) to the ConfigMgr_DViewAccess local group on the Configuration Manager Site Server. Members in this group have the required access for using distributed views against the Configuration Manager database. The account only requires read rights and can be further locked down if necessary.

Figure 6 shows the local group for accessing SQL, the SQL reporting group provides sufficient SQL rights.

Security without Configuration Manager

If you are not using Configuration Manager then the only security related issue is to ensure that the boot URL returned from the PowerShell command is accessible with anonymous security or by using an ACL and the iPXE Network Access Account.

2PXE Service Install

The installer is an MSI, which adds a Windows service for hosting the proxyDHCP and the TFTP service. There are two versions. One each for x86 and x64.

Installation requires administrative rights, as does running the service as it needs to create BCD files.

There is no way to avoid the requirement around full admin rights, so the recommended installation is always on a server system and not on desktop devices.

Licensing

Licensing for iPXE Anywhere is provided via a Licensing .cab file which will have been sent to you as part of the 2Pint registration and download process. The license file will contain your company information and is used to validate the installation.

Figure 7 shows the contents of a typical installation source folder. One x86 installer and one x64 installer plus a default license file.

The 2PXE Server and iPXE Anywhere is licensed per network bootable node. When using Configuration Manager this is verified shortly after service startup and at a timely interval. The following SQL query will be used to check the number of devices in the database:

select Count(*) As LiveSystems from v_R_System where ResourceType = 5 AND

AgentEdition0 = 0 OR /* Windows Desktop or laptop computer */

AgentEdition0 = 1 OR /* Windows ARM-based device (running Windows RT) */

AgentEdition0 = 5 OR /* Mac computer */

AgentEdition0 = 6 OR /* Windows CE */

AgentEdition0 = 7 OR /* Windows Embedded */

AgentEdition0 = 12 OR /* Intel System On a Chip */

AgentEdition0 = 13 /* Unix and Linux servers */

This means that you can still have a large number of users and other device types that are non PXE bootable like iOS devices & iPAD’s in your hierarchy.

NOTE: All the iPXE Anywhere installers can be run manually or automated (silent). See the appendices for further information on command line switches.

Start the installation by executing the correct installer (x64 for x64 systems). Ensure you have the License.cab available for the installer to access.

The following Welcome dialog will appear

After you click the Next button the license agreement page appears, click to agree the terms and conditions after you read through and agree to all the statements.

In this next dialog you have the several options:

  • Select to use either the PowerShell, Configuration Manager or Referral Handler

  • Select the method for connection to Configuration Manager (SQL or via MP)

  • Unknown machine support

  • Use the embedded boot.sdi in WinPE

  • Use the iPXE Loaders

  • Use HTTPS for iPXE to 2PXE comms (Recommended)

  • Identify a single IP to which to bind.

The next dialog is the Licensing dialog. Here you have to select the license file for the installer to continue. Click on the “…” button to browse for the License.cab file.

Browse and select a valid License.cab file and click ‘Open’. The path to the license file will now be updated.

NOTE: If you select an old expired license file the installer will continue but the 2PXE service will stop soon after starting.

Select whether to install together with the iPXE Anywhere Web Service or not. Note: This can easily be modified later.

If you are integrating, the URL needs to be the one resolved by the iPXE binary, i.e. it cannot be a localhost address.

Next, configure the account under which you the 2PXE service will run, either LocalSystem, or using a specific local or domain account. Please note that a Local or Domain User account must have the ‘Logon as a Service’ right

Next, you can choose a port for the 2PXE HTTP service. The default is 8050 but you may enter your own custom port should you wish. Whichever you choose, you will need to click the ‘Test Port’ and then, assuming the Port is available, click Next.

If you are using the Configuration Manager handler, enter the server name of the server that hosts the Configuration Manager Database. If you are running 2PXE on that server, you can select (local). Click next to continue.

The installer should then connect to that server and fill out the Database name for you. Check this, and if it’s correct, click next to continue. Otherwise enter the correct name.

In this screen you can configure account that will be used to connect to the Configuration Manager Database from the 2PXE service. We recommend that you use the same account that you specified for the 2PXE service. You can choose a separate account if you must but this may have unexpected results.

You are required to test the connection to verify that it has the correct rights before you can continue.

Tell the installer where you want to install the 2PXE service, and click next.

Select if you want automatic firewall rule creation for Microsoft Firewall. If you are using third party firewall, check the Firewall documentation in this guide.

If you are using HTTP, and the DP is not in anonymous mode, you need to define an iPXE Network Access Account.

This can be left at default if you are using HTTPS.

We are now ready to unleash 2PXE magic, so go ahead and click on Install, sit back and enjoy a cup of tea?

Once completed, hit the “Finish” button to exit the installer. You are now done!