Dot1x, PXE and NAP

Similar Messages

• Unknown Machines and NAP

  Hi all,
  The company I work for is having a major network upgrade including the replacement of all edge and core switches.  Part of this upgrade will be the introduction of NAP.  We have just had two new 2012 r2 servers installed running NAP.
  During our last meeting it was mentioned that only computers with an AD computer account will be allowed onto the network.  I'm not a network engineer, but look after the SCCM solution we have.
  We would like to pay our hardware vendor to bring new pcs to site and install them on the users desks.  They can provide us with a text file containing the computers name in our company format and the machines mac address (eg PC123562*43:f3:00:e1:f3).
   The local hard disks are blank and the bios is set to 1st boot PXE.
  Currently on the old network, when a brand new machine connects to the network we press F12 to pxe boot.  SCCM has a task sequence deployed to the unknown machines collection and with a combination of UDI, VBS scripts and TS variables is able to determine
  where the machine is physically, what model and deploys the wmi file, drivers, packages and updates.  This is working fantastic for us.
  so my question....
  Once we have the new network in place and NAP, unknown machines won't be allowed onto the network as NAP won't have a record of it in AD.  How then do we go about being able to PXE boot machines and deploy images to them?
  has anyone else been able to successfully deploy images to the unknown machines collection in a NAP environment?
  Can the NAP server have a rule against SCCM objects?  We could import the new machines into the SCCM database which the NAP server could reference?
  I'm still waiting for the new engineer to come back to me with models of switches and how they are using those in conjunction with the new 2012 nap servers.  My feeling is they are using an nps profile set to "if machine object does not exist in
  ad, do not obtain an ip from dhcp"
  Thanks,
  Glen.

  Add the PXE enabled DP to the NPS Remediation Server Group. I've never had to do this but in theory it should work. NPS should not allow the computer to get an IP address but it should redirect it to contact the DP.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson
  Thanks Gerry,  I shall look into that but I think it's gonna need an IP
  I'm starting to think I basically have two options (unless I'm missing something).  Create a new VLAN for un-authenticated machines and stick them in there whilst they are imaged....or go down the Intel AMT route.
  Neither option is ideal to be honest.  There are times where we have to image quite old machines (no amt technology onboard) which will be unknown to both sccm and nps.  The vlan option isnt great either as we are opening ourselves up and having
  to mess around bring new servers online for this "safe area"
  The best way would be to create an NPS policy saying something like "if machine exits in sccm all systems collection allow lan access"

• DHCP and NAP Event 1070

  Server 2012 DC1, role: AD, DNS, DHCP and NAP. Another Server 2012 DC2 as secondary with same roles, and as hot stand by for DHCP.
  When NAP is enabled on all scope, event 1070 "Iashlpr initialization failed: The DHCP service was unable to access path specified for the audit log. , so DHCP server cannot talk to NPS server. It could be that IAS service is not started." comes
  up. When this error shows up, doing Replicate Failover Scopes from the MMC will crash it. Running Invoke-DhcpServerv4FailoverReplication will generate "The remote procedure call failed" error.
  NPS NAP DHCP Policy exists, with generic Full Access and no restriction. Both DC's are in "RAS and IAS Servers" group. The audit path exists and can be accessed. Disabling NPS on all scopes seem to return to normal.
  This seems to be a bug or something amissed. How can I get enable NAP on all scope without DHCP server throwing an error?

  Hi,
  Have you installed any secruity software on the server?
  If yes, please disable it and try again.
  Also, what's the result of "sfc /scannow"?
  Besides, what's the start type of the NPS service?
  To set the NPS service to start automatically and start the NPS service, please follow the steps below,
  At the NPS server click Start, click Run, type
  services.msc, and then click OK.
  Double-click Network Policy Server.
  On the General tab, in the Startup type
  box, click Automatic, and then click Apply.
  Click Start, wait for the progress bar to complete, and then click
  OK.
  On the File menu, click Exit.
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  No errors on scan, it did not find integrity violations. Service is already on auto and started. 
  I thought maybe the firewall is blocking it, but this is the same machine that runs AD/DHCP/NPS role.
  Where this audit log for NPS that the DHCP is looking for?

• OSD Tasks only available to PXE and media showed up in Software Center on a server!

  OK so I'm getting a selected windows 2008 r2 server setup with its SCCM client cert, I get the client installed on there - everything's looking great, I see updates and CI's and policies all coming down nicely watching the client logs... I open up software
  center thinking I'll go on ahead and kick off the 2 available windows updates and to my horror I see my OSD Task Sequence deployments (Available) sitting there in software center. These are all set for visibility only to PXE and media - NEVER software center
  - every single one of them - and I've triple-checked every one since I saw this and also verified they don't show up on a client workstation. I deleted the deployments for these task sequences and grabbed the \windows\ccm\logs directory in full off the server
  for review... How in the flying heck did these task sequences show up in Software Center on my server's newly installed client / software center???

  Aha! Thanks Mr Sandys! Sure enough the client hasn't upgraded yet and is at 5.00.7711.0000.
  I have automatic sitewide client upgrade configured (within 1 day) - guess I'll wait to see if it updates or not. Shouldn't pushing the client from my CM server send the latest client X_X ?

• Dot1x, .1X and Cisco IP Phones

  Hi,
  We are busy performing dot1x tests on IP Phones. We chose the LSC approach and have generated CAPF CSRs which we have signed by our PKI infrastructure.
  Once all certificates and trust have been uploaded and when we update the CUCM CTL with the Cisco CTL client tool, we received the following error message
  “Could not get CAPF certificate(s).CAPF seems to be running on the CUCM Publisher but the certificate file(s) do not exist in the Certifiicate trust path on Server”
  We searched Neptro with an explanation on this and found that article:
  https://supportforums.cisco.com/thread/2067102
  In our setup we one issuing CA in the certification path has n key of 4096 bits. This is imposed by our Security Policy and can’t be workaround from a security policy point of view.
  We then had the CAPF CSR regenerated and had a test CA with an encryption key of only 2048 bit sign our certificate and Dot1x authentication. This worked just fine and test Ip Phones can now authenticate..
  My question is, is that a known limitation of Cisco Callmanager which is unable to handle certificates signed by a PKI in which one of the CA has a key of more that 2048 bits. Or is this a bug related to our 8.6.2.23900-10 CUCM version.
  Is there a way to bypass that limitation or a precise version of callmanager correcting it?
  THanks,
  Antoine

  You can configure the MSFT supplicant to send an EAPOL-Logoff:
  Software\Microsoft\EAPOL\Parameters\General\Global\AuthMode -- REG_DWORD
  0: Machine authentication mode in Windows XP Client RTM. When a user logs in, if the connection has already been authenticated with Machine credentials, the user’s credentials are not used for authentication.
  1: Machine authentication with re-authentication functionality. Whenever a user logs in, 802.1X authentication is performed using the user’s-credentials.
  2: Machine authentication only – Whenever a user logs in, it has no effect on the connection. 802.1X authentication is performed using machine credentials only.
  In the wired-Ethernet case you should set (SupplicantMode = 3) AND (AuthMode = 0) AND (disable Machine-Authentication OR ensure that there are no machine credentials on the client). This will ensure that when a user logs off, an EAPOL-Logoff will be sent out. So, AFAIK, this is the bad news .. you lose machine-auth.
  Actually, stay tuned for the ability for our IP Phones to be able to do this on behalf of a PC very soon. What will happen is when an IP Phone senses EAPOL through it, it will know who the supplicant is, and what port they're on (the phone's PC port). Assuming 2 conditions above, if link to phone's PC port goes down, IP Phone will transmit EAPOL-Logoff to PC immediately (on PCs behalf).
  Hope this helps.

• Cisco ISE: Dot1x failing and MAB succeeded (Intermittent) /or Posture Delay

  Hi,
  We are running the cisco ise 1.1.3 and configured for the Dot1x and MAB authentications. PC's are getting access through MAB while Dot1x failing again and again. But, sometime, same PC is getting authenticating  via Dot1x. Connectivity is intermittent. Also, sometimes, stucks longer in Posture
  We have three different switches at the moment with the latest IOS version.
  1) WS-C4507R-E    =  15.1(2)SG,
  2) WS-C3560-48PS = 12.2(55)SE7
  3) WS-C3750X-24P = 15.0(2)SE1
  Could you anyone pitch the idea? or advise about the latest IOS for the switches.
  Let me know, if you need more information.
  Thanks,
  Regards,
  Mubahser

  It seems your PCs are failing dot1x and also failing MAB authentication, the switch by default will start the process again and will again fail dot1x and MAB authentication, and so on.
  It will be helpful to see the logs from both the switch and the radius servers (i take it is ACS or ISE). Also the configuration of the radius server.

• ZCM 10.3.2, PXE and Optiplex 980..

  Maybe this has been answered already, but if it has, I haven't seen it yet. Has anyone been able to image an optiplex 980 with PXE on ZCM10, I cannot get it to work, and the culprit seems to be the intel boot agent, it seems to be too new of a version, for the PXE server. Any input would be appreciated.
  Thanks,

  Originally Posted by Techlord
  Maybe this has been answered already, but if it has, I haven't seen it yet. Has anyone been able to image an optiplex 980 with PXE on ZCM10, I cannot get it to work, and the culprit seems to be the intel boot agent, it seems to be too new of a version, for the PXE server. Any input would be appreciated.
  Thanks,
  A new imaging update was released today, might be worth a shot to update and see if it resolves the issue: NOVELL: Downloads - ZENworks Imaging Driver Update for March 2011
  Thomas

• SCOM 2012 and NAP 802.1X Enforcement - Event ID: 6276 during client startup - False positive

  Hi
  We are running SCOM 2012 and we are using NAP 802.1X enforcement with HP IDM. We are getting multiple event ID: 6276's entries in SCOM during computer start-up, which is false positives as it seems the computer is put into the Non-Compliant network until
  its true state is reported. Is there a way to suspend these events, in order for us to only receive valid Non-Compliant events?
  Regards, Francois
  Francois Vorster

  Hi,
  You can make dot3svc dependent on NAP agent so that NAP agent starts up completely before the first 802.1X authentication attempt is tried. This should reduce the number of re-authentication attempts.
  -Greg

• Dot1x, 3550 and Windows XP

  I configured dot1x on a 3550 port which is connected to a Windows XP client. I am using radius and I can do debug authentication and I see the switch asking the client to authenticate, however the client machine never prompts for authentication. The state goes automatically to unauthorized. I have configured the client for MD5 authentication. Is there a trick to getting the client to prompt for credentials? The docs that I have read show a balloon pop-up on the client that says to click it to enter credentials but I never get this balloon. I have tried this with 2 separate clients with the same results...

  This should help:
  <http://download.microsoft.com/download/b/0/e/b0e2a363-0044-4327-8f17-020818f57234/Wired_depl.doc>

• PXE and MDT

  I am trying to get PXE to find my WDS server and having a tough day.  My DCHP server and WDS are separate boxes but on the same subnet.  I have added the options in the DCHP for 66 and 67 and also ensured WDS is listening for all requests.  I
  also added the lite touch images and still the machines are not picking up the boot sequence.
  Any one have an idea.
   

  Also just to answer the laptop is picking up the DHCP server just fine, just cant get to the image.  Ensured WDS is on and started as well. 

• Setup UCS Auto-Deploy using PXE and dual vNICs

  We are trying to set up Auto Deploy for UCS B200 M3 blade servers.  Our setup has the chassis connected to dual 6248 Fabric Interconnects.  We were successful in getting this to work when the blades were identified via MAC address configured on the DHCP server (Infoblox).  However, in trying to resolve the scenario of the server attempting to PXE boot via either NIC, thus having two different MAC addresses, this scenario could not be supported on the DHCP server (mapping two MAC addresses to one IP address).  Then we had the idea of using the GUID/UUID of the blade as a unique client identifier, as it is the same no matter which NIC is used.
  We have tried to set this up, but have been unsuccessful.  The blade sends out its' GUID using DHCP option 97, but the DHCP server is only looking for the Client ID via DHCP Option 61.  We have not been able to determine how, or if, the blade server can send its' GUID via DHCP Option 61, and Infoblox tells us that their server cannot be configured to accept DHCP Option 97 as a client identifier.
  Has anyone encountered this situation, and resolved it?  Surely this isn't a unique situation, having a blade server with two NICs.
  Thanks in advance for your response.
  Ron Buchalski

  Hi Ron,
  i am currently setting up an autodeploy environment. But i only use one nic per host for boot from san. Because of the autofailover possibility in ucs, i think i do not need a second nic.
  Why do you use a second nic? Do i miss something or is it just because of the thinking to have a redundancy for management in vcenter?
  Frank

• ZCM PXE and ZEN 7 PXE

  Ok I am having a heck of a time trying to get PXE boot work on our zcm machine.
  I have set up the server referral and added the old zen 7 server ip in there.
  unloaded the novell-proxydhcp service on the old server and started it on the zcm server
  i copied the files to the /srv/tftp folder.
  dhcp not running on either machine
  cisco routers have ip helper set
  cisco routers have ip forward-protocol udp 67 and ip forward-protocol udp 68 set.
  reboot the machine and it doesn't get a ip address
  PXE-E53: No boot filename received
  PCE-M0F: Exiting PXE ROM
  i check the logs and i don't even see any dhcp requests
  any one with some suggestions?

  Originally Posted by spond
  JamieMichael,
  > cisco routers have ip helper set
  >
  > cisco routers have ip forward-protocol udp 67 and ip forward-protocol
  > udp 68 set.
  >
  to both the ZEN and ZCM servers?
  I know the ip helper is set for both servers i am not sure about ip forward-protocol I will have the network ppl check when they get in.
  I have noticed if i start the proxydhcp service on the old server it works ..
  Shaun Pond

• PXE and Windows eating up DHCP leases

  Hi,
  We've got three DHCP servers on three sites, running the ISC DHCP
  daemon. We also have Zen for Desktops 7 on all three sites running on
  Netware 6.5.
  My problem is that when the PC boots, it ends up with two leases - one
  for when the PXE runs, and another for when Windows boots! I've attached
  an example of what happens, and the leases from the log files of the
  server, to show what's happening. In a nutshell, it seems to be related
  to the fact that the PXE session doesn't show a UID to the DHCP server,
  but Windows does. As a result, DHCPD treats them as two different hosts,
  and grants two leases. The only way around this right now is
  ridiculously short leases, which results in very chatty workstations and
  servers.
  I tried the "deny duplicates;" setting in the dhcpd.conf, but that
  doesn't seem to have worked. We have just over 50% of the DHCP pool
  used, so as a result most PCs work, apart from the last ones on which
  start showing 'No free leases' in the log file.
  I'm going to upgrade the server to SLES10 soon (it's currently on an
  ancient redhat install), but there's nothing in the changelogs relating
  to duplicates that I could see, so I don't think it's a version issue.
  Can anybody suggest anything to try and alleviate this problem? Is
  anybody seeing this?
  Regards,
  ====================== LOG FILES ============================
  PXE Boot
  ========
  Oct 27 11:46:08 ernie dhcpd: DHCPDISCOVER from 00:07:e9:f2:d3:13 via
  192.168.200.2
  Oct 27 11:46:09 ernie dhcpd: DHCPOFFER on 192.168.200.130 to
  00:07:e9:f2:d3:13 via 192.168.200.2
  Oct 27 11:46:10 ernie dhcpd: DHCPREQUEST for 192.168.200.130
  (192.149.238.50) from 00:07:e9:f2:d3:13 via 192.168.200.2
  Oct 27 11:46:10 ernie dhcpd: DHCPACK on 192.168.200.130 to
  00:07:e9:f2:d3:13 via 192.168.200.2
  Oct 27 11:46:10 ernie dhcpd: DHCPREQUEST for 192.168.200.130
  (192.149.238.50) from 00:07:e9:f2:d3:13 via 192.168.200.3
  Oct 27 11:46:10 ernie dhcpd: DHCPACK on 192.168.200.130 to
  00:07:e9:f2:d3:13 via 192.168.200.3
  lease 192.168.200.130 {
  starts 5 2006/10/27 10:46:10;
  ends 5 2006/10/27 10:56:10;
  binding state active;
  next binding state free;
  hardware ethernet 00:07:e9:f2:d3:13;
  lease 192.168.200.130 {
  starts 5 2006/10/27 10:46:10;
  ends 5 2006/10/27 10:56:10;
  binding state active;
  next binding state free;
  hardware ethernet 00:07:e9:f2:d3:13;
  Windows Boot
  ============
  Oct 27 11:47:11 ernie dhcpd: DHCPDISCOVER from 00:07:e9:f2:d3:13 via
  192.168.200.2
  Oct 27 11:47:12 ernie dhcpd: DHCPOFFER on 192.168.200.65 to
  00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.2
  Oct 27 11:47:12 ernie dhcpd: DHCPREQUEST for 192.168.200.65
  (192.149.238.50) from 00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.2
  Oct 27 11:47:12 ernie dhcpd: DHCPACK on 192.168.200.65 to
  00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.2
  Oct 27 11:47:12 ernie dhcpd: DHCPREQUEST for 192.168.200.65
  (192.149.238.50) from 00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.3
  Oct 27 11:47:12 ernie dhcpd: DHCPACK on 192.168.200.65 to
  00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.3
  lease 192.168.200.65 {
  starts 5 2006/10/27 10:47:12;
  ends 5 2006/10/27 10:57:12;
  binding state active;
  next binding state free;
  hardware ethernet 00:07:e9:f2:d3:13;
  uid "\001\000\007\351\362\323\023";
  client-hostname "BCUC-6D8215E8EA";
  lease 192.168.200.65 {
  starts 5 2006/10/27 10:47:12;
  ends 5 2006/10/27 10:57:12;
  binding state active;
  next binding state free;
  hardware ethernet 00:07:e9:f2:d3:13;
  uid "\001\000\007\351\362\323\023";
  client-hostname "BCUC-6D8215E8EA";
  David Rickard
  ICT Security Officer
  david dot [email protected], 01494 522141 Ext: 3531
  Information & Communication Technologies
  Buckinghamshire Chilterns University College
  Queen Alexandra Road, High Wycombe, BUCKS, HP11 2JZ

  David Rickard wrote:
  > Hi,
  >
  > We've got three DHCP servers on three sites, running the ISC DHCP
  > daemon. We also have Zen for Desktops 7 on all three sites running on
  > Netware 6.5.
  >
  > My problem is that when the PC boots, it ends up with two leases - one
  > for when the PXE runs, and another for when Windows boots! I've attached
  > an example of what happens, and the leases from the log files of the
  > server, to show what's happening. In a nutshell, it seems to be related
  > to the fact that the PXE session doesn't show a UID to the DHCP server,
  > but Windows does. As a result, DHCPD treats them as two different hosts,
  > and grants two leases. The only way around this right now is
  > ridiculously short leases, which results in very chatty workstations and
  > servers.
  >
  > I tried the "deny duplicates;" setting in the dhcpd.conf, but that
  > doesn't seem to have worked. We have just over 50% of the DHCP pool
  > used, so as a result most PCs work, apart from the last ones on which
  > start showing 'No free leases' in the log file.
  >
  > I'm going to upgrade the server to SLES10 soon (it's currently on an
  > ancient redhat install), but there's nothing in the changelogs relating
  > to duplicates that I could see, so I don't think it's a version issue.
  >
  > Can anybody suggest anything to try and alleviate this problem? Is
  > anybody seeing this?
  >
  > Regards,
  >
  >
  > ====================== LOG FILES ============================
  >
  > PXE Boot
  > ========
  >
  > Oct 27 11:46:08 ernie dhcpd: DHCPDISCOVER from 00:07:e9:f2:d3:13 via
  > 192.168.200.2
  > Oct 27 11:46:09 ernie dhcpd: DHCPOFFER on 192.168.200.130 to
  > 00:07:e9:f2:d3:13 via 192.168.200.2
  > Oct 27 11:46:10 ernie dhcpd: DHCPREQUEST for 192.168.200.130
  > (192.149.238.50) from 00:07:e9:f2:d3:13 via 192.168.200.2
  > Oct 27 11:46:10 ernie dhcpd: DHCPACK on 192.168.200.130 to
  > 00:07:e9:f2:d3:13 via 192.168.200.2
  > Oct 27 11:46:10 ernie dhcpd: DHCPREQUEST for 192.168.200.130
  > (192.149.238.50) from 00:07:e9:f2:d3:13 via 192.168.200.3
  > Oct 27 11:46:10 ernie dhcpd: DHCPACK on 192.168.200.130 to
  > 00:07:e9:f2:d3:13 via 192.168.200.3
  >
  > lease 192.168.200.130 {
  > starts 5 2006/10/27 10:46:10;
  > ends 5 2006/10/27 10:56:10;
  > binding state active;
  > next binding state free;
  > hardware ethernet 00:07:e9:f2:d3:13;
  > }
  > lease 192.168.200.130 {
  > starts 5 2006/10/27 10:46:10;
  > ends 5 2006/10/27 10:56:10;
  > binding state active;
  > next binding state free;
  > hardware ethernet 00:07:e9:f2:d3:13;
  > }
  >
  > Windows Boot
  > ============
  >
  > Oct 27 11:47:11 ernie dhcpd: DHCPDISCOVER from 00:07:e9:f2:d3:13 via
  > 192.168.200.2
  > Oct 27 11:47:12 ernie dhcpd: DHCPOFFER on 192.168.200.65 to
  > 00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.2
  > Oct 27 11:47:12 ernie dhcpd: DHCPREQUEST for 192.168.200.65
  > (192.149.238.50) from 00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.2
  > Oct 27 11:47:12 ernie dhcpd: DHCPACK on 192.168.200.65 to
  > 00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.2
  > Oct 27 11:47:12 ernie dhcpd: DHCPREQUEST for 192.168.200.65
  > (192.149.238.50) from 00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.3
  > Oct 27 11:47:12 ernie dhcpd: DHCPACK on 192.168.200.65 to
  > 00:07:e9:f2:d3:13 (BCUC-6D8215E8EA) via 192.168.200.3
  >
  > lease 192.168.200.65 {
  > starts 5 2006/10/27 10:47:12;
  > ends 5 2006/10/27 10:57:12;
  > binding state active;
  > next binding state free;
  > hardware ethernet 00:07:e9:f2:d3:13;
  > uid "\001\000\007\351\362\323\023";
  > client-hostname "BCUC-6D8215E8EA";
  > }
  > lease 192.168.200.65 {
  > starts 5 2006/10/27 10:47:12;
  > ends 5 2006/10/27 10:57:12;
  > binding state active;
  > next binding state free;
  > hardware ethernet 00:07:e9:f2:d3:13;
  > uid "\001\000\007\351\362\323\023";
  > client-hostname "BCUC-6D8215E8EA";
  > }
  >
  Hi,
  Just following this one up. It's still happening!
  I tried using 'deny duplicates' in the dhcpd.conf, and it seemed to work
  for a while, but it's still happening; I think we just had a low number
  of PCs switched on!
  We're on ZfD 7 SP1, Hotfix 3, with the Hotfix 4 PXE files installed
  (Hotfix 4 came out about a week after I installed hotfix 3!).
  Anyway, it's still happening and driving me to distraction. Of about
  140-something hosts, they're using twice as many leases as they should,
  so they're back on 10-minute leases, just to recycle them fast enough.
  Anybody have any suggestions?!
  David Rickard
  ICT Security Officer
  [email protected], 01494 522141 Ext: 3531
  Information & Communication Technologies
  Buckinghamshire Chilterns University College
  Queen Alexandra Road, High Wycombe, BUCKS, HP11 2JZ

• PXE and Windos 7 deploy show error 0x80041013

  Hi
  I´m trying to deploy a Windows 7 OS in a lab environment. (DC, SCCM2012r2 and computer are in VnWare or HyperV, I tried both),  I´m able to get IP from my DHCP ( dhcp role in DC), detect and load the PXE boot, start to boot and load CM client, then
  ask for the password previously assigned and after that got the error:0x80041013
  Can somedoby give me a clue?
  Jose Chavez IT Manager

  0x80041013 = Provider load failure (from WMI)
  Did you put drivers into your boot image?
  What does the smspxe.log show?
  Jeff

• Solaris 10 x86 PXE and jumpstart using Linux DHCP server !!

  Hi,
  I am trying to get a my Solaris 10x86 jumpstart rolling.
  I have created the images for the OS, but the only issue I have ahead is using a Linux box as a DHCP server for my X86 box to get the image.
  Is it possible to have a linux host that serves as a dhcp server to jumstart X86 host with Sol 10 x86
  or do I need to have a solaris host that runs DHCP service on it.
  Any advice on this issue.
  Thanks.

  Well, if you don't think the online Documentation helpful, then the better way is reading step-by-step instructions from a book. Get to local bookstore, i.e Barne&Nobles or Border or any big local bookstore, there should be pretty good book for Unix Administrator (Solaris version).
  If you have time and think you can memorize then, read on the spot; otherwise, buy the book for future reference.
  If that's not what you had in mind, then this link of free online book might help : http://www.oreilly.com/catalog/solaris8/chapter/ch04.html
  Normally, oreilly online bookstore offers free books to accredited universities, colleges, and organizations. However, if that option isn't for you, it might even offer free sample chapters that might just suit your needs.
  hoep it helps.
  -van.