PXE Policy problem

Similar Messages

• Thinkpad T420i PXE-53 and PXE-61 problem

  Hello all,
  there is only a win7 on my laptop before this problem happened, today I tried to install Debian, but after the installation was finished, the PXE-E61 problem happened, PXE-E61 medai test failed, please check cable
  so I thought it may be the cable problem, then I connected the laptop with cable but this time is the PXE-E53 problem, it said No boot filename received. I had no choices, so I use super grub disk to log in my win7 and tried to use EasyBCD to solve this problem, but it doesn't work. I also tried to reset the BIOS, it doesn't work either. Anyone who can help me, really appreciate it!!!

  hey powerxtreme,
  welcome to the forums and i do hope you made a recovery disc before installing Debian.
  as you have mention this occurred after installing Debian, i suggest uninstalling it and then with a monoboot Win7, test the PXE-E61 and see if the same error occurs
  WW Social Media
  Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  Follow @LenovoForums on Twitter!
  Have you checked out the Community Knowledgebase yet?!
  How to send a private message? --> Check out this article.

• Aging Policy Problem

  Dear All
  I am facing problem with the aging policy in iplanet messaging server.My aging policy is not working
  Please find the below information for your reference
  1) bash-2.03# ./imsimta version
  iPlanet Messaging Server 5.2 Patch 1 (built Aug 19 2002)
  libimta.so 5.2 Patch 1 (built 23:25:07, Aug 19 2002)
  2)configutil Output
  store.expirerule.19042k7i.createtimestamp = 20070419051559Z
  store.expirerule.19042k7i.creatorsname = "cn=msg-mymessaging,cn=iplanet messaging suite,cn=server group,cn=mymessaging.mydomain.com,ou=mydomain.com,o=netscap
  eroot"
  store.expirerule.19042k7i.folderpattern = user/%@mydomain.com/*
  store.expirerule.19042k7i.messagedays = 90
  store.expirerule.19042k7i.modifiersname = "cn=msg-mymessaging,cn=iplanet messaging suite,cn=server group,cn=mymessaging.mydomain.com,ou=mydomain.com,o=netsca
  peroot"
  store.expirerule.19042k7i.modifytimestamp = 20070419051614Z
  store.expirerule.19042k7i.objectclass = nsmsgcfgexpirerule
  store.expirerule.createtimestamp = 20030427141705Z
  store.expirerule.creatorsname = "uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
  store.expirerule.modifiersname = "uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
  store.expirerule.modifytimestamp = 20030427141705Z
  store.expirerule.objectclass = nsmsgCfgContainer
  store.expirerule.santosh.createtimestamp = 20090317095139Z
  store.expirerule.santosh.creatorsname = "cn=msg-mymessaging,cn=iplanet messaging suite,cn=server group,cn=mymessaging.mydomain.com,ou=mydomain.com,o=netscape
  root"
  store.expirerule.santosh.folderpattern = user/[email protected]/*
  store.expirerule.santosh.messagecount = 5
  store.expirerule.santosh.messagedays = 1
  store.expirerule.santosh.modifiersname = "cn=msg-mymessaging,cn=iplanet messaging suite,cn=server group,cn=mymessaging.mydomain.com,ou=mydomain.com,o=netscap
  eroot"
  store.expirerule.santosh.modifytimestamp = 20090317095315Z
  store.expirerule.santosh.objectclass = nsmsgcfgexpirerule
  store.expirestart = 1530
  Any one can help me ?

  Prashant_wagh wrote:
  1) bash-2.03# ./imsimta version
  iPlanet Messaging Server 5.2 Patch 1 (built Aug 19 2002)
  libimta.so 5.2 Patch 1 (built 23:25:07, Aug 19 2002)Seriously? I would say you should upgrade but I would be probably wasting my time.
  2)configutil Output
  store.expirerule.19042k7i.folderpattern = user/%@mydomain.com/*
  store.expirerule.19042k7i.messagedays = 90
  store.expirerule.santosh.folderpattern = user/[email protected]/*
  store.expirerule.santosh.messagecount = 5
  store.expirerule.santosh.messagedays = 1You have two overlapping rules. Only one rule can be applied to a folder. You could try setting:
  store.expirerule.santosh.exclusive = yeshttp://docs.sun.com/source/816-6009-10/store.htm
  Regards,
  Shane.

• Implementing own Policy - Problems occur.

  I am implementing my own Policy class (via the -Xbootclasspath and
  java.security file). (Using jdk 1.4)
  I have two problems:
  1. My Policy class is not instantiated unless I call Policy.getPolicy()
  a. I have run the app as such:
  java -Djava.security.manager -Xbootclasspath:d:\JavaProjects;d:\jdk1.4\jre\l
  ib\rt.jar -Djava.security.policy=d:\javaprojects\com\zeno\security\policy\po
  licyfile.policy  MyAppb. I have set (in java.security):
  policy.provider=com.MyTest.SecurityPolicy
  c. I have in the constructor: System.out.println("Policy Instanitated");
  d.When I run the app, I do not get "Policy Instantiated" until AFTER I
  call Policy.getPolicy() (and I never get it if I don't call getPolicy())
  2. For some reason, when I do the following, it never calls getPermissions()
  or implies() on my Policy file:
      FileInputStream fis = new FileInputStream("d:\\testfile.txt");
      int ch;
      while ( (ch = fis.read()) != -1 )
          System.out.println(ch);
      }a. Inside my Policy class' methods I have a System.out.println() for
  each one, and they're never called.
  Thank you

  I am experiencing almost exactly the same problem. The documentation seems a little spotty on this, so we're probably missing something. I am using the following syntax:
  java -Djava.security.manager -Dpolicy.provider=security.MyPolicy -Xbootclasspath/a:c:\jdk1.3.0_02\jre\classes -Djava.security.policy=java.policy security.Test
  The -Xbootclasspath/a: option appends (at the beginning) instead of replacing, so you don't have to specify rt.jar. I put my custom Policy class (security.MyPolicy) in c:\jdk1.3.0_02\jre\classes, thinking that this path was searched by default (b/c that's what the documentation claims.) But, my Test class was not able to instantiate it directly until I specifically added the -Xbootclasspath option, but even then my Policy class is not used. In fact, it seems to still be using the default Policy implementation and still respects entries in the java.policy file even though my custom security.MyPolicy class does not do this.
  In general, the behavior I'm seeing (we're seeing?) is consistent with the -Dpolicy.provider being ignored completely. I get the same behavior if I set this to "asdf". So this must be wrong somehow, even though it is consistent with all the documentation I can find...

• CX Policy Problems

  Hello,
  I am in the process of implementing content filtering on the ASA CX module. I have a lot of problems unfortunetly and I have TAC and my account team engaged but I also want to reach out to the community and see who else is using CX and what their experiences have been.
  For the sake of this post I will pose the follwoing question:
  I have a "working" policy that is atleast  taking appropriate action and filtering some of the users I specified filtering for in an identity object that is an AD group. This group is my test group and my AD account is a member of that group. Filtering worked for me 100% the time until a code upgrade to 9.2.1.1-48. No I am ot filtered and the events associated for my user show an implicit allow policy. I can't find this implicit allow policy but I assume this is a the default policy. It doesn't seem like the CX module has any problem identifying my user ID but maybe it doesn't see me as a group memeber or maybe my identity object has been currupted. I just setup and got my hands on this product so I'm a bit out of my element. I have high hopes for using this product but I need to prove it can actually work first!
  Anyone have any suggestions or experiences with CX they would like to share?
  Regards,
  -Dan   

  Thanks for the reply Collin,
  I did fix this issue a few days ago by blowing away and re-configuring the rule. I use the ADA for AD auth and I have not seen any problems with CX identifying users.
  Collin, do you use the CX in a large production environment? How long have you been using it to filter content? Would love to chat with you a bit out of band if you have time let me know.
  Regards,
  -Dan

• Fine-Grained Password Policy problem

  Hi All,
  I'm testing a Fine-Grained Password Policy for a group of users.
  I created a test PSO using ASDI Edit and applied the PSO to a global security group.
  Test user has been added to this group.
  The PSO settings include "Enforce password history: 5"
  The user has changed the password.
  After 24h when I logged in as the user and changed the password - for example: Password1.
  After another 24 hours I changed the password to Password2.
  One day later I've been asked to change the password again.
  In theory I shouldn't be able to use any of the 5 previous passwords (password history = 5) but when I entered Password1 it was accepted.
  Do you know where can be the problem ?
  System info: Windows Server 2008 R2 (forest/domain level is also 2008)
  Regards,
  Marcin

  This is very interesting. I don't have any lab to repro though... So I can't look at it closer.
  From an LDAP perspective, when you change your password on AD, you have to comply with the password history policy. This requirement is send by the server to the client thanks to the supported control: LDAP_SERVER_POLICY_HINTS_OID that you can see just by
  looking at the RootDSE of one of your DC (http://msdn.microsoft.com/en-us/library/cc223320.aspx Used with an LDAP operation to enforce password history policies during password set). I am
  aware of issues with AD-LDS not honoring it, but not AD... I am not sure if the situation described with FIM here matches your issue:
  http://support.microsoft.com/kb/2443871 in this article:
  "The "Enforce password history" and "Minimum password age" Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer."
  But it would mean that it also affects users not having a FGGP (because this isn't specific to FGGP), ad the minimum password age as well. If you have a chance to try this in a lab, let us now... In the mean time, if you can share logs or code from your
  app? Like the section that does the password change?
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• RMI application policy problem..

  Hi;
  Because i am very new in eclipse and java i will ask you an easy question which is realy hard to find out for me.
  I created an RMI project in eclipse and i put the codes inside. When i am trying to run it is says
  Security Manager loaded
  Exception in thread "main" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
  I searched a solution and they are saying create a policy file with same code inside and run with it .
  But i got no clue about how i will write
  java -Djava.security.policy=policy.all SampleServerImpl
  java -Djava.security.policy=policy.all SampleClient
  in eclipse to run code . And i put the policy inside of project folder but id didn't recognize it automaticly.
  Thank you ...
  Edited by: seray.uzgur on Jul 10, 2008 6:55 AM

  Hi,
  What i could see the solution to your problem is.
  create a file name policy.all having the code
  grant {
  // Allow everything for now
  permission java.security.AllPermission;
  & when u call a client call like if u r calling a client through Ant
  do llike this
  <target name="run" >
            <java classname="test.Sample" fork="yes" failonerror="true">
                 <jvmarg value="-Djava.security.manager"/>
       <jvmarg value="-Djava.security.policy=policy.all"/>
                 <classpath refid="src.classpath" />
            </java>
       </target>
  See if that works for you.

• WS Policy problem for encryption

  Hello,
  1- I'm using osb 10g3 and I have problems to configure ws policy for encryption.
  I have configured weblogic realm security to provide my keystore and also certificat path provider to register my trusted key
  and PKI credential mapper .but I have always the same soap fault :
  java.security.cert.CertPathBuilderException: [Security:090686]The CertificateRegistry could not build a certificate path for the subject key identifier
  My certif X509V3 public key
  . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
  Someone can help me to configure this step ?
  (i'm using soapui and for testing my proxy and the policy used is encrypt.xml policy
  Edited by: user11144716 on Jul 28, 2009 6:19 AM

  Can you post more details, like the annotations you used or the policy?

• WS Policy problem for encryption at proxy side

  Hello ,
  I'm using osb - weblogic 10g3 and I have problem to configure ws policy for encryption in my proxy.
  I have configured weblogic reaml security to provide my keystore, also certificat path to register my trusted key
  and PKI credential mapper .but I have always the same soap fault :
  Trace:
  java.security.cert.CertPathBuilderException: Security:090686The CertificateRegistry could not build a certificate path for the subject key identifier
  My certif X509V3 public key
  . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
  Someone can help me to configure this step ?
  The policy is enable at the proxy side. and the the registry is set to trust my certificate (.pem).
  Thanks !

  Hello ,
  I'm using osb - weblogic 10g3 and I have problem to configure ws policy for encryption in my proxy.
  I have configured weblogic reaml security to provide my keystore, also certificat path to register my trusted key
  and PKI credential mapper .but I have always the same soap fault :
  Trace:
  java.security.cert.CertPathBuilderException: Security:090686The CertificateRegistry could not build a certificate path for the subject key identifier
  My certif X509V3 public key
  . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
  Someone can help me to configure this step ?
  The policy is enable at the proxy side. and the the registry is set to trust my certificate (.pem).
  Thanks !

• AppleCare policy problem

  My Hard Drive on Mac Pro died on 26th of December. I brought my Mac Pro station to the Apple Store in Tyson's corner, VA and they said the hard drive is totally damaged and probably there are problems in the memory too. To recover some data that I didn't save a day before the crash they recommended me a data recovery company. I brought my hard drive to the recommended company and it's still there now. Last week I called to the Apples store and asked if I can take my computer back because it's already repaired and there is a new hard drive set in there - they said yes you can do that, but bring damaged hard drive no later then 1-2 days after. Yesterday I came to the Apple store and they said they'll not give me my Mac Pro back until I bring them damaged hard drive. I asked myself - should I take all this for my own money and is it a smart customer support policy?
  I really need my computer because I have a lot to do since December 26th. How and whom should I communicate to get my computer back ASAP?

  This is normal warranty policy for any computer vendor (at least every one I've worked with in my many years of computer support); if you're getting a repair under warranty, you have to return the old parts to the manufacturer (with the occasional exception of very inexpensive parts) or you'll be charged for the parts. Often the vendor will return the broken parts for credit to the company from which they got them, which obviously they can't do if you don't return the part. It also prevents people from falsely claiming that a part is broken, getting a replacement, and just keeping and using the old part as well as the new one.
  Sorry, but if you want the computer back and you can't return the drive, you'll almost certainly have to pay for a new drive. You can ask if there's any way to get a credit for the drive you had to buy if and when you bring back the broken drive, but it's doubtful that they'll be able to do that.

• WSDL Policy Problem

  Hi All
  I'm  facing this issue...
  My Process Integration version is: 7.1 EHP1
  When create a WSDL, this comes with the WS_POLICY by default in true!
  and thats my problem....
  I'll try to explain all my Steps:
  1.- in the ESR I Have created all the necesary (DT, MT, SI, MM, OP)
  2.- in te Directory, i Have created all objects: Receiver, Sender, I.Det, R.Det.
  3.- Right click on Sender Agreement -> Display WSDL
  4.- this windows comes with 2 things: 1 the WSDL URL and 2, the WSDL per se
  if I download the WSDL, I can change manually  the ws_policy from "true" to "standard" or "false", and with this it works fine... but this solutions doesn't works for me... I need to use the WSDL URL (http://XXXXX:50100/dir/wsdl?p=sa/10eee4f1d18632f182bf5eb4b42cfcdb)
  but, if I use, the WSDL URL, the definition inside it comes with ws_policy = TRUE and I can't change it.
  I have followed this link: /people/holger.stumm2/blog/2010/03/19/wsdl-wspolicy--what-is-it-und-how-can-i-get-rid-of-it-in-pi
  wich talks about how to replace the call of WS_POLICY with STANDARD,
  this is my real URL:
  http://XXXXX:8000/sap/bc/srt/wsdl/sdef_ZSI_LABORATORIO_GS02_REQUEST_S/wsdl11/ws_policy/document?sap-client=100
  this is my URL changed.
  http://XXXXX:8000/sap/bc/srt/wsdl/sdef_ZSI_LABORATORIO_GS02_REQUEST_S/wsdl11/STANDARD/document?sap-client=100
  but I see than this is pointing to SAP ECC and not to PI... here I'm confused.
  if this works I could see the messages from Legacy to PI in the SXI_MONITOR???
  basically what I can see with this is: a direct call to the "service interface" wich I have activated in the SPROXY.
  But I think than the Policy status can't be changed in PI...
  when I look in the Service Interface WSDL TAB I can see, than already it has the policy in true, I have set the Security profile to "NO" but the WSDL TAB shows: <wsp:UsingPolicy wsdl:required="true" />
  if someone knows how to fix it I'll apreciate it
  Thanks and Regards

  Hello,
  I know it's an old topic, but we've got the exact same problem here.
  We want to remove the policy tags in the WSDL generated by PI (7.11), or at least set  <wsp:UsingPolicy wsdl:required="false" />
  Our webservice is consumed by another application that stumbles upon these tags. Now, everytime we have to remove these tags manually. Hope someone can provide me with a solution. Thanks in advance.
  Regards,
  Floris

• Routing policy problem !!!

  Hi everybody,
  Sr because my English skill is not good so much.
  Pls help me to solve the problem like this: I create the Network  with policy routing with source address. The policy is: packet from 172.16.6.1 to 4.4.4.4 must go to next-hop Pigpen (172.16.4.3). And when link from SW to Pigpen down, traffic must go to Lucy.
  But it cannot switchover from the next-hop address that I config to the normal routing when the next-hop not available. I have config set ip next-hop verify-availability with track, but it not ok. CDP enable on all router.
  Config on Linus:
  Linus#show ip access-lists
  Standard IP access list 1
      10 permit 172.16.6.0, wildcard bits 0.0.0.255 (581 matches)
  Linus#show run | sec route-map
   ip policy route-map 172.16.6.1
  route-map 172.16.6.1 permit 10
   match ip address 1
   set ip next-hop verify-availability 172.16.4.3 10 track 1
   set ip next-hop 172.16.4.3
  Linus#show run inter e0/1
  Building configuration...
  Current configuration : 144 bytes
  interface Ethernet0/1
   no switchport
   ip address 172.16.5.1 255.255.255.0
   ip ospf 1 area 0
   ip policy route-map 172.16.6.1
  Linus#show run | sec ip sla
  track 1 ip sla 1 reachability
  ip sla 1
   icmp-echo 172.16.4.3 source-ip 172.16.4.1
  ip sla schedule 1 life forever start-time now
  Linus#show run | sec track
  track 1 ip sla 1 reachability
   set ip next-hop verify-availability 172.16.4.3 10 track 1
  Trace result from 172.16.6.1
  172.16.6.1#traceroute 4.4.4.4
  Type escape sequence to abort.
  Tracing the route to 4.4.4.4
  VRF info: (vrf in name/id, vrf out name/id)
    1 172.16.6.2 8 msec 4 msec 4 msec
    2 172.16.5.1 4 msec 8 msec 4 msec
    3  *  *  *
    4  *  *  *
    5  *  *  *
    6  *  *
  Debug log from Linus
  Linus#
  *Jul  7 10:10:48.359: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, len 28, FIB policy match
  *Jul  7 10:10:48.359: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, len 28, PBR Counted
  *Jul  7 10:10:48.359: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, g=172.16.4.3, len 28, FIB policy routed
  Linus#
  *Jul  7 10:10:51.367: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, len 28, FIB policy match
  *Jul  7 10:10:51.367: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, len 28, PBR Counted
  *Jul  7 10:10:51.367: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, g=172.16.4.3, len 28, FIB policy routed
  Linus#
  *Jul  7 10:10:54.359: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, len 28, FIB policy match
  *Jul  7 10:10:54.359: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, len 28, PBR Counted
  *Jul  7 10:10:54.359: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, g=172.16.4.3, len 28, FIB policy routed
  Linus#
  *Jul  7 10:10:57.367: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, len 28, FIB policy match
  *Jul  7 10:10:57.367: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, len 28, PBR Counted
  *Jul  7 10:10:57.367: IP: s=172.16.6.1 (Ethernet0/1), d=4.4.4.4, g=172.16.4.3, len 28, FIB policy routed
  I attach my network picture.
  Config on
  Pls help me !
  Thanks so much !

  Absolutely
  #show access-list 102
  Extended IP access list 102
      10 deny ip 192.168.100.0 0.0.0.255 192.168.110.0 0.0.0.255
      20 permit ip 192.168.100.0 0.0.0.255 any (1 match)
      30 permit ip 192.168.0.0 0.0.0.255 any
      40 permit ip 10.0.0.0 0.0.0.255 any
  R1#show access-list 103
  Extended IP access list 103
      10 deny ip 192.168.100.0 0.0.0.255 192.168.110.0 0.0.0.255
      20 deny ip host 192.168.100.7 any (2775 matches)
      30 permit ip 192.168.100.0 0.0.0.255 any (44855 matches)
      40 permit ip 192.168.0.0 0.0.0.255 any (3561 matches)
      50 permit ip 10.0.0.0 0.0.0.255 any

• Wireless Group Policy Problem - Half the policy applying

  Hi
  I'm at a loss for where to investigate this one so I'm hoping for some suggestions.
  We have a single GPO to send out settings for wireless access to our network. On the wireless we have two SSIDs as below.
  1. Staff SSID
  My manager wanted to reduce the security issues with this as much as possible, so I've generated a GUID for the SSID name, set it not to broadcast the SSID and set the group policy to show the network as "<company
  name> Staff". It uses WPA2-Enterprise with RADUIS authentication to silently pass the authentication credentials of the currently logged on user providing SSO.
  2. Guests SSID
  This uses a preshared WPA2 key and provides guests with internet access and is blocked from the local LAN.
  The GPO is applied in such a way that company laptops are have the Staff SSID displayed in the available connection list, they're allowed to connect to it (as long as they're in the appropriate AD group for RADIUS authentication) but they are blocked from
  connecting their laptops to the Guests SSID. The important thing is that this single GPO controls both settings.
  On a few laptops we have been noticing that the blocking of the Guests SSID is working fine, but the Staff SSID is failing to show. Its as if only half the policy is applying. This is happening to only a small number of laptops which reside in the same AD
  OUs and it doesn't matter who logs on, the same problem occurs. The laptop is able to view all other wireless networks in the vicinity.
  I have logged in to one as myself (with Domain Admin permissions) and I get this problem, but on other laptops, the policy applies completely allowing me to connect to the Staff SSID while blocking the Guests SSID, as it should.
  I've run a RSOP against the laptop which shows that the policy is applying (confirmed by the fact that the Guests SSID is blocked) and the only problem I can find in the event logs are for the EapHost service with event ID of 2002. I've followed the advice
  in a few forum posts below but have been unsucccessful (not even sure if it's related to the GPO issue).
  http://www.eventid.net/display-eventid-2002-source-Microsoft-Windows-EapHost-eventno-10874-phase-1.htm
  http://www.sevenforums.com/network-sharing/336450-event-id-2002-source-eaphost-eap-method-dll-path-name-failed.html
  Any suggestion would be greatly appreciated.

  Hi Daverino,
  Since RSOP shows that the policy has been applied, it should not be a grouppolicy issue.
  According yourdescription, it seems that the system of the laptop has been changedby the user data.
  Could you please post the original information about event 2002? It is useful for further troubleshooting.
  Best Regards.
  Steven Lee
  TechNet Community Support

• PXE boot problem: guest VM DHCP request packets not able to reach DHCP server

  Hi Gurus,
    I'm wondering if anyone could help me with this problem. I wanted to install Linux on Oracle VMs using PXE. I set up a DHCP server and the OVM running RHEL6.4 box. The DHCP server worked fine since other PHYSICAL servers could get IPs from this DHCP server. However, DHCP requests from Oracle VMs was not able to reach the DHCP server. So I suspect this is a VM-specific issue.
  If I type in "dhcp net0" on gPXE prompt on the OVS machine(sappire), I can see the requests were being sent from the OVS server (sapphire):
  gPXE> dhcp net0
  DHCP (net0 00:21:f6:00:00:00) .............................................Connection time out (0x4c106035)
  Could not configure net0: Connection time out (0x4c106035)
  gPXE>
  [root@sapphire ~]# tcpdump -i any -n udp dst portrange 67-68
  tcpdump: WARNING: Promiscuous mode not supported on the "any" device
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
  20:47:25.606400 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:21:f6:00:00:00, length: 387
  20:47:25.606549 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:21:f6:00:00:00, length: 387
  20:47:25.606559 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:21:f6:00:00:00, length: 387
  ^C
  12 packets captured
  14 packets received by filter
  0 packets dropped by kernel
  But if I snoop the same on the RHEL6.4 server running DHCP server and OVM, no request can be seen:
  [root@bluestone Desktop]# tcpdump -i any -n udp dst portrange 67-68
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
  ^C
  0 packets captured
  0 packets received by filter
  0 packets dropped by kernel
  OVS(sapphire) and OVM(bluestone) are located in the same subnet:
  [root@bluestone network-scripts]# ifconfig -a
  eth0      Link encap:Ethernet  HWaddr 00:14:22:72:7C:27 
            inet addr:192.168.2.48  Bcast:192.168.2.255  Mask:255.255.255.0
            inet6 addr: fe80::214:22ff:fe72:7c27/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:106795 errors:0 dropped:0 overruns:0 frame:0
            TX packets:122056 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000
            RX bytes:59173975 (56.4 MiB)  TX bytes:25362955 (24.1 MiB)
  [root@sapphire ~]# ifconfig -a
  10049df2fc Link encap:Ethernet  HWaddr 8A:C5:05:83:AF:C9 
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:80 errors:0 dropped:0 overruns:0 frame:0
            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:0
            RX bytes:33200 (32.4 KiB)  TX bytes:0 (0.0 b)
  eth0      Link encap:Ethernet  HWaddr 00:1A:64:64:DA:64 
            inet addr:192.168.2.202  Bcast:192.168.2.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:37664 errors:0 dropped:0 overruns:0 frame:0
            TX packets:38939 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000
            RX bytes:4537897 (4.3 MiB)  TX bytes:23127790 (22.0 MiB)
  eth0:0    Link encap:Ethernet  HWaddr 00:1A:64:64:DA:64 
            inet addr:192.168.2.212  Bcast:192.168.2.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  [root@sapphire ~]# brctl show
  bridge name    bridge id        STP enabled    interfaces
  10049df2fc        8000.8ac50583afc9    yes        tap7.0
                              tap7.1
                              vif7.0
                              vif7.1
  I turned off iptables and SELinux on the DHCP server, the issue still remained.
  Any help will be highly appriciaited.
  Thanks in advance,
  Alex

  Hi,
  - Do you install Oracle VM Server (OVS) on an emulated environment like Oracle VM VirtualBox ? if yes so you can't do it.
  - Don't forget to configure the Virtual Machines Network and also to add this network to this Virtual Machine.
  I hope this can help you
  Best Regards

• PXE Boot Problem

  Hello everyone!
  I've got a PXE boot server running and I can boot my EEE 701 from it without issue, it gets to the installer but then I get asked for the source of the packages. Now, I don't have an Internet connection to the boot server, so that's not an option. I know I can mount something to /src to have the packages show up, but what am I supposed to mount, and where?
  Thanks in advance!
  P.S: If you're considering "rtfm" or "Google" as a  response as some did on the IRC, don't bother wasting your time to type
  I mounted a USB stick with all the packages on to /src (I knew that had to be done) but I thought perhaps the installer would have mounted the packages from the tftp server to /src automatically. So now I don't understand the point of the separate installer CD?
  Last edited by scottuss (2009-12-17 12:44:55)

  hokasch wrote:
  Hmm, do you mean the one from here? If so, it says "ftp-installation only", but I maybe should have made that more clear. I planned support for mounting packages from the tftp-server later (you need to set up nfs for that), but never picked it up again.
  It is stitched together rather imperfectly, I just made it because there was no other way of getting an install on an old laptop.
  I've totally gone around the houses
  yeah, you could just have booted from an usb-stick, right?
  Actually no! I had problems with that (although I've done it before) I got an error: "Boot device didn't show up after 30 seconds" and the workaround(s) at http://bbs.archlinux.org/viewtopic.php?id=77815 didn't help, so I figured I'd try the PXE boot.
  Look, I'll be straight, I use Arch on an old box as a testing / development server for odd jobs. I left Arch as a desktop user a long time ago for Ubuntu where things "just work" - I don't have time to fix things constantly breaking on my main desktop. I thought I'd give Arch another go as a desktop OS on my EEE but I don't have the time (or inclination) to mess around with it anymore.
  Ubuntu is installing from a USB stick as we speak.
  Don't get me wrong: I LOVE Arch, as a headless, non-important playing around OS, I don't think I'll be using it as a desktop
  P.S: Using Ubuntu has NOTHING to do with the skill level of anyone who chooses to use it. I HATE elitism! (rant over!)
  Last edited by scottuss (2009-12-17 15:08:40)