Unable to Install Windows Image from FOG over PXE
-
My apologies if this is in the wrong group.
I'm trying to install a Windows 11 image captured using FOG Project to a XCP-NG VM over PXE. The iPXE agent boots without issue but as soon as I start the deployment process I get "EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDI_GUID device path" followed by "EFI stub: Measured initrd data into PCR 9"
The system hangs at this point and will proceed no further.
Any suggestions for anything I can try here?VM: Win 11 Template, VTPM ON, Secure Boot OFF
XOA Version: 5.100.2
XCP-NG Version: 8.3.0
HW: HP Z840 Dual Xeon E5-2650 v3, 64GB ECC -
@mattnj I believe secure boot is a requirement for Windows 11, I know for certain that TPM is a requirement, which you have enabled.
As for an additional assistance I can't say that I've had to use FOG to PXE boot a VM into XCP-ng so I won't be of much more help.
Are you able to export the VM to XVA/OVA and import that directly?
-
Secure Boot may depend on the version of Windows you are using. Education and LTSC don't care right now (could change). As you note, vTPM would be required and vUEFI might be needed too.
The only testing I've done in this area is Windows Server 2025 which is essentially 24h2 win11. But that is only 1 machine, and a fresh install. I did use secure boot, tpm, and uefi to install it.
What I would suggest for the OP is this:
Install the same version of Windows 11 as a clean install into a VM, see if anything stops you from doing this. Install it without secure boot to make sure that works, else if it requires secure boot, you have a bit of a process to get the FOG PXE boot working with secure boot. This is something I know I'm going to have to deal with in the near future, there is a procedure built in a forum post that's hard to find, it can be done but not a simple task.
-
@DustinB
Thank you for the reply. Unfortunately the original machine from which the FOG image was captured is a physical machine, not a VM so direct OVA import is not possible here.In this case what is failing to start is not the Windows installer, but the FOG deployment agent that uses Partclone to clone the stored image to the disk.
The FOG iPXE menu starts but then after selecting the image to deploy the process hangs almost immediately.
I'll create a non-windows image and try deploying that to see if there is any difference.
Thanks again!
-
Thanks for the further information, much appreciated. This is an Enterprise image, but not LTSC.
"there is a procedure built in a forum post that's hard to find, it can be done but not a simple task"
Do you have any information I could use to try and located this post? I've tried searching 'secure boot' but was not able to find anything that seemed to be a solution, just questions.I tired using "secureboot-certs install" as specified here: https://docs.xcp-ng.org/guides/guest-UEFI-Secure-Boot/. The certs installed successfully but I ran into the same problem on both the existing VM and a newly built one. Secure boot was turned on and the keys copied from the pool per the document.
Thank you for your help so far, any information you may be able to provide in finding the mysterious procedure post would be most appreciated. Come to think of it a lost mysterious document that holds the key to solving a problem sounds like the plot of a movie...
-
[edit] I think you should make a second FOG server for testing the secure boot stuff to prove it out, I'm not going to try this on my production system until I know I'm not going to mess it up [/edit]
I think this is the string of posts:
https://forums.fogproject.org/topic/15888/imaging-with-fog-and-secure-boot-poc/6
If you get this working, I'd really like to know because I'm going to need to got through this for summer refresh on my desktops and want to turn secure boot back on. Sure would have been nice if Microsoft updated WDS to work with win11 so smaller facilities still had a Microsoft method of doing this and not jumping through hoops or buying something expensive.
Do you still have the physical machine? I've had some luck with disk2vhd:
https://learn.microsoft.com/en-us/sysinternals/downloads/disk2vhdRemember to create a VHD not a VHDx.
If you have the physical machine and it still works, you could also try using Clonezilla on both the physical and virtual machines to transfer the image over the network.
Make the VM but do not boot, simulate as many aspects of the physical machine as possible (ram, drive size, MAC address, etc). This will let you import the VHD into the UUID of the disk you just created, start it up and see what happens. I'm a little foggy on the details, I'd need to walk through this again, but I did get it to work on one of my physical servers when I moved to virtual, one other failed because an application had too many things tied to physical bits of the server and I had to go through support to update it's license on a fresh VM.
All that said, problems with your secure boot are concerning. Are you saying that even a fresh install with secure boot is failing? I've been using the Eval versions of Windows for most of my testing, they should be close enough to the release versions that this should all be the same. Just for fun, I'd suggest downloading the win11 Eval and giving that a try to see if you can create a new VM that works with vTPM, vSecureBoot, vUEFI
-
Does your VM (using the same template) boot normally with any other Linux image, or if you started the agent from live CD?
-
@mattnj As a separate thought, are you able to upload the FOG iso to your XCP-ng's ISO repo and boot this VM from that ISO. Once booted then are you able to begin the installation process from your fog server?
P.S. It's been nearly a decade since I've last used FOG so it's a bit of a fog...