Netboot Upgrade, fails to netboot

ImAMacGuy
Valued Contributor II

Rather than redo the work on the netboot, I figured I would just use the 10.9.1 build that i used to create the NBI, run the combo update, and re-run it through SIU. That completes as expected, however when I try to netboot a machine I just get a Circle with a line through it.

I can reboot off the (now 10.9.2) partition just fine though, so it seems like it's failing due to the SIU.

Any ideas?

157 REPLIES 157

Kkrawchuk
New Contributor III

You could be right, I was going from jwojda post above.

donmontalvo
Esteemed Contributor III

LOL...we try to "break" things by using the combo updater on an old(ish) Mac. :)

--
https://donmontalvo.com

nigelg
Contributor

I can confirm that swapping the kextcache worked on a 2012 mac mini i was having issues with and on an older iMac. Very cool, that no entry sign has been popping up and recreating images was taking up a lot of time without any decent results.

gachowski
Valued Contributor III

@ Don, the combo thing didn't work for me…however

sudo rm /System/Library/Extensions/IO80211Family.kext/
sudo rm /System/Library/Extensions/ATTO*

Did. :) Thanks guys!!!

I have also read that you can swap the kernelcache file from the NetInstall image : )

alan_trewartha
New Contributor III

that was hard work. i couldn't get a proper NBI because the SIU wouldn't play ball with the system image I had. Eventually created a frankenstein monster NBI using the DMG I wanted, a booter from a recent-ish NBI, an edited PlatformSupport.plist so the new MacPro6 wouldn't refuse, and a kernelcache from the recipes in above posts to enable all models to TFTP that ok.

*stares very hard at Apple*

bentoms
Release Candidate Programs Tester

Hi All,

I've used the script mentioned here: http://blog.designed79.co.uk/?p=1807

BUT, i'm finding imaging is incredibly slow.. The OS block copy is taking hours..

Anyone else seen the same?

Lotusshaney
Contributor II

@bentoms Is that a newish mac with USB 3 and your using a USB dongle ?

franton
Valued Contributor III

It was reported on macenterprise google groups that the USB dongles have a nasty habit of defaulting down to 10Mb speed when doing the auto negotiation. The thunderbolt dongles apparently do not have this issue.

bentoms
Release Candidate Programs Tester

@franton thanks.. No dongles here.. older iMacs + Mac Mini's

franton
Valued Contributor III

I've had something similar here. I rebuilt the image again (using the rc.netboot modification), got SIU to build it properly with an under 32Mb kernel cache file (no idea how, it just started working ok) and uploaded.

I really don't know if it was net boot image, our persistent DP filesystem issues or 10.9.2 at this point.

gokoudes
New Contributor III

Thanks, everyone, for this thread. This was a huge headache for us. Discovering the kernelcache size issue was a goldmine. Thanks @Lotusshaney for creating that great script. For us, running the combo updater on both the server and NetBoot source volume + resizing the kernel cache seemed to do the trick!

Kkrawchuk
New Contributor III

I had experienced Casper Imaging (9.22) crashing until I downloaded and ran Lotusshaney's script makecachedrop and added the 10 GB of free space. (answer y to the 10 GB)

This stopped the crashing, allowed the imaging to complete (reboot to first run) and eliminated my "out of disk space" errors.

His script also resolved the "DO Not Enter" while netbooting older equipment, needless to say I have many copies of the script hidden away so I am never without! :)

Thanks again Lotus, MUCH appreciated!!!

bentoms
Release Candidate Programs Tester

Just an update.

Our issue with Imaging speed was due to an over zealous AV policy vein deployed to the Mac servers.

cbrewer
Valued Contributor II

Did anyone else notice that Apple released an updated version of IncompatibleKextConfigData.pkg on 3/3/2014? This newest version is 1.23 as opposed to version 1.22 that came out on the 2/27/14 along with 10.9.2. I am wondering if this folder (/System/Library/Extentions/AppleKextExcludeList.kext) is used in determining which kexts are used during NBI creation.

michaelhusar
Contributor II

FYI: Pre-release of 10.9.3 (!) for Developers
I am holding my horses...

nessts
Valued Contributor II

yeah because the last seed program was only 9 weeks long. Maybe you should wait for 10.10 :)

rmanly
Contributor III

I was tweaking Lotus's base script today when I figured I would just try Pepijn's experiment.

While I can't confirm (yet) that it works on a machine that didn't work previously I can confirm that there appears to be no ill effects to taking the kernelcache from a Netinstall and dropping it in a Netboot.

Tweaks = https://github.com/rmanly/scripts/blob/master/makecachescripts/makecache.sh

Pepijn's post = https://groups.google.com/d/msg/macenterprise/bqZuM5GnMD0/3ayqeNdPwdIJ

michaelhusar
Contributor II

Sorry for the little sidestep- but talking Netboot: I have a NetSUS 3.0 which when I boot with the "option"-Key is shown as bootable volume under the name "Faux Netboot".
That works now great - thanx to the kernel cache trick.
But I do not see the "Faux Netboot" when I open the System Preferences -> Startup Disk

jwolf
New Contributor

Sorry if I am bringing up an old thread, but I encountered a problem creating netrestore images this week that was driving me crazy and wanted to post the solution in case it helped others....

I created netrestore images from a 10.9.1 that was combo updated to 10.9.2. It would boot fine on older macs, but 2013 Macs would just give the no-entry sign. Just for kicks, I booted an older mac and dropped into terminal from the installer (not the installed image) and checked the system version with sw_vers. Lo and behold, it was 10.9.1 even though the restored image was 10.9.2.

So, this led me to believe that the Apple image utility might be grabbing a stale kextcache, or... maybe it is grabbing it from the restore partition. In any case, I used a script to update the restore partition to 10.9.2, regenerated the image, and that booted on the 2013 Macbooks. No fresh install of 10.9.2 was needed.

That would explain why Apple is telling people to install 10.9.2 vs, update, as only the installer updates the restore partition unless you do it manually. It could be there are two issues at play... the 32MB tftp limit and the restore partition. That could explain the rather hit or miss results.

The Macworld link talks about Lion, but it works for Mavericks too, but you still need the Lion Recovery Update for it to grab a tool from that dmg. You will need the Lion Recovery Update dmg as well as the Mavericks 10.9.2 App store download.

http://www.brunerd.com/blog/software/ (Get script from here)
http://hints.macworld.com/article.php?story=20120316132618149 (How to)

Deadzak
New Contributor

So if you are still having trouble with 10.9.2 nbi set try Zapping Pram and emptying the kernal cache (holding shift on startup) then restart. This is how I was able to fix the my inability to net boot

nessts
Valued Contributor II

@Deadzak resetting PRAM and holding shift did nothing to get the old Mac to boot. Still have to chop stuff out of Extensions to get the old computers to boot.

jescala
Contributor II

It looks like the 10.9.3 update didn't change anything. The kernelcache file generated by SIU is still too big... 36.7 MBs in my case.

Kkrawchuk
New Contributor III

Interesting, I built a new NetBoot image from scratch with the 10.9.3 installer/updater and it boots old and new alike, my 2008 MacPro and my 2013 MacBook Pro just fine.

jescala
Contributor II

My NetBoot image was created from a softwareupdated Mac. I was able to boot a MacPro5,1 but a Macmini5,1 failed. The kernelcache file was definitely larger than 32 MBs and since Apple has not updated the firmware on the Macs unable to TFTP files larger than that, it would follow that this is still broken.

jescala
Contributor II

FYI: I can confirm that Pepijn and @rmanly's suggestion of replacing the kernelcache with the one created for the NetInstall image worked for me on the two Macs I'm tested with.

jwilson
New Contributor II

Lotusshaney I may have missed it, but where does the script need to be placed ?? What location on the machine I am creating my netboot from.

elislider
New Contributor

This thread is very helpful, thank you for everyone that has contributed!
I am ripping my hair out over netboot failing 90% of the time.
Working on these kext issues today and hopefully will have good news to report later!

jrippy
Contributor III

So far I have been unable to get a working 10.9 nbi. Either my kernelcache is too big (0x7 or 0x17 errors) or it seems the kernelcache boots but then I get a kernel panic. Ugh.

russeller
Contributor III

@jrippy You're not using a 2008 iMac to test your 10.9 nbi are you? I found a weird issue where a 2008 iMac with 2GB (2x1GB) of RAM kernel panics right after loading the desktop with a 10.9 netboot session. I can take a stick out, or make it (2x2GB) and it netboots fine. I know there is a rational explanation, but that is what I've discovered through trial and error. 2009 and 2007 iMacs netboot 10.9 fine. If I netboot the 2008 (2x1GB) iMac with 10.8 and image it 10.9 it works fine as well.

jreinstedler
New Contributor III

@Lotusshaney : awesome script - worked like a champ for me. Thanks!

clifhirtle
Contributor II

Thanks for all the posts/ideas here. Unfortunately NetBoot with the JAMF appliance remains a near total fail on my end.

Is there a way to capture log files off a client or the JAMF appliance after a failed NetBoot?

Note: I've already run packet captures in the past to determine why NetBoot across VLANs worked for native Apple NetBoot but not JAMF appliance but did not come up with anything there either.

Assumed the current reason for Netboot failing was due to the kernelcache size issue mentioned above since I was getting the GhostBusters denied symbol on boot. However, after running your resize scripts @Lotusshaney][/url I am just getting an extended NetBoot, then automatic reboot.

Image created via:

  1. latest MAS 10.9.3 installer
  2. Process installer via AutoDMG
  3. System Image Utility to create NetBoot image
  4. Bless command on client to allow NB across VLAN
  5. Same computer image built on that fails NetBoot (MBP13 Mid 2010 & MBA13 Mid 2011)

Any ideas?

Josh_S
Contributor III

I would try to eliminate variables as potential issues:

  1. Make sure there are no spaces in the nbi folder name.
  2. If the NetBoot server (Apple or NetSUS) is on the same subnet, does it work?
  3. Using the exact same nbi folder on both, does this work using both Apple Server's NetBoot functionality as well as the NetSUS?

The kernel cache issue affects specific machines using a large kernelcache file. NetSUS or Apple Server NetBoot, you'll have the exact same issue. So, if you are able to successfully boot a specific machine with a specific .nbi, that NetBoot Image with that machine is not the problem.

Brad_G
Contributor II

If you're using the LONG bless command to boot across subnets, I believe the share location is a bit different on the NetSUS than on the Apple server (or it was on the versions I used). Given all you've done previously you probably already know that but just wanted to make sure. I think it was the /srv/ I added to the path. Also, I'm using the original NetSUS 1.02 that uses NFS. I haven't gotten the newer ones with HTTP bless command figured out yet.

My bless command looks like this:
/usr/sbin/bless --netboot --booter "tftp://IPAddress/NBIFolder/i386/booter" --kernelcache "tftp://IPAddress/NBIFolder/i386/x86_64/kernelcache" --options "rp=nfs:IPAddress:/srv/NetBoot/NetBootSP0:NBIFolder/NetBoot.DMG" $nextboot

clifhirtle
Contributor II

Here's the errors I'm getting around the kernel panics, shown for both 10.8.4 and newer 10.9.3 images:

external image link

external image link

Anybody seen this "vfs_mountroot () failed" message before? I'm checking file permissions next.

elislider
New Contributor

After my last post, I have not yet got NetBoot to work on the latest Server app and a 10.9.3 build.
I noticed the kernelcache was 36MB but after running the script provided above, it is down to 30.1MB with still no ability to netboot.

I did notice that the clients exhibit a completely new characteristic that I've never seen before.
In the past, if there was a problem with a NetBoot client or image, it would attempt to boot it (flashing globe or spinning wheel) and then it would either sit there forever, or just reboot.
With this new 10.9.3 image and latest server version, when I Option-Boot and pick the netboot image, for about 15 seconds, *nothing* happens and the screen appears to be locked up / unresponsive. Then it just boots normally to the local drive.
I dont recall ever seeing this behavior before, is anyone else seeing this?

Also on a sidenote, the server IS generating a shadowfile for the client, about 50MB in size. but I have not yet had a client boot once

wyip
Contributor

Not sure if anyone else is seeing this but in my environment with the NetSUS v3, I had to relocate the NetBoot.dmg file and update the "option root-path" line in my dhcpd.conf before NetBoot would work.

I copied my NetBoot.dmg file out of my NBI folder to /srv/NetBoot/NetBoot.dmg and edited /etc/dhcpd.conf so that the option root-path looked like this:

option root-path "http://netsusIP/NetBoot/NetBoot.dmg";

clifhirtle
Contributor II

@wyip that's really odd. Are you saying that the option root-path setting in dhcp.conf was not correct on your instance of the NetSUS? I have about 4 different NetBoot images, so moving the NetBoot.dmg file to the same level as the actual NBI folders would cause some real issues.

FWIW, my option root-path configuration within dhcp.conf appears to show correctly as:

option root-path "http://NetSUSIP/NetBoot/NetBootSP0/NetBootConfigName.nbi/NetBoot.dmg"

tzmmtz
New Contributor

I was battling for hours with a clean 10.9.3 server and netboot startup issues with MacBook Pro 2012 and Mac Mini 2009 & 2010. Kept getting "tftpd: read: Connection refused" in the logs. Thought it was something with my network or server but then tried a 10.8.5 Netboot that I had and that worked fine on these computers.

Then I followed Apple and Lotusshaney…..

Took my 10.9.3 netboot drive, re-downloaded 10.9.3 Installer. Applied the 10.9.3 combo updater. Created a NetBoot. Attempted to netboot above Mac Mini. Didn't work. Applied Lotusshaney script. Attempted to netboot same Mac Mini. Worked perfectly. Attempted MacBook Pro and other Mac models…..they all work fine now with this 10.9.3 NetBoot.

Thanks Lotusshaney! Wonderful script and so easy to use!

donmontalvo
Esteemed Contributor III

Can't wait for @bentoms (AKA MacMule) to release this jewel...

https://twitter.com/macmuleblog/status/475424483038474241/photo/1

We're going to drown him in beer at JNUC2014! :D

Don

--
https://donmontalvo.com

clifhirtle
Contributor II

This may be a dumb question but since I don't use NetBoot very often, is there a need to reconcile the NFS vs HTTP-based NetBoot image configurations?

Specifically, it appears that Apple limited the ability to set the NetBoot images created in System Image Utility in 10.8 and above to HTTP only. As such any images created through SIU are showing up in the configuration files as HTTP in the image's NBI folder -> NBImageInfo.plist. However the bless commands listed above (and the ones I'm using below) are referencing NFS shares within the rp=nfs: section of the command.

Does that work with HTTP-based NetBoot images?

/usr/sbin/bless --verbose --netboot --booter 'tftp://YourServerIP/NB-1093-Casper.nbi/i386/booter' --kernelcache 'tftp://YourServerIP/NB-1093-Casper.nbi/i386/x86_64/kernelcache' --options '**rp=nfs**:YourServerIP:/srv/NetBoot/NetBootSP0:NB-1093-Casper.nbi/NetBoot.dmg' --nextonly