In order for you to boot devices with UEFI and active Secure Boot within a PXE network using toolstar®bootcast (UEFI without Secure Boot and legacy BIOS systems are not affected), toolstar®bootcast must not only provide the local TFTP server but also independently distribute IP addresses using its own DHCP server. This is due to the lack of a proxy DHCP function in the GRUB bootloader.
Network setup with a standard Windows server
1. Installing the server role: Remote Access
Open the Server Manager and then go to Manage -> Add Roles and Features. There, select Remote Access from the list. Continue navigating in the dialog to Role Services and activate Routing there (DirectAccess and VPN will be selected automatically). Now complete the installation. This may take some time.
2. configuring NAT routing
After installation, the two network cards Network Card A (connected to your company network) and Network Card B (connected to a switch and later used by bootcast) must be configured. Open the Server Manager and go to Routing and RAS. Right-click on the left side of your server and select Configure and Enable Routing and RAS. In the wizard, select Network Address Translation (NAT). Then select network card A (connected to your company network). Confirm with Finish.
3. Checking the IPv4 settings
In the RAS window, expand the IPv4 -> NAT section. You should see all network adapters on the system here. Among them are interfaces A (connected to your company network) and B (connected to a switch and later used by bootcast). Network adapter A (connected to your company network) should show the type "Public Interface" with NAT enabled. Network adapter B (connected to a switch and later used by bootcast) should show the type "Private Interface".
If network card B (connected to a switch and later used by bootcast) is missing, you must add it by right-clicking on NAT-> New Interface -> Network card B (connected to a switch and later used by bootcast) -> Private interface connected to the private network.
4. Assigning a static IP address to network card B
Go to the network adapter settings and set a static IP and subnet mask for network card B (connected to a switch and later used by bootcast). This could be, for example, the IP 192.168.253.1 and the subnet mask 255.255.255.0. More information about setting static IP addresses.
5. toolstar®bootcast PXE-DHCP settings
Now you need to make the appropriate settings in toolstar®bootcast. Further information can also be found in the article “Your own DHCP server with toolstar®bootCAST”. Set the following in the toolstar®bootcast configuration file (assuming you have used the same settings as in 4.):
### IMPORTANT: Always save the file in UTF-8 format after editing! ###
### Relative paths refer to the path of the BootCast program file.
base-path = “${exe}”
### Clients whose boot requests are NOT answered
ignored-clients = [
# “mac:00:12:34:56:78:9A”, # Example: Client by MAC
# “ip:172.16.20.20”, # Example: Client by IP
# “netif:mac:00:12:34:56:78:9A”, # Example: Host NIC by MAC
]
# Enables the DHCP server on the NIC with IP address 192.168.100.1
# and subnet mask 255.255.255.0
dhcp-enable = [“netif:ip:192.168.253.1/24”]
# Allows the DHCP server to distribute IP addresses in this range
dhcp-ip-include = [“ip:192.168.253.2-192.168.253.199”]
[client]
caption = “All clients”
# Sets the default gateway to the address 127.0.0.1
dhcp-opt-default-gateway = “192.168.253.1”
# Sets the DNS server to 1.1.1.1
dhcp-opt-dns-server = “192.168.253.1”
# Necessary for booting over the network to work
dhcp-scope = “boot-clients”
tftp-window-size = 8 # Reduce value in case of network problems
### Display boot menu with three boot options
bootset = [“testlx”]
TestLX #####################################################################
[bootset.testlx]
caption = “Start TestLX”
“nbp:x86_bios” = “tftp:/pcboot/pxelinux.0”
“nbp:x86_uefi” = “tftp:/GRUB/BOOTIA32.EFI”....
further bootset definitions ....It is important that the default gateway is the IP address of network card B (connected to a switch and later used by bootcast) and that the DNS server is also the same. If your router or setup does not provide its own DNS server, you could also specify a public server such as 8.8.8.8 here. The configuration would then look like this:
### WICHTIG: nach dem Editieren die Datei immer im UTF-8-Format speichern! ###
### Relative Pfade beziehen sich auf den Pfad der BootCast-Programmdatei
base-path = "${exe}"
### Clients, deren Boot-Anfragen NICHT beantwortet werden
ignored-clients = [
# "mac:00:12:34:56:78:9A", # Beispiel: Client nach MAC
# "ip:172.16.20.20", # Beispiel: Client nach IP
# "netif:mac:00:12:34:56:78:9A", # Beispiel: Host NIC nach MAC
]
# Aktiviert den DHCP-Server auf dem NIC mit IP-Adresse 192.168.100.1
# und Subnet-Mask 255.255.255.0
dhcp-enable = ["netif:ip:192.168.253.1/24"]
# Erlaubt dem DHCP-Server der Verteilen von IP-Adressen in diesem Bereich
dhcp-ip-include = ["ip:192.168.253.2-192.168.253.199"]
[client]
caption = "Alle Clients"
# Setzt das Default-Gateway auf die Adresse 127.0.0.1
dhcp-opt-default-gateway = "192.168.253.1"
# Setzt den DNS-Server auf 1.1.1.1
dhcp-opt-dns-server = "8.8.8.8"
# Notwendig, damit das Booten über das Netzwerk funktioniert
dhcp-scope = "boot-clients"
tftp-window-size = 8 # Wert vermindern bei Netzwerkproblemen
### Bootmenü mit drei Boot-Optionen anzeigen
bootset = ["testlx"]
### TestLX #####################################################################
[bootset.testlx]
caption = "TestLX starten"
"nbp:x86_bios" = "tftp:/pcboot/pxelinux.0"
"nbp:x86_uefi" = "tftp:/GRUB/BOOTIA32.EFI"
.... weitere Bootset-Definitionen ....
