Help with RIS on win2003

[Mads Ravn]

Hello all,

First of all my apologies if I'm posting to the wrong news group - it was
the best I could find.

Now for the problem:
We're currently running a small/medium sized network with 3 dc's and a
couple of member servers. From one of the member servers we're running RIS
and it works excellent. Recently however we added a new member server, who
is to take the role of RIS server (once we get it working), but we haven't
been able to figure out why it isn't.

The configuration:
Both servers are set to (through AD) "Respond to client computers requesting
service" and they don't have the "Do not respond to unknow client computers"
checkbox marked.

The debug output of BINLSVC for both servers is (CN differs / obscured a
couple of names) :
[BinlServer] 10/15 14:22:49 [INIT] Initializing ..
[BinlServer] 10/15 14:22:49 [OPTIONS] Client Timeout = 900 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Port Number = 4011
[BinlServer] 10/15 14:22:49 [OPTIONS] Scavenger Timeout = 60000 milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] SIF File Scavenger Timeout = 24 hours
[BinlServer] 10/15 14:22:49 [OPTIONS] Update from DS Timeout = 14400000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] DS Error log timeout = 600000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] New Client Timeout Minimum = 0 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] LDAP Search Timeout = 30 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Cache Entry Expire Time = 25000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Maximum Cache Count = 250 entries
[BinlServer] 10/15 14:22:49 [OPTIONS] Assign new clients to this server = 0
[BinlServer] 10/15 14:22:49 [OPTIONS] ServerDN = 'CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk'
[BinlServer] 10/15 14:22:49 [OPTIONS] SCPDN =
'CN=XXXXX-Remote-Installation-Services,CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk'
[BinlServer] 10/15 14:22:49 [OPTIONS] NewMachineNamingPolicy =
'%61Username%#'
[BinlServer] 10/15 14:22:49 [OPTIONS] DefaultContainer = CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk
[BinlServer] 10/15 14:22:49 [OPTIONS] AnswerRequests = True
[BinlServer] 10/15 14:22:49 [OPTIONS] AnswerOnlyValidClients = False
[BinlServer] 10/15 14:22:49 [OPTIONS] AllowNewClients = True
[BinlServer] 10/15 14:22:49 [OPTIONS] LimitClients = False

Both servers are "authorized servers" in the DHCP and we tried naming and
explicit RIS-server here ("Server options:" 066 Boot Server Host Name & 067
Bootfile) but to no avail.

Both servers have succesfully passed the "Remote Installation Services Setup
Wizard"-check.

Both servers have the necessary services (RIS, Groveller & tftp) running.

The funny thing is that the layout of the two servers is identical as far as
we can see, but only the old one will service requests. When the old server
is running the service clients will get served (and appropriate entries
added in the DHCP-log), but with only new server running nothing happens
(and a peak in the DHCP-log reveals that clients don't even get issued
ip-leases).

Any help would be greatly appreciated (are we missing some AD options).
Thankyou in advance

Mads Ravn

 

[Herb Martin]

Hello all,

First of all my apologies if I'm posting to the wrong news group - it was
the best I could find.

Maybe there is one that could help you more but there is nothing
particularly wrong about posting here.

Now for the problem:
We're currently running a small/medium sized network with 3 dc's and a
couple of member servers. From one of the member servers we're running RIS
and it works excellent. Recently however we added a new member server, who
is to take the role of RIS server (once we get it working), but we haven't
been able to figure out why it isn't.

The configuration:
Both servers are set to (through AD) "Respond to client computers requesting
service" and they don't have the "Do not respond to unknow client computers"
checkbox marked.

General RIS server requirements:

1) Enabled to "respond to clients"
2) AUTHORIZED (in DHCP server MMC even if it is NOT a DHCP server)
3) DHCP (available -- does not have to be on same server but that is
common)
4) DNS (available)
5) AD (requires DNS too.)
6) Permissions (of installers) on the files, right to run batch file on
server,
and right or permission tocreate computer accounts (if not
pre-staged.)

DHCP note: Server must (generally) be authorized, have a scope with
available addresses, scope activated.

Also, the RIS client request is supposed to be an actual "BootP" request so
if you are still having trouble make sure that BOOTP support is not disabled
on the DHCP server.

See if the above helps....

--
Herb Martin

The debug output of BINLSVC for both servers is (CN differs / obscured a
couple of names) :
[BinlServer] 10/15 14:22:49 [INIT] Initializing ..
[BinlServer] 10/15 14:22:49 [OPTIONS] Client Timeout = 900 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Port Number = 4011
[BinlServer] 10/15 14:22:49 [OPTIONS] Scavenger Timeout = 60000 milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] SIF File Scavenger Timeout = 24 hours
[BinlServer] 10/15 14:22:49 [OPTIONS] Update from DS Timeout = 14400000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] DS Error log timeout = 600000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] New Client Timeout Minimum = 0 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] LDAP Search Timeout = 30 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Cache Entry Expire Time = 25000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Maximum Cache Count = 250 entries
[BinlServer] 10/15 14:22:49 [OPTIONS] Assign new clients to this server = 0
[BinlServer] 10/15 14:22:49 [OPTIONS] ServerDN = 'CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk'
[BinlServer] 10/15 14:22:49 [OPTIONS] SCPDN =
'CN=XXXXX-Remote-Installation-Services,CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk'
[BinlServer] 10/15 14:22:49 [OPTIONS] NewMachineNamingPolicy =
'%61Username%#'
[BinlServer] 10/15 14:22:49 [OPTIONS] DefaultContainer = CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk
[BinlServer] 10/15 14:22:49 [OPTIONS] AnswerRequests = True
[BinlServer] 10/15 14:22:49 [OPTIONS] AnswerOnlyValidClients = False
[BinlServer] 10/15 14:22:49 [OPTIONS] AllowNewClients = True
[BinlServer] 10/15 14:22:49 [OPTIONS] LimitClients = False

Both servers are "authorized servers" in the DHCP and we tried naming and
explicit RIS-server here ("Server options:" 066 Boot Server Host Name & 067
Bootfile) but to no avail.

Both servers have succesfully passed the "Remote Installation Services Setup
Wizard"-check.

Both servers have the necessary services (RIS, Groveller & tftp) running.

The funny thing is that the layout of the two servers is identical as far as
we can see, but only the old one will service requests. When the old server
is running the service clients will get served (and appropriate entries
added in the DHCP-log), but with only new server running nothing happens
(and a peak in the DHCP-log reveals that clients don't even get issued
ip-leases).

Any help would be greatly appreciated (are we missing some AD options).
Thankyou in advance

Mads Ravn

 

[Mads Ravn]

Thanks for your reply, and sorry I haven't gotten back to you sooner - I've
not been working all weekend.

General RIS server requirements:

1) Enabled to "respond to clients"

This is set through active directory (right-click the computer node ->
select RIS-tab -> mark "respond to client ...")?
If so this appears to be set correct for both servers.

2) AUTHORIZED (in DHCP server MMC even if it is NOT a DHCP server)

This is set through DHCP MMC (rightclick dhcp -> select "manage authorized
servers" -> add appropriate name & ip)?
If so this appears to be set correct for both servers.

3) DHCP (available -- does not have to be on same server but that is
common)

The service is up and running on a different server (we're using dhcp for
issuing standard leases to already installed clients). Are there any special
options that needs to be enabled. We've experimeted a bit with adding option
065 "Boot file" and option 066 "Boot Server Host Name" (To my understanding
this shouldn't be necessary, as we have server and clients on the same
subnet, and these are only seperated by switches). We've got the "Scope" of
aforementioned subnet set to support both DHCP and BOOTP.

Are there any obvious options we're missing?

4) DNS (available)

Available and running. Furthermore I've checked that Host and Pointer
records exist for both the servers in question.

5) AD (requires DNS too.)

Up and running with 3 DCs.

6) Permissions (of installers) on the files, right to run batch file on
server,
and right or permission tocreate computer accounts (if not
pre-staged.)

We've for test purposes installed as a domain admin with full control of the
remote install files. The REMINST share has read permissions by the group
"Everyone".

DHCP note: Server must (generally) be authorized, have a scope with
available addresses, scope activated.

This was ok at the time of testing.

Also, the RIS client request is supposed to be an actual "BootP" request
so
if you are still having trouble make sure that BOOTP support is not
disabled
on the DHCP server.

I'm not sure that it is necessary to set the DHCP server to support both
types of requests - I think the actual requests are DHCP and we've had the
old server working without BOOTP support. But to be sure I enabled it (as
mentioned above).

See if the above helps....

Well it didn't The bizarre thing is that we've got the old RIS server
running fine (can service clients, when we start the service), the
configuration of the old and the new RIS server are identical (As far as I
can tell from the debug output in the original post), and we've set the
"authorized server" in dhcp for both servers. Also both servers pass the
checks that are included with the installer.

If you have more input and/or suggestions I'd appreciate it - I think I've
run through that list in a systematic way and that hasn't given me any clue
to what is happening. Once again thanks for the help.

/Mads Ravn

The debug output of BINLSVC for both servers is (CN differs / obscured a
couple of names) :
[BinlServer] 10/15 14:22:49 [INIT] Initializing ..
[BinlServer] 10/15 14:22:49 [OPTIONS] Client Timeout = 900 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Port Number = 4011
[BinlServer] 10/15 14:22:49 [OPTIONS] Scavenger Timeout = 60000 milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] SIF File Scavenger Timeout = 24 hours
[BinlServer] 10/15 14:22:49 [OPTIONS] Update from DS Timeout = 14400000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] DS Error log timeout = 600000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] New Client Timeout Minimum = 0 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] LDAP Search Timeout = 30 seconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Cache Entry Expire Time = 25000
milliseconds
[BinlServer] 10/15 14:22:49 [OPTIONS] Maximum Cache Count = 250 entries
[BinlServer] 10/15 14:22:49 [OPTIONS] Assign new clients to this server = 0
[BinlServer] 10/15 14:22:49 [OPTIONS] ServerDN = 'CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk'
[BinlServer] 10/15 14:22:49 [OPTIONS] SCPDN =
'CN=XXXXX-Remote-Installation-Services,CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk'
[BinlServer] 10/15 14:22:49 [OPTIONS] NewMachineNamingPolicy =
'%61Username%#'
[BinlServer] 10/15 14:22:49 [OPTIONS] DefaultContainer = CN=XXXXX,OU=Member
Servers,DC=XXXXX,DC=XXXXX,DC=dk
[BinlServer] 10/15 14:22:49 [OPTIONS] AnswerRequests = True
[BinlServer] 10/15 14:22:49 [OPTIONS] AnswerOnlyValidClients = False
[BinlServer] 10/15 14:22:49 [OPTIONS] AllowNewClients = True
[BinlServer] 10/15 14:22:49 [OPTIONS] LimitClients = False

Both servers are "authorized servers" in the DHCP and we tried naming and
explicit RIS-server here ("Server options:" 066 Boot Server Host Name & 067
Bootfile) but to no avail.

Both servers have succesfully passed the "Remote Installation Services Setup
Wizard"-check.

Both servers have the necessary services (RIS, Groveller & tftp) running.

The funny thing is that the layout of the two servers is identical as far as
we can see, but only the old one will service requests. When the old server
is running the service clients will get served (and appropriate entries
added in the DHCP-log), but with only new server running nothing happens
(and a peak in the DHCP-log reveals that clients don't even get issued
ip-leases).

Any help would be greatly appreciated (are we missing some AD options).
Thankyou in advance

Mads Ravn