If Your Netboot Clients Can‘T Start Up From The Server

Try these steps if NetBoot services appear to be available on your server, but some client computers can’t start up from it.

Before you begin

Start by examining the /var/log/system.log file on the server. Identifying the point where the client and server stop communicating can help you identify the cause of a NetBoot issue.

Notes

The following processes and network ports are essential when using NetBoot:

  • bootpd (DHCP) – UDP 67, 68
  • tftpd (TFTP) – UDP 69

The processes bootpd and tftpd are started automatically by launchd with Mac OS X Server v10.4 and later. The process tftpd is started by xinetd in Mac OS X Server v10.3.

The following processes and network ports are used to access the image file(s) depending on how the image is configured in Server app:

  • AppleFileServer (AFP) – TCP 548
  • nfsd (NFS) – TCP/UDP 2049
  • rpcbind (RPC) – TCP/UDP 111
  • NetInfo – TCP/UDP 600-1023
  • httpd (Web) – TCP 80

AFP, NFS (including related services rpcbind and NetInfo), and Web services are started automatically when an image that is configured to use the service is enabled. OS X images require either NFS or Web.

A bootpd message that is followed by the name of a network interface (such as “en0”) is a message the server received from the client.

The log entry lines relevant to this troubleshooting process may be interspersed with entries for other server activity. You can use Server app to view only NetBoot-related log entries.

Example log entries

These are samples of a server’s system.log file from Mac OS X Server v10.6. Current versions of OS X Server create similar log entries.

Some log entries only appear when you have DHCP services enabled on the NetBoot server. Also, some BSDP log entries only appear when a client selects a new image (also known as binding). If a client reboots from the same server it does not have to bind again. This binding information is stored in the /var/db/bsdpd_clients file on the NetBoot server.

Log entries such as these might appear on a NetBoot server that is not configured to serve DHCP (also known as NetBoot 2.0):

Selecting an image

server bootpd[67653]: BSDP INFORM [en0] 1,0:1b:63:39:d0:9f NetBoot024 arch=i386 sysid=iMac5,2
server bootpd[67653]: NetBoot: [1,0:1b:63:39:d0:9f] BSDP ACK[LIST] sent 17.102.134.222 pktsize 749
server bootpd[67653]: NetBoot: [1,0:1b:63:39:d0:9f] BSDP ACK[SELECT] sent 17.102.134.222 pktsize 374

Booting

server bootpd[67653]: BSDP DISCOVER [en0] 1,0:1b:63:39:d0:9f NetBoot024 arch=i386 sysid=iMac5,2
server bootpd[67653]: BSDP OFFER sent [1,0:1b:63:39:d0:9f] pktsize 371

Log entries such as these may appear on a NetBoot server that is configured to serve DHCP (also known as NetBoot 1.0).

Selecting an image

server bootpd[726]: BSDP INFORM [en0] 1,0:3:93:8d:e0:f4 NetBoot006 arch=ppc sysid=PowerMac4,2
server bootpd[726]: NetBoot: [1,0:3:93:8d:e0:f4] BSDP ACK[LIST] sent 192.168.1.12 pktsize 416
server bootpd[726]: DHCP INFORM [en0]: 1,0:3:93:8d:e0:f4
server bootpd[726]: ACK sent <no hostname> 192.168.1.12 pktsize 300
server bootpd[726]: BSDP INFORM [en0] 1,0:3:93:8d:e0:f4 NetBoot006 arch=ppc sysid=PowerMac4,2
server bootpd[726]: NetBoot: [1,0:3:93:8d:e0:f4] BSDP ACK[SELECT] sent 192.168.1.12 pktsize 450
server bootpd[726]: DHCP INFORM [en0]: 1,0:3:93:8d:e0:f4
server bootpd[726]: ACK sent <no hostname> 192.168.1.12 pktsize 300

Booting

server bootpd[726]: BSDP DISCOVER [en0] 1,0:3:93:8d:e0:f4 NetBoot006 arch=ppc sysid=PowerMac4,2
server bootpd[726]: BSDP OFFER sent [1,0:3:93:8d:e0:f4] pktsize 447
server bootpd[726]: DHCP DISCOVER [en0]: 1,0:3:93:8d:e0:f4
server bootpd[726]: OFFER sent <no hostname> 192.168.1.12 pktsize 300
server bootpd[726]: DHCP REQUEST [en0]: 1,0:3:93:8d:e0:f4
server bootpd[726]: ACK sent <no hostname> 192.168.1.12 pktsize 300

Analyzing log messages

Here’s what each kind of log entry means in each stage of the process.

Selecting an image

BSDP INFORM

server bootpd[726]: BSDP INFORM [en0] 1,0:3:93:8d:e0:f4 NetBoot006 arch=ppc sysid=PowerMac4,2

This is a Boot Service Discovery Protocol (BSDP) message from a client to generate a reply from BSDP servers. The client identifies itself by its MAC address (media access control) and lists what kind of computer it is so the server can determine if it can properly start the client.

This message can appear under the following scenarios:

  • When a client opens the Startup Disk preference pane or starts into the startup picker by holding the Option key during startup. In this case, the message will usually be followed by a BSDP ACK[LIST] message.
  • When a client selects a NetBoot image to start up from. In this case, the message will usually be followed by a BSDP ACK[SELECT] message.

BSDP ACK[LIST]

server bootpd[726]: NetBoot: [1,0:3:93:8d:e0:f4] BSDP ACK[LIST] sent 192.168.1.12 pktsize 416

This BDSP message indicates the server replied with a list of available NetBoot images.

BSDP ACK[SELECT]

server bootpd[726]: NetBoot: [1,0:3:93:8d:e0:f4] BSDP ACK[SELECT] sent 192.168.1.12 pktsize 450

This is the BSDP server acknowledging the client’s selection of a NetBoot image.

DHCP INFORM

server bootpd[726]: DHCP INFORM [en0]: 1,0:3:93:8d:e0:f4

This is a Dynamic Host Configuration Protocol (DHCP) message from a client to obtain DHCP options.

Booting

BSDP DISCOVER

server bootpd[726]: BSDP DISCOVER [en0] 1,0:3:93:8d:e0:f4 NetBoot006 arch=ppc sysid=PowerMac4,2

This is a BSDP message from a client attempting to NetBoot. The client identifies itself by its MAC address and lists what kind of computer it is so the server can determine if it can properly start the client.

If this BSDP message is not in the log, verify the server can communicate with the client (check network connectivity).

BDSP OFFER

server bootpd[726]: BSDP OFFER sent [1,0:3:93:8d:e0:f4] pktsize 447

This is a BSDP message stating that the server has received the DISCOVER request, determined itself capable of starting the client, and sent a message to the client offering NetBoot.

If this message is not in the log the server has determined it cannot start the computer. Possible reasons include:

  1. The server has filtering enabled. Check in Server app under the Filters tab.
  2. The image has filtering enabled. Check the image’s filter settings in Server app by editing (double-clicking) it under the Images tab.
  3. No valid NetBoot or NetInstall images were found on the server.

DHCP DISCOVER

server bootpd[726]: DHCP DISCOVER [en0]: 1,0:3:93:8d:e0:f4

This DHCP message indicates the client’s request for an IP address. This is not server-specific and only indicates that the message was transmitted on the network segment. The request was not addressed to this server in particular. This message only appears when the DHCP service is enabled on the NetBoot server (also known as NetBoot 1.0).

If you’re using DHCP services on the NetBoot server but don’t see this message it suggests that a firewall, managed switch, or other network device between the server and client is blocking DHCP traffic. You should check the configuration of such devices.

OFFER

server bootpd[726]: OFFER sent <no hostname> 192.168.1.12 pktsize 300

This DHCP message indicates the server is offering a DHCP lease to the client computer. This message only appears when the DHCP service is enabled on the NetBoot server.

If you’re using DHCP services on the NetBoot server but don’t see this message the server may have determined it cannot lease IP addresses for one of the following reasons:

  1. The valid subnets are out of IP addresses.
    or
  2. There are no valid subnets.

DCHP REQUEST

server bootpd[726]: DHCP REQUEST [en0]: 1,0:3:93:8d:e0:f4

This is the official request from the client for the DHCP IP address. This message only appears when the DHCP service is enabled on the NetBoot server.

ACK

server bootpd[726]: ACK sent <no hostname> 192.168.1.12 pktsize 300

This is the DHCP server acknowledging that the client has chosen the offered IP address and that the DHCP server has noted the address as in use by the client. The DHCP lease period begins at this time. This message only appears when the DHCP service is enabled on the NetBoot server.

Considerations for HTTP NetBoot

Lion Server (10.7) and later

Verify the permissions on the web directory, which is /Library/Server/Web/Data/Sites/Default/NetBoot/ when storage data is located on the startup disk. The permissions should look like this:

drwxrwxr-x 4 root admin 102 (time stamp) /Library/Server/Web/Data/Sites/Default/NetBoot

Mac OS X Server v10.6

Mac OS X Server v10.6 and earlier: Verify the permissions on the /Library/WebServer/Documents/NetBoot/ directory. The permissions should look like this:

drwxrwxr-x  4 root  admin  136 (time stamp) /Library/WebServer/Documents/NetBoot 

Mac OS X Server v10.4 and earlier

Mac OS X Server v10.5 and later can serve image files that are larger than 2 GB in size over HTTP. This is not supported on Mac OS X Server v10.4 and earlier. See this article for more details.

Considerations for AFP NetBoot

It’s normal for a client not to start up from the server if you have exceeded the server’s maximum number of NetBoot connections. At the server, you can change both the maximum number of connections and the client “aging time” value that affects how often the available connections may be reused.

Considerations for earlier versions of Mac OS X Server

Mac OS X Server v10.4

If you upgraded to Mac OS X Server v10.4 from Mac OS X Server v10.3, please review Mac OS X Server 10.4 disables NetBoot and DHCP during upgrade to ensure TFTP is configured correctly.
Mac OS X Server v10.3

The following message appears on Mac OS X Server v10.3. Messages from tftp aren’t logged in Mac OS X Server v10.4 or later.

START: tftp 
(time stamp) server xinetd[376]: START: tftp pid=20238 from=17.102.134.225 

This message is from the Trivial File Transfer Protocol (TFTP) daemon, stating that the server is sending the boot ROM to the client so that it can start. This is either the Mac OS ROM file (Mac OS 9) or the mach_kernel file (Mac OS X).

If this message doesn’t appear on Mac OS X Server v10.3:

  1. Check the NetBoot filter in Server Admin to ensure that the client in question is not listed.
  2. Check Process Viewer or top to ensure that xinetd is running. If it is not, check the System Log and the Watchdog Error Log for any related messages.

Learn more

You can also set the NetBoot Log Level to High in Server app and then monitor the following log files for any additional information from related services:

bootpd /var/log/system.log
tftpd /var/log/system.log
AppleFileServer /Library/Logs/AppleFileService/
nfsd /var/log/system.log
httpd /var/log/apache2/

Important: In accordance with the Network Install and OS X Server software license agreements, you may use the software in this manner as long as you ensure that each end user of the image files is aware of and complies with the terms of the software license(s) that governs the use of the software contained within the image files. The Network Install and OS X Server software may be used to install and reproduce materials so long as your use is limited to reproduction of non-copyrighted materials, materials in which you own the copyright, or materials you are authorized or legally permitted to reproduce.