WinPE Fails to Validate its IP Address When Running in a "169.254" Network

When running WinPE 1.6 or 2.1 in a "169.254" network (this is normally the case if a computer is running the Cisco VPN client and wishes to have local network connectivity as well), it fails to validate its IP Address and also believes that its drive mapping credentials are incorrect.

Read on learn how to whip this issue in the bud.

Click to view.

Breaking out of these retry attempts allows "net use" to be run to successfully map a drive, proving that WinPE had received a functioning TCPIP stack from the DHCP Server.

DS 6.8

Looking at the startnet.cmd and startutl.bat files which are found in the ".\Altiris\eXpress\Deployment Server\PXE\MasterImages\MenuOption131\BDC\shared\@sys@\system32" directory for the default "Managed WinPE" Boot Menu, it was found that WinPE is configured to exclude the "169.254" IP Address range by default, as this is normally used when a computer does not have either a Static TCPIP stack or a DHCP provided one.

The startnet.cmd file calls the startutl.bat file with the following parameters:

REM ============================================================== 

REM Login=Login to the network

REM --------------------------------------------------------------

:Login

echo Establishing network connection...

call %_utl% :authenticate 10 5 20 "-169.254" 180 "%_PwlFile%" "%_Computer%" "%_Domain%"

rem if %errorlevel% neq 0 goto :eof

rem goto :eof

The startutl.bat file starts its script based operations based off of those parameters:

REM ============================================================== 

REM authenticate=Authenticate to the network

REM     1 = ip check timeout

REM     2 = ip check timeout increment

REM     3 = ip check retries

REM     "4" = ips to exclude(-) / include(+)

REM     5 = authentication timeout

REM     "6" = password filename - $PwlFileTitle$

REM     "7" = computer name - $ComputerName$

REM     "8" = domain or server name - $DomainOrServer$

REM     return = 0 if successful

REM --------------------------------------------------------------

:authenticate

setlocal EnableDelayedExpansion EnableExtensions

echo Validating IP address...

set /a timeout=%1


:auth-loop

%systemdrive%\loginw -p %~4 -w %timeout%

rem if "%errorlevel%" == "0" goto auth-login

if %errorlevel% equ 0 goto auth-login


set /a timeout=timeout+%2

set /a x=x+1

if %x% geq %3 goto auth-ipfail

echo Restarting DHCP client service: retry %x%...

net stop dhcp >nul

net start dhcp >nul

goto auth-loop


:auth-login

echo Authenticating connection...

%systemdrive%\loginw -f %6 -c %7 -d %8 -t %5

rem if not "%errorlevel%" == "0" goto auth-ipfail2

if %errorlevel% neq 0 goto auth-ipfail2

endlocal

goto :eof


:auth-ipfail

echo Could not aquire IP address.

rem exit

endlocal

goto :eof


:auth-ipfail2

echo Could not authenticate network connection.

rem exit

endlocal

goto :eof

It is the REM "4" line that makes this IP exclusion:

ips to exclude(-) / include(+) line. 169.254 segment is excluded by following line in startnet.cmd call %_utl% :authenticate 10 5 20 "-169.254" 180 "%_PwlFile%" "%_Computer%" "%_Domain%" 

DS 6.9

Unlike DS 6.8, 6.9 hides most of its WinPE files preventing them from being accessed and modified via the Boot Disk Creator, which means that it is necessary to modify the relevant files from their Templates folder. DS 6.8 only had the "-169.254" exclsuion in the startnet.cmd file, however, 6.9 also has it in the setenv.bat file as well.

The Solution

DS 6.8

To resolve this issue, the startnet.cmd file needs to be modified so that the "169.254" exclusion is removed. Please ONLY do this via the "PXE Configuration Utility" and NOT by directly modifying this file via the filesystem.

1. Select the WinPE Boot Menu and press the "Edit" button.
2. When the "Edit xxx Menu Option" window appears, press the "Edit Boot Image" button.
3. The "Altiris Boot Disk Creator - Edit WinPE Configuration" window will open up at "Step 9 of 12: Edit Configuration".
4. Expand the "%SystemRoot%" folder and then the "System32" one.
5. Select the startnet.cmd file and then scroll down through the right-hand window until the "REM Login=Login to the network" section is displayed.
   
   

   Click to view.

6. Remove -169.254 from within the double-quotes, ensuring that the set of double-quotes remain in thew script.
7. Press the "Next" button so that you can run past the rest of the steps (there is no need to modify any of them), so that this newly configured Boot Menu can be created.
8. Once the creation process has finished, press the "OK" button in the "Edit xxx Menu Option" window, and then press the "Save" button in the "PXE Configuration Utility" window.
9. Once this Boot Menu has been saved, WinPE will be able to validate its IP Address within a "169.254" network.

DS 6.9

A modified WinPE 1.6 image created in DS 6.8 will still work after the DS has been upgraded to 6.9, however, any WinPE 1.6 or 2.1 images created in 6.9 will require the startnet.cmd and setenv.bat files to be modified beforehand.

1. Delete any WinPE 1.6 and 2.1 images that were created by DS 6.9
2. Go to the following directories in order to modify the startnet.cmd and setenv.bat files:
   

   WinPE 1.6 = ".\Altiris\eXpress\Deployment Server\Bootwiz\platforms\Winpe\x86\Templates\"
   WinPE 2.1 = ".\Altiris\eXpress\Deployment Server\Bootwiz\platforms\Winpe2\x86\Templates\"
   
   

   The startnet.cmd section that needs modifying is (remove -169.254 from within the double quotes):

   REM ==============================================================
   REM Login=Login to the network
   REM --------------------------------------------------------------
   :Login
   if defined _StartNetwork if defined _Computer if defined _Domain if defined _PwlFile if exist "%systemdrive%\%_PwlFile%" (
     echo Establishing network connection...
     if not defined _AuthParams  set _AuthParams=10 5 20 "-169.254" 180
     call %__utl%:authenticate %_AuthParams% "%systemdrive%\%_PwlFile%" "%_Computer%" "%_Domain%"
     rem if exist __rtn if %errorlevel% neq 0 %__rtn%
   )
   %__rtn%
   
   

   The setenv.bat section that needs modifying is (remove -169.254 from within the double quotes):

   set _StartNetwork=$$StartNetwork$$
   set _PreloadDrivers=$$PreloadDrivers$$
   set _UseFactoryWinpe=$$CfgWinPEModel$$
   set _EnableFirewall=$$CfgEnableFirewall$$
   set _PwlFile=$$CfgPwlFileTitle$$
   set _Computer=$$CfgComputerName$$
   set _Domain=$$CfgDomainOrServer$$
   set _AuthParams=10 5 20 "-169.254" 180
   set _GetSrv_Map=
   set _GetSrv_Pwl=%systemdrive%\%_PwlFile%
   
   

3. Once these two files have been modified and saved for the relevant WinPE version, a WinPE image can be created which will work in a 169.254 network.