iPXE Anywhere 2PXE Server
3.7
3.7
  • Start Here - 2PXE Server 3.7
  • Introduction
    • 2PXE Overview
    • Technical Overview
    • Release Notes
  • Proof of Concept
    • Objectives & Prerequisites
    • Install and Configure 2PXE
    • Testing and Validation
    • 2PXE POC Quick Checklist
  • Planning
    • Planning Your Implementation
    • Permissions
    • Firewall Considerations
    • Antivirus Exclusions
  • Installation
    • 2Pint PXE Server Manual Installation
    • Unattended Installation
    • 2PXE Post Installation Checks
  • Configuration
    • 2PXE Server Configuration File
      • Configuring the 2PXE Request Handlers
    • DHCP Configuration
      • Using DHCP Scope Options
        • Overview - DHCP Scope Options
        • Creating DHCP Scope Options
          • Manually Creating DHCP Scope Options
      • Using IP Helpers
    • Booting custom entries in 2PXE menu
    • iPXE 802.1x Integration
  • Troubleshooting
    • Overview
    • Multi NIC and trunks implementations
    • Custom entries in WinPEShl.ini
    • DP Package Share IIS Permissions
  • Reference
    • iPXE Console Commands
Powered by GitBook
On this page
Export as PDF
  1. Troubleshooting

DP Package Share IIS Permissions

At the time of this writing, an issue has been identified when attempting to use 2PXE Server on a Configuration Manager distribution point. It appears that a recent Configuration Manager update has modified IIS permissions for a CM distribution point package share which disables anonymous access. This causes an issue when a PXE booting client attempts to access a boot image.

This can be resolved by modifying the authentication settings for the CM package share IIS app manually:

Unfortunately, the the setting may be reverted during any future CM update, so it is recommended to create a scheduled task on the 2PXE server to reset the permissions. The following PowerShell command can be ran to set the correct authentication settings:

c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -command "&{$webappvalue = (Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled).Value; if (!$webappvalue) {Set-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled -Value 'True'; Add-Content $ENV:Windir\Temp\IIS_Anonymous.log -value ('[{0:yyyy-MM-dd} {0:HH:mm:ss}] {1}' -f (Get-Date), 'Anonymous Authentication is Disabled. Enabling')}}"

Note: The above command will log the result to %WINDIR%\Temp\IIS_Anonymous.log

If creating a scheduled task, the task should be configured on a recurring schedule, and using the following Action details: Action: Start a program Settings: Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add arguments: -noprofile -command "&{$webappvalue = (Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled).Value; if (!$webappvalue) {Set-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled -Value 'True'; Add-Content $ENV:Windir\Temp\IIS_Anonymous.log -value ('[{0:yyyy-MM-dd} {0:HH:mm:ss}] {1}' -f (Get-Date), 'Anonymous Authentication is Disabled. Enabling')}}"