iPXE Anywhere 2PXE Server
3.6
3.6
  • Start Here - 2PXE Server 3.6
  • Introduction
    • 2PXE Overview
    • Technical Overview
    • Release Notes
  • Proof of Concept
    • Objectives & Prerequisites
    • Install and Configure 2PXE
    • Testing and Validation
    • 2PXE POC Quick Checklist
  • Planning
    • Planning Your Implementation
    • Permissions
    • Firewall Considerations
    • Antivirus Exclusions
  • Installation
    • 2Pint PXE Server Manual Installation
    • Unattended Installation
    • 2PXE Post Installation Checks
  • Configuration
    • 2PXE Server Configuration File
      • Configuring the 2PXE Request Handlers
    • DHCP Configuration
      • Using DHCP Scope Options
        • Overview - DHCP Scope Options
        • Creating DHCP Scope Options
          • Manually Creating DHCP Scope Options
      • Using IP Helpers
    • Booting custom entries in 2PXE menu
    • iPXE 802.1x Integration
  • Troubleshooting
    • Overview
    • Multi NIC and trunks implementations
    • Custom entries in WinPEShl.ini
    • DP Package Share IIS Permissions
  • Reference
    • iPXE Console Commands
Powered by GitBook
On this page
  1. Troubleshooting

DP Package Share IIS Permissions

PreviousCustom entries in WinPEShl.iniNextiPXE Console Commands

Last updated 1 year ago

At the time of this writing, an issue has been identified when attempting to use 2PXE Server on a Configuration Manager distribution point. It appears that a recent Configuration Manager update has modified IIS permissions for a CM distribution point package share which disables anonymous access. This causes an issue when a PXE booting client attempts to access a boot image.

This can be resolved by modifying the authentication settings for the CM package share IIS app manually:

Unfortunately, the the setting may be reverted during any future CM update, so it is recommended to create a scheduled task on the 2PXE server to reset the permissions. The following PowerShell command can be ran to set the correct authentication settings:

c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -command "&{$webappvalue = (Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled).Value; if (!$webappvalue) {Set-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled -Value 'True'; Add-Content $ENV:Windir\Temp\IIS_Anonymous.log -value ('[{0:yyyy-MM-dd} {0:HH:mm:ss}] {1}' -f (Get-Date), 'Anonymous Authentication is Disabled. Enabling')}}"

Note: The above command will log the result to %WINDIR%\Temp\IIS_Anonymous.log

If creating a scheduled task, the task should be configured on a recurring schedule, and using the following Action details: Action: Start a program Settings: Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add arguments: -noprofile -command "&{$webappvalue = (Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled).Value; if (!$webappvalue) {Set-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled -Value 'True'; Add-Content $ENV:Windir\Temp\IIS_Anonymous.log -value ('[{0:yyyy-MM-dd} {0:HH:mm:ss}] {1}' -f (Get-Date), 'Anonymous Authentication is Disabled. Enabling')}}"