Cobbler (v3.3.7) Windows Deployment Guide

Posted by Sus-Admin on Monday, April 14, 2025

This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the Beginner’s guide.

Table of Contents

  1. Objective
    1. Caveats
  2. Cobbler Server Prep
    1. Dependencies
    2. Cobbler Server Settings
  3. Windows 10 PXE Deployment
  4. Windows 11 PXE Deployment
  5. Tips & Troubleshooting

Objective

Starting where the Beginner’s guide left off, further configure the Cobbler v3.3.7 server to deploy both Windows 10 and Windows 11 via PXE network boot, using the same system and network environment. This guide assumes that you still have selinux and firewalld configured and enabled as described in the Beginner’s guide.

Caveats

  1. IMPORTANT: Issues were encountered running the PXE client as a VirtualBox VM with UEFI firmware, so instead it is recommended to run the PXE client on physical (bare metal) hardware or as a VMWare Workstation/Fusion VM for UEFI installations.

    • More info on the issues encountered in the Tips & Troubleshooting section below.

    • If running the PXE client as a VMWare VM it is recommended to also run the Cobbler Server under the same VMWare host or another bare metal machine, using the same specs/settings as described in the Beginner’s guide.

    • Your experience may differ depending on your hardware and Windows and VirtualBox software versions and settings.

  2. This guide assumes you have already acquired the Windows 10 and 11 64-bit ISO installation files by using the Windows 10 and Windows 11 Media Creation Tool, which requires an existing Windows 10 or 11 system to create (like the VirtualBox Host described in the Beginner’s guide)

    • Also on the Windows 11 download page linked above is the minumum system requirements for installing Windows 11, which include UEFI Secure Boot and TPM support, making a supported installation to a VM an advanced topic beyond the scope of this guide.

      • This guide will provide a workaround for those requirements as a proof of concept, but additional information on deploying via PXE with Secure Boot enabled can be found in Cobbler’s official docs.

Cobbler Server Prep

Enable the Windows support features as well as iPXE configs in Cobbler.

Dependencies

Install some additional dependencies required by Cobbler

yum install -y samba python-hivex python-pefile wimlib-utils python3-ldap openldap-servers openldap-clients
systemctl enable smb

Cobbler Server Settings

Enable Windows support in Cobbler’s settings, as well as ipxe, if not enabled already

sed -i 's/windows_enabled: false/windows_enabled: true/' /etc/cobbler/settings.d/windows.settings
sed -i "s/enable_ipxe: false/enable_ipxe: true/" /etc/cobbler/settings.yaml
systemctl restart cobblerd

Download the wimboot image from iPXE’s GitHub to the Cobbler loaders directory and sync cobbler

  • Also, be sure to link the approriate bootloader images to the Cobbler loaders directory if not done already (since the PXE software included with VMWare Workstation/Fusion and VirtualBox VMs do not support downloads via HTTP).
wget https://github.com/ipxe/wimboot/releases/latest/download/wimboot -P /var/lib/cobbler/loaders
ln -s /usr/share/ipxe/undionly.kpxe /var/lib/cobbler/loaders/.
ln -s /usr/share/ipxe/ipxe-x86_64.efi /var/lib/cobbler/loaders/.
ln -s /usr/share/ipxe/ipxe-snponly-x86_64.efi /var/lib/cobbler/loaders/.
cobbler sync

Edit the /etc/samba/smb.conf file to match the below text-block

[global]
        server role = standalone
        log level = 5
        load printers = no
        security = USER
        map to guest = Bad User
        guest account = nobody
[DISTRO]
        path = /var/www/cobbler
        public = yes
        browseable = yes
        writeable = no
        printable = no

More info on this service and configuration in the Tips & Troubleshooting section below

Enable and start the smb service

systemctl enable --now smb

Now, fix the dhcp.template file to properly detect PXE client firmware type during DHCP and enable iPXE chainloading for a more reliable experience on PXE clients.

sed -i 's,filename "http://\\\$cobbler_server/cblr/svc/op/ipxe/system/\\\$iface.owner";,filename "http://\$cobbler_server/cblr/svc/op/ipxe/system/\$iface.owner";\\n            } else if exists system-arch and option system-arch = 00:07 {\\n                filename "ipxe-x86_64.efi";\\n            } else if exists system-arch and option system-arch = 00:08 {\\n                filename "ipxe-x86_64.efi";\\n            } else if exists system-arch and option system-arch = 00:09 {\\n                filename "ipxe-x86_64.efi";,' /etc/cobbler/dhcp.template
  • The above command should edit the below original text block to match the following updated block in the resulting dhcp.template file:

    • original

              #if $iface.enable_ipxe:
                  if exists user-class and option user-class = "iPXE" {
                      filename "http://$cobbler_server/cblr/svc/op/ipxe/system/$iface.owner";
                  } else {
                      filename "undionly.kpxe";
                  }
              #end if
      
    • updated

              #if $iface.enable_ipxe:
                  if exists user-class and option user-class = "iPXE" {
                      filename "http://$cobbler_server/cblr/svc/op/ipxe/system/$iface.owner";
                  } else if exists system-arch and option system-arch = 00:07 {
                      filename "ipxe-x86_64.efi";
                  } else if exists system-arch and option system-arch = 00:08 {
                      filename "ipxe-x86_64.efi";
                  } else if exists system-arch and option system-arch = 00:09 {
                      filename "ipxe-x86_64.efi";
                  } else {
                      filename "undionly.kpxe";
                  }
              #end if
      

Finally, enable SELinux and Firewalld allowances for SMB server

setsebool -P samba_export_all_ro 1
setsebool -P cobbler_use_cifs 1

firewall-cmd --permanent --zone=cobbler --add-service=samba
firewall-cmd --reload

Windows 10 PXE Deployment

mount the Windows 10 installation media and import the distro into cobbler:

mkdir /mnt/Windows10
mount -o ro,loop ~/Downloads/Win10_22H2_English_x64.iso /mnt/Windows10
cobbler import --name Win10 --path /mnt/Windows10

If the PXE client will use legacy-BIOS firmware (MBR partition scheme) instead of UEFI, toggle uefi to false in the Cobbler Profile autoinstallation metadata:

cobbler profile edit --name Win10-x86_64 --autoinstall-meta 'uefi'='false' --in-place

More info in Cobbler’s official docs.

Finally, create a new Cobbler System to PXE boot and automatically install Windows 10 Pro, replacing the “aa:bb:cc:dd:ee:ff” with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System, then sync up Cobbler.

cobbler system add --name Win10 --profile Win10-x86_64 --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --enable-ipxe true
cobbler sync

The PXE Client VM can now be powered on, and should automatically boot to PXE and install Windows 10 to the VM HDD using the “autounattended.xml” answerfile template.

  • See the Tips & Troubleshooting section below for a fix for an issue encountered on the PXE client during the start-net.cmd script on both VirualBox and VMWare VMs

Windows 11 PXE Deployment

First use the following commands to edit the startnet.template file in order to bypass Windows 11 hardware requirements for the PXE client.

  • note that unix2dos will properly terminate the lines of text individually.
CMD1=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassSecureBootCheck /t REG_DWORD /d 1 /f' | unix2dos)
CMD2=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassTPMCheck /t REG_DWORD /d 1 /f' | unix2dos)
CMD3=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassRAMCheck /t REG_DWORD /d 1 /f' | unix2dos)
CMD4=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassCPUCheck /t REG_DWORD /d 1 /f' | unix2dos)
CMD5=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassStorageCheck /t REG_DWORD /d 1 /f' | unix2dos)
CMD6=$(echo '\$distro_share\\sources\\setup.exe \$unattended' | unix2dos)
sudo sed -i -E "s,^#else.?$,#else if \$os_version == \"11\"\n${CMD1}\n${CMD2}\n${CMD3}\n${CMD4}\n${CMD5}\n${CMD6}\n#else," /etc/cobbler/windows/startnet.template

Now, take similar steps as with Windows 10 to import and automatically deploy Windows 11 Pro over PXE.

mkdir /mnt/Windows11
mount -o ro,loop ~/Downloads/Win11_24H2_English_x64.iso /mnt/Windows11
cobbler import --name Win11 --path /mnt/Windows11
cobbler system add --name Win11 --profile Win11-x86_64 --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --enable-ipxe true
cobbler sync

The PXE Client VM can now be powered on, and should automatically boot to PXE and install Windows 11 to the VM HDD using the “autounattended.xml” answerfile template.

  • See the Tips & Troubleshooting section below for a fix for an issue encountered on the PXE client during the start-net.cmd script on both VirualBox and VMWare VMs

Tips & Troubleshooting

  1. The Cobbler 3.3.6 Beginner’s guide Tips & Troubleshooting section contains some basic recommendations and limitations of Cobbler which will not be repeated here.

  2. VirtualBox Issues

    • Specifially, the ipxe-x86_64.efi bootloader would fail to “initialize devices” and even though using the ipxe-snponly-x86_64.efi bootloader instead would load properly, the PXE client VM would usually just hang when downloading on of the WinPE files (i.e. wimboot, boot.sdi, bootmgr.exe, bcd, winpe.wim)

      • Tried several troubleshooting steps and could not get a consisten fix:

        • Tried different virtual network adapters.

          • Using the “Paravirtualized Network (virtio-net)” adapter did resove this issue with the iPXE boot process and load into the WinPE/wimboot image successfully, but then did not detect any network adapters and failed to begin Window Setup, and further troubleshooting would be beyond the scope of this guide.
        • Tried installing the appropriate VirtualBox Extensions for my version of VB.

        • Disabled Memory Isolation in Windows Security on VirtualBox Host.

        • Tried with and without “Virtual Machine Platform” and “Windows Hypervisor Platform” Windows Features installed/enabled.

        • Found no relevant entries/errors in VirtualBox VM logs and nothing abnormal in Cobbler server logs (HTTP, TFTP, DHCP).

      • A live Windows OS installation can be converted from MBR (legacy-BIOS) to GPT (UEFI) via powershell commands, which can be used as a workaround for compatibility with VirtualBox VM UEFI firmware

  3. start-net.cmd issue

    • The smb linux service used to host the installation files for the PXE client on the Cobbler server would be unresponsive during some installations, primarily when running the startnet.cmd script on the PXE client to start Windows Setup, which caused the installation to stall and error-out occasionally.

      • After reading through the manpage (man smb.conf) and trying several different configurations the problem persisted; make the following edit to the startnet.template file to account for this occasional unresponsiveness/lag from the SMB server when booting into setup by first probing the SMB share until it responds.
        CMD=$(echo 'dir \$distros_dir || GOTO wno20' | unix2dos)
        sed -i "s,net use z:,${CMD}\nnet use z:," /etc/cobbler/windows/startnet.template
      
  4. References


comments powered by Disqus

Related posts in 2025 Apr

Cobbler (v3.3.7) Windows Deployment Guide
Posted on April 14, 2025
Read more
Cobbler (v3.3.7) Ubuntu Deployment Guide
Posted on April 07, 2025
Read more