Dual-boot with SOL for recovery solution

Dual-boot with SOL for recovery solution

Hello,

I would like if someone could give me a clue. I am trying to build a single disk PC with vPro and with Windows Vista. In case the system will not be bootable I would like to have an ability to remotely force the system to boot into another partition on the disk where a WindowsPE could be instaled so I could have a complete control over a PC with inoperable OS - to reapply the image (located also on the partition) at least.

I have the vPro PC in front of me, but before I try to do it, I would like to know which direction should I go. I thought Serial-over-LAN could be a good solution combined with some dual-boot, so I could connect to the PC, turn it on and in the boot menu select to boot to "another" partition. But then there is a problem with the fact, that WindowsPE is basicaly a GUI with one command prompt window, but perhaps I could force it to redirect something to COM3/4 so I could control the PC through SOL event after it loads as I assume RDP is not supported in WindowsPE.

Does anyone have any suggestions ?

Thank you very much

22 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

You have a few options. Idealy, it would be nice to add the network drivers to your WinPE image and take control of your computer using RDP. Its probably going to give you the best results, but I am not sure how to go about adding drivers. I do know it's possible.

Another solution is you want to use Serial-over-LAN is to add a SOL agent on WinPE. When you boot WinPE, this agent to connect to the SOL COM port and provide a prompt you can use to send command, etc. This is easily done in Linux, but much more difficult with WinPE.

If you look at the Intel AMT Developer Tool Kit, there is a sample SOL agent included. It will offer up a prompt within Microsoft Windows you can use to upload/download files, run and kill processes, etc. It can also route TCP connections over SOL which is really cool. You can VNC to a machine that does not have a network driver.

In most cases, this will require you add software to your WinPE image.

Hope it helps,
Ylian

Ok. So I have found the following:

1.RDP , VNC and Intel AMT Outpost are not possible to run on WinPE.
2.the only possible solution I have found so far to get a remote GUI was to use the UltraVNC SingleClick product, where VNC on the iAMT PC is actualy a TCPIP client and not TCPIP server (as ususal) as outgoing connections are possible on WinPE.
3.to get the cmd.exe command prompt, i had to wrote a "simple" console redirector that allows something like "telnet-over-serial-over-LAN". On linux it would be a matter of configuration, but on windows it was a real hell. C++ Source codes and binary app are freely available on http://www.instantsolutions.cz/files/redfile.zip. Works with COM3 and cmd.exe. This redirector of course requires to instal the Intel ME Driver so COM3 is available.

I am having trouble with one more thing and that is how to force to boot to the maintenance and diagnostic partition on the disk. In your video tutorials on http://software.intel.com/en-us/articles/download-the-latest-version-of-... it looks like you can see the POST progress when connected to SOL so I assume if there is a boot menu you could choose from it remotely. But this does not work on my iAMT PC. I have got the Intel DQ965GF board, and I can boot to BIOS setting without any problems with iAMTTerm. But when I just boot the PC, I do not see anything in iAMTTerm until I ran the aforementioned cmd.exe redirector. I can also boot from DOS diskette and then I can see the command prompt. Physicaly on the PC there is basicaly no POST visible either as there is this Intel splash screen, but there is the RAID configuration listing and also the "press a key to boot form CD/DVD.." challenge which are not visible through SOL.

So I would like to ask if you could really see the POST progress on your iAMT PC through SOL and if you can do someting like selection from the boot menu with Windows Vista.

thanx

ok, I've got it now....

if it say's NO REMOTING it means NO REMOTING.

I can get to "press a key to boot form CD/DVD.." if I boot to BIOS and
then I just exit the BIOS discarding changes or if I use Remote
Command->Custom Commands options

I can get then the SAC console if WinPE is booted with SOL connected.
In the SAC also a cmd.exe channel is available which does basicaly the
same job as my redirector.

Anyway I still do not see the POST progress nor the boot menu, so the dual-boot solution is still not possible....

I was able to see the boot menu if I had booted WinPE from CD with SOL
connected - it allowed to select between "boot to WinPE" and "Memory
test", but I could done the choice remotely. Now I am booting WinPE
from HDD and I do not see the boot menu which apears on the screen of
the iAMT PC :-(

any suggestions ?

it is really weird. I have found I can send commands over SOL to the iAMT PC even if I do not see on iAMTTerm what is going on there. So I could browse the boot menu with UP and DOWN keys, boot I do not see on the screen of my technician computer, although it is perfectly visible on the iAMT PC Screen.

I can send F4 keypress from my PC to remote iAMT PC and it will have appropriate effect but I still do not see anything on my iAMTTerm.

And by the way, it looks like the system is switching to different IP from DHCP every time it boots into OS. I got 192.168.15.135 or 192.168.15.189. Does the iAMT DCHP client have the same MAC address as the DHCP client in the OS ?

I should check the forums more often for your posts! When it comes to SOL, the BIOS will take anything you send it thru SOL and pass it on to the applications. In the other direction, it only send back thru SOL text data that has been written to the screen using BIOS write calls (which are generally slower and so, better applications avoid it). I think there are some BIOS out there that will still send thru SOL anything on the screen as long as it's text mode, but I would have to check.

As for IP address changing. As for as I know, Intel AMT has only one MAC address and so you could technicaly send AMT and the OS on two different static addresses, this is not supported. In my own lab, I went into my router (I use a Linksys WRTSL54GS with DD-WRT v2.3SP2) and staticaly send the DHCP to always return a given address for each machine I have on my network. I have seen this work great with the OS being both up and down. Generally speaking, the IP address should not change if the DHCP server does it's job ok.

Ylian

Ha yes. When in the DTK console tool, if it says "no remoting" the BIOS stays out of trying to forward the text screen and keys to the terminal. Even without remoting, you can still load Intel AMT Outpost (the sample agent) and plug the serial agent on the SOL COM port and get the command prompt. I hope you tried this, it's cool.

I am glad you found the "Custom Command..." menu option. I think as a result of your post, I will add a "Remoted normal boot" to my list of remoted commands in the menu. This would make it easier and it does seem to be a pretty common usage.

Back to your display problem. It's really annoying the SOL only works with BIOS write calls, and not direct display calls. I need to check, maybe the HP BIOS does not have the problem and so, you would see your boot selection screen. This said, if your boot selection screen is really text on graphic mode, there is no chance SOL will work.

Ylian

Intel AMT Outpost required .NET 2.0, so, it's going to be more trouble on WinPE. Of coure, if you could get Outpost running, you could get file upload/download, process monitor and TCP-over-Serial-over-LAN. Maybe it's worth considering that I look at building a C/C++ version of Outpost's serial agent.

I really like your redirector idea, I need to go check it out. I see below you fixed your issue of making a normal boot with SOL redirection enabled. I will change my console to make it easier to do.

Ylian

thank you very much for your answers.

.NET 2.0 is not available on WinPE, so this makes Intel AMT Outpost unavailable too.
"Remoted normal boot" would be great improvement to the iAMTTerm.
The DHCP mess has to be obviously solved in the way you mentioned.

Thanks for clarifying the way BIOS is doing the SOL redirect. My BIOS says:
Vendor
Intel Corp.
Version
CO96510J.86A.5844.2007.0302.0258
Release Date
03/02/2007
Characteristics
0x78099880

which BIOS did you use in the tutorial presentation ? Was it Intel or HP BIOS ?

I am perfectly fine with the fact I will never see the boot selection menu if I boot from HDD (looks like the BIOS calls for displaying the windows boot menu are used only when I boot from CD/DVD). I guess I will have to design my recovery solution like this:
1.every PC will be supplied with the "Emergency DVD"
2.in case of system crash, user will be asked to insert the "Emergency DVD" into the PC and do not touch it until he will be asked for it
3."Emergency DVD" will be WinPE bootable so remote administrator will remotely reboot the system, also he will remotely see the possibillity to select "Memory test" before boot, and after boot he will be presented with SAC console, which allows the CMD channel so he can do all the DISKPART and ImageX stuff. Everything nicely piped through SOL which amazingly works only if I boot from CD/DVD.

I am just curious: if POST is displayed on monitor using the BIOS calls, but why is this not displayed through SOL ? could it be because the redirection from BIOS calls to SOL is done actually after the POST is done ?

So I have updated the BIOS to version 5858 and I am able to see the POST with messages like "press F2 to enter the BIOS". I can not find anything about this issue in the release notes PDF, but nevermind...

Today I spoke with the solution specialist from Intel. On his demo lab, I have seen he has got the dual boot (XP and Vista) menu available through SOL. He has got the same BIOS as me and basicaly the same motherboard (just BTX instead of ATX). I have got dual boot too (WinPE and Vista) and no dual boot menu available through SOL.

:-(

I added the "Remoted Normal Boot" to my todo list.

I did the tutorial videos on a Intel BIOS, but I have lots of other machines in my lab including one from HP. In my opinion, HP is really making a big effort to make the best BIOS for AMT but I have not seen many other manufactures. For example: On the HP BIOS, when the computer goes into graphics mode, SOL will tell you that the computer went to graphics mode (Nice touch I think). They also support both VT100 and ANSI (Most text apps look better in ANSI mode), etc. It's also my understanding that there BIOS is larger for they put more flash spacein the computer to hold it.

On your last question. Once BIOS is SOL redirection is turned on, everything that is printed to the screen using BIOS calls gets sent to SOL. Again, the problem with many text applications is that they use direct video writes and don't go thru the BIOS to print to the screen. If you can see it on the local screen, but not with SOL, that's most likely what is happening and so, I would try different applications until I find one that makes BIOS writes. This rule also applys during the boot process... it's a little surprising the POST would not show up in SOL, but it's possible that parts of the POST is using direct writes.

Ylian (Check out my Intel AMT blog)

I am glad you contacted an Intel specialist, I gotto interact with many of them and they are always really fun people playing with the latest technology toys, etc.

Can I ask what boot selection software you where using? Was it the one built into Windows? There are many others available and maybe theIntel solutions guy can help you find one that will show up on SOL. I would really hate for you to have your users drag around CDROM's you are so close to just having everything on the hardware.

About Outpost on WinPE, you are right that .NET 2.0 is not part of WinPE, but I don't know if you could add it or not. In anycase, it would be nice to me to rebuild a version of it in C/C++, maybe just the serial agent portion.

Ylian (Check out my Intel AMT Blog)

Success finally !!

I am using the Windows Boot Manager and it looks like the miraculous option that will allow you to see the boot menu over SOL is the "bootems" option on the {bootmgr}, which is set by:

bcdedit -set {bootmgr} bootems yes

so the listing after bcdedit -enum ALL looks like (it is from the Czech language edition)

Sprvce spouten systmu Windows
--------------------
identifiktor {bootmgr}
description Boot Manager
bootems Yes
resumeobject {aeced355-d315-11db-8ef1-806e6f6e6963}
displayorder {current}
{ae1b80aa-d314-11db-8f47-0019d122e169}
toolsdisplayorder {memdiag}
timeout 30

Zavdec program pro spouten systmu Windows
-------------------
identifiktor {current}
device partition=X:
path windowssystem32ootwinload.exe
description WinPE
osdevice partition=X:
systemroot windows
resumeobject {76e2aba4-d312-11db-9683-806e6f6e6963}
detecthal Yes
winpe Yes
ems Yes

Zavdec program pro spouten systmu Windows
-------------------
identifiktor {ae1b80aa-d314-11db-8f47-0019d122e169}
device partition=C:
path windowssystem32ootwinload.exe
description Windows Vista Business
osdevice partition=C:
systemroot windows
resumeobject {aeced355-d315-11db-8ef1-
806e6f6e6963}
ems Yes

Obnoven z hibernace
---------------------
identifiktor {76e2aba4-d312-11db-9683-806e6f6e6963}
device partition=X:
path windowssystem32ootwinresume.exe
description WinPE
inherit {resumeloadersettings}
pae Yes
debugoptionenabled No

Obnoven z hibernace
---------------------
identifiktor {aeced355-d315-11db-8ef1-806e6f6e6963}
device partition=C:
path windowssystem32ootwinresume.exe
description Windows Vista Business
inherit {resumeloadersettings}
filedevice partition=C:
filepath hiberfil.sys
pae Yes
debugoptionenabled No

Testovn pameti systmu Windows
---------------------
identifiktor {memdiag}
device boot
path ootmemtest.exe
description Memory Test

I do not think it forces the Windows Boot Manager to use the BIOS calls, but I guess it makes the "graphical" bootmgr to also send some things over SOL (no idea how it is done).

.NET 2.0 can not be installed to WinPE, but according to the fact there is this Special Administration Console (SAC) which pops up over SOL soon after WinPE boots I think it is not needed to have Outpost for WinPE. The only thing you can not do over SAC is the TCPIP redirect over SOL, but I am not sure if this is so neccessary (I am not sure if you could run any TCPIP server on the WinPE anyway). I think it would be better instead of this to have the possibility on a usual Windows system to minimize Intel Outpost to the systray so it would be just a nice icon next to the clock. on the right bottom of the desktop.

Thank you so much! You deserve a prise for posting such a great solution on our forums. This is probably one of the most valuable pieces of information I have seen in a long time for SOL. I am sure many people will be using your newly discovered setting. I need to blog about it.

I need to play with the WinPE SAC sometime, maybe it would even be possible to put some console front end of some of the commands.

I am working on making Intel AMT Outpost a windows service with a seperate control application, it's almost done and so, it should show up in one of the next releases of the DTK. Really, Intel AMT Outpost should always have been a service, but I will keep the application version for developer testing. I also want it to be a service so that it is avaialble even when no user is logged in. Still, I want to user to be able to setup permissions on what Intel AMT Outpost will allows the administrator to do.

Ylian (Check out my Intel AMT Blog)

Intel Outpost as a Windows service is a cool solution. It would be great if the control app would not add another icon to the systray but instead if it could be accessible through the icon of atchk.exe, which displays state of iAMT and is already in systray on iAMT PC, but that is a basically feature gold-plating. I guess the control app does not need to run all the time.

Anyway, if the user will have the option to set the permissions for administrator, I hope also the administrator will have an option to disallow this feature for the user as there are scenarios where user has no rights to set something on the PC.

You can enjoy some experience with the SAC just by booting from the Windows Vista installation DVD with SOL connected as the WinPE is actually booted in that case.

There is some info about SAC (forr Win2003 Server, but it is basically the same for Vista Bussines)
http://technet2.microsoft.com/WindowsServer/en/library/ff4bc645-cb49-495...

Zdenek

The Intel AMT system tray icon is built by a different group at Intel and so, it would be difficult for me to use their icon and application. I do need to talk to the people building that application because I have noticed that if Outpost and the Intel AMT check tools are loaded at the same time, Intel AMT Outpost cannot log into Intel AMT. So, I have more bugs to go track down.

I just released version 26 of the Intel AMT DTK internally at Intel yesterday and one feature it now includes is a remote Microsoft Windows device manager so you can list, enable and disable device drivers using SOL/Outpost. Its very cool I think. I will try to make this version available soon. The service version of Outpost is also often requested; it should come out in the next few weeks.

Ylian (My Intel AMT Blog)

Hello,

It was good to read your post. I am facing the same problem. However, with a strange issue. I am building oem computers. I replaced an intel dq35-joe mainboard with an asus p5e-vm-do mainboard in one computer. Those mainboards are very similiar. Both with intel vpro chipset q35.
There is one sata disk in that computer with windows vista ultimate 32bit installed with boot manager. With intel motherboard the boot manager display went over the serial over lan right out of the box, I didn't have to do anything with bcdedit. However, after replacing the mainboard with asus p5e-vm do, the vista boot manager display didn't went over sol anymore eventhough vista booted successfully (they are very similar motherboards).
After reading your post I was trying to use the command you suggest: bcdedit -set {bootmgr} bootems yes , it applied succesfuly but it didn't help. The vista boot manager display still didn't went over sol. Now I don't know what to do? Can you help me to solve this problem?

Best regards,
Norbert

Quoting - nor500
Hello,

It was good to read your post. I am facing the same problem. However, with a strange issue. I am building oem computers. I replaced an intel dq35-joe mainboard with an asus p5e-vm-do mainboard in one computer. Those mainboards are very similiar. Both with intel vpro chipset q35.
There is one sata disk in that computer with windows vista ultimate 32bit installed with boot manager. With intel motherboard the boot manager display went over the serial over lan right out of the box, I didn't have to do anything with bcdedit. However, after replacing the mainboard with asus p5e-vm do, the vista boot manager display didn't went over sol anymore eventhough vista booted successfully (they are very similar motherboards).
After reading your post I was trying to use the command you suggest: bcdedit -set {bootmgr} bootems yes , it applied succesfuly but it didn't help. The vista boot manager display still didn't went over sol. Now I don't know what to do? Can you help me to solve this problem?

Best regards,
Norbert

Is it just possible that one mainboard (intel dq45cb) is sending boot manager display, the other is not (asus p5e-vm-do)?

Quoting - nor500
Hello,

It was good to read your post. I am facing the same problem. However, with a strange issue. I am building oem computers. I replaced an intel dq35-joe mainboard with an asus p5e-vm-do mainboard in one computer. Those mainboards are very similiar. Both with intel vpro chipset q35.
There is one sata disk in that computer with windows vista ultimate 32bit installed with boot manager. With intel motherboard the boot manager display went over the serial over lan right out of the box, I didn't have to do anything with bcdedit. However, after replacing the mainboard with asus p5e-vm do, the vista boot manager display didn't went over sol anymore eventhough vista booted successfully (they are very similar motherboards).
After reading your post I was trying to use the command you suggest: bcdedit -set {bootmgr} bootems yes , it applied succesfuly but it didn't help. The vista boot manager display still didn't went over sol. Now I don't know what to do? Can you help me to solve this problem?

Best regards,
Norbert

Wow, this was an old thread that you found :).

I'm not 100% sure I understand the issue you're seeing. Do you mean SOL partially works, but just doesn't display the boot manager?Can you use SOL to go to BIOS, and that functionality works fine? And does other AMT functionality (such as power control) work alright? I'm assuming you reprovisioned AMT after you replaced the mainboard.

In the previous thread Ylian mentioned that some BIOS's handle some text applications by using direct video writes instead of going through the BIOS. This is beyond the scope of what I've worked with before, but it seems possible that the two different mainboards you have handle this differently. It might be possible to change a BIOS setting to handle this.

Actually, what BIOS version is on the Asus mainboard you are using?

Andy

Quoting - Andrew Schiestl (Intel)

Wow, this was an old thread that you found :).

I'm not 100% sure I understand the issue you're seeing. Do you mean SOL partially works, but just doesn't display the boot manager?Can you use SOL to go to BIOS, and that functionality works fine? And does other AMT functionality (such as power control) work alright? I'm assuming you reprovisioned AMT after you replaced the mainboard.

In the previous thread Ylian mentioned that some BIOS's handle some text applications by using direct video writes instead of going through the BIOS. This is beyond the scope of what I've worked with before, but it seems possible that the two different mainboards you have handle this differently. It might be possible to change a BIOS setting to handle this.

Actually, what BIOS version is on the Asus mainboard you are using?

Andy

I am using the latest 0902 but also tried 0702 asus bios version before with no success. I can enter bios over sol with no problem. I can do remote restart and see the remote screen until showing "checking nvram....." and then comes black screen, nothing is going over SOL. I tried everything with the bios settings but didn't help. On the hard disk vista ultimate is installed. Just after I change the mainboard to intel dq-35joe and remote reboot, I can see the remote screen until windows vista boot manager screen is showing up and the pc starts booting into vista. So the intel mainboard is perfect, but the asus is very limited in terms of SOL functionality.

Have you got any idea what to do?

Norbert

Quoting - nor500

I am using the latest 0902 but also tried 0702 asus bios version before with no success. I can enter bios over sol with no problem. I can do remote restart and see the remote screen until showing "checking nvram....." and then comes black screen, nothing is going over SOL. I tried everything with the bios settings but didn't help. On the hard disk vista ultimate is installed. Just after I change the mainboard to intel dq-35joe and remote reboot, I can see the remote screen until windows vista boot manager screen is showing up and the pc starts booting into vista. So the intel mainboard is perfect, but the asus is very limited in terms of SOL functionality.

Have you got any idea what to do?

Norbert

Hmm, at this point I think you will need to follow up with Asus about this particular motherboard and the issue that you are seeing. I'm not familiar enough with their motherboard to help beyond telling you to try the latest BIOS, if that doesn't resolve the issue (and SOL works to get to the BIOS), they can probably help more with this issue.

Quoting - Andrew Schiestl (Intel)

Hmm, at this point I think you will need to follow up with Asus about this particular motherboard and the issue that you are seeing. I'm not familiar enough with their motherboard to help beyond telling you to try the latest BIOS, if that doesn't resolve the issue (and SOL works to get to the BIOS), they can probably help more with this issue.

This is why I stay away from integrators and go straight with Intel's boards. I work at a Leader in Data Center Consulting: Digital Perfections and we only sell Intel products. However, rather than calling ASUS technical support you should try to find somewhere on the interenet a page that directs you to one of their engineering numbers. Good luck on the issue.

Leave a Comment

Please sign in to add a comment. Not a member? Join today