What is Wake On Lan and how does it work?

Wake On Lan is an industry standard protocol for waking computers up from various sleep states, see below. In essence it’s the ability to wake computers up when you need to, well that’s the theory. Getting all the machines to wake up is like finding the holy grail sometimes.

Last Friday WannaCryrpt ransomware started hitting machines around the world and I contacted my department head and asked for permission to update all workstations and ignore maintenance windows, he agreed and I got to work. To my horror when I deployed the updates almost all of my 4000 workstations didn’t wake up. It turned out to be an issue with ACL lists on the switches, but to me it shows how hard it is to get WOL to work consistently. You need many ducks in a row for this to work.

So today I wanted to talk about how you get this to work or more likely how to give you the best chance of it working consistently. Wake on LAN uses what’s called a magic packet which is broadcasted across your environment, it contains the subnet information, network address, and the MAC address of the target computer’s network card. A Magic Packet consists of 6 bytes of all 255 (FF FF FF FF FF FF), followed by sixteen repetitions of the target computer’s MAC address.

Going forward I am assuming your BIOS supports and is configured for WOL

If you want to add support for Surface add this (WOL Surface)

Sleep States

Below are the different sleep states, in a previous post I spoke about how Windows fast startup can interfere with WOL. The machine should wake up from most of these states.

State Description
S0  The computer is on and fully functional.
S1  The computer appears to be off with the CPU stopped. RAM is refreshed, and the computer is running in a low power mode.
S2  The computer appears to be off with the CPU stopped. RAM is refreshed, and the computer is running in a lower power mode than S1.
S3 (Standby)  The computer appears to be off with no power to the CPU. RAM is in slow refresh.
S4 (Hibernate)  The computer appears to be off with no power to the hardware. System memory has been saved as a temporary file on the hard disk.
S5 (Off)  The computer is off with no power to the hardware, and the operating system has been shut down without saving system memory to disk.

Default Network Adapter settings for WOL

  1. This is an example of a network adapter that wont allow WOL
  2. If we look in WMI we can see the setting for “Allow this device to wake the computer” and “Only allow a magic packet to wake the computer” by default they are disabled.

Subnet-directed broadcast Versus Unicast

What ever method you pick its work consulting your network team first.

Subnet Directed Broadcast: This method retrieves the subnet address and MAC address from Hardware Inventory and then the magic packets are targeted at the subnet. The magic packet is sent to all machines on that subnet but should only wake up its intended target. If ConfigMgr doesn’t have the IP and Mac address this wont work, plus subnet broadcast is normally disabled on routers and switches.

Unicast: This method transmits the IP address and MAC address that is stored in the Hardware Inventory and the magic packets are targeted directly. This will not work if the ARP cache on the switch has flushed out the MAC and IP of the computer. The ARP cache keeps a record of the MAC and IP address, normally the ARP cache is only held between 8 and 40 minutes but depends on your set up.

Configure System Center Configuration Manger for WOL

Go to the properties of the Site Server.

Go to the Wake on Lan tab, I use “Subnet-directed broadcasts”

Click on Advanced. I changed the retries from 3 to 5 and set the delay to 2 minutes. It works better for my environment.

Next go to the ports tab, currently its set to UDP port 9 Microsoft suggest changing this.

 

Automating adapter configuration with ConfigMgr CB

A few years ago I used a Vb script to alter the settings on our network adapters but this had a few flaws. The first was if the network adapter reset the settings reset to the default, the second was it tried to change all adapters settings (including Virtual) and finally I didn’t have a way to confirm that it actually worked. Now Maurice and I are pretty big fan boys when it comes to Configuration Items and Configuration Baselines. If you have never used them before my brother from another mother wrote a great article on this here (ConfigMgr Configuration Baselines – A Beginners Guide).

Configuration Item

  1. Open the SCCM Console and expand the Compliance Settings section
  2. Right click on the Configuration Item and select Create Configuration Item
  3. Give your CI a name, always good to follow a naming pattern.
  4. I selected Windows 7, 8, 8.1, and 10
  5. Under Settings tab, new
    • Name: All this device to wake the computer
      Description: This allows the NIC to wake up the machine.
      Setting type: WQL query
      Data type: Boolean
      Namespace: root\wmi
      Class: MSPower_DeviceWakeEnable
      Property: Enable
      WQL query: InstanceName Like ‘PCI%’

      Warning when I copied this to the site it changed the formatting

  6. Under Compliance rules
  7. Under Settings tab, new
    • Name: Only allow a magic packet to wake the computer
      Description: Magic packets only.
      Setting type: WQL query
      Data type: Boolean
      Namespace: root\wmi
      Class: MSNdis_DeviceWakeOnMagicPacketOnly
      Property: EnableWakeOnMagicPacketOnly
      WQL query: InstanceName Like ‘PCI%’

      Warning when I copied this to the site it changed the formatting

  8. Under Compliance rules
  9. Review the settings
  10. Review Compliance Rules

 

 

Configuration Baseline

With the Configuration Items created the next step is to create a Configuration Baseline and deploy it to your collection.

  1. Right click on Configuration Baseline and click Create Configuration Baseline.
  2. Give the baseline a name.
  3. The final step is to deploy the Configuration Baseline to the Collection, so right click on the Configuration Baseline and Deploy. Ensure that “Remediate noncompliant rules when supported” is ticked.

Compliant

On a client machines you should see this.

The network adapter now has the settings ticked.

Under WMI you can see the settings enabled and only for the physical adapters.

Monitoring

Under the monitoring node I can see compliant machines.

And there we go.

I am originally from Dublin – Ireland but moved to London in 2000 to study for a Computer Science degree. I currently work for London Metropolitan University, It’s a challenging but also a creative environment.

I specialise in system center configuration manager and application packaging, I’m working on increasing my online presence though my website and twitter account so please feel to drop me a line.

(1265)

comments
  • Matthew Davidson
    Posted at 16:27 May 19, 2017
    Matthew Davidson
    Reply
    Author

    Great article! Very timely!!

  • Ben
    Posted at 23:33 May 19, 2017
    Ben
    Reply
    Author

    Great article! Great way to enable WOL. Do you use RCT to actually wake them up individually if needed or just rely on the deployment to wake them up? I have scenarios where I just need to switch a remote PC on without a deployment.

    • Terence Beggs
      Posted at 06:36 May 20, 2017
      Terence Beggs
      Reply
      Author

      Hi Ben, yes I use RCT tools. If I’m in a hurry I use the RCT tools to wake machines up rather than wait on a deployment. As the site server is one of the only VMs allowed to wake up machines, the RCT tools must be run from there, but that is just my environment. Thanks.

  • MD Arif Hussain
    Posted at 22:39 May 20, 2017
    MD Arif Hussain
    Reply
    Author

    This is a great article! I really appreciate it!
    Genius like you are make ConfigMgr Admin life easier.

  • Stephane
    Posted at 03:15 May 21, 2017
    Stephane
    Reply
    Author

    Awesome article, I’m wondering, do we need to change some bios settings in order to make this work, or we just need to follow your guide? Thks

    • Terence Beggs
      Posted at 07:43 May 21, 2017
      Terence Beggs
      Reply
      Author

      Yes you will need to a) confirm your motherboard supports this (most do), but I have been screwed over by this in the past b) you will need to turn this on, if your lucky enough to have dell or hp this should be pretty easy to do.

  • Ben
    Posted at 12:48 May 21, 2017
    Ben
    Reply
    Author

    Thanks for the reply mate. I’m gonna have to dip into this SCCM magic. We have machines waking on randomly and we can’t figure out why. I assume we can nominate a couple of PCs in each subnet to act as WOL/WOW agents.

    • Terence Beggs
      Posted at 14:46 May 21, 2017
      Terence Beggs
      Reply
      Author

      Yes you can test WOL within a subnet, as for randomly waking machines, check wake on alarm in the bios. We had machines randomly waking at 7am the poor cleaner probably thought the room was haunted.

  • Rasheed
    Posted at 18:41 May 22, 2017
    Rasheed
    Reply
    Author

    Hi and thanks for this article really appreciated !

    I get an error ID 0X80041010 ” NON VALID CLASS” on the deployment Status. Can you tell me what i’m doing wrong ?

    • Terence Beggs
      Posted at 18:56 May 22, 2017
      Terence Beggs
      Reply
      Author

      Double check to make sure the class is root\wmi

      • Terence Beggs
        Posted at 11:13 May 23, 2017
        Terence Beggs
        Reply
        Author

        Look at the post again as someone else pointed out that InstanceName Like ‘PCI%’ is changed to InstanceName Like ‘PCI%’ when i copy it to the blog

  • Andreas
    Posted at 10:39 May 23, 2017
    Andreas
    Reply
    Author

    Thanks for this post, was kinda waiting for it 😉

    But unfortunately, it doesn’t work for me. This is DcmWmiProvider.log:

    WQLRealizer::QueryValues- failed at Namespace.Query with Error=0x80041017 DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed in discovering instance.
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed to do HandleExecQueryAsync().
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed to process CWqlQueryProvider::ExecQueryAsync.
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    WQLRealizer::QueryValues- failed at Namespace.Query with Error=0x80041017 DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed in discovering instance.
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed to do HandleExecQueryAsync().
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)
    Failed to process CWqlQueryProvider::ExecQueryAsync.
    Unknown error (Error: 80041017; Source: Unknown) DcmWQLQueryProvider 23.05.2017 11:26:29 700 (0x02BC)

    • Terence Beggs
      Posted at 10:41 May 23, 2017
      Terence Beggs
      Reply
      Author

      Double check to make sure the class is root\wmi
      Are the NIC’s intel?

    • Andreas
      Posted at 10:43 May 23, 2017
      Andreas
      Reply
      Author

      ooohhhh that’s evil!
      I figured it out:
      I copyed your WQL query ” InstanceName Like ‘PCI%’ ” and the ’ you used on the site is not the ‘ you have to use in your query. Replaced your ’ by ‘ and now it works. 🙂

      • Terence Beggs
        Posted at 10:47 May 23, 2017
        Terence Beggs
        Reply
        Author

        You know what i have had that before from other sites. I will update the post to warn people.

      • Terence Beggs
        Posted at 11:12 May 23, 2017
        Terence Beggs
        Reply
        Author

        Ok i have updated the post, for some reason it changes the formatting when I copy it to the post.

  • Big Geoff
    Posted at 14:46 May 23, 2017
    Big Geoff
    Reply
    Author

    Great work, you are making me look good!

  • Greg
    Posted at 19:45 May 23, 2017
    Greg
    Reply
    Author

    Thank you. That worked great.

  • Leave a Reply