I was recently on site investigating an issue a customer had trying to PXE boot UEFI devices using WDS to deploy their base image. The only way they could build these devices off of PXE was to change the BIOS, which wasn’t an acceptable solution, so they had resorted to booting from USB. Whilst this works, it was preferred to boot using PXE to remove the necessity of keeping the USB devices up to date.
It was identified that DHCP options 66 and 67 were configured for PXE boot. Before UEFI, this configuration would have been fine. However, UEFI requires a different Network Boot Program (NBP) from what was historically configured. Using the DHCP options was the cause of the problem, by using them you are statically setting what can be used for PXE boot. You direct to a single server with a single NBP.
The answer to this conundrum is to utilise Dynamic PXE, or forward broadcasts. This solution removes the static settings within DNS and utilising IP helpers from your networking equipment. IP Helpers forward the DHCP broadcast from your clients to a DHCP server AND a Windows Deployment Server (WDS). The WDS server is then capable of responding to the request with the suitable NBP so the client can boot. This is all assuming that your client and WDS are on separate subnets. Should they be on the same subnet (small and test environments) then the WDS will pick up the broadcast and be able to respond automatically (once again assuming that it is configured for PXE).
This is a networking solution and so there are some ports that need to allowed for routing and opened on firewalls (if applicable):
- DHCP broadcasts using UDP 67 should be configured to route directly to the DHCP server AND WDS
- If there are firewalls on the router or in between the client and WDS then UDP port 4011 will need to opened (as well as any UDP ports used for TFTP and multicasting as specified on the Network Settings tab of server properties in the Windows Deployment Services MMC snap-in)
Once the networking is configured you will then be able to PXE boot from UEFI devices. Any legacy devices will also still be able to boot as SCCM will identify which NBP should be used from the DHCP request.
The above only provides an insight in to Dynamic PXE but hopefully provides an understanding of how you can configure PXE boot without using DHCP options.