PXE boot stopped working for WDS
After updating the Windows Deployment Service (WDS) server, it didn’t seem to work anymore. The clients would try a PXE boot but couldn’t find a TFTP server to get the boot image from. A colleague of mine found a great article about this problem.
It seems that when you have a single server that is running WDS and DNS, the DNS server binds to all ports in the WDS port range leaving the WDS server unable to respond to the clients.
Symptoms
- TFTP downloads fail
- Multicast downloads fail with a possible error code 2
- When WDS tracing is enabled you will find one or more errors that resemble the following
[2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\udpportrange.cpp:755] Expression: , Win32 Error=0x2
[2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\regudpendpoint.cpp:192] Expression: , Win32 Error=0x2
[2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\inc\RegEndpoint.h:354] Expression: , Win32 Error=0x2
[2416] 16:01:36: [WDSTFTP][UDP][Ep=0] Registration Failed (rc=2) - When you run
netstat –abnyou’ll find that 64001 to 65000 is displayed as being used - You’ve applied security update MS08-037: Vulnerabilities in DNS could allow spoofing
Solution
If you do not require WDS to use a static port range, you can configure WDS to dynamically query WinSock for available ports instead of using a port range. To do this you’ll have to modify a registry key on the affected server.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Parameters
Modify the key UdpPortPolicy and set it to 0. Then restart the Windows Deployment Services.
More information can be found here: http://support.microsoft.com/kb/977512/en-us
