After updating the Windows Deployment Service (WDS) server, it didn’t seem to work anymore. The clients would try a PXE boot but couldn’t find a TFTP server to get the boot image from. A colleague of mine found a great article about this problem.
It seems that when you have a single server that is running WDS and DNS, the DNS server binds to all ports in the WDS port range leaving the WDS server unable to respond to the clients.
- TFTP downloads fail
- Multicast downloads fail with a possible error code 2
- When WDS tracing is enabled you will find one or more errors that resemble the following
 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\udpportrange.cpp:755] Expression: , Win32 Error=0x2
 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\regudpendpoint.cpp:192] Expression: , Win32 Error=0x2
 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\inc\RegEndpoint.h:354] Expression: , Win32 Error=0x2
 16:01:36: [WDSTFTP][UDP][Ep=0] Registration Failed (rc=2)
- When you run
netstat –abnyou’ll find that 64001 to 65000 is displayed as being used
- You’ve applied security update MS08-037: Vulnerabilities in DNS could allow spoofing
If you do not require WDS to use a static port range, you can configure WDS to dynamically query WinSock for available ports instead of using a port range. To do this you’ll have to modify a registry key on the affected server.
Modify the key
UdpPortPolicy and set it to 0. Then restart the Windows Deployment Services.
More information can be found here: http://support.microsoft.com/kb/977512/en-us