Shulou(Shulou.com)06/02 Report--

Environment:

WDS is deployed across network segments. DHCP and WDS services are not on the same server, and client machines start using UEFI+SECURE BOOT.

The following two options are included, both of which can solve the problem of cross-segment deployment. Option 2 is recommended.

Network topology diagram:

Part1:

The WDS+MDT (hereinafter referred to as WDS) server is originally located in the same network segment (12 network segment) as the client, and the client is UEFI+SECURE BOOT. Windows 10. 0 can be deployed normally by starting through the PXE network card.

Because the WDS server of 12 network segment needs to be migrated to 63 network segment, but after the migration is successful, it is found that the 12 network segment machine can not be started through PXE, so search for a solution.

The WDS service and the DHCP server are not on the same server, but you need to cancel the yellow option in the figure on the same network segment.

Option 1-not recommended:

In the DHCP server, select the scope of 12 network segments and configure as follows:

66: IP pointing to the WDS server

67: point to the startup path, such as boot\ x86\ wdsnbp.com

After the setup is completed, the system can be started and installed by shutting down the SECURE BOOT network card through BIOS+.

But using UEFI+SECURE BOOT startup mode will report an error, prompting Invalid signature detected.

Part2:

In view of the fact that UEFI boot mode is the mainstream in the future, BIOS has been gradually phased out, and the new chipset may not support BIOS directly, and enabling SECUREBOOT can improve security, it is necessary to solve the problem of enabling UEFI+SECUREBOOT across network segments to start via PXE.

Option 2-recommended:

After searching Microsoft TechNet, I found two posts:

InvalidBoot File Received Error Message When PXE booting from WDS:

Https://support.microsoft.com/en-us/help/2602043/invalid-boot-file-received-error-message-when-pxe-booting-from-wds

ManagingNetwork Boot Programs:

Https://technet.microsoft.com/en-us/library/cc732351(ws.10).aspx#Updating

In both posts, Microsoft gives specific solutions:

Configure IP Helper-Address. All DHCP broadcasts sent by client computers on UDP port 67 should be forwarded directly to the DHCP server and the WDS server. Also, all traffic on UDP port 4011 should be properly routed from the client computer to the Windows deployment Services PXE server (these requests will communicate rather than broadcast to the server).

In short, you need to add the WDS server to the routing IP Helper-Address list

Interface Vlan12

Description Network

Ip address X.X.15.254 255.255.252.0 / / X.X.15.254 is a 12-segment gateway

Ip access-group PublicOffice in

Ip helper-address X.X.63.60 / / WDS server

Ip helper-address X.X.63.42 / / DHCP server

After testing, it can be deployed normally in the UEFI+SECURE BOOT environment.

With regard to option 1, Microsoft also mentioned

This method is not recommended by Microsoft for the following reasons:

1: using the DHCP option is not as reliable as configuring a router. During the test, the client mistakenly parsed the DHCP option returned from the DHCP server, and as a result, the client received the "TFTP failed" error message. Typically, this problem occurs when PXE ROM ignores the startup server hostname and attempts to download NBP directly from the DHCP server.

2: if there are multiple Windows deployment Services servers available to handle client requests, specifying a specific server may prevent load balancing. Instead, requests can be forwarded to multiple servers using a router forwarding table.

3: the client may be directed to an unavailable Windows deployment Services server. Because the client does not have to contact the Windows deployment Services server directly to determine which NBP to download, the DHCP server may guide the client to download a NBP that does not exist or direct the client to a server that is currently unavailable.

4: the client may bypass the reply settings of the Windows deployment Services server.

-END

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.