surfincow Posted August 24, 2015 Report post Posted August 24, 2015 Hello, I've been doing PXE boot installs for Windows 7 for the past year and everything works fine. With the move to Windows 10 (x64), we plan to use UEFI rather than BIOS and also enable Secure Boot. I started playing with this today, and on my test machine, enabled UEFI, disabled Legacy ROM support and enabled SecureBoot. When I started the machine, it failed to download the boot image stating "pxe operating system loader failed signature verification. warning the file may have been tampered with". I decided to skip secure boot for the time being and focus on UEFI. When I pxe boot using UEFI, the screen displays: checking media presence, media present, start oxe over IPv4 The screen briefly flashes "Succeeded to download NBP file (this message goes by so fast the only way to see it was to make a video and pause at the point where it showed up. Image was blurry so NBP could be the wrong letters) then checking media presence, media present, start oxe over IPv6 finally goes to No Bootable devices found. I've never been able to find clear and consistant information regarding setting up PXE, DHCP and configuration manager. The way I have it set up is from various articles I've found. One thing I am unclear about are is, what the correct DHCP options should be. DHCP is running on a host separate than the distribution point which is running the WDS service. I have configured DHCP option 66 = fqdn of the configmgr server which is running WDS 67 = smsboot\x64\wdsnbp.com I also have option 60 configured, which at present, has the IP address to the primary configmgr server. Looking over several documents, I'm not sure if this field is needed. I've seen references that indicate you only need this configured if the DHCP server and WDS server are on the same box. I've also come across another document stating that the value should equal "PXE Client". Any idea what this value should be, and if it is needed in our envirnment? (All servers are w2008r2 sp1) In regards to PXEbooting UEFI and BIOS, is configmgr/wds smart enough to direct the client to download the correct file when pxebooting? (can it support both BIOS clients and UEFI clients via PXE or is it one or the other?) Am I missing something in DHCP that allows UEFI to boot via PXE? Once I'm able to get UEFI sorted out, what is involved to get OSD working using PXE with SecureBoot enabled? Thanks! Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted August 24, 2015 Report post Posted August 24, 2015 if you are using UEFI network boot then you must remove the DHCP scope options which you may have put in place for Legacy network boot, instead use iphelpers to direct traffic accordingly. Quote Share this post Link to post Share on other sites More sharing options...
relapse808 Posted August 24, 2015 Report post Posted August 24, 2015 It honestly sounds like the pc in question is not part of a collection that has task sequences advertised to it. Also keep in mind when you turn UEFI that the boot image much batch the bit level of the UEFI firmware(if your UEFI is 64 bit you must use a 64 bit boot image). Quote Share this post Link to post Share on other sites More sharing options...
surfincow Posted September 15, 2015 Report post Posted September 15, 2015 Hello, So I had the ip-helpers set to forward traffic to the DP handling PXE, remove the DHCP scope options and BIOS PXE boot works intermittently, and zero success for UEFI. Only information in smspxe.log is <mac>,<guid>: not serviced. Any thoughts? Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted September 15, 2015 Report post Posted September 15, 2015 do you have both x64 and x86 boot images on the dp and enabled for PXE ? Quote Share this post Link to post Share on other sites More sharing options...
surfincow Posted September 15, 2015 Report post Posted September 15, 2015 Yes -- also, to make things simpler, I'm trying to pxeboot another machine in the same network as the DHCP and SCCM/PXE box. This should eliminate any network config issues since everything is within the same network. So this sounds like something specific to the SCCM DP and the PXE service not working right? Its pretty clear that the traffic is hitting the sccm box because of what I see in the logs. For some reason though its not picking it up and offering PXE services. I just don't understand how removing the incorrect configuration caused things to stop working. When DHCP was directing the client to the DP, everything worked. Now that it is configured per MS spec, it does not. Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted September 15, 2015 Report post Posted September 15, 2015 and you are absolutely sure the boot image (x64) is enabled for PXE boot ? Quote Share this post Link to post Share on other sites More sharing options...
surfincow Posted September 15, 2015 Report post Posted September 15, 2015 For both the x64 and x86 "Deploy this boot image from the PXE enabled distribution point" is checked. We do only deploy 64bit OS's but both the boot image for both are distributed. For the DP properties, Enable PXE support for Clients and allow this distribution point to respond to incoming PXE requests is enabled. Quote Share this post Link to post Share on other sites More sharing options...
surfincow Posted September 17, 2015 Report post Posted September 17, 2015 Found the problem. On the DP properties > PXE Tab "Specify the PXE Server response delay" was configured for 30 seconds. Changing that to a lower number, "5 seconds" in this situation fixed the problem. Quote Share this post Link to post Share on other sites More sharing options...
