Installing and Configuring Windows Deployment Services for PXE Booting with Windows Server 2016

Windows Deployment Services can not be installed on Windows Server Core unfortunately – it still requires a Windows Server install with a GUI (Desktop Experience). Luckily we can still install it using PowerShell and the command line.

In this post I’ll go through the initial steps on how to deploy and configure a WDS server using command line and PowerShell.

Important note: If you need the to boot Windows Server 2016 ISO from a USB flash drive, use the Windows USB/DVD Tool available to download direct from Microsoft.

 

Installing Windows Server 2016

Boot the server from the Windows Server 2016 media and on the Select the Operating System you want to install screen, select the option Windows Server 2016 Standard or Datacenter edition with Desktop Experience in brackets.

Important Note: You can no longer add and remove the GUI (Desktop Experience) with Windows Server 2016 as you could with Windows Server 2012 & 2012 R2. This is due to numerous problems with keeping the installation and removal process consistent with updates. With Windows Server 2016, the only way to add or remove the GUI is to re-install and select one of the server editions with the Desktop Experience option.

 

Initial Configuration

Once the install process has completed, you will be prompted to set the Administrator password.

  1. Set the local Administrator password.
  2. Log in to Windows as the Administrator user.
  3. Open an elevated command prompt by pressing Win + X and selecting Command Prompt (Admin) from the menu.
  4. Type sconfig to get the Server Configuration menu.
  5. You’ll need to configure at least the Network Settings – IP address, subnet mask, gateway, and DNS.
  6. You may want to enable Remote Desktop.
  7. Add the server to the domain – you’ll be asked if you’d like to change the computer name, and prompted to restart the server.
  8. After the restart, log in as a user with administrator privileges to the server.

Important note: Windows Server 2016 shipped with a bug that causes it to fail to get updates from WSUS out of the box. To work around it you should update directly from the internet or download and install the latest Cumulative Update for Windows Server 2016, which at the time of writing is KB4093120, download here.

 

Additional Storage Configuration

You may want to configure additional locally attached disks or iSCSI/MPIO storage.

Creating new volumes that are locally attached can be done via the diskpart command line tool. Below are the commands to create a new, NTFS formatted volume, with the drive letter of E:\ and the name “Data”, from a second disk in the server using the diskpart tool.

First, run diskpart from the command line, then use the following commands:

list disk
select disk 1
online disk
attributes disk clear readonly
clean
convert mbr -or gpt
create partition primary
select part 1
active
format fs=ntfs label="Data" quick
assign letter E:
list volume

The MPIO feature must be installed before the tool is available. You can do this via PowerShell:

Install-WindowsFeature -Name 'Multipath-IO'

When MPIO is installed you can load the MPIO utility using mpiocpl. For the iSCSI utility you can use iscsicpl. iSCSI is installed as part of the base Windows Server 2016 feature set.

 

Install Windows Deployment Services (WDS)

If you’ve just logged on to the server, open an elevated command prompt as before, by pressing Win + X and selecting Command Prompt (Admin) from the menu. Type PowerShell into the command line window before running any of the commands below.

  1. First we need to install the WDS feature:
Install-WindowsFeature -Name WDS

Now we need to run some post install tasks.

  1. The following command will initialize the WDS server and use the E:\ driver to store it’s content.
wdsutil /initialize-server /server:SERVER-NAME /reminst:"E:\RemoteInstall"

WDS is now installed and the initial configuration is complete, but some further configuration is required via the WDS Microsoft Management Console (MMC).

  1. Log in to the server as a user with administrator privileges.
  2. Open the Windows Deployment Services MMC under Windows Administrative Tools in the Start Menu.
  3. Expand the Servers node and Right click on the server-name.contoso.com and select Properties.
  4. On the PXE Response tab select the Respond to all client computers (known and unknown) do not tick the Require administrator approval option.
  5. Click Apply and close the window.

 

Adding a PXE Boot Image from Microsoft Deployment Toolkit

To add a ‘LiteTouch’ boot image from MDT to WDS:

  1. Log in to the server as a user with administrator privileges.
  2. Open the Windows Deployment Services MMC under Windows Administrative Tools in the Start Menu.
  3. Navigate to Serversserver-name.contoso.comBoot Images.
  4. Right click in the empty window, and select Add Boot Image.
  5. Navigate to the Boot folder in the deployment share of MDT and select LiteTouchPE_x64.wim.
  6. Complete the wizard.

To test the new boot image, create a new VM in Hyper-V with the following configuration:

  • Generation 1
  • 2x vCPUs
  • 4GB of RAM
  • Legacy Network Adapter with access the local network.
  • Virtual Hard Drive of at least 80GB.
  • Boot from the legacy Network Adapter.
  • If using Hyper-V on Windows 10 1709 and above, make sure Use Automatic Checkpoints is disabled.

Start the Virtual Machine and you should be prompted to press F12 to boot and the deployment environment should start just as if you were booting from the LiteTouchPE_x64.iso. If the VM is not booting from the network, it could be that the VM is on a different VLAN. To enable PXE booting on different VLANs you’ll need to add the IP address of the WDS server as a IP helper address on each VLAN on the routing switch.

 

Configuration for BIOS and UEFI Clients

If you have a mixture of devices with both BIOS and UEFI firmware that you wish to PXE boot, some additional configuration may be required depending on the network and versions of DHCP and WDS. On a network with a Windows Server 2016 DHCP server, WDS server and Cisco switches with a helper address configured, I haven’t needed to do this configuration but I wanted to include it for completeness. Your mileage may vary.

Most of the following information is from a very helpful video from BranchCache Bob – here’s the video. It is assumed that you have a Microsoft Windows Server running DHCP.

The first thing to do is to define the vendor classes for both the BIOS PXE Client and the UEFI PXE Client.

  1. Go to DHCP, right-click on IPv4.
  2. In the DHCP Vendor Classes window, click Add.
  3. For the Name enter PXEClient (UEFI x86).
  4. For the Description enter whatever you want.
  5. Under the ASCII text enter PXEClient:Arch:00006 – Important Note: you will not be able to paste this text, and it’s also case-sensitive.
  6. Click OK to add it to the list.
  7. Now repeat steps 2 – 6 for PXEClient (UEFI x64) with PXEClient:Arch:00007 as the ASCII value.
  8. Finally, repeat steps 2 – 6 for PXEClient (BIOS x86 & x64) with PXEClient:Arch:00000 (five zero’s) as the ASCII value.

You should now have three additional vendor classes.

Now we need to create policies in DHCP so that the correct files are served to the correct clients. You will need to do this for each DHCP scope.

  1. Go to DHCP and expand the scope you wish to create a policy for.
  2. Right-click on Policies and choose New Policy.
  3. Enter PXEClient (UEFI x64) for the name.
  4. Enter a Description, or leave it blank. Click Next.
  5. On the Configure Conditions for the policy screen, click Add.
  6. In the Add/Edit Condition window, click the Value: drop down menu.
  7. Choose the PXEClient (UEFI x64) vendor class you created earlier.
  8. Tick the Append wildcard(*) check box and then click Add and finally Ok.
  9. Click Next on the Configure Conditions for the policy screen.
  10. On the Configure settings for the policy screen, click No for the Do you want to configure an IP address range for the policy. Click Next.
  11. Please Note: if DHCP is on the same server as WDS, you will need to set option 060, if WDS is on a different server, you do not need to set option 060.
  12. On the Configure settings for the policy screen, scroll down until you see options 060 (if applicable), 066 and 067.
  13. Tick option 060 and enter PXEClient if applicable.
  14. Tick option 066 and enter either the FQDN or the IP address of the WDS server.
  15. Tick option 067 and enter boot\x64\wdsmgfw.efi – this is the x64 UEFI boot file for WDS. Click Next.
  16. On the Summary screen, if all the details are correct, click Finish.
  17. Now repeat steps 2 – 14 for PXEClient (UEFI x86) with boot\x86\wdsmgfw.efi as option 067.
  18. Finally, repeat steps 2 – 14 once again for PXEClient (BIOS x86 & x64) with boot\x64\wdsnbp.com as option 067 and leave option 060 empty.

If you expand the Scope Options folder you should see the new options you just created and under policy name should be the names of the policies you just created. You should now be able to boot both a UEFI and BIOS devices from the network.

Please note, if DHCP is installed on the same server as WDS, you will need to check both the Do not listen on DHCP ports and Configure DHCP options to indicate that this is also a PXE server options.

 

I hope this post has helped you out in some way.

-Mike

Twitter – @Digressive

 

3 Comments Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.