This page looks best with JavaScript enabled

Installing and Configuring Windows Deployment Services for PXE Booting with Windows Server

Windows Deployment Services can not be installed on Windows Server Core unfortunately - it still requires a Windows Server install with a GUI (Desktop Experience). Luckily we can still install it using PowerShell and the command line. In this post I’ll go through the initial steps on how to deploy and configure a WDS server using command line and PowerShell.

Installing Windows Server

Boot the server from the Windows Server media and on the “Select the Operating System you want to install” screen, select the option “Windows Server Standard” or “Datacenter” edition with “Desktop Experience” in brackets.

Please note: You can no longer add and remove the GUI (Desktop Experience) with Windows Server 2016 onwards as you could with Windows Server 2012/2012 R2. This is due to numerous problems with keeping the installation and removal process consistent with updates. With Windows Server 2016 and above the only way to add or remove the GUI is to re-install and select one of the server editions with the “Desktop Experience” option.

Initial Configuration

Once the install process has completed, you will be prompted to set the Administrator password.

  1. Set the local “Administrator” password.
  2. Log in to Windows as the Administrator user.
  3. Open an elevated command prompt by pressing “Win + X” and selecting “Command Prompt (Admin)” from the menu.
  4. Type sconfig to get the Server Configuration menu.
  5. You’ll need to configure at least the Network Settings - IP address, subnet mask, gateway, and DNS.
  6. You may want to enable Remote Desktop.
  7. Add the server to the domain - you’ll be asked if you’d like to change the computer name, and prompted to restart the server.
  8. After the restart, log in as a user with administrator privileges to the server.

Important note: Windows Server 2016 shipped with a bug that causes it to fail to get updates from WSUS out of the box. To work around it you should update directly from the internet or download and install the latest Cumulative Update for Windows Server 2016, which at the time of writing is KB4093120, download here.

Additional Storage Configuration

You may want to configure additional locally attached disks or iSCSI/MPIO storage. Creating new volumes that are locally attached can be done via the diskpart command line tool. Below are the commands to create a new, NTFS formatted volume, with the drive letter of E:\ and the name “Data”, from a second disk in the server using the diskpart tool. First, run diskpart from the command line, then use the following commands:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
list disk
select disk 1
online disk
attributes disk clear readonly
clean
convert mbr -or gpt
create partition primary
select part 1
active
format fs=ntfs label="Data" quick
assign letter E:
list volume

The MPIO feature must be installed before the tool is available. You can do this via PowerShell:

1
Install-WindowsFeature -Name 'Multipath-IO'

When MPIO is installed you can load the MPIO utility using mpiocpl. For the iSCSI utility you can use iscsicpl. iSCSI is installed as part of the base Windows Server feature set.

Install Windows Deployment Services (WDS)

If you’ve just logged on to the server, open an elevated command prompt as before, by pressing “Win + X” and selecting “Command Prompt (Admin)” from the menu. Type “PowerShell” into the command line window before running any of the commands below.

First we need to install the WDS feature:

1
Install-WindowsFeature -Name WDS

Now we need to run some post install tasks. The following command will initialize the WDS server and use the E:\ driver to store it’s content.

1
wdsutil /initialize-server /server:SERVER-NAME /reminst:"E:\RemoteInstall"

WDS is now installed and the initial configuration is complete, but some further configuration is required via the WDS Microsoft Management Console (MMC).

  1. Log in to the server as a user with administrator privileges.
  2. Open the “Windows Deployment Services MMC” under “Windows Administrative Tools” in the Start Menu.
  3. Expand the “Servers” node and Right click on the server-name.contoso.com and select “Properties”.
  4. On the “PXE Response” tab select the “Respond to all client computers (known and unknown)” do not tick the “Require administrator approval option”.
  5. Click “Apply” and close the window.

Adding a PXE Boot Image from Microsoft Deployment Toolkit

To add a ‘LiteTouch’ boot image from MDT to WDS:

  1. Log in to the server as a user with administrator privileges.
  2. Open the “Windows Deployment Services MMC” under “Windows Administrative Tools” in the Start Menu.
  3. Navigate to “Servers” > server-name.contoso.com > “Boot Images”.
  4. Right click in the empty window, and select “Add Boot Image”.
  5. Navigate to the “Boot” folder in the deployment share of MDT and select LiteTouchPE\_x64.wim.
  6. Complete the wizard.

To test the new boot image, create a new VM in Hyper-V with the following configuration:

  • Generation 1
  • 2x vCPUs
  • 4GB of RAM
  • Legacy Network Adapter with access the local network.
  • Virtual Hard Drive of at least 80GB.
  • Boot from the legacy Network Adapter.
  • If using Hyper-V on Windows 10 1709 and above, make sure “Use Automatic Checkpoints” is disabled.

Start the Virtual Machine and you should be prompted to press F12 to boot and the deployment environment should start just as if you were booting from the LiteTouchPE_x64.iso. If the VM is not booting from the network, it could be that the VM is on a different VLAN. To enable PXE booting on different VLANs you’ll need to add the IP address of the WDS server as a IP helper address on each VLAN on the routing switch.

Configuration for BIOS and UEFI Clients

If you have a mixture of devices with both BIOS and UEFI firmware that you wish to PXE boot, some additional configuration may be required depending on the network and versions of DHCP and WDS. On a network with a Windows Server 2016 DHCP server, WDS server and Cisco switches with a helper address configured, I haven’t needed to do this configuration but I wanted to include it for completeness. Your mileage may vary. Most of the following information is from a very helpful video from BranchCache Bob - here’s the video. It is assumed that you have a Microsoft Windows Server running DHCP. The first thing to do is to define the vendor classes for both the BIOS PXE Client and the UEFI PXE Client.

  1. Go to “DHCP”, right-click on “IPv4”
  2. In the “DHCP Vendor Classes” window, click Add
  3. For the “Name” enter “PXEClient (UEFI x86)”
  4. For the “Description” enter whatever you want
  5. Under the “ASCII” text enter PXEClient:Arch:00006 - Important Note: you will not be able to paste this text, and it’s also case-sensitive
  6. Click OK to add it to the list
  7. Now repeat steps 2 - 6 for “PXEClient (UEFI x64)” with PXEClient:Arch:00007 as the ASCII value.
  8. Finally, repeat steps 2 - 6 for “PXEClient (BIOS x86 & x64)” with PXEClient:Arch:00000 (five zero’s) as the ASCII value.

or using PowerShell:

1
2
3
Add-DhcpServerv4Class -Name "PXEClient (UEFI x64)" -Type Vendor -Data "PXEClient:Arch:00007"
Add-DhcpServerv4Class -Name "PXEClient (UEFI x86)" -Type Vendor -Data "PXEClient:Arch:00006"
Add-DhcpServerv4Class -Name "PXEClient (BIOS x86 & x64)" -Type Vendor -Data "PXEClient:Arch:00000"

You should now have three additional vendor classes.

DHCP Vendor Classes

Now we need to create policies in DHCP so that the correct files are served to the correct clients. You will need to do this for each DHCP scope.

  1. Go to “DHCP” and expand the scope you wish to create a policy for
  2. Right-click on “Policies” and choose “New Policy”
  3. Enter “PXEClient (UEFI x64)” for the name
  4. Enter a “Description”, or leave it blank. Click Next
  5. On the “Configure Conditions for the policy” screen, click Add
  6. In the “Add/Edit Condition” window, click the “Value:” drop down menu
  7. Choose the “PXEClient (UEFI x64)” vendor class you created earlier
  8. Tick the “Append wildcard” check box and then click Add and finally OK
  9. Click Next on the “Configure Conditions for the policy” screen
  10. On the “Configure settings for the policy” screen, click No for the “Do you want to configure an IP address range for the policy”. Click Next
  11. “Please Note:” if DHCP is on the same server as WDS, you will need to set option 060, if WDS is on a different server, you do not need to set option 060
  12. On the “Configure settings for the policy” screen, scroll down until you see options “060” (if applicable), “066” and “067”
  13. Tick option “060” and enter “PXEClient” if applicable
  14. Tick option “066” and enter either the FQDN or the IP address of the WDS server.
  15. Tick option “067” and enter boot\x64\wdsmgfw.efi - this is the x64 UEFI boot file for WDS. Click Next.
  16. On the “Summary” screen, if all the details are correct, click Finish
  17. Now repeat steps 2 - 14 for “PXEClient (UEFI x86)” with boot\x86\wdsmgfw.efi as option “067”
  18. Finally, repeat steps 2 - 14 once again for “PXEClient (BIOS x86 & x64)” with boot\x64\wdsnbp.com as option “067” and leave option “060” empty

or using PowerShell:

1
2
3
4
5
6
7
Add-DhcpServerv4Policy -Name "PXEClient (UEFI x64)" -ScopeId 10.10.10.0 -Condition OR -VendorClass EQ,"PXEClient (UEFI x64)*"
Add-DhcpServerv4Policy -Name "PXEClient (UEFI x86)" -ScopeId 10.10.10.0 -Condition OR -VendorClass EQ,"PXEClient (UEFI x86)*"
Add-DhcpServerv4Policy -Name "PXEClient (BIOS x86 & x64)" -ScopeId 10.10.10.0 -Condition OR -VendorClass EQ,"PXEClient (BIOS x86 & x64)*"

Set-DhcpServerv4OptionValue -ScopeId 10.10.10.0 -PolicyName "PXEClient (UEFI x64)" -OptionId 067 -Value "boot\x64\wdsmgfw.efi"
Set-DhcpServerv4OptionValue -ScopeId 10.10.10.0 -PolicyName "PXEClient (UEFI x86)" -OptionId 067 -Value "boot\x86\wdsmgfw.efi"
Set-DhcpServerv4OptionValue -ScopeId 10.10.10.0 -PolicyName "PXEClient (BIOS x86 & x64)" -OptionId 067 -Value "boot\x64\wdsnbp.com"

The -ScopeId should be the IP range of the DHCP scope you want to add the policy to.

Don’t forget to repeat the above for each DHCP scope you wish to PXE boot from. In DHCP if you expand the “Scope Options” folder you should see the new options you just created and under “Policy Name” should be the names of the policies you just created.

You should now be able to boot both a UEFI and BIOS devices from the network. Please note, if DHCP is installed on the same server as WDS, you will need to check both the “Do not listen on DHCP ports” and “Configure DHCP options to indicate that this is also a PXE server” options.

Support My Work

If you would like to support me, please check out the links below.

If you’d like to contact me, please leave a comment, send me a tweet, or you can join the community on Discord.

-Mike

Share on
Support the author with