WDS+MDT+PXE Work on different subnet seperated via a h/w firewall RRS feed

  • Question

  • Dear Team,
    We have a scenario
    Where in we are trying to do OS deployment using MDT+WDS+PXE
    DHCP Server  ( IP say 172.X.41.10)
    WDS+MDT+PXE on the same server( IP say 172.X.41.11)
    And OS deployment works fine with other Subnets as well
    (say 172.X.45.X, 172.X.46.x) think with IP helper set of DHCP server and 66 and 67 option set in dhcp ( IP say 172.X.41.10)
    Now we have another network (say 157.X.X.X) that is separated to the above mentioned network (172.X.X.X) with a cisco firewall and a switch (157.X.X.20) that acts as a gateway to this network
    Now this network is having a separate DHCP (say 157.X.X.10)
    Now we are trying to use the same WDS server+PXE of the (172.X.41.11) network for OS deployment
    for this we have set option 66 and 67 on the DHCP (say 157.X.X.10)
    66-( IP say 172.X.41.11)
    And on the firewall for testing IP is allowed to the server ( IP say 172.X.41.11) bidirectionally and dhcp relay is set to ( IP say 172.X.41.11)
    on the gateway swicth(157.X.X.20) IP helper is given as (157.X.X.10) and (172.X.41.11)
    Now when a client boots and in enters into PXE successfully 
    Downloaded WDSNBP...
    Architecture: x64
    WDSNBP started using DHCP Referral.
    Contacting Server:172.X.41.11  (Gateway: 157.X.X.20)...
    No response from Windows Deployment Services server.
    Launching pxeboot.com...
    Press F12 for network service boot
    and if we press F12 it gives an error 
    a blank Blue Screen ( the new Blue screen in Windows 2012) and system reboots
    and sometimes get error
    Windows failed to start (etc.)
    File: \Boot\BCD
    Status: 0xc000000f
    So the error is No response from Windows Deployment Services server.
    So the query is what are we missing here.. the extra step to get this work on different subnet seperated via a h/w ASA firewall
    We tried a NAT exempt to the IP  (172.X.41.11) from this subnet(157.X) and then the PXE boot( TFTF download time out error) itself failed,
    also tried a one to one NAT with one clinet with the same IP range (157.X.X.24 to 172.X.41.X) then also the same error-No response from Windows Deployment Services server.
    Thanks and Regards
    Saturday, October 19, 2013 7:58 AM


  • Issue Fixed:-

    Do a NAT Excempt (from say 157.X.X) on firewall to the WDS server on other network(say 172.X.X), and put a reverse route on the Core (where WDS is sitting(172.X.X)) to the firewall( Subnet-157.X.X where Imaging Client is loacted)


    Thanks a lot our Network Guys..

    • Marked as answer by JosephBoban Monday, October 21, 2013 5:57 AM
    Monday, October 21, 2013 5:57 AM