none
Currently deploying via USB and am considering Network booting. RRS feed

  • Question

  • I am using MDT 2013 Update 2. I do not use SCCM or Configuration Manager....just MDT Task Sequences to deploy images. I have a USB which boots the pc to the MDT server directly.

    I am considering looking into Network booting. Everything I see says I need to use SCCM or Config Manager. Is there a great link on a detailed step-by-step of setting up a server to PXE boot images? I guess I would also need to modify the Rules/CustomSettings in my TS as well.

    Thanks for any info on this.


    Monday, July 10, 2017 4:47 PM

Answers

  • Final question about this....I believe.

    I have my UEFI devices set to Secure Boot ON so that Bitlocker will work. I'm finding that this is the only setting that will work for Bitlocker.

    Pressing F12 only shows Windows Boot Manager obviously. I can't see any network boot option in this setting. I can change it to UEFI:Secure Boot OFF but I know this breaks Bitlocker.

    How are you booting to PXE with UEFI: Secure Boot: ON?
    Thanks


    devices vary, because the firmware (either UEFI or MBR/BIOS) features and settings vary by manufacturer. Look for settings related to boot-from-LAN/PXE/UNDI. sometimes the feature is disabled. check the boot-device-order and/or the boot menu. some devices, when enabled in UEFI mode, have 'hybrid' or 'CSM', and I've found that I need to tinker with those to familiarise myself with how a specific make/model needs to be configured. You may also find it necessary to look for firmware updates for the specific make/model. some older devices originally shipped with earlier revisions of netboot capability and may need to be flash-updated.

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by the1rickster Friday, July 14, 2017 12:15 PM
    Thursday, July 13, 2017 9:02 PM
  • Enabling UEFI Network Stack in System Configuration in the BIOS allows network booting while Secure Boot is set to ON. While this is for the few Latitudes I have, I'm sure other models will require different settings.

    For now, I can boot through PXE as well as USB in BIOS and UEFI modes.

    • Marked as answer by the1rickster Friday, July 14, 2017 12:15 PM
    Friday, July 14, 2017 12:15 PM

All replies

  • You do not need SCCM or ConfigMgr (these would work better in larger environments). You can use Microsoft's Windows Deployment Services (WDS) for PXE booting systems to your MDT server.

    WDS getting started guide: https://technet.microsoft.com/en-us/library/jj648426(v=ws.11).aspx

    Step by Step guide: http://theitbros.com/deploy-windows-10-on-windows-server-2012-r2/

    Tuesday, July 11, 2017 1:45 PM
  • I appreciate the reply. I will have to devote some time to reading through the info but overall I think it would be more beneficial than updating everyone's USB drives every now and then.
    Tuesday, July 11, 2017 8:11 PM
  • While I am configuring and setting up WDS for PXE, will my USB drives still get me booted to my server? Further, will it still even work after I have PXE in place? Can I boot using PXE and also my USB drives simultaneously?

    Lastly, when I eventually move to PXE only, do I have to do anything with my Deployment Share Properties/Rules, since currently it has the path to my MDT server?

    Tuesday, July 11, 2017 8:32 PM
  • boot media (CD or DVD or USB) works happily alongside PXE.

    essentially, all PXE is doing is downloading the same WinPE files, those are the same files on your boot media anyway.

    Once WinPE (boot.wim etc) is downloaded via PXE (or read from the boot media), the PC will execute and boot into that downloaded boot.wim, which autoloads the MDT TS wizard, the wizard connects to your MDT deployment share, etc.

    So, the main difference between PXE and boot media, is just that initial get-the-boot.wim piece. after that, it's basically the same. MDT and ConfigMgr are basically identical up to this point of the process.

    There are pro's and con's to both approaches;

    - PXE requires some firmware settings on the PC such that the PXE-ROM is enabled etc
    - boot media requires firmware settings on the PC such that boot-from-USB is enabled etc

    - PXE boot is a network-based method, which is built upon DHCP/BOOTP standards. You will need networking skillz, eg, understand DHCP and DHCP Options (although it's recommended to avoid DHCP Options and instead use boot-forwarders aka ip helper-addresses)

    - because PXE involves downloading the boot.wim over the network, and then the TS wizard will download the install.win etc from deployment share, the capacity/latency of your network can be a big factor.

    - WDS is the WindowsServer feature upon which PXE is dependant. WDS is the server-side-service that actually listens for the boot-request and responds to the boot-request by offering bootfiles download via TFTP. TFTP can be troublesome in some scenarios, because TFTP is not particularly resilient. (TFTP uses the UDP protocol which is rather a one-way-traffic kind of thing)(some vendors have produced a variant, which uses http-over-tcpip instead of tftp-over-udp, which is apparently much more resilient and also much more efficient as file transfer)


    Don [doesn't work for MSFT, and they're probably glad about that ;]


    • Edited by DonPick Tuesday, July 11, 2017 9:40 PM
    Tuesday, July 11, 2017 9:37 PM
  • Thanks. This was all set up prior to my employment. They took it offline when I created USB drives. I guess someone should be helpful where I am, setting it up again.

    Once question about PXE...it directs the pc to the path of the server, but where do Customsettings...RULES and Bootstrap come into play? Does PXE get the pc to the MDT server where it then reads the two INI files...or do I have to add some rules or authentication/etc into the PXE settings? Are the RULES and Bootstrap settings written into the boot WIM each time the DS is updated?

    I want my techs to still be able to boot smoothly as we have been, still using the USB drives while I tinker with PXE and not break/interrupt cloning as we do now.

    Wednesday, July 12, 2017 11:20 PM
  • Thanks. This was all set up prior to my employment. They took it offline when I created USB drives. I guess someone should be helpful where I am, setting it up again.

    Once question about PXE...it directs the pc to the path of the server, but where do Customsettings...RULES and Bootstrap come into play? Does PXE get the pc to the MDT server where it then reads the two INI files...or do I have to add some rules or authentication/etc into the PXE settings? Are the RULES and Bootstrap settings written into the boot WIM each time the DS is updated?

    I want my techs to still be able to boot smoothly as we have been, still using the USB drives while I tinker with PXE and not break/interrupt cloning as we do now.

    your MDT boot media contains the customised WinPE boot.wim. That boot.wim autoruns the MDT wizard which connect to your deployment share and then reads your available task sequences and cs.ini etc.

    PXE, delivers the boot.wim, and the rest of the process is identical for MDT scenarios.

    the boot.wim doesn't contain all that stuff, AFAIK.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Thursday, July 13, 2017 9:45 AM
  • Final question about this....I believe.

    I have my UEFI devices set to Secure Boot ON so that Bitlocker will work. I'm finding that this is the only setting that will work for Bitlocker.

    Pressing F12 only shows Windows Boot Manager obviously. I can't see any network boot option in this setting. I can change it to UEFI:Secure Boot OFF but I know this breaks Bitlocker.

    How are you booting to PXE with UEFI: Secure Boot: ON?
    Thanks

    Thursday, July 13, 2017 1:14 PM
  • Final question about this....I believe.

    I have my UEFI devices set to Secure Boot ON so that Bitlocker will work. I'm finding that this is the only setting that will work for Bitlocker.

    Pressing F12 only shows Windows Boot Manager obviously. I can't see any network boot option in this setting. I can change it to UEFI:Secure Boot OFF but I know this breaks Bitlocker.

    How are you booting to PXE with UEFI: Secure Boot: ON?
    Thanks


    devices vary, because the firmware (either UEFI or MBR/BIOS) features and settings vary by manufacturer. Look for settings related to boot-from-LAN/PXE/UNDI. sometimes the feature is disabled. check the boot-device-order and/or the boot menu. some devices, when enabled in UEFI mode, have 'hybrid' or 'CSM', and I've found that I need to tinker with those to familiarise myself with how a specific make/model needs to be configured. You may also find it necessary to look for firmware updates for the specific make/model. some older devices originally shipped with earlier revisions of netboot capability and may need to be flash-updated.

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by the1rickster Friday, July 14, 2017 12:15 PM
    Thursday, July 13, 2017 9:02 PM
  • Enabling UEFI Network Stack in System Configuration in the BIOS allows network booting while Secure Boot is set to ON. While this is for the few Latitudes I have, I'm sure other models will require different settings.

    For now, I can boot through PXE as well as USB in BIOS and UEFI modes.

    • Marked as answer by the1rickster Friday, July 14, 2017 12:15 PM
    Friday, July 14, 2017 12:15 PM