none
Issues with WDS after March 2019 Cumulative update. RRS feed

  • Question

  • Hi,

    On our 2019 server we are no longer able to PXE boot from WDS with MDT lite touch image after installing the March 19 cumulative update, kb4489899. 

    We are getting the following error: A required device isn't connected or cannot be accessed.

    Other people are reporting this issue on server 2012: https://www.reddit.com/r/sysadmin/comments/b08coa/patch_tuesday_megathread_20190312/eifnzlq/


    • Edited by SteveJ12321 Wednesday, March 13, 2019 3:42 PM
    Wednesday, March 13, 2019 3:31 PM

All replies

  • Same issue for us, although we don't have that kb on our server (2012r2).  Have you tried removing the patch, and has that fixed your problem?

    Wednesday, March 13, 2019 7:05 PM
  • Removing the appropriate patches worked for me. Going to let my MS rep know.

    Check out this article for info on your OS and the appropriate patch

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0603

    Wednesday, March 13, 2019 7:28 PM
  • Thanks for raising this with MS Gary, please keep us informed.

    I've removed the patch from the WDS server and it works fine again. 

    We have re-patched and will put the MDT PXE boot disk on USB for now - not ideal but we don't really want to go unpatched.


    Thursday, March 14, 2019 7:53 AM
  • Same issue here. Works after removing the update.


    Thursday, March 14, 2019 11:03 AM
  • When it comes to WDS issues, the fastest way to fix it is to reinstall WDS.

    This is our preferd way of troubleshooting WDS when it comes to VMM and SCCM. As trying to troubleshoot it takes alot longer then just reinstalling it.

    So if you have not tried it, try that. Had a clients VMM with WDS stoped after a Windows Update Patch. So a reinstall will most likely solve it.


    Thursday, March 14, 2019 2:31 PM
  • Issue also confirmed as present on Windows Server 2016 with KB4489882.

    The PXE boot load gets about 10% into the download, stops and then after about 5 seconds goes to a fault screen stating the device couldn't be accessed.

    Uninstalling the QFE restores functionality.

    Thursday, March 14, 2019 4:33 PM
  • Same here on Windows Server 2016. 

    Hoping for an update on this issue ASAP ...

    Christian

    Friday, March 15, 2019 7:06 AM
  • Same issue here after the latest updates. Both Server 2016 and 2012 R2 has the same problem. As suggested in the Reddit thread unchecking Variable Window Size or "Enable Variable Window
    Extension"
    under the TFTP tab in the WDS Server Properties sheet solved the problem for us. Though the download speed is noticeable slower.

    • Edited by Andreas_N Friday, March 15, 2019 7:24 AM
    Friday, March 15, 2019 7:08 AM
  • Same issue here on 2016.  We've uninstalled the update (KB4489882) to get WDS working again
    Friday, March 15, 2019 1:44 PM
  • Disabling the Variable Window Extension (TFTP settings tab for a given MDS; not sure if the max block size is needed then) seems to resolve the problem. The downside is that PXE boot takes far more time now.

    The issue is still clearly caused by the latest update.


    Friday, March 15, 2019 2:30 PM
  • Yes, same here with 2016 WDS. Uninstalling KB4489883 and KB4489881 helped.

    I hope MS will fix ASAP.

    Friday, March 15, 2019 5:43 PM
  • Confirmedd - been pulling my hair out all night - Deployments working flawlessly until last night now can't boot any MDT/WDS boot image.

    Fantastic idea Micro$soft getting rid of those 14 odd thousand quality control testers.....  Geez this company has turned to crap athe last few years... and on top of that we now have to deal with their inflated arrogent attitude.


    • Edited by kroix07 Friday, March 15, 2019 10:05 PM
    Friday, March 15, 2019 10:05 PM
  • No mate they won't.

    In fact, they won't even acknowledge it's an issue they caused or even address the people the actually paid money for their product unless your a business.

    Friday, March 15, 2019 10:07 PM
  • Do you think its worth keeping the server patched with KB4489883 and turning off "Enable Variable Window
    Extension" 
    under the TFTP tab?
    Friday, March 15, 2019 10:45 PM
  • Do you think its worth keeping the server patched with KB4489883 and turning off "Enable Variable Window Extension" under the TFTP tab?

    That is something that you clearly must decide for yourself. There IS a vulnerability in the unpatched version, and now this is public knowledge and attackers will try to exploit it. Hence there are these questions to consider:

    1) How likely it is that someone tries to attack your WDS server? (At a company developing military equipment this would clearly be higher than at a small furniture factory)

    2) How important is WDS to you (do you use it only from time to time for deploying machines, or do all users boot from PXE every day)?

    3) How large is the impact of disabling variable window? I think that it has larger impact if you have high-latency links, like in our case where we boot from PXE servers on other continents, while it should have low impact if clients and WDS are in same LAN.


    • Edited by svhelden Saturday, March 16, 2019 7:52 AM
    Saturday, March 16, 2019 7:33 AM
  • Do you think its worth keeping the server patched with KB4489883 and turning off "Enable Variable Window
    Extension" 
    under the TFTP tab?

    Personally, I'd go with turning off the Variable Window, as it's something you can do very quickly. Your download speeds will suffer, but unless you're operating some kind of "factory" (where you deploy images constantly via WDS) this shouldn't have a huge impact.

    Admittedly, by suggesting this, I hope that MS will provide a fix for this issue later down the line. However, even if not, I'd rather have the latest updates applied as those tend to be related to security.

    Monday, March 18, 2019 8:15 AM
  • Thanks all, I'm just going to leave my servers patched and leave 'Enable Variable Window' off for now until Microsoft resolves this issue.
    Monday, March 18, 2019 3:05 PM
  • Another 2012r2 user checking in. Disabling the TFTP Variable Window Extension solved my issue as well. For what it's worth, I've left the patch on, and Microsoft seems to have acknowledged the issue and published the workaround we've been using here, under the Known Issues heading.

    Bill Crandall

    Tuesday, March 19, 2019 3:21 PM
  • Thanks for the hint to the updated KB. Your link is invalid though; the correct one is this:

    https://support.microsoft.com/en-us/help/4489891/windows-server-2012-update-kb4489891

    • Proposed as answer by Sable-100 Wednesday, March 27, 2019 2:57 PM
    • Unproposed as answer by SteveJ12321 Wednesday, March 27, 2019 2:58 PM
    Wednesday, March 20, 2019 5:48 AM
  • I'm running WDS on Windows 2012, and clients booting over a 10Mbps WAN were gettomg the error " 0xc0000001 - A required device isn't connected or cannot be accessed"

    Unticking the Variable Window Extension box didn't help. Unticking the box and setting the Max Block Size from 0 to 512 didn't help either.

    Uninstalling KB4489883 appears to have resolved it.

    My test VM had no issue downloading the boot image (VM to VM on 10Gbps backbone) before or after the change.

    Friday, March 29, 2019 2:30 PM
  • I take it back. Uninstalling has not resolved the issue. I've even reverted my VM back to before the patch was installed and still having issues. Every so often the boot image will download successfully, but most times I get errors such as:

    [WDSServer/WDSTFTP] [base\eco\wds\transport\server\tftp\tftpsession.cpp:2059] Expression: , Win32 Error=0x4d3

    [WDSServer/WDSTFTP] [base\eco\wds\transport\server\tftp\tftpserver.cpp:1211] Expression: , Win32 Error=0x284

    [WDSServer/WDSTFTP] [base\eco\wds\transport\server\tftp\tftpserver.cpp:1211] Expression: , Win32 Error=0x5

    _______

    The Following Client failed TFTP Download: 

    Client IP: 
    Filename: \Boot\x64\Images\LiteTouchPE_x64-(4).wim
    ErrorCode: 1460
    File Size: 448705640
    Client Port: 10698
    Server Port: 49713
    Variable Window: false

    The Following Client failed TFTP Download: 

    Client IP: 
    Filename: \Boot\Boot.SDI
    ErrorCode: 1460
    File Size: 3170304
    Client Port: 10697
    Server Port: 49720
    Variable Window: false

    The Following Client failed TFTP Download: 

    Client IP: 
    Filename: \Boot\x64\Images\LiteTouchPE_x64-(4).wim
    ErrorCode: 5006
    File Size: 448705640
    Client Port: 10696
    Server Port: 64862
    Variable Window: false

    Friday, March 29, 2019 6:14 PM
  • I have situation slightly different - If machine is UEFI BIOS mode - it booting good, but Legacy - not. Switching off Variable window size - didn't help...
    Tuesday, April 9, 2019 9:21 AM
  • Any patches or fixes to fix not bandaid this steaming pile of an update?

    "Ours is not to reason why. Ours is but to do and die", The Charge of the Light Brigade by Alfred Lord Tennyson

    Tuesday, April 9, 2019 7:12 PM
  • Hi all!

    Please try set Maximum Block Size 1024 or 1456 and disable variable window extension.

     

    • Proposed as answer by WindowsWillW Wednesday, May 1, 2019 6:06 PM
    Tuesday, April 16, 2019 12:55 PM
  • Thank you ! This fixed the issue I had. 
    Wednesday, May 1, 2019 6:06 PM
  • In my case I had to disable IPv6 at my pxe server NIC in addition to the above proposed answer.
    Friday, May 3, 2019 4:14 AM
  • Dear All,

    I faced the same issue. Took several days to realized that it could be cause by Windows Update.

    After realize it, I found microsoft information:

    https://social.technet.microsoft.com/Forums/en-US/aa063ef0-90ef-44c7-b1b7-ce65a2a66119/issues-with-wds-after-march-2019-cumulative-update?forum=winserversetup

    The option by Windows Deployment Services UI. didn't work for me, but the command line yes.

    Don't forget to restart the service.

    Best Regards,

    Leo Santos

    • Proposed as answer by Baffu Friday, May 3, 2019 5:25 PM
    Friday, May 3, 2019 5:25 PM
  • This resolved my issue, thank you!
    Monday, May 20, 2019 11:34 PM
  • Has anyone heard when Microsoft plans to repair the bug that broke the TFTP variable window size feature? 

    Turning off this setting has dramatically slowed our PXE download times! 

    I've tried several different window sizes manually and none seem to have an effect.

    Thanks!

    Thursday, May 30, 2019 12:48 AM
  • Hi, 

    Same issue here.

    Steve and Gary, thank you very much for this input.

    I would never have come to this conclusion.



    Friday, June 14, 2019 8:21 AM
  • I am having this exact issue over at two clients running a Server 2008 configuration w/ SCCM 2007.
    I've been checking to see if the affected patches are installed, and they are since march, but I've been experiencing these issues since Monday.

    I've been checking to see if I can alter the "TFTVariableWindowExtension" but it's not in the UI, the registry key isn't there and the command is throwing an error.

    :( 

    Wednesday, July 3, 2019 1:26 PM
  • Both of the issues with WDS and Variable Window Extension have been fixed in the following updates. 

    https://support.microsoft.com/en-us/help/4503267/windows-10-update-kb4503267

    https://support.microsoft.com/en-us/help/4512495/windows-10-update-kb4512495



    • Edited by AbfSailor Wednesday, August 21, 2019 2:02 AM typo
    Wednesday, August 21, 2019 2:02 AM