none
Is it possible to change the IPS that WDS' TFTP listens on

    Question

  • I have a requirement that TFTP can't communicate on port UDP69 on all IPs, but it must be restricted to a single IP and a different port. I've searched for a location to change this but I haven't seen one. Where can I set the TFTP service to listen on a single IP and port?
    Monday, October 31, 2011 4:55 PM

All replies

  • Which TFTP server are you using?
    Tuesday, November 01, 2011 7:55 PM
  • Hi,

     

    From the problem description, I understand that you would like to set the TFTP service to listen to a specific IP and port.

     

    Just like the Aaron Tyler mentioned, which TFTP server are you using? Since the TFTP can’t communicate on port UDP 69 on all IPs, so please make sure that the following UDP ports have been opened on the WDS server and on the firewall:

     

    Port 67 (DHCP)

     

    Port 69 (TFTP)

     

    Port 4011 (PXE)

     

    Based on my research, I noticed that the network interface could be changed via the Windows Deployment Services Registry Entries. There is a link for your reference:

     

    Title: Windows Deployment Services Registry Entries

    URL: http://technet.microsoft.com/en-us/library/cc733103(WS.10).aspx#reg2

     

    Regards,

    James
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Nathaniel B Wednesday, November 02, 2011 1:26 PM
    • Unmarked as answer by Nathaniel B Tuesday, November 15, 2011 9:18 PM
    Wednesday, November 02, 2011 9:18 AM
    Moderator
  • Hi,

    From the information I was given by the production team the TFTP service couldn't start because svchost.exe (WDS)was using udp port 69 on all IPs and interfaces. I believe they came up with the solution to have the windows deployment services start up delayed so the in house TFTP gets running with it's one IP first, failing that they were planning on modifying the registry and making their  in house TFTP service a dependency of WDS so they can claim an IP and UDP port first before WDS starts.

    Currently they have WDS starting after their TFTP service and are properly acquiring an IP to use.

    • Marked as answer by Nathaniel B Wednesday, November 02, 2011 1:26 PM
    • Unmarked as answer by Nathaniel B Tuesday, November 15, 2011 8:28 PM
    Wednesday, November 02, 2011 1:26 PM
  • I received an email from our production team that when the TFTP service they run gets restarted they have to restart WDS and attempted the registry keys route with no success.

    They were kind enough to send me their details. the TFTP service they run is on IP 10.10.10.5 on a secondary interface on the server:

    Ethernet adapter 10.10.10.5:

       Connection-specific DNS Suffix  . : domain
       Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2
       Physical Address. . . . . . . . . : 00-E0-81-4D-C2-F6
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::7853:9db5:ec2:d25f%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.10.10.5(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 335601793
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C9-25-CF-00-0C-29-6D-D4-2E
       DNS Servers . . . . . . . . . . . : 10.10.10.10
                                           10.10.10.11
       Primary WINS Server . . . . . . . : 10.10.10.10
       Secondary WINS Server . . . . . . : 10.10.10.11
       NetBIOS over Tcpip. . . . . . . . : Disabled

    When they follow the registry entries:

    and stop and restart the service with their TFTP client running only on 10.10.10.5:69 they get this in the event logs:

    An error occurred while trying to create the UDP endpoint for WDSTFTP provider on interface 10.10.10.5:69. This can happen if the network interface was disabled or changed, or some other application is already using the port. The provider will not be able to receive requests on this interface.

    Error Information: 0x2740

    They have tried using:

    WDSUtil /set-server /bindpolicy /policy:exclude /add /address:00E0814DC2F6 /AddressType:MAC

    WDSUtil /set-server /bindpolicy /policy:exclude /add /address:10.10.10.105 /AddressType:IP

    which sets the mac address in an interesting manner:

    But still they get the same error as above. Any help would be appriciated. I will be obtaining read-only access to review any other settings we may need to examine.

     

     

    Tuesday, November 15, 2011 8:37 PM
  • What is your scenario such that using WDS's TFTP server doesn't work for you?
    Wednesday, November 16, 2011 8:20 PM
  • WDS TFTP doesn't support writing files to it  (in this case switches, routers, firewall and other appliances). That is why we run 10.10.10.5 which was in place before our WDS setup. Both needed access to the files on the system which we found wasn't an issue should WDS not steal UDP port 69 on all IPs & interfaces as defined by James Xiong's post: http://technet.microsoft.com/en-us/library/cc733103(WS.10).aspx#reg2

    But re-reading it shows there is no method to prevent WDS' TFTP service from taking all interfaces or IPs from the existing TFTP service.

    Wednesday, November 16, 2011 8:55 PM
  • Fundamentally, you can't really run two TFTP servers on a single machine. What you really want to do here is just disable the TFTP server that WDS ships with.

    For this to work, you'll need to configure the third party TFTP server to make available the various files that WDS needs from inside of REMINST, and they must be available at the same relative paths. 

     

    You can disable the WDS TFTP server by performing the following operations: 

    1) Open the registry editor (regedit.exe)

    2) Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSTFTP

    3) Right click -> export the key to a file as a backup.

    4) Delete the entire WDSTFTP registry key.

    5) Restart the WDS service

     

     

    Friday, November 18, 2011 12:50 AM