Is it possible to change the IPS that WDS' TFTP listens on


  • I have a requirement that TFTP can't communicate on port UDP69 on all IPs, but it must be restricted to a single IP and a different port. I've searched for a location to change this but I haven't seen one. Where can I set the TFTP service to listen on a single IP and port?
    Monday, October 31, 2011 4:55 PM

All replies

  • Which TFTP server are you using?
    Tuesday, November 1, 2011 7:55 PM
  • Hi,


    From the problem description, I understand that you would like to set the TFTP service to listen to a specific IP and port.


    Just like the Aaron Tyler mentioned, which TFTP server are you using? Since the TFTP can’t communicate on port UDP 69 on all IPs, so please make sure that the following UDP ports have been opened on the WDS server and on the firewall:


    Port 67 (DHCP)


    Port 69 (TFTP)


    Port 4011 (PXE)


    Based on my research, I noticed that the network interface could be changed via the Windows Deployment Services Registry Entries. There is a link for your reference:


    Title: Windows Deployment Services Registry Entries




    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Nathaniel B Wednesday, November 2, 2011 1:26 PM
    • Unmarked as answer by Nathaniel B Tuesday, November 15, 2011 9:18 PM
    Wednesday, November 2, 2011 9:18 AM
  • Hi,

    From the information I was given by the production team the TFTP service couldn't start because svchost.exe (WDS)was using udp port 69 on all IPs and interfaces. I believe they came up with the solution to have the windows deployment services start up delayed so the in house TFTP gets running with it's one IP first, failing that they were planning on modifying the registry and making their  in house TFTP service a dependency of WDS so they can claim an IP and UDP port first before WDS starts.

    Currently they have WDS starting after their TFTP service and are properly acquiring an IP to use.

    • Marked as answer by Nathaniel B Wednesday, November 2, 2011 1:26 PM
    • Unmarked as answer by Nathaniel B Tuesday, November 15, 2011 8:28 PM
    Wednesday, November 2, 2011 1:26 PM
  • I received an email from our production team that when the TFTP service they run gets restarted they have to restart WDS and attempted the registry keys route with no success.

    They were kind enough to send me their details. the TFTP service they run is on IP on a secondary interface on the server:

    Ethernet adapter

       Connection-specific DNS Suffix  . : domain
       Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2
       Physical Address. . . . . . . . . : 00-E0-81-4D-C2-F6
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::7853:9db5:ec2:d25f%13(Preferred)
       IPv4 Address. . . . . . . . . . . :
       Subnet Mask . . . . . . . . . . . :
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 335601793
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C9-25-CF-00-0C-29-6D-D4-2E
       DNS Servers . . . . . . . . . . . :
       Primary WINS Server . . . . . . . :
       Secondary WINS Server . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    When they follow the registry entries:

    and stop and restart the service with their TFTP client running only on they get this in the event logs:

    An error occurred while trying to create the UDP endpoint for WDSTFTP provider on interface This can happen if the network interface was disabled or changed, or some other application is already using the port. The provider will not be able to receive requests on this interface.

    Error Information: 0x2740

    They have tried using:

    WDSUtil /set-server /bindpolicy /policy:exclude /add /address:00E0814DC2F6 /AddressType:MAC

    WDSUtil /set-server /bindpolicy /policy:exclude /add /address: /AddressType:IP

    which sets the mac address in an interesting manner:

    But still they get the same error as above. Any help would be appriciated. I will be obtaining read-only access to review any other settings we may need to examine.



    Tuesday, November 15, 2011 8:37 PM
  • What is your scenario such that using WDS's TFTP server doesn't work for you?
    Wednesday, November 16, 2011 8:20 PM
  • WDS TFTP doesn't support writing files to it  (in this case switches, routers, firewall and other appliances). That is why we run which was in place before our WDS setup. Both needed access to the files on the system which we found wasn't an issue should WDS not steal UDP port 69 on all IPs & interfaces as defined by James Xiong's post:

    But re-reading it shows there is no method to prevent WDS' TFTP service from taking all interfaces or IPs from the existing TFTP service.

    Wednesday, November 16, 2011 8:55 PM
  • Fundamentally, you can't really run two TFTP servers on a single machine. What you really want to do here is just disable the TFTP server that WDS ships with.

    For this to work, you'll need to configure the third party TFTP server to make available the various files that WDS needs from inside of REMINST, and they must be available at the same relative paths. 


    You can disable the WDS TFTP server by performing the following operations: 

    1) Open the registry editor (regedit.exe)

    2) Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSTFTP

    3) Right click -> export the key to a file as a backup.

    4) Delete the entire WDSTFTP registry key.

    5) Restart the WDS service



    Friday, November 18, 2011 12:50 AM