We had been struggling with this issue on one remote location for a while. We have had this issue before when using local deployment servers where the reason has been missing x86 bootimage on the DP.
This time we were trying to PXE boot using one of our central DP’s used by multiple locations where all other locations were working as expected.
We tripple checked all ConfigMgr related configuration, DHCP scope options (yes, we use dhcp options.. for practical reasons..) and firewalls but the configuration was identical to working configurations for other locations. We even tried using iphelpers to see if that changed anything.
After looking at the PXE logs, we started where we usually would expect to find the perpetrator – the firewall. We saw packets going through without any blocks, but after working in IT for a while, I know never to trust the firewall guys.
When in doubt blame firewall
me
Turns out it wasn’t the firewall..
We started a Wireshark session on the DP to compare what should happen and what were really happening. On the picture below you can see the comparison. The left side is the failing PXE boot and the right side is the successful PXE boot. The failed boot just stops after transferring the wdsmgfw.efi file. So just to be sure it was not the firewall we ran a packet capture on the router to see that there were no more packets being sent out that were not getting to the DP. Turns out there were no more packets being sent.
OK, so the problem exists before the firewall and even before the router..
If you look at the right capture you will see that the next thing the client normally would do was to send an other DHCP-request. This time as an unicast directly to the DP…
As you probably know, normal DHCP-requests are normally multicast.
This led us to the solution:
What could prevent a dhcp request from being sent?
DHCP Snooping!
DHCP Snooping is a fature on switched which (in addition to other things) prevents rouge DHCP servers.
PXE relies on DHCP packets and the DP was not an authorized DHCP server therefore the packets were being dropped.
On our switch this were not supposed to be enabled and we could just disable it. Problem solved!
Many thanks for this, it solved my issue! Removed Snooping on the server switchport, and bang it worked!
How can i use dhcp snooping and not run into this issue