SCCM | Intune | Windows 365 | Windows 11 Forums

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

SOLVED PXE Boot not working after 2403 Update

cschultz

New Member
Messages
2
Reaction score
0
Points
1
After a recent update to version 2403, our PXE booting is no longer working. The devices get a 'No valid offer received' message when trying to start PXE over IPv4.

As suggested in the forums, the slider for the Resource Access Policies is already set all the way to Intune. I do not see any old profiles in the Compliance settings. Other forums have referenced certs, but we don't have a cert role on this site. Any thoughts?
 
PXE is enabled, tried restarting the services, and disabling and re-enabling PXE as well.

Wondering if the issue is due to the switch to HTTPS/EHTTP from http that was a pre-req for the upgrade..

Getting the attached in the SMSpxe log
 

Attachments

  • 2024-06-18_16-19-40.png
    2024-06-18_16-19-40.png
    24.8 KB · Views: 62
I have this problem as well on 2403. I upgraded yesterday and everything else works.
SMSPXE log attached.
I removed the WDS role from server, but the clients are still trying to connect to the wdsmgfw.efi file. Maybe that's normal?
DP settings that are checked ("[X]")
[X] - Enable PXE support for clients
[X] - Allow this distribution point to respond to incoming PXE requests
[X] - Enable unknown computer support
[X] - Enable a PXE responder without Windows Deployment Service

Maybe it's a communications issue like the OP suggested? I don't know if EHTTP or HTTPS is configured properly. Regardless, I'm struggling to find answers here and hope someone can assist!
 

Attachments

This should probably be in a separate post, but the OSD process is incredibly slow after upgrade, too. If I use a thumb drive to bypass PXE, the imaging process is several hours longer than it was just the other day. I can't figure out what needs to be changed.
 
@cschultz @bloomit - I have gotten an initial response from the ConfigMgr product team on this. Have you upgraded to the latest ADK released in May?

The Windows ADK 10.1.26100.1 (May 2024) and the Windows PE add-on for this ADK support the following OS releases:
  1. Windows 11, version 24H2 and all earlier supported versions of Windows 10 and 11
  2. Windows Server 2025, and Windows Server 2022
 
@cschultz @bloomit - I have gotten an initial response from the ConfigMgr product team on this. Have you upgraded to the latest ADK released in May?

The Windows ADK 10.1.26100.1 (May 2024) and the Windows PE add-on for this ADK support the following OS releases:
  1. Windows 11, version 24H2 and all earlier supported versions of Windows 10 and 11
  2. Windows Server 2025, and Windows Server 2022

That is the version I have on my server. The site server is 2016. Is that the issue with this ADK, or is your second bullet referring to what OSes it can manage/deploy?
I followed some other directions and removed the DP role, checked the certs (the SMS Issuing cert on ConfigMgr server did not match the cert in IIS). I fixed the cert issue, re-added DP, rebuilt the boot images using that ADK version above, removed DHCP options, added IP helper. I enabled "PXE without WDS" in ConfigMgr, removed WDS role from the server, rebooted after each, and when I network boot, I still see "Windows Deployment Services (Server IP: [site server IP])" ... WDS shouldn't be referenced. Unsure where that's coming from. thanks.
 
That is the version I have on my server. The site server is 2016. Is that the issue with this ADK, or is your second bullet referring to what OSes it can manage/deploy?
I followed some other directions and removed the DP role, checked the certs (the SMS Issuing cert on ConfigMgr server did not match the cert in IIS). I fixed the cert issue, re-added DP, rebuilt the boot images using that ADK version above, removed DHCP options, added IP helper. I enabled "PXE without WDS" in ConfigMgr, removed WDS role from the server, rebooted after each, and when I network boot, I still see "Windows Deployment Services (Server IP: [site server IP])" ... WDS shouldn't be referenced. Unsure where that's coming from. thanks.
Thanks for the response. So I get that you are running the latest version of ADK released in May 2024. What about ConfigMgr version?
 
I got a same problem.

ADK 10.1.26100.1
Configuration Manager Version 2403
Are you still on HTTP / eHTTP or already switched to HTTPS?

Have this upgrade planned for Sunday... but with these messages, i think i will postpone :)
Our environment however is fully over to HTTPS communication. So maybe i won't have this issue....
 
We are on EHTTP still. More information - I just spun up a new primary site server with minimal migration to get apps and packages over. I used the vanilla boot wims that came with the ADK, and our existing OS images, though, it never got to OS.
Server 2022, ConfigMgr 2403, EHTTP, PXE without WDS, IP helper
I network boot and still see a "Windows Deployment Services" screen, despite it never being enabled on the new server. It takes several minutes to get to the loading of boot.sdi, which itself takes several minutes. I gave up on the boot image after ten minutes.
Even a new site I'm seeing the same problems and I don't know why. I did put in a support case with Microsoft, but I don't know what the response time will be there.

Boot screens, despite no WDS:
 
Hi cschultz,

We had the similar issue on our DP's when upgrading from 2303 to 2403.
We ended up restoring the DP's to the day before the upgrade and then got a new error, that we from the component status could see that it was blocking the certificate for the DP.
When you try and PXE boot then open op SMS_MP_CONTROL_MANAGER from "Monitoring -> System status -> Component status -> SMS_MP_CONTROL_MANAGER" and see what it says.
If it says something like
"MP has rejected policy request from CD(SMSID = "STRING") because this SMSID is marked as blocked."

Then it indicates that the self-signed certificate to the site was blocked and you have to change it to "unblocked"
from "Administration -> Security -> certificates" and then search for the "STRING" value and make sure it says "unblocked"

Hope this helps you on the way to resolve the issue.

Best Regards
Tim
 
I am still seeing odd behavior when booting to PXE. SMSPXE log shows the IP helper is working. But on the client itself, I am getting "Windows Deployment Services" despite no WDS server in the environment. It takes many minutes to fail, then takes a significant amount of time to download the boot images (using vanilla+drivers and rebuilt from ADK several times).
 
Seeing a very similar issue after upgrading to 2403, promoting production client and updating Boot image. PXE starts, boot image downloads and when the client is attempting to get policy it fails and reboots and never get an option to choose a TS. We have 1 https MP and 3 http MPs. Tried An older boot image via USB with older client version and works fine and able to start a TS. Any help appreciated. Thanks.
 
Back
Top