Planning for PXE-Initiated Operating System Deployments in Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

There are several configuration decisions to consider before you use the pre-execution environment (PXE) to initiate the deployment of the operating system in your System Center 2012 Configuration Manager environment.

PXE Deployments and Windows Deployment Services

Windows Deployment Services (WDS) must be installed on the same server as the distribution point that you use to deploy the operating system. For more information about WDS and other operating system deployment prerequisites, see Prerequisites For Deploying Operating Systems in Configuration Manager.

Configuring Distribution Points to Support PXE-Initiated Deployments

To initiate an operating system deployment by using PXE, you must configure a distribution point to accept PXE requests from the destination computers where the operating system is deployed. There are two ways to configure a distribution point to support PXE requests. You can set the appropriate PXE settings when you install the distribution point by using the Create Site System Server Wizard, or you can configure the PXE setting on an existing distribution point by using the Property page for the distribution point.

For distribution point considerations that are not specific to PXE, see the Plan for Distribution Points section in the Planning for Content Management in Configuration Manager topic.

You can configure the following PXE options for the distribution point:

  • You must specify that the distribution point supports PXE requests from clients.

  • You can specify if Windows Deployment Services is enabled or disabled for the distribution point.

  • You can specify that the distribution point accepts PXE requests from unknown computers. Unknown computers are computers that are not managed by Configuration Manager: the Configuration Manager client is not installed on the computer or the computer is not imported into the Configuration Manager database. For more information about how to deploy operating systems to unknown computers, see How to Manage Unknown Computer Deployments in Configuration Manager.

  • You can specify that a password is required to start the PXE boot.

  • You can specify user device affinity for the destination computer. This setting allows you to associate a user with the destination computer after the operating system is deployed. For more information about how Configuration Manager uses user device affinity, see the User Device Affinity section of the Introduction to Application Management in Configuration Manager topic.

  • You can specify that the distribution point responds to PXE requests on all network interfaces, which is the default, or if it responds to PXE requests on only specific network interfaces.

  • You can specify how long the distribution point delays, in seconds, before it reacts to a PXE request.

For more information about operating system requirements for a PXE-enabled distribution point, see the Operating System Requirements for Typical Site System Roles section of the Supported Configurations for Configuration Manager topic.

Distributing Boot Images to the Distribution Point

You must have both an x86 and an x64 PXE-enabled boot image deployed to the distribution point for the PXE deployment to succeed. The packages for these boot images must specify that they will be deployed to distribution points that support PXE requests. When this is done, Configuration Manager distributes the boot image to the RemoteInstall folder on the distribution point. In addition, when this setting is disabled, the image is removed from the RemoteInstall folder. For information about how to create a PXE enable boot image, see the How to Create a PXE-enabled Boot Image section in the How to Deploy Operating Systems by Using PXE in Configuration Manager topic.

Note

The boot image is copied or removed locally by the distribution point when it updates the RemoteInstall folder. The boot image is not sent over the network when the folder is updated.

PXE Deployments

When you deploy operating systems by using PXE, you have the following options:

  • Required deployment: Required deployments will use PXE without any user intervention. The user will not be able to bypass the PXE boot. However, if the user cancels the PXE boot before the distribution point responds, the operating system will not be deployed.

  • Available deployment: Available deployments require that the user is present at the destination computer so that they can press the F12 key to continue the PXE boot process. If the user is not present to press F12, the computer will boot into the current operating system or from the next available boot device.

  • Re-deploy a deployment: You can re-deploy a required PXE deployment by clearing the status of the last PXE deployment assigned to a Configuration Manager collection or a computer. This action resets the status of that deployment and re-deploys the most recent required deployments.

System_CAPS_security Security Note

The PXE protocol is not secure. Ensure that the PXE server and the PXE client are located on a physically secure network, such as in a data center to prevent unauthorized access to your site.

Windows Deployment Service and Dynamic Host Configuration Protocol (DHCP)

Consider the following configuration issues if you plan to co-host the distribution point on a server running DHCP.

  • You must have a functioning DHCP server with an active scope. Windows Deployment Services uses PXE, which requires a DHCP server.

  • DHCP and Windows Deployment Services both require port number 67. If you co-host Windows Deployment Services and DHCP, you can move DHCP or the distribution point that is configured for PXE to a separate server. Or, you can use the following procedure to configure the Windows Deployment Services server to listen on a different port.

    To configure the Windows Deployment Services server to listen on a different port

    1. Modify the following registry key:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSPXE

    2. Set the registry value to: UseDHCPPorts = 0

    3. For the new configuration to take effect, run the following command on the server:

      WDSUTIL /Set-Server /UseDHCPPorts:No /DHCPOption60:Yes

  • A DNS server is required to run Windows Deployment Services.

  • The following UDP ports must be open on the Windows Deployment Services server.

    • Port 67 (DHCP)

    • Port 69 (TFTP)

    • Port 4011 (PXE)

    Note

    In addition, if DHCP authorization is required on the server, you need DHCP client port 68 to be open on the server.