How Network Boot Programs Work
Updated: May 8, 2008
Applies To: Windows Server 2008
A network boot program (NBP) is the first file downloaded and executed as part of the Pre-Boot Execution Environment (PXE) boot process. The NBP dictates whether the client can boot from the network, whether the client must press F12 to initiate the boot, and which boot image the client will receive. NBPs are both architecture and firmware specific (BIOS or EFI) specific. On BIOS computers (per the PXE specification), the NBP is a 16-bit, real-mode application. As such, you can use the same NBP for both x86-based and x64-based operating systems that have BIOS .
When you run WDSUTIL /Set-Device /Device:<name> /BootProgram:<path> for a computer, the command sets the netbootMachineFilePath attribute of the prestaged computer (that is, the computer account that represents the client computer in AD DS). In the following netbootMachineFilePath attribute syntax, <PathToNBP> and <NameOfNBP> are optional, and you can specify <Server> to indicate the PXE server referral.
netbootMachineFilePath: machine\OSChooser\i386\startrom.com netbootMachineFilePath: machine.domain.com\boot\x86\pxeboot.n12 netbootMachineFilePath: machine netbootMachineFilePath: machine.domain.com
The following is example output of the netbootMachineFilePath attribute, obtained by using the Ldp graphical user interface (GUI) tool, which you can use to view objects stored in AD DS.
***Searching... ldap_search_s(ld, "DC=domain,DC=com", 2, "(&(objectClass=*)(netbootMachineFilePath=*))", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=Prestage1,CN=Computers,DC=domain,DC=com 5> objectClass: top; person; organizationalPerson; user; computer; 1> cn: Prestage1; 1> distinguishedName: CN=Prestage1,CN=Computers,DC=domain,DC=com; 1> name: Prestage1; 1> netbootMachineFilePath: machine.domain.com\boot\x86\pxeboot.n12; 1> canonicalName: domain.com/Computers/Prestage1;
Windows Deployment Services uses the following logic when determining what NBP to direct the client to download:
Is the client prestaged? If the client is prestaged in AD DS, Windows Deployment Services reads the netbootMachineFilePath attribute of the client’s computer account object to determine the path and file name of the correct NBP.
Is the unknown client configured to perform PXE boots without requiring F12? You can set this value by running WDSUTIL /Set-Server /AllowN12ForNewClients:Yes. If you configure this setting, Windows Deployment Services looks for a prestaged device in AD DS. If it does not find one, then the device is classified as unknown and, the device will be sent the .n12 NBP. If the device is found in AD DS, Windows Deployment Services sends the device the default NBP for the client’s architecture.
What is the default NBP for the client’s architecture? If the client does not have the netbootMachineFilePath specified in the computer account object in AD DS, the default NBP will be used.
The following diagrams illustrate the program download flow for the NBPs delivered with Windows Deployment Services.
A PXE referral (also known as a network boot referral) is the term for when a client is directed to download an NBP from a server other than the one it was in communication with through Dynamic Host Control Protocol (DHCP). This referral may be initiated by either a network boot server or a DHCP server. The following diagram shows the PXE referral process for a sample Windows Deployment Services configuration within a large organization.
As illustrated in this diagram, a new client sends a PXE request. This request is answered by the active Windows Deployment Services server (WDS referral server in this diagram). Clients that have been prestaged in Active Directory Domain Services (AD DS) will be answered by this PXE server. WDS referral server checks AD DS to verify whether a computer account object exists for this client. This check reveals that the client was prestaged, and a property in the computer account indicates that the client’s referral server is WDS server 3. At this point, WDS referral server passes the request on to WDS server 3 , using the DHCPREQUEST packet. The client then begins the Trivial File Transfer Protocol (TFTP) download of the NBP from WDS server 3. Note that in the network design of this diagram, the only purpose of PXE referral servers 1, 2, and 3 is to provide images of the operating system. These servers do not respond to initial client service requests. Rather, WDS referral server services all PXE requests, checks AD DS for the existence of a prestaged computer account object, and then refers the client to the specified Windows Deployment Services server.