Solution for MDT / SCCM integrated PXE Boot across slow WAN segments?

Posted on 2013-11-19
Last Modified: 2013-12-02
Hello folks!  I am working with some constraints with booting PXE images (LiteTouch style from MDT 2013) in a multiple site, poor-WAN-interconnect-speed scenario.  

I may only use one WDS server for this environment (directives of centralized servers), but I'd like to avoid having the PXE clients have to TFTP the boot image across the slow WAN links.  Our DHCP solution, thankfully, will allow for different DHCP options and server targets per network segment.

Can anyone recommend some workstation-level PXE/TFTP software that would allow for PXE boot clients to transfer boot images inside the same segment?  I will already be having a "Linked Deployment Share" hosting Workstation on each segment to minimize WAN usage for deployment.  These workstations are likely going to be running Windows 7 Pro x64.

Thanks in advance for your suggestions and shared experiences!  Any other tips for multiple segment, centralized MDT/WDS server scenarios would be appreciated.
Question by:murraybd
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 39662235
You can install MDT on a old desktop.
LVL 16

Expert Comment

ID: 39662563
You can use Philippe Jounin's TFTP32 utility (DHCP/PXE/TFTP server).

Yet, be aware:
avoid setting DHCP options 66 or 67 centrally, since the PXE server (MDT/SCCM, WDS, whatever) can conflict with these options. A real PXE server is made mainly to set DHCP options 66 and 67 in DHCP OFFER messages that do not contain a client IP address offer (they just contain the PXE related details). If you set DHCP options 66 and 67 directly in dhcp scopes, they will have precedence over whatever the PXE server sent.
More details about that in my article and its comments:

There seem to be a resource for implementing MDT with an external PXE server here:

I did not try it myself, but I can tell you that you must avoid setting DHCP options 66, 67 and 43 directly in DHCP (unless you do not have a true PXE server locally).

Author Comment

ID: 39663079
In the scenario so far, each building location (LAN segment) would NOT have its own "True" PXE server (hence the requirement for something that lives on each of the site LinkedDeploymentShare workstations).
The DHCP options are set by a centralized appliance, but we can set different option values per scope/segment.

If I understand correctly, the local PXE daemon would look for PXE-related DHCPRequests, pass them along for actual IP address values, and then set its own 66/67 values?
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

LVL 16

Expert Comment

ID: 39663151
You should be able to specify the location of the images for each segment so that each segment uses a local repository. In the past, a simple network shared folder used to work.

Then you would have a central DHCP/ and PXE server, the latter being configured so that each client nodes accesses a local server for the image files

Regarding your question regarding PXE/DHCP interaction, here is a good page:

Note that with some implementations of PXE Service, the PXE Server can send a DHCP ACK (or even DHCP OFFER) on its own, without any IP address or lease details, without monitoring the other DHCP messages.

Author Comment

ID: 39676229
Based on some further inspection of how things are set up in this particular network, the main server performing the MDT steps may not even end up acting as the PXE server.

Looks like the InfoBlox appliance used can specify BOOTP options per segment, which is how I imagine this would have to be broken down.  The objective is to use the slow WAN links for as little data transfer as possible during the deployment sequence.
I've got the tftpd service running on a test workstation; just need to figure out the settings in the InfoBlox to direct PXE downloads towards it.

And as a side note, I'm learning about more of the limitations of DFS-R ( I was planning to use a differential copy method across the slow WAN links ).
Side Question: Is it true that all the machines in a MS Server 2008 R2 Replication Group must be running the Server flavour of OS?  There is a ban on having ServerOS machines outside of the centralized facility (quite strange with weak WAN links, I know).

From what I understand, the Linked Deployment Share feature of MDT itself doesn't do Remote Differential Compression (RDC).
LVL 16

Accepted Solution

vivigatt earned 500 total points
ID: 39676276
OK, so you could go without a true PXE server actually.
Set Bootp options (OR DHCP 66 and 67 options) on each dhcp instance so that each client stays local.
Yet, I am not sure that MDT can manage each local repository this way.
I would recommend reading the following:
As the author said, "This installation of MDT is very basic without drivers or database and all the other stuff you can throw at it, but it’ll get you started at least..."

Regarding your other questions, this would require a little investigation for me, but maybe another expert knows better.

Author Comment

ID: 39690553
Looks like this method of using tftpd as target and the BOOTP options on the DHCP devices will be the way to go for this method.

MDT can do linked deployment shares, where it replicates the data to additional UNC paths.
However, it doesn't use block-based remote differential compression, so I'll be using a different tool to handle the replication across slower WAN links.

Thanks again for the help!

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
This article was originally published on Monitis Blog, you can check it here .   Some years back, I worked as the CTO.  During my tenure, I had a head of IT support reporting to me.  He did his job quite well and had a commendable sense of duty …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question