WDS problems after boot.wim load server 2012r2

Hello all. I am working with a ~100 machine environment and setting up WDS to handle imaging. I am running into the error displayed in the below screenshot. The error happens after PXE boot, after boot.wim gets loaded, and about 20-30 seconds into 'setup is starting'.

I have done everything possible over the last 6 days to rectify this, any help is greatly appreciated.

Error: Screen grab of error. This is after pxe boot, after boot.wim loads, after "setup is starting"
The Setup: DHCP and WDS on same server 2012r2 VM. Normal dhcp scope options enabled (60,66,67).

I've tried the obscure fixes such as the RPC group policy as well. At my wit's end.

WDSUTIl Config dump:
Server Authorization:
     Authorization state: Authorized

Answer Policy:
     Answer clients: Yes
     Answer only known clients: No
     Response delay: 0 seconds

Active Directory Use Policy:
     Preferred DC:
     Preferred GC:
     Prestage devices using MAC: No
     New computer naming policy: %61Username%#
     Domain search order: Global Catalog Only
     New computers join domain: Yes

New Computer OU:
     OU type: Server Domain
     OU: CN=Computers,DC=csdept,DC=local

DHCP Configuration:
     DHCP service status: Running
     DHCP option 60 configured: Yes

PXE Bind Policy:
     Use DHCP ports: No
     Rogue detection: Disabled
     RPC port: 5040

Interface Bind Policy:
     Policy: Exclude Registered
     Registered interfaces:

Boot Program Policy:
     Known client PXE prompt policy: OptOut
     New client PXE prompt policy: OptOut
     Allow N12 for new clients: <Not Applicable>
     Reset boot program: Disabled
     Default boot programs:
         x86     - boot\x86\pxeboot.com
         x64     - boot\x64\pxeboot.com
         ia64    - boot\ia64\bootmgfw.efi
         arm     - boot\arm\bootmgfw.efi
         x86uefi - Boot\x86\bootmgfw.efi
         x64uefi  - Boot\x64\bootmgfw.efi
     Default N12 boot programs:
         x86     - boot\x86\pxeboot.n12
         x64     - boot\x64\pxeboot.n12
         ia64    - boot\ia64\bootmgfw.efi
         arm     - boot\arm\bootmgfw.efi
         x86uefi - Boot\x86\bootmgfw.efi
         x64uefi  - Boot\x64\bootmgfw.efi

Banned GUIDs list:

Boot Image Policy:
     Default image type for x64 clients: Both
     Default boot images:
         x86     - Boot\x86\Images\boot.wim
         x64     - Boot\x64\Images\boot.wim
         ia64    -
         arm     -
         x86uefi - Boot\x86\Images\boot.wim
         x64uefi  - Boot\x64\Images\boot.wim

Driver Policy:
     Avoid duplicate driver packages: Yes

WDS Client Policy:
     Logging policy:
         Enabled: No
         Logging level: Info

     Unattend policy:
         Enabled: No
         Command-line precedence: No
         WDS unattend files:
             x86     -
             x64     -
             ia64    -
             arm     -
             x86uefi -
             x64uefi  -

Server Automatic Refresh Policy:
     Refresh period: 900 seconds

BCD Refresh Policy:
     Enabled: No
     Refresh period: 60 minutes

Pending Device Policy:
     Policy: Disabled
     Poll interval: 10 seconds
     Max retry count: 2160 times
     Message to pending clients:
     Retention period:
         Approved devices: 30 days
         Other devices: 1 days
     Defaults for x86:
         Referral server:
         Boot program path:
         WDS client unattend file path:
         Boot image path:
         User: Domain Admins
         Join rights: Full
         Join domain: Yes
     Defaults for x64:
         Referral server:
         Boot program path:
         WDS client unattend file path:
         Boot image path:
         User: Domain Admins
         Join rights: Full
         Join domain: Yes
     Defaults for ia64:
         Referral server:
         Boot program path:
         WDS client unattend file path:
         Boot image path:
         User: Domain Admins
         Join rights: Full
         Join domain: Yes
     Defaults for arm:
         Referral server:
         Boot program path:
         WDS client unattend file path:
         Boot image path:
         User: Domain Admins
         Join rights: Full
         Join domain: Yes
     Defaults for x86uefi:
         Referral server:
         Boot program path:
         WDS client unattend file path:
         Boot image path:
         User: Domain Admins
         Join rights: Join Only
         Join domain: Yes
     Defaults for x64uefi:
         Referral server:
         Boot program path:
         WDS client unattend file path:
         Boot image path:
         User: Domain Admins
         Join rights: Join Only
         Join domain: Yes

WDS PXE Providers:
     Name: WDSDCPXE
     Path: C:\Windows\system32\wdsdcpxe.dll
     Order: 1
     Critical: No

WDS Device Controllers:
     Name: WDSADDC
     CLSID: {1F05CFEA-D4E4-4049-9C76-7B4F0013ECC9}
     Priority: 32768
     Enabled: Yes

     Name: WDSSDC
     CLSID: {17FD4B68-06B7-48EB-97B7-1575A171AED9}
     Priority: 32768
     Enabled: No

WDS Transport Server Policy:
     IPv4 source: Range
         Start address:
         End address:
     IPv6 source: Range
         Start address: FF15::1:1
         End address: FF15::1:FF
     UDP Port Policy: Dynamic
         Start port: <Not Applicable>
         End port: <Not Applicable>
     Network profile: <Not Applicable>
     TFTP Properties:
         Maximum block size: 8192
         Variable window extension enabled: Yes
     Multicast session policy:
         Slow client handling policy: None
         AutoDisconnect threshold: 256 KBps
         Multistream stream count: 2
         Slow client fallback: Yes
     Multicast Content Providers:
         Name: WDS
         Description: Default Content Provider
         File path: C:\Windows\system32\wdscp.dll
         Initialization routine: WdsTransportProviderInit

Open in new window

Steve NicholsonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Don't enable options 66 or 67 in DHCP. Only 60.
Steve NicholsonAuthor Commented:
Even with wds and dhcp on same server?
Cliff GaliherCommented:
That requires option 60, but not 66 or 67. Just make sure you've checked the appropriate box in WDS to not listen on the DHCP port. In fact, setting options 66 and 67 often cause communication issues if set even slightly wrong, hence my strong suspicion that those are your issues.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Steve NicholsonAuthor Commented:
Thank tou, I will be back there in about an hour and will remove those, reboot, and try again.
Steve NicholsonAuthor Commented:
I removed options 66,67, rebooted the server, and the error remains the same. Additionally, I noted the below two errors now in WDS events.

Also, i just want to confirm that this netstat is showing the proper port config, if you could check this ss for me.
An error occurred while processing a client unattend request. (odd, as unattended installs are NOT set up)
 Client Address: 
 Error Information: 0x3 


The following WDS Client has encountered Fatal Error: 

SessionGuid: {0232B5D2-AA61-4851-B811-F3EF0E6984CE}
MAC: 88-51-FB-60-FF-80
ClientDeviceID: {59F6C700-E104-11E2-9B90-8851FB60FF80}
ClientArchitecture: x64
ErrorMessage: WdsClient: An error occurred while communicating with the Windows Deployment Services server. Please check to ensure that the server is operational and that the necessary ports are open on the server's firewall. Server name [WDS.csdept.local], Server IP address [].

Open in new window

Cliff GaliherCommented:
Then the next likely culprit is a bad boot.wim or unattend file.
Steve NicholsonAuthor Commented:
I have tried all the x86 and x64 images. Most have been redone once or twice. Also, we are not doing unattended setups yet, This error is preventing us from even being able to start the capture image. Any other suggestions?

Thank you for all your help.
Cliff GaliherCommented:
Wait....capture image? This is the first you've mentioned that. How did you create the capture image?
Steve NicholsonAuthor Commented:
I haven't yet, as this is preventing us. This is the initial load of the boot.wim.
Cliff GaliherCommented:
The boot.wim is for deploying an image. If you haven't set up an image to deploy, it'll fail. That's expected. A capture image *is* a boot image. Boot.wim doesn't launch a capture image so is neither a blocker for setting up one, nor indicative of a problem. Sounds like you put the cart before the horse.
Steve NicholsonAuthor Commented:
That's very possible.

So the process is

1.install boot.wim and install.wim from media to image groups on WDS.
2. Convert boot.wim into a capture image
3. reboot and load the now converted boot.wim, install windows, customize
4. load the capture image back to wds

Is this correct? If so, you are right, I am trying to load the boot.wim without converting it to a capture image first.
Cliff GaliherCommented:
Way way way off.

boot.wim is the image that PXE launches to kick off a deployment.

A capture image is a boot image PXE can kick off to capture a customized install (so your step 3 of launching a customized boot.wim to install windows is wrong)

The reason you need a capture image is because part of creating a custom image is generalizing the image. Once generalized, booting the OS will cause it to become "specialized" again. That's when hardware detection is run, a unique GUID is generated for the machine, etc.  So you can't boot windows and then capture the image or you'd be capturing an image of a machine that isn't suitable for deployment.  By booting a capture image from PXE, the windows environment on the installed machine is still generalized, has never been booted, and is suitable for capture.

It also means you never load a "capture image" back into WDS.  You can load an image you captured, but that is not a capture image.

Based on this back-and-forth, it sounds like you are missing quite a few fundamental concepts. And trust me, the worst pain in the world is deploying 100+ machines and *then* discovering mistakes.  I'd strongly suggest that you buy a book or two, or hire a consultant, based on what I'm seeing here. I just don't think you are ready to tackle this project yourself yet, and I don't think EE can provide the detailed level of guidance you'll likely need. That'd be my suggestion at this point.
Steve NicholsonAuthor Commented:
I appreciate your input, but I need to get this solved either way. This is my first experience with WDS, so there may be some mistakes in my understanding of the overall process. However, I do not see how that prevents someone from telling me the proper process for doing the imaging then. Everything else is setup, communicating, and functioning fine. It just sounds like, based on your comments, I mistook the order of operations of capturing the images. If someone were to clarify that, maybe I could rectify my mistakes.

Thank you for your help and the healthy dose of humility.
Cliff GaliherCommented:
"If someone were to clarify that, maybe I could rectify my mistakes."

I can provide brief steps.  Note that I am not including detail, nor am I going into best practices.  To do so would turn this post into a book, and as I've mentioned above, those have already been written.  So each of these steps can be done right, or done very very wrong. I am just clarifying the order as you requested.

1) Install windows on your capture machine (I wouldn't use WDS for this.)
2) Customize Windows.
3) Generalize the image
4) Create your capture image in WDS.
5) Boot your customized/generalized machine/VM via PXE to the capture image.
6) Capture the customized and generalized image to a file.
7) Load this image as an install.wim into WDS.

Once that final step is done, WDS will have an install.wim for boot.wim to deploy and the boot.wim should stop complaining as it is now.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve NicholsonAuthor Commented:
Thank you very much, Cliff. I will research each of these indepth before I make my next moves. I really appreciate your time and help. Even though my issue is not solved, it's clear that I need to step back and plan this carefully, and as such, I think your answer is the most correct.

Thank you, again.
Steve NicholsonAuthor Commented:
Quick and fair suggestions. Instead of giving me the answer, he provided me the steps to fix the issue and implement the answer myself. I enjoyed my interactions with Cliff, and would definitely hope to receive a response again from him for any future issues.
Cliff GaliherCommented:
Don't feel rushed to close the question if you aren't ready.  I don't worry about such things. I'd rather you get a right answer than push you to choose a quick one.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.