tftp timeout on PXE boot when using WDS

I came across a peculiar problem today when trying to PXE boot a client computer on a newly commissioned Windows 2008 WDS server. This server had been commissioned in exactly the same way as all of our other WDS servers, but the client refused to boot the wim image that we had published in the WDS server. We recieved the message ‘tftp timeout’. We could tell that the client machine was picking up an IP address ok from the DHCP server, it seemed though, that it was unable to download the wim image file from the WDS server. We turned on WDS client logging and increased the logging level using the following 2 commands:

WDSUTIL /Set-Server /WDSClientLogging /Enabled:Yes

WDSUTIL /Set-Server /WDSClientLogging /LoggingLevel:info

Further information on enabling logging for Windows Deployment Services can be found here. After doing so we could see event: 4101 Source: Deployment-Services-Diagnostics stating ‘The following client failed tftp download’ as shown below:

Event ID: 4101 Source: Deployment-Services-Diagnostics

In this particular scenario we had WDS, DHCP and DNS installed on the same server. After a bit of digging we found the following Microsoft KB article (KB977512). It turns out when you have DNS and WDS installed on the same server there is the potential for DNS to grab the entire port range that WDS uses for tftp, preventing clients from connecting. The workaround is to increase the size of the port range on the WDS server so that it is larger that the range that is used for DNS. To do this you need to open the Windows Deployment Services console and right click on the affected server and choose properties. Once in the properties screen amend the UDP port range in the ‘Network Settings’ tab to 50000 to 65000 as shown below:

Amend the UDP port range in WDS Network settings

Click OK and you’re done. It also turns out that this problem has been fixed in Windows Server 2008 R2, which is why we hadn’t experienced this on our other WDS servers.