Troubleshooting TFTP/PXE with WDS VM and Ubiquiti Dream Machine

Cerulean

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,476
Howdy!

I have a VM at 172.16.32.4 named CON-MDT running Windows Deployment Services. If I execute the following command on CON-MDT, it succeeds:
tftp -i 172.16.32.4 GET "\boot\x64\wdsmgfw.efi"
Click to expand...
If I execute the same command on a different machine (such as my laptop or Intel NUC) it appears to do nothing for a while and then presents a message "Connect request failed".

I have turned off all Windows Firewall profiles on CON-MDT but still get the same results.

I have no issues accessing contents of SMB shares on CON-MDT from either my laptop or Intel NUC.

My Ubiquiti Dream Machine has the DHCP Network Boot Server & Filename and DHCP TFTP Server set to 172.16.32.4, \boot\x64\wdsmgfw.efi, and 172.16.32.4 respectively:
1610466467686.png


Ideas?
 
Sound like it's still a windows firewall issue. See if you run a port scanner on an external machine and see if the tftp port is open or not.
 
is the UDM also your DHCP server?
is this a windows domain environment or is the server standalone?

did you use an admin command prompt to run the tftp test?
what app are you using to test tftp?
 
Zedicus said:
is the UDM also your DHCP server?
is this a windows domain environment or is the server standalone?

did you use an admin command prompt to run the tftp test?
what app are you using to test tftp?
Click to expand...
UDM is the only DHCP server.
Server is standalone.
I used an elevated administrative Command Prompt when performing the TFTP test.
I am using Microsoft's TFTP Client (https://www.thewindowsclub.com/enable-tftp-windows-10).
 
Yeah, can you try using a different tftp client? Most linux distros have one built in, i dont know if winscp supports tftp if you need a windows app. Also have you tried doing a pxe boot to that server? What error does that give?

As a standalone mdt server i vaguely recall some settings needing altered, security of the efi file... It will come to me...
 
You know what, I am not sure what went wrong where, but I believe from the machines I was testing the tftp command the root cause was Windows Firewall. By default, I guess you cannot use a TFP Client to get a file from WDS. I wager the reason is that the communication with WDS is actually inbound and not outbound, so modifying the inbound rules to whitelist TFTP should do it.

As far as a test VM that I was using but was unable to PXE boot, I believe the root cause here was a 1D10T error: the NIC on the VM was not set to the correct custom bridged NIC.

For reference and clarity, this is the final configuration I have in Ubiquiti Dream Machine for Local Network DHCP:
1612537819782.png
 
Last edited:
Cerulean said:
You know what, I am not sure what went wrong where, but I believe from the machines I was testing the tftp command the root cause was Windows Firewall. By default, I guess you cannot use a TFP Client to get a file from WDS. I wager the reason is that the communication with WDS is actually inbound and not outbound, so modifying the inbound rules to whitelist TFTP should do it.

As far as a test VM that I was using but was unable to PXE boot, I believe the root cause here was a 1D10T error: the NIC on the VM was not set to the correct custom bridged NIC.
Click to expand...

SamirD said:
Sound like it's still a windows firewall issue. See if you run a port scanner on an external machine and see if the tftp port is open or not.
Click to expand...
;) :D

Yeah, I hate those 1D10T errors--they're a real pain to eliminate from the system! :ROFLMAO: :ROFLMAO:

Glad you figured this out and posted the solution--these type of 'access denied' issues always bug me since they should work.
 
You must log in or register to reply here.
Back
Top