Troubleshooting TFTP/PXE with WDS VM and Ubiquiti Dream Machine

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,347
Howdy!

I have a VM at 172.16.32.4 named CON-MDT running Windows Deployment Services. If I execute the following command on CON-MDT, it succeeds:
tftp -i 172.16.32.4 GET "\boot\x64\wdsmgfw.efi"
If I execute the same command on a different machine (such as my laptop or Intel NUC) it appears to do nothing for a while and then presents a message "Connect request failed".

I have turned off all Windows Firewall profiles on CON-MDT but still get the same results.

I have no issues accessing contents of SMB shares on CON-MDT from either my laptop or Intel NUC.

My Ubiquiti Dream Machine has the DHCP Network Boot Server & Filename and DHCP TFTP Server set to 172.16.32.4, \boot\x64\wdsmgfw.efi, and 172.16.32.4 respectively:
1610466467686.png


Ideas?
 

SamirD

2[H]4U
Joined
Mar 22, 2015
Messages
4,051
Sound like it's still a windows firewall issue. See if you run a port scanner on an external machine and see if the tftp port is open or not.
 

Zedicus

Gawd
Joined
Nov 2, 2010
Messages
745
is the UDM also your DHCP server?
is this a windows domain environment or is the server standalone?

did you use an admin command prompt to run the tftp test?
what app are you using to test tftp?
 

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,347
is the UDM also your DHCP server?
is this a windows domain environment or is the server standalone?

did you use an admin command prompt to run the tftp test?
what app are you using to test tftp?
UDM is the only DHCP server.
Server is standalone.
I used an elevated administrative Command Prompt when performing the TFTP test.
I am using Microsoft's TFTP Client (https://www.thewindowsclub.com/enable-tftp-windows-10).
 

Zedicus

Gawd
Joined
Nov 2, 2010
Messages
745
Yeah, can you try using a different tftp client? Most linux distros have one built in, i dont know if winscp supports tftp if you need a windows app. Also have you tried doing a pxe boot to that server? What error does that give?

As a standalone mdt server i vaguely recall some settings needing altered, security of the efi file... It will come to me...
 

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,347
You know what, I am not sure what went wrong where, but I believe from the machines I was testing the tftp command the root cause was Windows Firewall. By default, I guess you cannot use a TFP Client to get a file from WDS. I wager the reason is that the communication with WDS is actually inbound and not outbound, so modifying the inbound rules to whitelist TFTP should do it.

As far as a test VM that I was using but was unable to PXE boot, I believe the root cause here was a 1D10T error: the NIC on the VM was not set to the correct custom bridged NIC.

For reference and clarity, this is the final configuration I have in Ubiquiti Dream Machine for Local Network DHCP:
1612537819782.png
 
Last edited:

SamirD

2[H]4U
Joined
Mar 22, 2015
Messages
4,051
You know what, I am not sure what went wrong where, but I believe from the machines I was testing the tftp command the root cause was Windows Firewall. By default, I guess you cannot use a TFP Client to get a file from WDS. I wager the reason is that the communication with WDS is actually inbound and not outbound, so modifying the inbound rules to whitelist TFTP should do it.

As far as a test VM that I was using but was unable to PXE boot, I believe the root cause here was a 1D10T error: the NIC on the VM was not set to the correct custom bridged NIC.

Sound like it's still a windows firewall issue. See if you run a port scanner on an external machine and see if the tftp port is open or not.
;) :D

Yeah, I hate those 1D10T errors--they're a real pain to eliminate from the system! :ROFLMAO: :ROFLMAO:

Glad you figured this out and posted the solution--these type of 'access denied' issues always bug me since they should work.
 
Top