Configuring System Center Configuration Manager to Respond to PXE Boot Requests
System Center Configuration Manager can be configured to respond to Pre-Boot Execution Environment (PXE) boot requests using Windows Deployment Services. This integration allows System Center Configuration Manager to directly service PXE boot requests received by Windows Deployment Services as a PXE service point, which in turn allows target computers to boot images that System Center Configuration Manager manages using PXE.
Configure a computer running System Center Configuration Manager with the PXE service point role. The PXE service point responds to PXE boot requests made by computers defined in System Center Configuration Manager, and then interacts with System Center Configuration Manager infrastructure to determine the appropriate deployment actions to take.
Note In addition to the methods described here, the deployment team can use the traditional Windows Deployment Services methods for responding to PXE boot requests. For more information, see the Windows Deployment Services Help file included with Windows Deployment Services.
To configure System Center Configuration Manager to respond to PXE boot requests
Ensure that the required infrastructure exists to support integration (especially Active Directory, DHCP, and Windows Deployment Services).
For more information on ensuring that the required infrastructure exists, see the section “Ensuring That the Required Infrastructure Exists” in the Infrastructure Remediation Feature Team Guide.
Configure a computer running System Center Configuration Manager with the PXE service point role.
For more information on configuring the PXE service point role in System Center Configuration Manager, see “How to Configure the PXE Service Point” in the Configuration Manager Documentation Library included with System Center Configuration Manager.
Import the target computer information, and assign the computer to a System Center Configuration Manager collection.
For more information about importing the target computer information, see “How to Add a New Computer to the Configuration Manager 2007 Database” in the Configuration Manager Documentation Library included with System Center Configuration Manager, and the "Define Computers to the System Center Configuration Manager" section of this guide.
Create and advertise the PXE operating system deployment task sequence to the target collection or device (imported in the previous step).
For additional information about:
Creating task sequences, see “How to Manage Task Sequences” in the Configuration Manager Documentation Library included with System Center Configuration Manager.
Advertising task sequences, see “How to Advertise Task Sequences” in the Configuration Manager Documentation Library included with System Center Configuration Manager.
Note The task sequence must be advertised with the Make this task sequence available to boot media and PXE check box. If this box is not selected, the task sequence will not be available for PXE deployments.
Define Computers to System Center Configuration Manager
System Center Configuration Manager does not support running task sequences on computers that have not been defined to the System Center Configuration Manager database. To work around this limitation, Microsoft Deployment offers two scenarios: an operating system media pre-execution hook and PXE boot.
Microsoft Deployment provides an operating system media pre-execution hook. This hook is executed before System Center Configuration Manager checks to determine whether the computer is defined within the System Center Configuration Manager database. This hook allows the executed command to take steps to add the computer to the System Center Configuration Manager database. It also adds the computer to a collection so that the computer receives at least one task sequence.
The Import Microsoft Deployment Task Sequence Wizard has a check box in the New Boot Image pane: Add media hook files for unknown computer support with boot media. If you select this check box, the script files needed to run a new wizard as part of the pre-execution hook are added to the boot image being created. A URL for a Web service can verify whether the computer is defined to System Center Configuration Manager. The Web service must be deployed to a Web server, and you must add the computer to the Configuration Manager console and to a collection.
Note For more information about the operating system media pre-execution hook, see Operating System Media Pre-Execution Hook at https://technet.microsoft.com/en-us/library/bb694075.aspx.
To set up a Web service to use with the operating system media pre-execution hook
Verify a System Center Configuration Manager server configured with the Server Locator Point (SLP) exists in the environment.
Note This would normally be the central site server, because it needs to know the boundaries of all System Center Configuration Manager sites in the hierarchy. The Microsoft Deployment Web service will contact the SLP to determine the System Center Configuration Manager site code in which a computer is assigned.
Verify Microsoft Deployment is installed on a server running Internet Information Services (IIS). This does not have to be the same computer used for other Microsoft Deployment functions, although it typically would exist on that server. The server must have Microsoft .NET framework 2.0 installed.
Note If .NET 2.0 was installed after IIS, you must run Aspnet_regiis.exe to add ASP.NET support to IIS. See https://msdn2.microsoft.com/en-us/library/k6h9cz8h(VS.80).aspx for more information.
In the IIS Manager Microsoft Management Console (MMC), right-click the default Web site (or any other appropriate Web site) and then click Add Application. Specify an alias—for example, Microsoft Deployment—and then the path—for example, %programfiles%\Microsoft Deployment Toolkit.
Edit the Web.config file in the installation directory—for example, %programfiles%\Microsoft Deployment Toolkit\web.config—to specify the name of the System Center Configuration Manager server running the SLP, in addition to the name of the server running the central site System Center Configuration Manager provider. Usually, both of these will be set to the same server name.
Test the Web service using a Web browser. Specify a URL using the server name and the application created in the previous step. For example, https://servername/MicrosoftDeployment/UnknownComputer.asmx. You should see a Web page that says the following operations are supported:
Click the GetADSite link, and then click the Invoke button on the resulting page to test the GetADSite Web service. This Web service returns the Active Directory site name for the TCP/IP address the client used to connect to the Web service.
Note This might not return a valid name if the Web service is executed from a Web browser on the same host, because the loopback address of 127.0.0.1 is not a member of an Active Directory site.
On the original page that lists the supported operations, click the GetAssignedSite link. Specify the IP address and subnet address of a client that should be within the boundaries of one of the ConfigMgr sites in the hierarchy, and then click Invoke. The subnet address is the IP address with the mask applied.
Note If the client's IP address is 10.1.1.1 with a subnet mask of 255.255.255.0, the subnet address would be 10.1.1.0. Verify that the returned site code is correct. If no site code is returned, verify the SLP server name configured in step 4, and make sure the site boundaries are configured correctly.
On the original page that lists the supported operations, click the IsComputerKnown link. Specify either a media access control (MAC) address or a system management basic input/output system (SMBIOS) globally unique identifier (GUID), or both, for a computer already known to a ConfigMgr site, and the site code for that site, and then click Invoke. Verify the results.
On the original page that lists the supported operations, click the AddComputer link. Specify a site code to which the computer should be added, the computer name to be assigned (this can be a temporary name, to be overridden when the computer becomes a ConfigMgr client), at least one of the MAC address and SMBIOS GUID properties, and, optionally, a collection to which the computer should be added.
Note This collection must be owned by the specified site. Typically this would be a collection associated with an operating system deployment task sequence.
When all of the Web services have been validated, use the Import Microsoft Deployment Task Sequence wizard to create a new boot image. As part of that boot image creation process, specify that you want to include a media hook, and specify the Web service URL that was used in step 5.
System Center Configuration Manager integrates with Windows Deployment Services to support PXE boot to known computers. If the computer is not known to the local System Center Configuration Manager site, it will not respond to the PXE request. To work around this problem, Microsoft Deployment offers a PXE filter, which hooks into Windows Deployment Services and adds new computers to the System Center Configuration Manager database before the Configuration Manager console sees the request. This way, System Center Configuration Manager can respond to the request.
A wizard provides the means to install the new PXE filter. To execute the wizard, click Start, and then click Configure WDS PXE Filter. This action requires that Microsoft Deployment exist on the Windows Deployment Services server and that Windows Deployment Services be running the Systems Management Server 2003 PXE role.
The PXE filter calls PXEFilter.vbs a Microsoft Visual Basic® Scripting Edition (VBScript) file located in the %ProgramFiles%\Microsoft Deployment Toolkit\scripts folder, which determines whether to add the computer to the System Center Configuration Manager database. Team members must edit the script for each installation to specify the name of the System Center Configuration Manager server, the site code of the server, the collection ID to which new computers are added, and (optionally) the credentials required for a connection to the Systems Management Server 2003 provider remotely. Credentials are required only when the PXE server is not on the same computer as System Center Configuration Manager.
Note Making these changes to the scripts will result in System Center Configuration Manager responding to PXE requests from all unknown computers. Ensure that operating systems are not deployed to computers they were not intended for. It might be necessary to edit the scripts to filter the requests using the IP address of the request, or handle only requests received from computers on dedicated staging subnets, and ignore requests without adding the computers to the System Center Configuration Manager database.
To make the unknown computer support option work correctly
Add the PXE server computer account to the Systems Management Server 2003 Adkins security group.
Add the following rights within System Center Configuration Manager:
Sites Class: Administer
Collections Class: Create, Modify, Modify Resource, Read, Read Resource