Windows Deployment Services is a server role, included with all versions of Windows Server since Server 2008, that can be used for network-based installation of Windows operating systems. The deployment of standard or custom images to servers and workstations can also be automated, by using answer files. WDS is utilized by other products such as SCCM and MDT too, during operating system deployment, so it can be beneficial to know how WDS functions. In this blog post we will install and configure the WDS role on Server 2012 R2. This is part one in a two-part series.
1. Prerequisites for installing WDS
• Active Directory Domain Services, AD DS is only required if the server is integrated into an AD environment, and is not a stand-alone server. WDS imposes no minimum AD DS domain or forest functional levels.
• DHCP, an active DHCP server on the network is required to support PXE boot.
• DNS, a working and reachable DNS server is required, regardless of whether the WDS server is integrated into AD or is a stand-alone server.
• NTFS volume, the image store must reside on an NTFS formatted volume.
• Credentials, to install the WDS role you must be a member of the Local Administrators group on the server.
Btw, WDS is not supported on Windows Server Core installations. And .wim, .vhd and .vhdx install images are supported in WDS on Server 2012 R2.
2. Installing WDS
2.1 On the Select server roles page of Add Roles and Features Wizard, select Windows Deployment Services, and agree to install the RSAT. Then click Next twice.
2.2 Click Next
2.3 Click Next to install both Role services
Provides the full functionality of WDS, which you can use to configure and remotely install Windows operating systems. If you choose to install the Deployment Server role service, you must also install the Transport Server role service, because the former is dependent on the latter.
Provides a subset of the functionality of WDS. It contains only the core networking parts. You can use Transport Server to create multicast namespaces that transmit data (including OS images) from a standalone server. You can also use it if you want to have a PXE server that allows clients to PXE boot and download your own custom setup application. You should use this option if you want to use either of these scenarios, but you do not want to incorporate all of Windows Deployment Services.
The transport server does not require AD DS, DNS or DHCP. Configuration of the Transport Server is carried out through WDSUtil.exe only, Powershell or the GUI can not be used to configure the Transport server.
2.4 Click Install
2.5 Click Close
3. Configuring WDS
3.1 Initial Configuration
3.1.1 After the installation is complete, you must configure WDS. Launch the Windows Deployment Services MMC snap-in. Right-click Server → Configure server
3.1.2 Click Next
3.1.3 Keep the default option of Integrated with Active Directory, click Next
In standalone mode information on prestaged devices is stored in a local database instead of AD. The Standalone Mode can be useful since it allows for a portable deployment solution that is independent of any existing environment.
3.1.4 Provide the path to the remote installation folder, then click Next
3.1.5 If you have installed the DHCP role on the same server as the WDS role, then keep the check mark for both of these options.
3.1.6 Make your selection, click Next. I will go through these and the DHCP options in section 3.2
3.1.7 You will have the option to add default boot and install images, but you can not add any custom images at this point. Just remove the check mark for Add images to the server now, and click Finish to end the initial configuration wizard and start the WDS service on the server.
3.2 WDS Server Properties
3.2.1 PXE Response tab
Here you can define which PXE clients the WDS server will respond to during PXE boot of the client
Do not respond to any client computers
The WDS Server will not respond to any client computers. This option will only be effective if WDS and DHCP are running on different servers. If they are running on the same server, WDS will not respond, but DHCP might, depending on whether option 60 is configured or not.
Respond only to known client computers
When you select this option, clients that are not prestaged (unknown) in AD DS, will not be able to PXE boot to the Windows Deployment Services server. You can prestage devices in the Active Directory Prestaged Devices node of the WDS management console.
Respond to all client computers (known and unknown)
This will allow all clients to PXE boot to the WDS server. Choose the Require administrator approval for unknown computers option, if you want to approve new clients using the Pending Devices node in the MMC snap-in before allowing them to PXE boot. Approved computers will be added to the AD Prestaged Devices node.
PXE response delay
Adjusts how quickly the server responds to clients on the network. If you have more than one PXE server on the network, you can configure which one of them will respond to the clients first, by setting the amount of time that the PXE server with lower precedence waits for other PXE servers to respond.
3.2.2 AD DS tab
Client Naming Policy
You can define how clients that are unknown, ie have not been prestaged in AD, will be named. %61Username%# are a combination of variables, and obviously the computer will not be named %61Username%#. You can read more about the variables that you can specify to create the customized name here.
Computer Account Location
If you have not prestaged the computer, or not defined the location the computer account should be created in, you can define it here
3.2.3 Boot tab
PXE Boot Policy
Lets you define when a PXE boot will continue for known and unknown clients.
Default boot image
You can define a default boot image for different architectures. This is completely optional. Even if you set a default boot image, you will still be able to choose another boot image in the list of boot images.
3.2.4 Client tab
Let you enable unattended installation and specify an answer file for different architectures. The answer file must be located in the Reminst folder. You can create answer files with Windows System Image Manager.
Joining a Domain
You can choose to not join the client to a domain after installation.
Enable client logging and define logging level. To view these logs, check the Applications and Services Logs → Microsoft → Windows → Deployment-Services-Diagnostics logs in Event Viewer. The Admin log contains all the errors, and the Operational log contains the information messages.
3.2.5 DHCP tab
If you are running DHCP on the same server as WDS, tick the check mark for both of these boxes. If you are running DHCP on a different server, then untick both of these boxes.
Do not listen on DHCP ports
This means that the WDS server will not listen on UDP port 67, because that port is used by DHCP.
Configure DHCP options to indicate that this is also a PXE server
This will automatically configure option 60 on Server Options of the DHCP server, so PXE clients are notified that this DHCP server is also a WDS server, during PXE boot. This can only be ticked off if you are running the Microsoft iteration of DHCP on the WDS server, on a non-Microsoft DHCP server you have to configure option 60 manually.
If you do not co-locate DHCP and WDS on the same server, you have to configure option 66 and 67 on the DHCP server, so the PXE clients can locate the WDS server and the network boot program (NBP) file on the WDS server during PXE boot. When a PXE client initiates a PXE boot, it contacts the DHCP server for an ip address and the location of the WDS server and the NBP file on the server through a broadcast. When the client receives the info it desired, it contacts the WDS server and downloads the NBP file (through TFTP), which is then initialized to start a Windows boot loader.
Keep in mind that if the WDS and DHCP servers are located on the same subnet, then you don’t need to configure options 66 and 67 on the DHCP server. It is also possible to configure these options through IP helper tables on your routers, instead of configuring them on the DHCP server itself. As a matter of fact, Microsoft recommends the latter method, rather than the former.
The three different options should be configured with the following values
Custom-made Option 60 PXEClient
Predefined Option 66 IP or Hostname of the WDS Server
Predefined Option 67 boot\x86\wdsnbp.com
3.2.6 Multicast tab
Multicast IP Address
Configure whether to receive the multicast IP address from DHCP, or use addresses from a specified range.
You can partition clients into separate sessions depending on how fast they can consume the multicast transmission, so computers with slow network adapters don’t slow down all computers connected to the transmission of the installation image.
3.2.7 Advanced tab
You can configure WDS to use a specific domain controller and global catalog, or let it dynamically discover said servers.
If the DHCP and WDS server are co-located, this will unauthorize/authorize that DHCP server.
3.2.8 Network tab
UDP Port Policy
Pertains to which UDP ports the transmissions will utilize. During troubleshooting it can be beneficial to limit the UDP ports that will be utilized.
This is configured through wdsutil, and not in the GUI. It pertains to the Transport server.
3.2.9 TFTP tab (new for Server 2012)
The TFTP server downloads boot files such as Pxeboot.com, Wdsnbp.com, Bootmgr.exe, and Default.bcd, as well as the boot image that contains Windows Preinstallation Environment (Windows PE).
Maximum Block Size
You can adjust this size to enhance boot image download performance.
Variable Windows Extension
This feature lets WDS learn how well your network is running and adjust the window size accordingly.