Windows Deployment Services not working in different network

D-hg · ‎04-23-2024

Hello everyone, I was trying to make a Windows Deployment Services server working in my infrastructure with my Fortigates.

We have two different interfaces: One for the servers and another one for the Clients Computers.

I did a lot of tests and it's working without any problem when the computer is into the server interface.

On the Client interface, I tried commands "next-server" and "filename". the computer is seeing well the WDS and the image as attached, but stuck at downloading and fail...

I saw from internet that when it's 2 differents network the ip helper is helping, but in this case should I have to do that? I tried with dhcp relay etc but didn´t work, maybe I did it wrong...

Many thanks

D-hg · ‎04-24-2024

I found the solution, next-server and filename are not the options to use.

I had to create a dhcp relay in my dhcp server, pointing towards the WDS server.

In the WDS server, uncheck all boxes for DHCP listening.

Hope It will help someone else:

Have a good day

View solution in original post

xshkurti · ‎04-23-2024

@D-hg
According to this link:

Boot from a PXE server on a different network - Configuration Manager | Microsoft Learn

you have to configure dhcp and set Windows Server IP as dhcp relay server

"iphelper" is what you program on a router to point to a DHCP server that is not on the same subnet as the hosts that are DHCP clients. It is done per subnet, and usually done on the router that serves as the default gateway for those hosts. In this case it sounds like that would be done on the FortiGate, and must already work if you are using a Windows DHCP server.

Settings that are programmed via DHCP, such as PXE server, are programmed on the DHCP server itself and have nothing to do with the router where iphelper is programmed. The only time you would change the iphelper is if the DHCP server was moving. So if you just need to update the PXE server and you're using a Windows DHCP server, you need to update it on the Windows DHCP server for all relevant scopes(subnets).

If you were using the FortiGate to actually *serve* DHCP and *not* act as an "iphelper", then you would need to change the PXE server setting in the DHCP options on the appropriate interfaces; this would have nothing to do with iphelper settings because they would not exist in this scenario.
# Ref: configure iphelper on fortigate - Fortinet Community

D-hg · ‎04-23-2024

Hello @xshkurti, many thanks for your quick answer.

Sorry, I completly forgot to tell that we are using fortigate as DHCP server.

We have for example the LAN Clients 16.0/24 and LAN Server in 17.0/24

The DHCP server is configured on the LAN Clients interface, and WDS server in the LAN server 17.0.

I already read the last link that you sent me, they are saying to put the 66 y 67 options, that what's I tried (next-server and filename), that's why as you se in my picture the VM in 16.0 is able to see the WDS server in the 17.0 LAN, but failed at downloading... For sure I missed something

D-hg · ‎04-24-2024

I'm almost sure that I need to configure something else to have clients from the 16.0 LAN works as the clients from the 17.0 LAN ...

The configuration of my Fortigate DHCP server on the LAN Clients interface:

config system dhcp server
edit 1
set dns-service local
set default-gateway 192.168.16.X
set next-server 192.168.17.X (My WDS server)
set netmask 255.255.255.0
set interface "LAN_Clients"
config ip-range
edit 1
set start-ip 192.168.16.X
set end-ip 192.168.16.X
next
end
set filename "Boot\\x64\\Images\\Custom.wim" (The one that I have on the WDS server)

D-hg · ‎04-24-2024

I found the solution, next-server and filename are not the options to use.

I had to create a dhcp relay in my dhcp server, pointing towards the WDS server.

In the WDS server, uncheck all boxes for DHCP listening.

Hope It will help someone else:

Have a good day