Requirements
Software requirements that must be met in order for PXE Everywhere to be successfully installed and used.
Active Directory requirements
Installation account for PXE Everywhere Central
The account of the user that performs the PXE Everywhere Central installation must meet the following criteria, which can be temporary for installation only:
Must be a domain account (a local account cannot be used)
Must be assigned to the
Full Administrator
security role in Configuration ManagerMust have local admin rights (that is, the account is a direct or indirect member of the local Administrators group) on the server where you are installing PXE Everywhere Central
Must be assigned the sysadmin server role in the SQL Server instance which hosts the Configuration Manager database. This can be temporary during installation.
Installation account for PXE Everywhere Agent and PXE Everywhere Responder
Configuration Manager installs applications in the local system context, which is sufficient for the installation of the PXE Everywhere Agent and PXE Everywhere Responder.
If installed manually, the account used to install it must have local admin rights. That is, the account is a direct or indirect member of the local Administrators group) on the computer you are installing it on.
Microsoft ADK files
In addition to the binaries supplied by 1E, PXE Everywhere Agent requires a number of files that are distributed and licensed with the Microsoft Windows Automated Deployment Kit (ADK). The required files are listed in the table opposite, along with the location on the PXE Everywhere Agent that they need to be installed to.
As these files are licensed by Microsoft, 1E are unable to include them in the installation media. However, you can use theIntroducing Client Deployment Assistant to extract the required files from the ADK, create an installer transform and prepare an Application in Configuration Manager that will install the PXE Everywhere Agent with the appropriate settings and the additional Microsoft files.
The Windows Assessment and Deployment Kits (ADK) normally exist on the Configuration Manager CAS or Primary Site server, although they can be downloaded separately from the Microsoft website.
File | Destination Location (relative to TFTPROOT) |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
Supported Platforms
A list of all the platforms supported by PXE Everywhere, and the software required to allow PXE Everywhere Central and Responders to be installed or to work.
Please refer to Common client requirements for details of PXE Everywhere Agent client module of the 1E Client.
Category | PXE Everywhere Central | PXE Everywhere Responder | Notes |
---|---|---|---|
Windows OS |
|
|
NoteInstalling PXE Everywhere Central on domain controllers is not a supported configuration. NoteA server OS is recommended for PXE Everywhere Responder. |
Web servers |
| Not applicable. | For PXE Everywhere Central:
|
Runtime libraries |
|
|
|
Boot Image OS |
| Not applicable. |
|
Configuration Manager |
| Not applicable. |
|
Windows Server roles and features
The following roles, role services and features must be installed/enabled as a minimum on the PXE Everywhere Central server.
The Name column is the reference used in PowerShell commands; and for .NET Framework 4.X features the PowerShell name includes 45 instead of the actual version.
Role or Feature | Display Name | Name | Notes |
---|---|---|---|
Web Server | Web Server (IIS) | Web-Server | |
Web Server Common HTTP Features | Default Document | Web-Default-Doc | Included in Web-Server |
Directory Browsing | Web-Dir-Browsing | Included in Web-Server | |
HTTP Errors | Web-Http-Errors | Included in Web-Server | |
Static Content | Web-Static-Content | Included in Web-Server | |
Web Server Health and Diagnostics | HTTP Logging | Web-Http-Logging | Included in Web-Server |
Web Server Performance | Static Content Compression | Web-Stat-Compression | Included in Web-Server |
Web Server Security | Request Filtering | Web-Filtering | Included in Web-Server |
Web Server Application Development | .NET Extensibility 4.X | Web-Net-Ext45 | Included in Web-Asp-Net45 |
ASP.NET 4.X | Web-Asp-Net45 | ||
ISAPI Extensions | Web-ISAPI-Ext | Included in Web-Asp-Net45 | |
ISAPI Filters | Web-ISAPI-Filter | Included in Web-Asp-Net45 | |
Web Server Management Tools | IIS Management Console | Web-Mgmt-Console | Recommended |
.NET Framework 4.X Features | .NET Framework 4.X | Net-Framework-45-Core | |
ASP.NET 4.X | Net-Framework-45-ASPNET | Included in Web-Asp-Net45 |
Firewall Ports
Although a computer with PXE Everywhere Agent installed can also be a PXE client, it cannot be both at the same time.
Component | Ports | Protocol | Direction | Usage | Configurable |
---|---|---|---|---|---|
Central | 80 | HTTP | Inbound | PXE Everywhere Agent communicating with the PXE Everywhere Central web application. Browser connections to the PXE Everywhere Central website to verify installation. | Yes, post-installation on the Central server, and during installation of Agents by configuring the URL. If HTTPS is required, please contact 1E for advice. |
Central | 135 and 445 (initially) | WMI-DCOMTCP | Outbound | PXE Everywhere Central installer requires access to the Configuration Manager Site server, and to the server hosting the SMS Provider role. If there is only one SMS Provider, it is often on the Site server. In each case, TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. | No. |
Central | 1433 | (See usage for protocol) TCP | Outbound | PXE Everywhere Central to access to the SQL database role for the selected Configuration Manager Site. | Depends on the Configuration Manager SQL Server instance. The Central installer determines the connection string by querying the Site's SMS Provider. |
ConfigMgr Site Server (and SMS Provider) | 135 and 445 (initially) | WMI (DCOM) TCP | Inbound | PXE Everywhere Central installer requires access to the Configuration Manager Site server, and each of the servers hosting the SMS Provider role. If there is only one SMS Provider, it is often on the Site server. In each case, TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. | No. |
ConfigMgr Site SQL database | 1433 | (See usage for protocol) TCP | Inbound | PXE Everywhere Central to access to the SQL database role for the selected Configuration Manager Site. | Depends on the Configuration Manager SQL Server instance. |
Agent (1E.Client.exe) | 80 | HTTP TCP | Outbound | PXE Everywhere Agent communicating with the PXE Everywhere Central web application. | Yes, post-installation on the Central server, and during installation of Agents by configuring the URL. If HTTPS is required, please contact 1E for advice. |
Agent (1E.Client.exe) | 2012 | UDP | Inbound & outbound | Election process inter-communication between PXE Everywhere Agents on a subnet. | Yes, during installation of PXE Everywhere Agents using the MODULE.PXEEVERYWHERE.COMMSPORT installer property. |
Agent (1E.Client.exe) | 67 or 2067 | BOOTP UDP | Inbound | Port 67 is the standard PXE discover port. PXE clients use this port to broadcast PXE discovers on the local subnet. PXE Everywhere Agents listen on this port for PXE discovers that are broadcast on the local subnet. If PXE Everywhere is configured to support DHCP Snooping, Agents use a custom port (default 2067) to listen for PXE requests, instead of standard port 67. | Only the DHCP Snooping ports are configurable, and must be the same on all Agents and Responders. |
Agent (1E.Client.exe) | 68 or 2068 | BOOTP UDP | Outbound | Port 68 is the standard PXE offer port. PXE Everywhere Agent uses this port to respond with offers to PXE discovers on the local subnet. If PXE Everywhere is configured to support DHCP Snooping, Agents use a custom port (default 2068) instead of the standard port 68. | Only the DHCP Snooping ports are configurable, and must be the same on all Agents and Responders. |
Agent (1E.Client.exe) | 69 | TFTP UDP | Inbound | Port 69 is the standard PXE TFTP port. The PXE client downloads the boot image from the elected PXE Everywhere Agent using TFTP. This port is also used if PXE Everywhere is configured to support DHCP Snooping. | No. |
Agent (1E.Client.exe) | 4011 | UDP | Inbound | Port 4011 is the standard PXE port used by PXE clients to communicate with a PXE Server after the initial discover / offer, to unicast a request for the location of the TFTP boot image file. This port is not used if PXE Everywhere is configured to support DHCP Snooping. | No. |
Responder (PXEEverywhereResponder.exe) | 67 | BOOTP UDP | Inbound | Port 67 is the standard PXE discover port. A Responder is only required when DHCP Snooping is enabled, and listens for PXE requests from PXE clients on this port. See note below about DHCP Snooping and DHCP Relays. | No. |
Responder (PXEEverywhereResponder.exe) | 68 | BOOTP UDP | Outbound | Port 68 is the standard PXE offer port. A Responder is only required when DHCP Snooping is enabled, and responds to PXE clients with offers unicast on this port. See note below about DHCP Snooping and DHCP Relays.. | No. |
PXE client | 67 | BOOTP UDP | Outbound | Port 67 is the standard PXE discover port. PXE clients use this port to broadcast PXE discovers on the local subnet. If DHCP Snooping is being used these discovers are forwarded to a Responder. See note below about DHCP Snooping and DHCP Relays. . | No. |
PXE client | 68 | BOOTP UDP | Inbound | Port 68 is the standard PXE offer port. PXE Everywhere Agent broadcasts on this port with an offer in response to PXE discovers on the local subnet. If DHCP Snooping is being used, then Responders respond with offers on this port. See note below about DHCP Snooping and DHCP Relays.. | No. |
PXE client | 69 | BOOTP UDP | Outbound | Port 69 is the standard PXE TFTP port. A PXE client uses TFTP to download the boot image from the elected PXE Everywhere Agent on the local subnet. This port is also used if PXE Everywhere is configured to support DHCP Snooping. | No. |
PXE client | 4011 | UDP | Outbound | Port 4011 is the standard PXE port used by PXE clients to unicast a request to the PXE Everywhere Agent for the location of the TFTP boot image file, after the initial discover/offer. This port is not used if PXE Everywhere is configured to support DHCP Snooping. | No. |
PXE client | 2067 | BOOTP UDP | Outbound | If PXE Everywhere is configured to support DHCP Snooping, a custom port is used (default 2067) to perform a PXE request after the PXE client has downloaded a boot loader from a Responder. Only used if DHCP Snooping is being used, and PXE Everywhere has been configured to use this port. | Yes. DhcpPort is configured during installation of Agents. AltPxeServerPort is manually configured on Responders. |
PXE client | 2068 | BOOTP UDP | Inbound | If PXE Everywhere is configured to support DHCP Snooping, a custom port is used (default 2068) to respond to a PXE request after the PXE client has downloaded a boot loader from a Responder. Only used if DHCP Snooping is being used, and PXE Everywhere has been configured to use this port. | Yes. AltPxeClientPort is manually configured on Responders. |
Note
PXE client ports do not need to be configured on the OS firewall because it is the network interface which is doing the communicating. However you may need to configure intervening network firewalls for communication beyond the local subnet.
PXE Everywhere Responders communicate only with PXE clients; they do not communicate with PXE Central, PXE Everywhere Agents, other Responders, or Configuration Manager.
Note
If DHCP Snooping is enabled on networks, then DHCP Relays (IP helpers) must be configured to forward PXE requests (discovers) from client VLANs to specific Responders on port 67 and return the responses (offers) on port 68.
If DHCP Snooping is not enabled, then all PXE-boot traffic is on the local subnet, except for communication between the elected PXE Everywhere Agent and the PXE Everywhere Central server, and DHCP Relays are not required to forward PXE requests.
Note
Ports used by PXE clients to communicate with DHCP servers are not included in the above table. Communication with DHCP servers occurs before a PXE client PXE-boots, and typically use their own DHCP Relays (IP helpers).
Ports used by PXE clients to communicate with ConfigMgr Site systems are not included in the above table. Communication with ConfigMgr occurs only after a PXE client has downloaded the WinPE boot image (referenced in the deployed task sequence) from a local PXE Everywhere Agent, and booted into WinPE to start the Task Sequence.
Ports used by ConfigMgr Administrator workstations to communicate with ConfigMgr Site systems are not included in the above table. ConfigMgr Console extensions for PXE Everywhere Admin Tools use the same ports as ConfigMgr Console.
Antivirus exceptions
PXE Everywhere functionality may be impaired by antivirus programs. Although we generally advise that no malware exclusions are used, it is justifiable in certain cases to isolate specific locations and files used by specific software. The following is a list of exclusions that could be added for PXE Everywhere Local, but before you implement them, make sure they are compatible with existing exclusions.
All PXE Everywhere component installations:
%SystemDrive%\ProgramData\1E\PXEEverywhere\*.log & *.lo_
Additional exclusions required on PXE Everywhere Agents:
%SystemDrive%\Program Files\1E\Client\Extensibility\PXEEverywhere\CreateBcD.exe
%SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\boot.sdi
%SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\Fonts\wgl4_boot.ttf
%SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\x86\abortpxe.com
%SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\x86\Bootmgr.exe
%SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\x86\pxeboot.com
%SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Boot\x86\pxeboot.exe
%SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Images\*\*.bcd
%SystemDrive%\ProgramData\1E\PXEEverywhere\TftpRoot\Images\*\*.wim