Article ID: 883396
Article Last Modified on 10/30/2006
APPLIES TO
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
SYMPTOMS
During a Pre-Boot eXecution Environment (PXE) startup process, you may experience the following behavior:
- Client computers may not be able to contact the Microsoft Windows Server 2003 Automated Deployment Services (ADS) Controller.
- Client computers receive no PXE response from the ADS Controller.
This behavior may occur if the client computers try to contact an ADS Controller that has Internet Protocol security (IPSec) enabled.
CAUSE
This behavior occurs if the Require Security IPSec policy is configured on the computer that is running the ADS Controller.
When the Require Security IPSec policy is configured, the ADS Controller helps secure both directions of traffic by requesting IPSec security from the clients.
When a non-IPSec-aware client tries to communicate with an IPSec-aware server, the Require Security IPSec policy prevents any communication between the client and the server.
When a non-IPSec-aware client contacts an ADS Controller during the PXE startup process, the ADS services do not respond to the PXE requests because the Require Security IPSec policy prevents any communication between the client and the controller.
RESOLUTION
To resolve this behavior, use one of the following methods on the computer that is running the ADS Controller:
- Disable IPSec.
- Change the IPSec policy from Require Security to Request Security.
Keywords: kbtshoot KB883396
