[Dnsmasq-discuss] Windows PXE boot only works with a single pxe-service option set
Simon Kelley
simon at thekelleys.org.uk
Tue Oct 21 15:16:24 UTC 2025
On 10/14/25 23:35, Lance Hathaway via Dnsmasq-discuss wrote:
> Hi all,
>
> I have a setup with dnsmasq providing DHCP / TFTP / PXE service for
> network clients booting Windows PE. These are the relevant lines from
> the configuration:
>
> enable-tftp
> tftp-root=/srv/tftpboot
> pxe-service=X86-64_EFI, "WinPE UEFI PXE - 2011", Boot/bootmgfw.efi
> pxe-service=X86-64_EFI, "WinPE UEFI PXE - 2023", Boot/bootmgfw_EX.efi
> pxe-prompt="Press ENTER to select PXE boot option.",5
>
> Individually, both of these pxe-service lines work correctly—they both
> boot the desired systems (depending on which Secure Boot certificate the
> target system has installed). But that's only in an individual state
> (that is, with the second pxe-service line commented out). If both lines
> are uncommented, I see the pxe-prompt, and I can trigger the menu and
> select an option, but then the Windows PE boot loader throws an error
> message that seems to indicate the BCD (a separate file served via TFTP)
> is not accessible.
>
> I'm not looking for help troubleshooting Windows-specific boot behavior.
> The thing that is weirding me out a bit is that the boot works perfectly
> with both options, so long as there's only one option active (and the
> other one commented out). They both use the same BCD file, loaded via
> TFTP, without any complaints at all. Why would changing dnsmasq's
> configuration to have both options enabled change the behavior of the
> boot loader's execution?
The information in the pxe-service lines and the pxe-prompt line gets
combined and sent to the PXE client as a single data-structure. It's
possible that dnsmasq does this wrong, but it's also possible that the
PXE client extracts information from the data wrongly and end up with
the wrong (or corrupted) filenames for TFTP. A priori, either are possible.
>
> If there's any sort of packet capture or additional information I can
> provide, I'm happy to do so. Appreciate everybody's time and any
> suggestions people might have!
Add log-dhcp to your dnsmasq configuration , which will give you much
more information in the syslog. The next stage after that would be
dumpfile=/tmp/dnsmasq.pcap
dumpmask=0x9000
That will dump all DHCPv4/PCE and TFTP packets sent and received into a
file you can examine with Wireshark.
Feel free to send my the packet dump file if it's not making sense.
Cheers,
Simon.
>
> -Lance
> How am I doing?
>
> Simply click on one of the faces below
>
> <https://web.crewhu.com/#/survey?
> crewhu_id=63349f67307e475c4d37f290&users_ids=633c6f7f426da84c0202cc30&survey_type_code=typSignature&custom_code=&rating=5&>
> Great!
>
>
> <https://web.crewhu.com/#/survey?
> crewhu_id=63349f67307e475c4d37f290&users_ids=633c6f7f426da84c0202cc30&survey_type_code=typSignature&custom_code=&rating=0&>
> Meh.
>
>
> <https://web.crewhu.com/#/survey?
> crewhu_id=63349f67307e475c4d37f290&users_ids=633c6f7f426da84c0202cc30&survey_type_code=typSignature&custom_code=&rating=-5&>
> *Sigh*
>
> Adaptive-Logo-Email.jpg<https://beadaptive.ca>
> Lance Hathaway
>
> Senior Network Engineer
>
>
> ,
>
>
> Adaptive Technical Inc.
>
> P:
>
>
> <tel:(604)%20637-6412>604-357-3456 <tel:604-357-3456>
>
>
> |
>
>
>
>
> E:
>
>
> <mailto:ian at adaptive.ca>lance at beadaptive.ca <mailto:lance at beadaptive.ca>
>
>
> |
>
>
> W:
>
>
> <http://www.beadaptive.ca/>www.beadaptive.ca <https://beadaptive.ca>
>
> A: <https://goo.gl/maps/bQyZKHy8xiA2>
>
>
> 258 - 4664 Lougheed Hwy
> Burnaby, BC, V5C 5T5 <https://goo.gl/maps/bQyZKHy8xiA2>
>
>
>
> Facebook.png <https://www.facebook.com/beadaptive/>
>
>
> LinkedIn.png <https://www.linkedin.com/company/271640>
>
> Twitter.png <https://twitter.com/beadaptiveca>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list