Problem

WDS / PXE booting needs a unique GUID for every client workstation, e.g. if the PC has to be approved and given a name in the WDS console by the administrator.

Sometimes it may happen that not every GUID is unique. But duplicate GUIDs can lead to painful problems. E.g. if the workstation joins the domain automatically, the other machine which already exists in AD is overwritten. The result: One of both machines loses domain trust and has to be re-added to the domain.

Example with Zotac ID89, ID90, ID92 etc.: Every device seems to generate the same GUID by default. You see the GUID when you boot via PXE:

00020003-0004-0005-0006-000700080009

According to Zotac, this behavior is wanted and not a bug.

Workaround 1

  1. A new, random GUID can be generated by using an AMIBIOS tool “AMI DMI Edit”.
  2. Create a DOS boot stick, e.g. with Rufus.
  3. Copy AMIDEDOS.exe of the AMI DMI Edit Tools Package to the stick.
  4. Boot to DOS with the USB stick and run AMIDEDOS /u.
  5. You should now have a freshly generated GUID.

Workaround 2

Use a registry key to tell WDS that certain GUIDs are banned. If these GUIDs appear again to WDS, it uses the MAC address as GUID.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWDSServerProvidersWDSPXE

More information here

Workaround 3

In Active Directory Users and Computers, you can modify or delete the netbootGUID attribute. You find it under [yourExistingWorkstation] -> Properties -> Attribute Editor. So if you PXE boot a new workstation, the GUID is not assumed as existing. Please note that this is not the recommended way because the problem is not really solved.

Notes

It might be useful in most cases to use both workarounds 1 and 2 to never accidentally overwrite an existing computer in your domain.

Sometimes WDS seems to block booting a PXE image after changing the GUID. Errors like this one may appear:

proxydhcp service did not reply to request on port 4011.

You can then use another LAN port (if available) or just temporarily disable the setting “administrator approval for unknown devices”.

Some sites provide Powershell scripts which can be used to delete every netbootGUID in your AD. I would not recommend this, because keeping the netbootGUID attribute of the computers can make later re-installing of Windows easier (the previous PC name is recognized automatically).

Share This:

  [email protected]