Here is an overview of the ports being used during PXE boot and OS Deployment.

Client — > PXE Service Point

Description UDP TCP
Dynamic Host Configuration Protocol (DHCP) 67 and 68
Trivial File Transfer Protocol (TFTP) 69 (See Note Trivial FTP (TFTP) Daemon)
Boot Information Negotiation Layer (BINL) 4011

 

Site Server < — > PXE Service Point

Description UDP TCP
Server Message Block (SMB) 445
RPC Endpoint Mapper 135 135
RPC DYNAMIC

 

Client — > Distribution Point

Description UDP TCP
Hypertext Transfer Protocol (HTTP) 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) 443 (See note 2, Alternate Port Available)
Server Message Block (SMB) 445
Multicast Protocol 63000-64000

 

Client — > Management Point

Description UDP TCP
Hypertext Transfer Protocol (HTTP) 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) 443 (See note 2, Alternate Port Available)

 

Client — > State Migration Point

Description UDP TCP
Hypertext Transfer Protocol (HTTP) 80 (See note 2, Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS) 443 (See note 2, Alternate Port Available)
Server Message Block (SMB) 445

Note 2 Alternate Port Available: An alternate port can be defined within Configuration Manager for this value. If a custom port has been defined, substitute that custom port when defining the IP filter information for IPsec policies or for configuring firewalls.

 

Also there’s a note on TFTP which states the following:

Note: Trivial File Transfer Protocol is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server to respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69.

 

Leave a Reply