Secure Boot is a security feature included in the latest generation of the Unified Extensible Firmware Interface (UEFI) in Windows. It replaced the aging and flawed BIOS architecture. With UEFI comes the feature of “secure boot” which boots only those bootloaders that are signed in to UEFI firmware. It was developed to protect your system from threats and is enabled by default in Windows, but not in Linux. In some cases, you may want to disable it. For some other articles, I have written WDS, see the following guides: No bootable media found system halted: Unable to PXE boot WDS to Virtualbox, WDS/DHCP scenarios: How to configure DHCP Server option 60, 66 and 67 for Windows Deployment Services, Uninstall WDS: How to remove Windows Deployment Services role via the GUI and PowerShell.
Furthermore, Here’s how to disable secure boot: How to clear, enable or disable TPM in Windows via the BIOS or UEFI, and Windows 11 Feature-specific, Hardware and Software Requirements: How to upgrade to Windows 11 from Windows 10 as a Windows Insider. However, the feature prevents rootkit malware and provides an additional layer of security. The downside of secure boot is that if you want to boot from a Linux USB or if you want to use a bootable Windows USB, it won’t allow that. Sometimes, it may also create problems in dual booting with Linux.
When imaging your device via WDS/MDT, you may be prompted quickly with the following error below "PXE-E18: Server response timeout".
When you search on the internet for this error without actually understanding some key features of Windows, you will never be able to resolve this issue. If you’re not careful, you might even break your MDT/WDS server. You may want to learn more about SecureBoot in order to resolve this issue. Kindly refer to this guide for more information: Measured Boot, Secure Boot, Trusted Boot, and Early Launch Anti-Malware: How to secure the Windows 10 boot process. You may also want to see this guide: Windows 11 System Requirements: Why does Microsoft require additional system requirements? How to check if you have Secure Boot and TPM enabled.
Ensure SecureBoot is disabled
If you don’t know what you’re doing and leave it disabled, it’s possible that malware or malicious code could execute on your system before other protective measures can boot up, leaving you vulnerable. To resolve these issues, plug in the ethernet cable correctly and establish network connectivity.
– Ensure you set the boot order correctly!
– Ensure during deployment (imaging) that
secure boot is disabled. See the image below on how to disable secure boot. On an existing Windows device, here is one of the ways to disable
secure boot: How to Disable Or Enable Secure Boot on Windows 10 & 11.
How to disable Secure Boot in BIOS?
The steps below actually depend on your device model (type). Open the PC BIOS menu. You can often access this menu by pressing a key while your PC is booting, such as F1, F2, F12, or Esc.
- Find the Secure Boot setting in your BIOS menu and set it to Disabled. This option is usually in either the Security tab, the Boot tab, or the Authentication tab. See the image below for a similar process.
- Save changes and exit. The PC reboots.
Henceforth, you should be able to deploy the operating system to the new device.
– Note: I am not saying these are the only solutions to this issue, but at least this was what I checked that fixed mine. For some other articles, I have written WDS. See the following guides: What happens when WDS and DNS is installed on the same server: DNS issues with WDS, and how does WDS work: How to configure Windows Deployment Services on Windows Server 2019.
After experiencing the Stuck at Start PXE over IPv4 issue, proceed to select an operating system for installation. From the provided list of available operating systems, please choose the one that suits your needs.
The files will be loaded, and please follow the rest of the process. Kindly visit this guide: Install ADK, MDT, and WDS: How to deploy Windows images via Microsoft Deployment Toolkit and Windows Deployment Services.
Enable Secure Boot
Open the PC BIOS menu. You can often access this menu by pressing a key while your PC is booting, such as F1, F2, F12, or Esc. From Windows, hold the Shift key while selecting Restart. Go to Troubleshoot > Advanced Options: UEFI Firmware Settings.
When stuck at Start PXE over IPv4, one potential solution is to locate the Secure Boot setting. Enable it within the Security, Boot, or Authentication tabs if possible. Alternatively, consider loading the PC’s integrated Secure Boot keys under Custom settings. This approach can help address the PXE-E18 error and server response timeout, facilitating a smoother boot process.
I hope this blog post addressed the issue of being Stuck at Start PXE over IPv4. Please share your inquiries in the comments section if you require further clarification or have inquiries. We greatly appreciate your engagement.