Secure Boot is a security feature included in the latest generation of the Unified Extensible Firmware Interface (UEFI) in Windows. It replaced the aging and flawed BIOS architecture. With UEFI comes the feature of “secure boot” which boots only those bootloaders that are signed in to UEFI firmware. It was developed to protect your system from threats and is enabled by default in Windows, but not in Linux. In some cases, you may want to disable it. For some other articles, I have written WDS, see the following guides: No bootable media found system halted: Unable to PXE boot WDS to Virtualbox, WDS/DHCP scenarios: How to configure DHCP Server option 60, 66 and 67 for Windows Deployment Services, Uninstall WDS: How to remove Windows Deployment Services role via the GUI and PowerShell.
Here’s how to disable secure boot: How to clear, enable or disable TPM in Windows via the BIOS or UEFI, and Windows 11 Feature-specific, Hardware and Software Requirements: How to upgrade to Windows 11 from Windows 10 as a Windows Insider. This security feature prevents rootkit malware and provides an additional layer of security. The downside of secure boot is that if you want to boot from a Linux USB or if you want to use a bootable Windows USB, it won’t allow that. Sometimes, it may also create problems in dual booting with Linux.
When imaging your device via WDS/MDT, you may be prompted quickly with the following error below "PXE-E18: Server response timeout". 
When you search on the internet for this error without actually understanding some key features of Windows, you will never be able to resolve this issue. You may even end up breaking your MDT/WDS server if care is not taken. You may want to learn more about SecureBoot in order to resolve this issue. Kindly refer to this guide for more information: Measured Boot, Secure Boot, Trusted Boot, and Early Launch Anti-Malware: How to secure the Windows 10 boot process. You may also want to see this guide: Windows 11 System Requirements: Why does Microsoft require additional system requirements? How to check if you have Secure Boot and TPM enabled.
Solution – Ensure SecureBoot is disabled
If you don’t know what you’re doing and leave it disabled, it’s possible that malware or malicious code could execute on your system before other protective measures can boot up, leaving you vulnerable. In order to resolve these issues, ensure the ethernet cable is plugged in correctly and that there is network connectivity.
– Ensure you set the boot order correctly!
– Ensure during deployment (imaging) that secure boot is disabled. See the image below on how to disable secure boot. On an existing Windows device, here is one of the ways to disable secure boot: How to Disable Or Enable Secure Boot on Windows 10 & 11.
How to disable Secure Boot in BIOS?
The steps below actually depend on your device model (type). Open the PC BIOS menu. You can often access this menu by pressing a key while your PC is booting, such as F1, F2, F12, or Esc.
- Find the Secure Boot setting in your BIOS menu and set it to Disabled. This option is usually in either the Security tab, the Boot tab, or the Authentication tab. See the image below for a similar process.
- Save changes and exit. The PC reboots.
Henceforth, you should be able to deploy the operating system to the new device.
– Note: I am not saying these are the only solution to this issue, but at least this was what I checked that fixed mine 🙂 For some other articles, I have written WDS, see the following guides: What happens when WDS and DNS is installed on the same server: DNS issues with WDS, and how does WDS work: How to configure Windows Deployment Services on Windows Server 2019.
Next, you will be prompted for an operating system to install. Please select any from the list of available operating systems.
The files will be loaded and please follow the rest of the process, kindly visit this guide: Install ADK, MDT, and WDS: How to deploy Windows images via Microsoft Deployment Toolkit and Windows Deployment Services.
Enable Secure Boot
Open the PC BIOS menu, you can often access this menu by pressing a key while your PC is booting, such as F1, F2, F12, or Esc. From Windows, hold the Shift key while selecting Restart. Go to Troubleshoot > Advanced Options: UEFI Firmware Settings.
Find the Secure Boot setting, and if possible, set it to Enabled. This option is usually in either the Security tab, the Boot tab, or the Authentication tab. On some PCs, select Custom, and then load the Secure Boot keys that are built into the PC.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.
