PXE Boot Fails on Secure Boot Enabled Devices after Upgrading to ITMS 8.8.1
Article ID: 431919
Updated On:
Products
Issue/Introduction
After upgrading to IT Management Suite (ITMS) 8.8.1, administrators may find that client computers with Secure Boot enabled are unable to boot via PXE. The boot process typically fails or hangs before reaching the Automation environment because the 8.8.1 UEFI binaries are not yet recognized by the device's firmware security database.
Affected systems may display Secure Boot validation errors or fail to load the PXE boot environment altogether.
Environment
ITMS 8.8.1
Deployment Solution
NBS Site Server
Cause
This is a known issue reported with our ITMS 8.8.1 Release Notes:
The primary issue is that the UEFI bootstrap files included in the ITMS 8.8.1 release are currently awaiting Microsoft signing. Until these files are signed, devices with Secure Boot "On" will reject the PXE binaries as untrusted.
Resolution
A fix will be available under our next ITMS 8.8.2 Release.
A pointfix is available for those with ITMS 8.8.1 Release. See CUMULATIVE POST ITMS 8.8.1 POINT FIXES
The original Deployment Solution EFI boot binaries included with ITMS 8.8.1 did not meet Secure Boot validation requirements on affected systems. Engineering reviewed and validated updated UEFI boot components.
Installation Steps
- Obtain and install the Deployment Solution point fix:
- DS_8_8_1_PF_v2_08June2026.zip or later
- Allow package replication to complete on all Network Boot Servers.
If your PXE configuration uses iPXE, regenerate the affected PXE boot images.
Note: PXE boot image regeneration is only required for boot images that have the iPXE option enabled.
- Validate PXE boot functionality on a Secure Boot-enabled UEFI device.
Additional Information
Feedback
