After upgrading to IT Management Suite (ITMS) 8.8.1, administrators may find that client computers with Secure Boot enabled are unable to boot via PXE. The boot process typically fails or hangs before reaching the Automation environment because the 8.8.1 UEFI binaries are not yet recognized by the device's firmware security database.

ITMS 8.8.1

Deployment Solution

Engineering is working on providing updated, signed binaries in a future Point Fix or Release Update.

Refer to the following Community post:

ITMS 8.8.1 - PXE boot not working when secure boot is enabled

The current workaround involves the use of signed binaries from the previous 8.8.0 release to restore functionality while maintaining Secure Boot.
Use the following steps to apply the validated workaround.

Prerequisites

• Access to the SbsServer.exe and .efi files from an ITMS 8.8.0 installation.

• Administrative rights on the Site Server(s) running the Network Boot Service (PXE).

Troubleshooting & Workaround Steps

The following steps replace the 8.8.1 PXE server components with the 8.8.0 versions, which remain signed and compatible.

1. Stop the Service:

   • Open services.msc.

   • Right-click Symantec Network Boot Service (PXE) and select Stop.

   • Note: It is not necessary to stop the TFTP service for this specific fix.

2. Backup Existing Files:

   • Navigate to the original locations listed in the table below.

   • Move the 8.8.1 versions of these files to a temporary backup folder outside of the Altiris directory tree.

   • Warning: Do not simply rename the files in their current folder; move them entirely to avoid service conflicts.

3. Replace Files with 8.8.0 Versions:

   Copy the files from your 8.8.0 source and overwrite/place them into the following directories on the 8.8.1 Site Server:

4. Start the Service:

   • Return to services.msc.

   • Right-click Symantec Network Boot Service (PXE) and select Start.