WDS service crashes when F5 Global Traffic Manager "monitor" packets are being used

Symptoms
The Windows Deployment Services (WDS) service intermittently crashes in an environment in which F5 Global Traffic Manager is being used.

Additionally, you may see text that resembles one of the following in a packet capture:
  • <source ip> <dest ip>UDP UDP:SrcPort = <srcport>, DstPort = 67 or 4011, Length = 27
  • <source ip> <dest ip> DHCP DHCP:UNHANDLED DHCP OpCode, 100(0x64)
You may see this text together with bytes that start with the following opcode field:
64 65 66 61 75 6C 74 20 73 65 6E 64 20 73 74 72 69 6E 67 (= "default send string")
Cause
F5 Global Traffic Manager defines various protocol "monitors" that send packets to target switches to test reliability. One such monitor is used for User Datagram Protocol (UDP) ports and includes raw bytes that contain the "default send string" string.

The WDS service listens for incoming Pre-boot Execution Environment (PXE) requests that contain Dynamic Host Configuration Protocol (DHCP) proxied data. A bug exists in which WDS does not check that these packets have well-formed DHCP header fields. WDS parses these UDP monitor packets and encounters the "default send string" string instead of the DHCP opcode field value. Therefore, WDS miscalculates the length of the packet. This causes an access violation in unallocated memory, and the service crashes.
Resolution
To resolve this issue, configure the F5 Global Traffic Manager by using exceptions in such a way that these devicesdo not send UDP monitor packets to the following ports on the WDS server:
  • 67 (BOOTP)
  • 68 (BOOTP)
  • 4011 (ProxyDHCP)
For UDPv6:
  • 546, 547 (DHCPv6)
More information
wds windows deployment service crash F5 Global Traffic Management DHCP PXE UDP default send string unhandled
Properties

Article ID: 3073881 - Last Review: 07/09/2015 02:51:00 - Revision: 6.0

Windows Server 2012 Standard, Windows Server 2012 R2 Standard

  • kbexpertiseadvanced kbsurveynew kbtshoot KB3073881
Feedback