HyperV Gen2 VM not booting over PXE

I have two VMs in HyperV, both on the same virtual switch (internal), on the same subnet. I am trying to set up one as a DHCP and TFTP server for PXE boot. With Gen1 machine, it's working fine with pxelinux. Gen2 with UEFI does not unfortunately work.

DHCP & TFTP Server

  • IP 192.168.1.2
  • VLAN identification is disabled

DHCP - ISC DHCP Server running in a docker container with "host" network type with the following configuration:

set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
set pxetype = option pxe-system-type;

authoritative;

default-lease-time 7200;
max-lease-time 7200;

option tftp-server-name "192.168.1.2";
option bootfile-name "efi/core.efi";

subnet 192.168.1.0 netmask 255.255.255.0 {
    interface "eth0:0";
    option routers 192.168.1.1;
    option subnet-mask 255.255.255.0;
    range 192.168.1.100 192.168.1.150;
    option broadcast-address 192.168.1.255;
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    option domain-name   "ad.lholota.net";
    option domain-search "ad.lholota.net";

    if substring(vendorclass, 0, 9)="PXEClient" {
        if pxetype=00:06 or pxetype=00:07 {
            filename "efi/core.efi";
        } else {
            filename "pxelinux/pxelinux.0";
        }
    }
    next-server 192.168.1.2;
}

TFTP - tftp-hpa running in a docker container on a "host" type network. I can download the efi files manually through a standard tftp client.

Booting machine

  • HyperV Gen2
  • No virtual HDD or DVD
  • Firmware tab has only one item in the boot sequence - network
  • Secure boot is disabled
  • VLAN identification is disabled
  • Network adapter pointing into the same internal switch as the first VM
    • Enable virtual machine queue - checked
    • Enable IPsec task offloading - checked, maximum number: 512
    • MAC Address dynamic
    • Enable DHCP guard - NOT checked
    • Enable router advertisement guard - NOT checked
    • Procted network - NOT checked
    • Mirroring mode - None
    • Enable device naming - NOT checked

The trouble is that the machine doesn't even get to the TFTP server because it doesn't finish the DHCP Discover-Offer-Request-Ack flow. It gets stuck on offer as shown in the dhcpdump below. The booting machine never sends the request message. Funny enough, BIOS based Gen1 HyperV machine boots without any issue so the DHCP flow works there.

Can you please give me a hint of what might be wrong?

  TIME: 2018-07-11 19:49:37.641
    IP: 0.0.0.0 (0:15:5d:0:50:d0) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 8bf1c250
  SECS: 0
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 00:15:5d:00:50:d0:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type         1 (DHCPDISCOVER)
OPTION:  57 (  2) Maximum DHCP message size 1472
OPTION:  55 ( 35) Parameter Request List      1 (Subnet mask)
                          2 (Time offset)
                          3 (Routers)
                          4 (Time server)
                          5 (Name server)
                          6 (DNS server)
                         12 (Host name)
                         13 (Boot file size)
                         15 (Domainname)
                         17 (Root path)
                         18 (Extensions path)
                         22 (Maximum datagram reassembly size)
                         23 (Default IP TTL)
                         28 (Broadcast address)
                         40 (NIS domain)
                         41 (NIS servers)
                         42 (NTP servers)
                         43 (Vendor specific info)
                         50 (Request IP address)
                         51 (IP address leasetime)
                         54 (Server identifier)
                         58 (T1)
                         59 (T2)
                         60 (Vendor class identifier)
                         66 (TFTP server name)
                         67 (Bootfile name)
                         97 (UUID/GUID)
                        128 (???)
                        129 (???)
                        130 (???)
                        131 (???)
                        132 (???)
                        133 (???)
                        134 (???)
                        135 (???)

OPTION:  97 ( 17) UUID/GUID                 008c0c7ab81331a0 ...z..1.
                        4297445b2e41610e B.D[.Aa.
                        a8               .
OPTION:  94 (  3) Client NDI                010300           ...
OPTION:  93 (  2) Client System             0007             ..
OPTION:  60 ( 32) Vendor class identifier   PXEClient:Arch:00007:UNDI:003000
---------------------------------------------------------------------------

  TIME: 2018-07-11 19:49:37.641
    IP: 0.0.0.0 (0:15:5d:0:50:12) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
    OP: 2 (BOOTPREPLY)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 8bf1c250
  SECS: 0
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 192.168.1.105
SIADDR: 192.168.1.2
GIADDR: 0.0.0.0
CHADDR: 00:15:5d:00:50:d0:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: efi/core.efi.
OPTION:  53 (  1) DHCP message type         2 (DHCPOFFER)
OPTION:  51 (  4) IP address leasetime      7200 (2h)
OPTION:   1 (  4) Subnet mask               255.255.255.0
OPTION:   3 (  4) Routers                   192.168.1.1
OPTION:   6 (  8) DNS server                8.8.8.8,8.8.4.4
OPTION:  15 ( 14) Domainname                ad.lholota.net
OPTION:  28 (  4) Broadcast address         192.168.1.255