Best Practices

Hi, You can try with this article:
https://support.quest.com/kace-systems-deployment-appliance/kb/4268644/how-to-troubleshoot-pxe-boot-by-using-the-ipxe_debug-efi-binay

The idea is getting more info of the DHCP/PXE boot process to see if the client is receiving the proper information.

The fact that, without secure boot it works fine, makes me think that there is something missing in the BIOS, maybe a combination of options are needed, so I would check with the vendor (lenovo) to see what they think. See this:
https://forums.lenovo.com/t5/ThinkPad-T400-T500-and-newer-T-series-Laptops/Lenovo-T14-Gen-1-PXE-boot-UEFI-Security-boot-failed/m-p/5046869

hope this helps

Hello @Nico-123,

I am currently testing Lenovo ThinkPads. Make sure the "Allow Microsoft 3rd Party UEFI CA” option is enabled in the Secure Boot section of the BIOS. It appears that, by default, it is disabled. The cert KACE uses is part of the 3rd party CA list.

This solved the issue with PXE boot problems for me and I can now get to the boot manager screen. BUT... one oddity I'm experiencing is input is dead. You cannot use the keyboard to select the KBE from the boot manager screen when Secure Boot is enabled. Disable Secure Boot and then it works.

I already tried @ChorreraTownTech's idea to use the debug EFI. This works fine with Secure Boot enabled. I can type and use arrow keys. Switch it back to the primary ipxe.efi and keyboard is dead again. Hopefully tech support will have answer to this one.