So you want to leave Windows Firewall enabled on your PVS server, do you? Meh. Ok. Fine, here’s the list.
UDP 67 (PXE)
UDP 69 (TFTP)
UDP 4011 (PXE)
UDP 6890 – 6930 (Stream)
TCP 54321-54322 (Console)
So.. If you do not open UDP 67, even if your DHCP server is NOT running on your PVS server, your VMs won’t display an IP when they try to PXE boot. Go ahead, ask me how I know..
If 67 is open but 4011 is not, the VM will throw an error telling you so during the PXE boot process.