diff --git a/admin-guide/troubleshooting/boot.md b/admin-guide/troubleshooting/boot.md
index 48d8da06..04589c61 100644
--- a/admin-guide/troubleshooting/boot.md
+++ b/admin-guide/troubleshooting/boot.md
@@ -2,7 +2,7 @@
 
 ## SecureBoot
 
-While having secure boot enabled it is not possible to load the yfs kernel module. Therefore it is important that secure boot is disabled on the systems booting EFI!
+While having secure boot enabled it is not possible to load the yfs kernel module or Nvidia drivers. Therefore it is important that secure boot is disabled on the systems booting EFI!
 
 
 This is how to check on a running system if secure boot is enabled:
@@ -13,6 +13,18 @@ mokutil --sb-state
 
 https://access.redhat.com/articles/5337691
 
+## Network Boot Failure on UEFI System
+
+If the system downloads the bootloader, but then fails, it might be due to downloading the wrong bootloader, here `pxelinux.0` instead of `shimx64.efi`.
+The Linux Team can check in the journal of boot.psi.ch what was actually downloaded.
+
+If that is confirmed, then the issue is probably a so far unknown Vendor Class which is sent with the DHCP request of the firmware. It is configured in QIP:
+
+![Vendor Class to network boot configuration in QIP](boot/qip.png)
+
+Please inform the network team about the missing Vendor Class.
+
+(for plain `dhcpd` there would be a [generic solution](https://www.redhat.com/sysadmin/pxe-boot-uefi) but apparently this cannot be implemented in QIP (yet?)).
 
 ## Redirect Serial Output to File in VMware
 
diff --git a/admin-guide/troubleshooting/boot/qip.png b/admin-guide/troubleshooting/boot/qip.png
new file mode 100644
index 00000000..be5be2c0
Binary files /dev/null and b/admin-guide/troubleshooting/boot/qip.png differ