If you using integrated security (Trusted Connection) to connect to a MDT database hosted on a SQL Cluster, it will fail because of the WinPE Firewall.
The story is that WinPE (the client) communicates to the cluster node, but it is the actual physical machine that responds back, so the firewall sees it coming from a different address so it blocks it as unsolicited traffic (Thanks to Tim Mintner for the research).
Workaround 1 – Disable the WinPE firewall (warning – security risk)
Add the following command to your startnet.cmd
wpeutil.exe DisableFirewall
Workaround 2 – Use standard SQL Login
Specified by DBID and DBPWD in customsettings.ini
Note: In rare scenarios you may need to verify that you have matching versions of “dbnetlib.dll” and “dbnmpntw.dll” in WinPE. Thanks to Jason Miller for that info.