Thursday, December 6, 2012

Troubleshooting flow for image deployment

This is going to be an ongoing post.  I work on more than one project at a time and even after being away a short while, I forget lessons learned. After many hours of banging my head on the keyboard.

I use MDT.  I image. Sometimes it breaks. Your mileage will vary as this is specific to the custom system I use.

Sometimes you make a change and then the image will not deploy.  Here’s a list of things you should check:

1)      Note the error. At what stage did it happen?

a.       If it was just after Litetouch started, but before choosing the TS or before formatting the drive, check the version of the boot.wim (LiteTouchPE_x64.wim) to see that it is the correct version.  If it is older, it might be missing drivers.

b.      If it was before Litetouch finished, then check the Deploymentshare$\Logs folder for relevant information.

c.       If it was after the image loaded, but before sysprep, boot into BartPE and check %OSDRIVE%\_SMSTaskSequence, and %OSDRIVE%\MININT.

d.      If it was during sysprep, boot into BartPE and check %OSDRIVE%\Windows\Panther and %OSDRIVE%\Windows\system32\Panther. Look for setuperr.log and setupact.log.

2)      Check the task sequence on the MDT server to ensure the proper drivers are being loaded and settings (including unattend file) are correct

If all else fails... sometimes it could be the image. Sysprep it again. To mitigate driver issues, use a VM.

BartPE Loading screen

Everytime I compile BartPE, which is once in a blue moon, it annoys me that I can't change the version that flashes across the load screen.

Look for the following in the plugins folder.


Search for this setting. Compile. Done.

"txtsetup.sif","SetupData","loaderprompt","""Starting Windows XPE [ETS Version 3600_sp2]..."""

Thursday, November 22, 2012

Sysprep and screen resolution

I learned that sysprep by default has an automatic setting for the screen resolution. 1024x768. A bit annoying as it defaults to that resolution no matter what monitor it is using. The solution is to remove the setting completely from the unattend.xml file in the task sequence used for deployment.

Thursday, November 8, 2012

UltraVNC.. revisited

I decided to try again with version Looks promising.

UAC affects SAS (secure attention sequence) that Windows 7 uses to send CAD (CTRL-ALT-DEL) to logon.  By default, only Windows can issue the SAS for CAD.  So this will prevent some programs, such as UltraVNC from issuing this command to logon. I thought it was related to UAC, but it seems not.  Whether UAC is on or off, by default unable to send a CAD.

There are a couple ways around this. Preferred is group policy, but a quick fix can be done via reg.exe.

1.       Click the Start Windows button, select Run, type gpmc.msc and press enter.

2.       In the left section, select the desired domain, then right-click and choose Create a GPO in this domain, and link it here.

3.       Right-click the new GPO and select Edit.

4.       In the left section, please navigate to: Computer Configuration - Administrative Templates - Windows Components - Windows Logon Options

5.       In the right section, please double-click on the Disable or enable software Secure Attention Sequence policy and click on Enabled.

6.       Set the policy option to Services.

The other solution is:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v SoftwareSASGeneration /t REG_DWORD /d 1 /f
UltraVNC can be installed with the defaults, with a few changes to the ultravnc.ini file to improve the screen refresh.



Monday, October 15, 2012

UltraVNC, CAD and UAC

Problems seem to be constant with UltraVNC and Windows 7. I have downgraded to version x64 version. It was fine until I turned off UAC to troubleshoot a different problem.  The link for the fix is broken so I need to leave UAC on for now, in order for CAD to work.

Sunday, September 2, 2012

Optiplex 9010 does not sysprep

Everytime I receive a new model of Optiplex... I have this problem. Windows fails to load. WinPE will boot (after injecting network drivers), Sysprep will run. Then come to a screeching halt with : 
"Windows setup could not configure Windows to run on this computer hardware".  The image is Windows 7 Enterprise SP1.

I've read some literature which recommends upgrading to SP1 for Windows 7. Or switching the BIOS to ATA or AHCI instead of RAID. Due to the new 4k sector disks.

I tried installing from the original Windows 7 Enterprise DVD. Nada. Looked up the orginal image which was Windows 7 Professional from Dell. It was SP1 I noted.

So I switched the BIOS setting to ATA. Bingo, it finally loaded.  But I was missing the SM bus driver and a few other things were absent from the System Devices.  I installed it manually and all the devices appeared to be installed.

Beginning to wonder if the missing driver was causing the problem? My next step is to switch the BIOS back to RAID only and try an image with the missing chipset drivers. Will sysyprep it on a 980 rather than a 960 and see how that works.

Well that was a failure.  This is starting to look like the problem I had last year, with a new 980.

So I think I will reload it in ATA, mode, fudge with the drivers and see if I can at least switch it back to AHCI.

Update: November 22

So with MDT I had to download the entire Enterprise CAB. Even then it was missing a Realtek PCIE card driver for the AIO even though all drivers were detected for the desktop. What I did notice was that just downloading all the drivers and installing them manually was sufficient, but for MDT it is missing many drivers unless it has the entire Enterprise CAB. Of course, this worked fine with BIOS set to RAID.

A side project involved using a bare bones VM for testing driver injection to save on load time.  That did not work really well. While on the logon screen, movement of the mouse or keyboard press would cause a reboot of the computer. Suspect it is the image and may need to sysyprep again. Since driver injection worked on the generic image.

Friday, July 20, 2012

Powershell invalid directory name

I'm still a newcomer in the world of powershell.  The following code generated this error.

Exception calling "Start" with "1" argument(s): "The directory name is invalid"
At M:\Temp\test.ps1:19 char:36
+ [System.Diagnostics.Process]::Start <<<< ($startinfo)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

$key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$encrypted = Get-Content encrypted.txt
$secure2 = Get-Content encrypted.txt | ConvertTo-SecureString -key $key

$startinfo = new-object System.Diagnostics.ProcessStartInfo
$startinfo.UserName = "scripter"
$startinfo.Password = $secure2
$startinfo.FileName = "notepad.exe"
$startinfo.UseShellExecute = $false
$startinfo.WorkingDirectory = "C:\"

The problem was the ommission of the highlighted line.  Not even sure why I need this as with a simplified version of the code I did not. Oh well.

Wednesday, May 2, 2012

Issues with joining domain

So I got this error after MDT had finished loading the image. I couldn't figure why it happened with some machines and others even thugh I was using similar roles and task sequence. What happened was that I had failed to set the write and reset properties on the account.  These need to be set for the group that contains the MDT user that joins the domain.  This does not fix immediately, rather the computer needs to be reloaded.

Thursday, April 12, 2012

WDS won't approve pending computers

After a lot of Google Fu, I have finally found the source of the problem.  When approving pending devices in WDS, I got access denied.  The corresponding error in Event Viewer was Event 525, BINLSVC

An error occurred while trying to create the machine account for the following device. Please ensure that the machine naming policy is valid and that the service has the proper permissions in Active Directory Domain Services to create machine accounts.

Turned out when adding permissions to the OU, I was trying to add the admin group instead of the WDS server object. Problem solved.

Friday, March 16, 2012

Sharepoint 2007 permissions

Sharepoint, in my opinion, doesn't have a straightforward inteface, especially for administration. To assign permissions to a group for a specific folder, do the following:

1) Browse to the folder you would like to assign permissions to.
2) Click on the dropdown box of the target folder and click on Manage Permissions.

3) Click on New/Add Users and enter the appropriate information.

Previously, I was entering the folder and clicking on Settings, Document Library Settings in the ribbon.  That caused the permissions to be added to the folder above, which I didn't want.

Monday, March 5, 2012

BartPE: Loading SDIs

Wondering if there is an easier way to load an SDI file for BartPE? Without startrom.0?

Checkout this link.

Use the link below as the links to the files within the link above are not valid,

Some more thoughts about loading SDI only.  It looks like that it would only work if the partition can be imported and was using and boot ini.  So it will not work with my setup which uses minint and the renamed setupldr.exe (to ntldr) from W2K3SP1.

An excerpt from the link below, which I found interesting.

There are only two binaries:
osloader and setupldr.

osloader is for normal installation and XP Embedded
setupldr is for setup and WinPE

Each of them come in two flavors:
.bin is for loading by boot sector
.exe is for loading by startrom

.bin's just have a (same) prepend before corresponding .exe' PE image
That prepend can be stripped away by from ris-linux.

osloader.bin is what named ntldr (w/o extension)

Osloader.exe is the only one which can be put into SDI.
(only osloader knows of PART BLOB and only .exe can be run by startrom)

But osloader is the name for protected mode part of ntldr,
so it inherits inability to load WinPE, when standard ntldr is unable.

The following is a good discussion about the way the files work.

Thursday, February 23, 2012

WDS: Gotchas

There are some gotchas when setting up WDS.

Make sure to delete all the BCD files in RemoteInstall\tmp if you make a change to the BCD files. WDS seems to like to read the BCDs from there. Then restart the service and it will create new ones.

If using multiple BCDs in the boot manager, the following will prevent the same description from showing up in the menu

- You can avoid the issue altogether by correcting the command from:

---Bcdedit /store %BCD-File% /create {ramdiskoptions} /d "Ramdisk options"---

To the following:

---Bcdedit /store %BCD-File% /create {ramdiskoptions}---

Removing the description allows you to skip deleting the description later.

Wednesday, February 22, 2012

WDS - Deleting existing deployed computers

This is a great article describing how to remove deployed PCs from WDS.  My network is slow, there is a delay of 7-10 minutes from the time a computer is added/deleted from AD and the database to the time the change is affected.

Monday, January 30, 2012

Canadian iPad in the US

I needed a way to get data on a Canadian iPad while traveling to Hawaii. You can buy a micro sim from the carrier (AT&T), activate it with a prepaid US credit card and a US address. The credit card must be a VISA Gift card or similar. They can be bought at Safeway, or corner stores. It is not a VISA debit card that can be bought at Walmart. You can use any US address, such as the one for your hotel. Awesome!

Wednesday, January 11, 2012

Multibooting different WIMs from PXE

I've wondered if I could boot more than one boot.wim using PXE.  It doesn't seem that it would be easy as it looks to be hardcoded.  Thanks to I modified the script to work with my stuff.

@echo off
rem Vista WinPE 2.0 Multi Boot via pxelinux
rem Gerd Hofmann, 2007, modified by Office Broccoli (2012)

rem script depends on:
rem  o gsar    (gnuwin32 utilities)
rem  o editbin (Microsoft Visual Studio 2005 Express)
rem  o bcdedit (Windows Vista Boot Configuration Editor)

setlocal EnableDelayedExpansion
set /p max=Enter the maximum number of PXE configurations:
FOR /l %%a IN (1,1,%max%) DO (
 REM Remove the old files
 rmdir /s /q %%a
 mkdir %%a

 set /p desc=Enter a description for the %%a configuration:
 echo You entered: !desc!

 REM Use gsar to replace "bootmgr.exe" with "bootm_%%a.exe" in pxeboot.0 and %%a\pxebo_%%a.0
 gsar -f -sbootmgr.exe -rbootm_%%a.exe pxeboot.0 %%a\pxebo_%%a.0

        rem "\Boot\BCD":      \     B     o     o     t     \     B     C     D
        rem   ->UNICODE:  00 5c 00 42 00 6f 00 6f 00 74 00 5c 00 42 00 43 00 44
        rem  \BCD --> \Boot_%%a.wim.bcd
 gsar -f -s:x00\:x00B:x00C:x00D -r:x00\:x00B:x00_:x00%%a bootmgr.exe %%a\bootm_%%a.exe
 editbin %%a\bootm_%%a.exe /release

 Bcdedit -createstore %%a\Boot_%%a.wim.bcd
 Bcdedit -store %%a\Boot_%%a.wim.bcd -create {bootmgr} /d "Windows BootManager" 
 Bcdedit -store %%a\Boot_%%a.wim.bcd -set {bootmgr} timeout 30
 bcdedit -store %%a\Boot_%%a.wim.bcd -set {bootmgr} nointegritychecks Yes

 bcdedit -store %%a\Boot_%%a.wim.bcd -create {ramdiskoptions}
 bcdedit -store %%a\Boot_%%a.wim.bcd -set {ramdiskoptions} ramdisksdidevice boot
 bcdedit -store %%a\Boot_%%a.wim.bcd -set {ramdiskoptions} ramdisksdipath \Boot\boot.sdi

 REM Write the GUID to a file
 Bcdedit -store %%a\Boot_%%a.wim.bcd -create /d "!desc!" /application osloader 2>&1 > .\result.txt
 REM Blank the description for next round
 set desc=
 REM Retreive GUID from file
 for /f "tokens=3 delims= " %%i in (result.txt) do (
  for /f "tokens=1 delims={}" %%j in ("%%i") do (
  Bcdedit -store %%a\Boot_%%a.wim.bcd -set {%%j} path \windows\system32\winload.exe
  Bcdedit -store %%a\Boot_%%a.wim.bcd -set {%%j} systemroot \Windows
  Bcdedit -store %%a\Boot_%%a.wim.bcd -set {%%j} detecthal Yes
  Bcdedit -store %%a\Boot_%%a.wim.bcd -set {%%j} winpe Yes
  Bcdedit -store %%a\Boot_%%a.wim.bcd -set {%%j} osdevice ramdisk=[boot]\Boot\x64\Images\boot_%%a.wim,{ramdiskoptions}
  Bcdedit -store %%a\Boot_%%a.wim.bcd -set {%%j} device ramdisk=[boot]\Boot\x64\Images\boot_%%a.wim,{ramdiskoptions}
  Bcdedit -store %%a\Boot_%%a.wim.bcd -displayorder {%%j} -addlast
 del result.txt

After running the script may want to verify the integrity of the BCD file by using bcdedit /store 1\b_1 /enum for example.

Also wrote something to copy the files to the TFTP server.

@echo off
REM Copy boot files to TFTP folder
set /p dest=Enter the full path to the TFTP folder:
set /p max=Enter the maximum number of PXE configurations:

FOR /l %%a IN (1,1,%max%) DO (
 copy /y %%a\b_%%a %dest%\boot
 copy /y %%a\pxebo_%%a.0 %dest%\boot
 copy /y %%a\bootm_%%a.exe %dest%\ 

Edit pxelinuxcfg\default to point to the new configurations.

DEFAULT menu.c32


# Windows BartPE Loader1
 KERNEL startrom.0
 APPEND vga=normal devfs=nomount pxe ramdisk_size=70000 load_ramdisk=1 init=/linuxrc prompt_ramdisk=0 initrd=initrd.gz root=/dev/ram0 rw noacpi noapm pci=noacpi lba acpi=off apm=off

# Windows LiteTouch PE Loader2
 KERNEL /boot/pxebo_1.0

# Windows LiteTouch PE Loader3
LABEL LiteTouch 980-TEST
 KERNEL /boot/pxebo_2.0

Copy the necessary wims into the source folder and rename according to the new format. For example, litetouch64.wim might become boot_1.wim.

Monday, January 9, 2012

TightVNC plugin for BartPE

Had lost the TightVNC files when I overwrote my last install so had to make them from scratch.

With the help of the following site, I cobbled together the basic files.

I had to make some changes to TightVNC.inf to copy screenhooks.dll and tvnserver.exe instead of WinVNC.exe and VNChooks.dll.

Also had to import a bunch of settings from [HKEY_CURRENT_USER\Software\TightVNC\Server] and convert them to the PE INF file.  The server would lose the passwords even though they were configured in software section.

Added the following to TightVNC.inf.

0x1, "Software\TightVNC\Server","ExtraPorts",""
0x4, "Software\TightVNC\Server","QueryTimeout", 0x0000001e
0x4, "Software\TightVNC\Server","QueryAcceptOnTimeout", 0x00000000
0x4, "Software\TightVNC\Server","LocalInputPriorityTimeout", 0x00000003
0x4, "Software\TightVNC\Server","LocalInputPriority", 0x00000000
0x4, "Software\TightVNC\Server","BlockRemoteInput", 0x00000000
0x4, "Software\TightVNC\Server","BlockLocalInput", 0x00000000
0x1, "Software\TightVNC\Server","IpAccessControl",""
0x4, "Software\TightVNC\Server","RfbPort", 0x0000170c
0x4, "Software\TightVNC\Server","HttpPort", 0x000016a8
0x4, "Software\TightVNC\Server","DisconnectAction", 0x00000000
0x4, "Software\TightVNC\Server","AcceptRfbConnections", 0x00000001
0x4, "Software\TightVNC\Server","UseVncAuthentication", 0x00000001
0x4, "Software\TightVNC\Server","UseControlAuthentication", 0x00000000
0x4, "Software\TightVNC\Server","LoopbackOnly", 0x00000000
0x4, "Software\TightVNC\Server","AcceptHttpConnections", 0x00000001
0x4, "Software\TightVNC\Server","LogLevel", 0x00000000
0x4, "Software\TightVNC\Server","EnableFileTransfers", 0x00000001
0x4, "Software\TightVNC\Server","BlankScreen", 0x00000000
0x4, "Software\TightVNC\Server","RemoveWallpaper", 0x00000001
0x4, "Software\TightVNC\Server","EnableUrlParams", 0x00000001
0x3, "Software\TightVNC\Server","Password",\
0x4, "Software\TightVNC\Server","AlwaysShared", 0x00000000
0x4, "Software\TightVNC\Server","NeverShared", 0x00000000
0x4, "Software\TightVNC\Server","DisconnectClients", 0x00000001
0x4, "Software\TightVNC\Server","PollingInterval", 0x000003e8
0x4, "Software\TightVNC\Server","AllowLoopback", 0x00000000
0x4, "Software\TightVNC\Server","VideoRecognitionInterval", 0x00000bb8
0x4, "Software\TightVNC\Server","GrabTransparentWindows", 0x00000001
0x4, "Software\TightVNC\Server","SaveLogToAllUsersPath", 0x00000000
0x4, "Software\TightVNC\Server","RunControlInterface", 0x00000001
0x1, "Software\TightVNC\Server","VideoClasses",""
And it finally works!

XPE plugin won't run in BartPE

I did some bad revision tracking and managed to revert back to XPE 1.0.4 instead of 1.0.7. When I recopiled it using 1.0.7, XPE would not run on startup.  After a day and a half of troubleshooting here is the answer.
1) The autorun0xpe.cmd file must be present in the plugin folder for XPE 1.0.7
2) The entry


Must be in xpe.inf.  This tells the compiler to add this file to the build.