MDT

The ol' 'Quick & Dirty' method - Image provided by Max Pixel

MDT Performance Boost Part 2

I need all the help I can get in terms of speeding up the build & capture process so in addition to the steps mentioned in my previous post, I use this “one weird trick” (smh) to help speed up the actual WIM capturing or generation process.

Speedup Process Overview

  • Copy the base install.wim of your B&C OS to your capture location
  • Rename the .WIM to something meaningful like 1809_install.wim
  • Use that same name for the WIM file name for the capture
  • During B&C your image will be added to the existing WIM
  • Split the captured image into it’s own .WIM
  • Delete the index

Baseline Testing (Optional)

This isn’t required but it’s the only way to validate that the speedup procedure actually works.   In order to do that, you’re just going to start by performing a regular Build & Capture using the normal process to see how long the actual .WIM capture process takes.  This will be our baseline number.  In my test lab, after running several B&C’s I’m finding the capture process takes anywhere from 35 to 40 minutes in my lab.

MDTSpeedup2-001

Apply the Speedup Procedure

To keep things simple, let’s say we’re working on capturing an 1809 image.

Copy the stock 1809 install.wim to your Captures directory and rename it to something meaningful like 1809_install.wim.

Check the details of the WIM you just copied:

dism /get-wininfo /image:"\\MDTServer\DeploymentShare$\Captures\1809_install.wim"

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Details for image : \\MDTServer\DeploymentShare$\Captures\1809_install.wim

Index : 1
Name : Windows 10 Education
Description : Windows 10 Education
Size : 14,356,142,049 bytes

Index : 2
Name : Windows 10 Education N
Description : Windows 10 Education N
Size : 13,548,111,095 bytes

Index : 3
Name : Windows 10 Enterprise
Description : Windows 10 Enterprise
Size : 14,356,212,795 bytes

Index : 4
Name : Windows 10 Enterprise N
Description : Windows 10 Enterprise N
Size : 13,548,004,622 bytes

Index : 5
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 14,356,028,734 bytes

Index : 6
Name : Windows 10 Pro N
Description : Windows 10 Pro N
Size : 13,547,960,587 bytes

Index : 7
Name : Windows 10 Pro Education
Description : Windows 10 Pro Education
Size : 14,356,071,811 bytes

Index : 8
Name : Windows 10 Pro Education N
Description : Windows 10 Pro Education N
Size : 13,548,039,957 bytes

Index : 9
Name : Windows 10 Pro for Workstations
Description : Windows 10 Pro for Workstations
Size : 14,356,106,696 bytes

Index : 10
Name : Windows 10 Pro N for Workstations
Description : Windows 10 Pro N for Workstations
Size : 13,548,075,292 bytes

Index : 11
Name : Windows 10 Enterprise for Virtual Desktops
Description : Windows 10 Enterprise for Virtual Desktops
Size : 14,356,177,402 bytes

The operation completed successfully.

Now perform a B&C to get the updated timing details. In my lab, I’m seeing it take about 9 minutes*.

MDTSpeedup2-002

Once the .WIM is created, verify the new index was created:


dism /get-wininfo /image:"\\MDTServer\DeploymentShare$\Captures\1809_install.wim"

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Details for image : \\MDTServer\DeploymentShare$\Captures\1809_install.wim

Index : 1
Name : Windows 10 Education
Description : Windows 10 Education
Size : 14,356,142,049 bytes

Index : 2
Name : Windows 10 Education N
Description : Windows 10 Education N
Size : 13,548,111,095 bytes

Index : 3
Name : Windows 10 Enterprise
Description : Windows 10 Enterprise
Size : 14,356,212,795 bytes

Index : 4
Name : Windows 10 Enterprise N
Description : Windows 10 Enterprise N
Size : 13,548,004,622 bytes

Index : 5
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 14,356,028,734 bytes

Index : 6
Name : Windows 10 Pro N
Description : Windows 10 Pro N
Size : 13,547,960,587 bytes

Index : 7
Name : Windows 10 Pro Education
Description : Windows 10 Pro Education
Size : 14,356,071,811 bytes

Index : 8
Name : Windows 10 Pro Education N
Description : Windows 10 Pro Education N
Size : 13,548,039,957 bytes

Index : 9
Name : Windows 10 Pro for Workstations
Description : Windows 10 Pro for Workstations
Size : 14,356,106,696 bytes

Index : 10
Name : Windows 10 Pro N for Workstations
Description : Windows 10 Pro N for Workstations
Size : 13,548,075,292 bytes

Index : 11
Name : Windows 10 Enterprise for Virtual Desktops
Description : Windows 10 Enterprise for Virtual Desktops
Size : 14,356,177,402 bytes

Index : 12
Name : W10_1809_Entx64
Description : 
Size : 24,935,992,683 bytes

The operation completed successfully.

Success!

 

*So, What’s the Catch?

Alright – so maybe I cut a corner or two.

I’ll admit, it might not be helpful to have one giant .WIM with 12+ indexes, so you’d probably want to export that newly created index to it’s own .WIM:

dism /export-image /sourceimagefile:\\MDTServer\DeploymentShare$\Captures\1803_install.wim /sourceindex:12 /destinationimagefile:\\MDTServer\DeploymentShare$\Captures\1803_bnc.wim

I find this process takes about 90 seconds putting us at about 10m30s.

And if you’re doing that you might also want to delete the new index you created in the original install.wim:

dism /delete-image /imagefile:\\MDTServer\DeploymentShare$\Captures\1803_install.wim /index:12

This process takes about 2 seconds putting us at about 10m32s.

On the surface, capturing or generating a WIM in 8-10 minutes sounds like some appreciable gains but this is where the corner cutting begins.

Like a fine wine, I find this process gets [somewhat] better with age:

  • Without any funny business my first capture typically takes anywhere from 35 to 40 minutes.
  • When I use this technique I might shave 5-10 minutes off my first capture depending on what’s in there.  It’s something but not significant.
  • However, when I do my second (third, fourth etc.) capture with this technique – like when I’m doing another B&C to include this/last month’s patches and/or updated software etc. – that’s when I begin to appreciate the speed difference and now the actual WIM capture/generation process takes ~8 to ~11 minutes.

After the first big capture – thick image with everything in it – that usually becomes it’s own .WIM and the differential .WIMs are appended to it.  From here we can either export those differential indexes into their own .WIMs or we leave them in the ‘master’ .WIM which allows for easy regression to a previous ‘version’ by just using a lower number index in the Task Sequence.

In Conclusion

I don’t think this is ground breaking and there are some caveats – specifically being that you have go through one capture before you can truly realize the benefits – but like I said, I need all the help I can get so every little bit counts!

So hopefully this “one weird trick” helps you 🙂

Good Providence!

Advertisements

MDT Performance Boost Part 1

I need all the help I can get in terms of speeding up the build or build & capture process so I leverage the available hardware to help speed things up.  But before we get to it, let’s give credit where it’s due!

Recommended Reading

I can’t recall exactly when I first discovered those posts, but I didn’t have robust hardware at the time; In fact, I didn’t have SSD’s but I did have access to servers with significant amounts of RAM which is why this was so attractive.  I do want to warn you however that you should curb your expectations as your mileage may vary.

Speedup Process Overview

  • Use a RAM Disk or SSD
  • Give your B&C VM plenty of resources

It’s all About the Hardware

I’m blessed in that I do a lot of my development work on fairly robust hardware:

  • At home: Dell PowerEdge R710 with Dual E5649’s, 192GB of RAM and 8x146GB 15K SAS Drives in a RAID 10 configuration
  • On the go: Lenovo W541 i7-4810MQ with 32GB of RAM, 2x Sandisk Extreme Pro SSD’s in RAID 1 for dev work (VM’s, MDT etc.)
  • At work: Lenovo P500 E5-1620 v3, 128GB of RAM, 2x SSD’s in RAID 1 for dev work (VM’s, MDT etc.)

All of this allows me to leverage the additional cores and RAM to squeeze a bit of extra performance in build & capture scenarios.

Hyper-V Host Configuration

Because my host has gobs of RAM, I create a RAM Disk (or RAM Drive if you prefer) that is ultimately used to store ‘build & capture’ virtual machine’s .VHDX.  I typically allocate 60GB becuase I’m testing full load out scenarios but you can get away with considerably less for more bare bones builds.  There are a variety of RAM Disk solutions out there including, but not limited to:

  • ATI Radeon RAMDisk / DataRAM
  • ImDisk
  • MSI RAMDisk
  • SoftPerfect RAM Disk
  • StarWind RAM Disk

I landed on the no-frills StarWind RAM Disk product because it’s been maintained over the years and at the time of writing – as well as for the past several years – StarWind’s RAM Disk product has made available free of charge, doesn’t have any limitations I’m aware of and most importantly it just works.  Oh – and by “free of charge” I mean yes it doesn’t cost any money but they do ask that you offer up your personal details (name, email address etc.) “to accommodate your requests, keep in touch with you, and offer a better customer experience.

I know I know, this may be a pain point for you but this is a requirement as the download link comes via email.  I can say that I personally can’t remember the last time StarWind emailed me so I feel comfortable offering it up.  If you don’t like sacrificing personal details, consider the other products on the market most of which offer additional features like being able to save and restore the state of your RAM disk.

I do want to point out that this only works if you have excess RAM to spare.  If you don’t have enough RAM to create a RAM Disk for VM use, the next best thing would be to add an SSD to your machine or swap your mechanical drive for an SSD.  In a pinch I suppose you could use a large (64GB+) microSD/SD card or USB 3.0 thumb drive, but I don’t recommend that as a long term solution.  Just because you can doesn’t mean you should though! (^_^)

Virtual Machine Configuration

When creating a ‘build & capture’ VM, I typically give it 4 virtual processors and 8GB of RAM.  I’ve done B&C’s with 1 & 2 virtual processors an 2-4GB of RAM and the performance isn’t great.  You might be asking yourself:

Why not use 8 virtual processors and 16GB of RAM?

You absolutely can, but there is a point where the performance increase levels off at which point the resource cost outweighs the benefit. (i.e.: you’re not making good use of your resources.)  This 4 virtual CPU and 8GB of ram has worked well for me so far which is why I haven’t bothers measuring the performance benefits of 4+ virtual processors and 8+ GB of RAM.  If you’re feeling up to the task, I’ll leave you to do that and you might as well play around with the scheduler to ensure that B&C machine has the highest priority.

Putting It All Together

Installing StarWind RAM Disk

Download & install StarWind RAM Disk – it’s very much double click the EXE and Next, Next, Next to completion.

Configuring StarWind RAM Disk

Launch RAM Disk

StarWind_RAMDisk001

Click ‘Add Device’ to create a new RAM Disk and configure it to your liking

StarWind_RAMDisk002

The process may appear to hang while it creates the RAM Disk.  Go refill you cup of water or visit the loo and it’ll be done by the time you get back.

StarWind_RAMDisk003

When it’s complete you’ll see the new device and you should receive a notification

StarWind_RAMDisk004StarWind_RAMDisk005

Configuring the RAM Disk

After creation the new RAM disk will be offline so fire up Disk Management (or Server Manager whatever) to finish configuring it:

  1. Online the disk
  2. Initialize the disk
  3. Select GPT (or MBR if you prefer)
  4. Create a new simple volume
  5. Assign it a letter – I like to use R: for RAM Disk
  6. Use the NTFS file system
  7. OPTIONAL: Set the volume label – I like to use RAMDisk
  8. Select quick format

StarWind_RAMDisk006

Configuring Your B&C VM

Now that the disk is ready for use, it’s time to configure your B&C VM

If you don’t already have a B&C VM

  1. Create a new BnC VM
  2. Give it at least 8GB of RAM
  3. When asked where to place the .VHDX, change the path to the RAM disk
    • StarWind_RAMDisk007
  4. Once finished, edit the VM settings and give it at least 4 virtual processors

If you already have a BnC VM

  1. Edit the VM settings
  2. Give it at least 2 virtual processors; 4 if you can spare it
  3. Give it at least 4GB of RAM; 8 if you can spare it
  4. When asked where to place the .VHDX, change the path to the RAM disk
    • StarWind_RAMDisk008
    • StarWind_RAMDisk009
    • StarWind_RAMDisk010

That’s it – now you’re cooking with gas!  Start your VM and test an image.

In Closing

When I initially did this, I did notice an appreciable decrease in machine build out time.  We’re not talking going from 60 minutes to 20 minutes, but it was a noticeable improvement nonetheless.  If I can improve my build times by up to 15-25% then I’ll take it!  Now that we have a mostly automated build process, speeding it up it just gravy allowing for more B&C’s throughout the day.

In any event, I hope you find this tip as useful as I do!

Good Providence to you!

MDT Tutorial Part 12: Wrap Up

Living Table of Contents

What These Guides Are:
A guide to help give you some insight into the MDT imaging & troubleshooting process in general.

What These Guides Are Not:
A guide to create a one-size fits all solution that fixes all the issues you’re ever going to encounter.

Why Bother with My Tutorials?

You totally don’t have to take my word on it!  I’m not world-reknowned like others listed on the Resources page – heck I’m not even county-reknowned so you totally should scrutinize the content and provide me with any constructive criticism you may have. 🙂

However I’ve learned from experience, as well as from others in the circles I travel in, that although turn-key solutions are great, once implemented those who implemented them are not fully equipped to maintain the environment.

Please do not misconstrue what I’m saying here: There is nothing wrong with the turn-key solutions out there!  It’s simply that we’re not all at the same level from a technical perspective and we all have knowledge gaps.  But it’s that combination that makes it challenging for some to support those turn-key solutions.

For me anyway I find that having a good base and some reference points better equips me for the road that lies ahead.  And when something breaks it’s an excellent opportunity to review my depth of knowledge on the subject to troubleshoot my way back into a functioning state.  But that’s me and it may not be you.  Maybe you’re just some savant and it comes naturally.

If you were brave enough to go through this process and successfully built, captured & deployed images, then you should have sufficient functional knowledge to efficiently use the turn-key solution below.

More Labs & Test Environments from Microsoft

Turn-Key Solution from Microsoft: Microsoft 365 Powered Device Lab Kit (Formerly Windows 10 Deployment and Management Lab Kit)

The Microsoft 365 powered device lab kit (formerly Windows 10 Deployment and Management Lab Kit) is a complete pre-configured virtual lab environment including evaluation versions of:

  • Windows 10 Enterprise, version 1803 (Windows 10 April 2018 Update)
  • System Center Configuration Manager, version 1802
  • Windows Assessment and Deployment Kit for Windows 10, version 1803
  • Microsoft Deployment Toolkit
  • Microsoft Application Virtualization (App-V) 5.1
  • Microsoft BitLocker Administration and Monitoring 2.5 SP1
  • Windows Server 2016
  • Microsoft SQL Server 2014
  • Connected trials of:
    • Office 365 Enterprise E5
    • Enterprise Mobility + Security

The best part is that it also includes illustrated step-by-step lab guides to take you through multiple deployment and management scenarios, including:

Servicing

  • Windows Analytics Update Compliance
  • Servicing Windows 10 with Configuration Manager
  • Servicing Office 365 ProPlus with Configuration Manager

Deployment and management

  • Modern Device Deployment
  • Modern Device Management with AutoPilot
  • Modern Device Co-Management
  • Office 365 ProPlus Deployment
  • BIOS to UEFI Conversion
  • Modern Application Management with Intune
  • Enterprise State Roaming
  • Remote Access (VPN)

Security

  • Windows Information Protection
  • Windows Defender Advanced Threat Protection
  • Windows Defender Application Guard
  • Windows Defender Application Control
  • Windows Defender Antivirus
  • Windows Defender Exploit Guard
  • Windows Hello for Business
  • Credential Guard
  • Device Encryption (BitLocker)
  • Remote Access (VPN)

Compatibility

  • Windows App Certification Kit
  • Windows Analytics Upgrade Readiness
  • Browser Compatibility
  • Windows App CertificationKit
  • Desktop Bridges

 

This is an amazing kit because of its holistic approach to helping IT Pros transition to the ‘Modern Desktop’.  As such it’s a hefty download and the hardware requirements are steep.

Turn-Key Solution from Johan Arwidmark: Hydration Kit

Johan has been churning out Hydration Kits since as far back as ConfigMgr 2007 SP2 and MDT 2010 so he’s one of the top 5 go-to’s for this sort of thing.

From the author:

This Kit builds a complete ConfigMgr CB 1702, and ConfigMgr TP 1703, with Windows Server 2016 and SQL Server 2016 SP1 infrastructure, and some (optional) supporting servers. This kit is tested on both Hyper-V and VMware virtual platforms, but should really work on any virtualization platform that can boot from an ISO. The kit offers a complete setup of both a primary site server running ConfigMgr Current Branch v1702 (server CM01, as well as a primary site server running ConfigMgr Technical Preview Branch v1703 (server CM02). You also find guidance on upgrading current branch platform to the latest build.

There’s plenty of documentation in the link:

https://deploymentresearch.com/Research/Post/580/Hydration-Kit-For-Windows-Server-2016-and-ConfigMgr-Current-Technical-Preview-Branch

 

Turn-Key Solution from Mikael Nystrom: Image Factory for Hyper-V

Mikael has been working on this for at least 2 years and is another in the top 5 go-to’s for this sort of thing.

From the author:

The image factory creates reference images using Microsoft Deployment Toolkit and PowerShell. You run the script on the MDT server. The script will connect to a hyper-v host specified in the XML file and build one virtual machine for each task sequences in the REF folder. It will then grab the BIOS serial number from each virtual machine, inject it into customsettings.ini, start the virtual machines, run the build and capture process, turn off the virtual machine and remove them all.

There’s some great documentation here but plenty to browse through in the link:

https://github.com/DeploymentBunny/ImageFactoryV3ForHyper-V

 

Turn-Key Solution from Mike Galvin: Image Factory for Microsoft Deployment Toolkit

I happened upon this by accident but I like how straight forward it appears to be.

From the author:

Recently I’ve been looking into automating my image build process further using PowerShell to create an Image Factory of sorts. There are other similar scripts that I’ve found online, but I like the relatively simple and straightforward method I’ve developed below. If like me you’re looking to automate your image build process so that you can have a fully up-to-date image library after patch Tuesday each month, then this may be for you.

This link is the original post where the script is introduced but I strongly urge you to start with the below link then work your way backwards from there.

https://gal.vin/2017/08/26/image-factory/

 

Turn-Key Solution from Coretech: Image Factory

This unfortunately is not something I can link without burning a bridge.  This solution is only obtainable from [select (?)] Coretech training classes or simply if Kent Agerlund likes you.  It’s conceptually similar to many others here, relying on Hyper-V to spin up VM’s, start them, boot, start a specific build & capture task sequence, run through the task sequence then destroy the VM.  Done.

 

In Closing

As you can see there are plenty of training, lab and turn key imaging solutions out there but to quote Browning:

Image the whole, then execute the parts
          Fancy the fabric
Quite, ere you build, ere steel strike fire from quartz,
          Ere mortar dab brick!

In other words, get the total picture of the process; and I argue there are two ways of doing that: with a telescope and a microscope.

Start with the telescope to look at all of it from thirty-thousand feet and you’ll see almost all these require a dab of elbow grease to get going.  In fact, most make assumptions about the environment as well as a certain amount of proficiency with the various technologies being used: PowerShell, MDT, Hyper-V, SCCM, Active Directory etc.

In the same vain that I’d rather learn to drive a manual transmission on an old beater car before I jump into an STI, GT3 RS, or <insert other absurdly expensive manual transmission vehicle here> , it makes more sense to have a slightly more-than-basic understanding of how the technology works before diving in head first.

Good Providence to you!

MDT Tutorial Part 11: Troubleshooting Part 7: Non-Fatal OSD Errors & Warnings

Living Table of Contents

What These Guides Are:
A guide to help give you some insight into the troubleshooting process in general.

What These Guides Are Not:
A guide to fix all issues you’re going to encounter.

We’re going to role-play a bunch of scenarios and try to work through them.  Remember in math where you had to show your work?  Well, what follows is like that which is why this post is [more than] a [little] lengthy.

 

[Some] Non-Fatal OSD Errors & Warnings:

  • No networking adapters found, the network drivers for your device ar enot present

  • An invalid SLShareDynamicLogging value of <path> was specified

  • Unable to Create WebService class

You made a bunch of changes to your lab environment, tested the CS.INI before imaging but after performing a B&C you see these errors/warnings:

Yikes a bunch of errors here!

Yikes a bunch of errors here!

  • No networking adapters found, The network drivers for your device are not present
  • An invalid SLShareDynamicLogging value of \\ITF1MDT01\DeploymentShare$\TSLogs\BnC-22404895 was specified.
  • 2x Unable to create WebService class

To be sure, you delete the logs for that machine, run another B&C and confirm the BDD.log was indeed present and getting populated.  But at the end of the second B&C you received the same error and inspected the BDD.log further:

Troubleshoot-031.PNG

Starting from the top of the log:

  • The”Apply Windows PE” Task Sequence step completed successfully as evidenced by “Event 41001 sent: LTIApply processing completed successfully.”
    .
  • Then the “Add mass storage drivers to sysprep.inf for XP and 2003” Task Sequence step completed successfully as evidenced by “Event 41001 sent: ZTIDrivers processing completed successfully.”
    • Furthermore, the process is able to reach and write to \\ITF1MDT01\DeploymentShare$\TSLogs\BnC-22404895 so we know it was good at this point.
      This is important!
      .
  • After that the “Execute Sysprep” Task Sequence step completed successfully as evidenced by “Event 41001 sent: LTISysprep processing completed successfully.”
    • And that process was also able to reach and write to \\ITF1MDT01\DeploymentShare$\TSLogs\BnC-22404895.
      This is also important!
      .
  • Then we get to the “Apply Windows PE (BCD)” Task Sequence Step and almost as soon as it starts we see our errors:
    • No networking adapters found, The network drivers for your device are not present
    • An invalid SLShareDynamicLogging value of \\ITF1MDT01\DeploymentShare$\TSLogs\BnC-22404895 was specified.

From here you hypothesize that it’s the sysprep process that is creating this problem.
And like a wise man frequently tells me: We gotta peel this onion!

  • Found the error text in ZTIUtility.vbs: “An invalid SLShareDynamicLogging value”
  • Just above the error code it, two functions are called:
    • ValidateConnection
    • VerifyPathExists
      .
  • ValidateConnection
    • Is what drops the “Validating connection to” text in the log
    • Calls the ValidateNetworkConnectivity function which
      • Executes the query ​select * from win32_NetworkAdapter where Installed = true and adaptertypeid = 0" and evaluates the count of the results
      • If the result count is 0, the function exits after dropping “No networking adapters found, The network drivers for your device are not present” text in the log.
        .
  • VerifyPathExists checks the path of SLShareDynamicLogging, creating the directory if missing.  We know the directory exists because the files are where we expect them to be.
    .
  • Finally, the line that generates the “An invalid SLShareDynamicLogging” log entry is part of an if block, and is generated if the directory doesn’t exist.

With a better understanding of the process, we may have a good idea as to what might be happening:

  1. everything’s fine up until sysprep
  2. sysprep might be removing the NIC drivers and thus the adapter doesn’t work
  3. when the ‘Apply Windows PE (BCD)’ Task Sequence step (LTIApply.wsf) is executed immediately after sysprep, it fails to connect to the share because of Step 2 above
  4. once in WinPE the NIC is once again fully functional so everything works as expected

But what about the two Unable to create WebService class warning?  Thinking back to the recent changes you made, one of them was enabling Monitoring.   A little sleuthing might take you to a post by Michael Niehaus on Troubleshooting MDT 2012 Monitoring via a TechNet response by Johan Arwidmark.

After going through the guide, it still doesn’t work so you disable Monitoring, reimage, and the error goes away.  You re-enable Monitoring, image again, get the same result.

The good news is you’ve confirmed Monitoring is “to blame” for those errors.

A closer inspection of the BDD.log shows it’s part of the same LTIApply step it and that’s when it clicks: If there’s no network connectivity, there’s no way for the WebService to succeed.

At the very least, this is a plausible cause.

So for these errors and warnings, it probably “is what it is” and likely not that big of a deal in the grand scheme of things.

FWIW: I can reproduce this behavior with MDT8443 & ADK 1703 on Gen 2 and Gen 1 VM’s using both the Network Adapter and Legacy Network Adapter.  : (

Is it Possible to Fix All of These Errors?

Probably – in fact I’m fairly certain I have an older lab environment where I do not have this problem.  But there’s also something to be said about the return on investment and the law of diminishing returns.

If I can consistently reproduce something, and it really does create problems, I personally believe there’s value in looking into further.  It may be a typo or faux pas on my part or perhaps a valid ‘bug’ for a certain scenarios.

If it’s a one-off, something I see one in 30, it may not be worth investing a significant amount of time & effort for so little reward.

Copypasta Closing

Hopefully these examples will help give you an idea of the overall troubleshooting process.  Most of the time the problems you’ll encounter will be caused by a typso, order of operations or a ‘known issue’ that requires a specific process to be followed.

As you make changes to your environment, here’s what I recommend:

  • Be diligent about keeping a change log so you can easily backtrack
  • Backup your CS.INI or Bootstrap.ini before you make any changes
  • Backup your ts.xml or unattend.xml (in DeploymentShare\Control\TaskSequenceID) before you make any changes
  • Introduce small changes at time with set checkpoints in between and set milestones markers where you backup core files (e.g cs.ini bootstrap.ini ts.xml unattend.xml etc) to help minimize frustration troubleshooting.

And if when you do run into some turbulence, upload relevant logs (at least smsts.log but be prepared to submit others depending on the issue) to a file sharing service like OneDrive, post on TechNet then give a shout to your resources on Twitter.

Good Providence to you!

MDT Tutorial Part 11: Troubleshooting Part 6: Unable to mount the WIM, so the update process cannot continue

Living Table of Contents

 

What These Guides Are:
A guide to help give you some insight into the troubleshooting process in general.

What These Guides Are Not:
A guide to fix all issues you’re going to encounter.

We’re going to role-play a bunch of scenarios and try to work through them.  Remember in math where you had to show your work?  Well, what follows is like that which is why this post is [more than] a [little] lengthy.

Unable to mount the WIM, so the update process cannot continue

When updating your deployment share it fails almost immediately with error Unable to mount the WIM, so the update process cannot continue.

This slideshow requires JavaScript.

Error Text:


=== Making sure the deployment share has the latest x86 tools ===

=== Processing LiteTouchPE (x86) boot image ===

Building requested boot image profile.
Determining if any changes have been made in the boot image configuration.
No existing boot image profile found for platform x86 so a new image will be created.
Calculating hashes for requested content.
Changes have been made, boot image will be updated.
Windows PE WIM C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\en-us\winpe.wim will be used.
Unable to mount the WIM, so the update process cannot continue.

=== Completed processing platform x86 ===

=== Making sure the deployment share has the latest x64 tools ===

=== Processing LiteTouchPE (x64) boot image ===

Building requested boot image profile.
Determining if any changes have been made in the boot image configuration.
No existing boot image profile found for platform x64 so a new image will be created.
Calculating hashes for requested content.
Changes have been made, boot image will be updated.
Windows PE WIM C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim will be used.
Unable to mount the WIM, so the update process cannot continue.

=== Completed processing platform x64 ===

=== Processing complete ===

You might try a variety of things like:

  • Use DISM to get-wiminfo to confirm the WIMs are OK
  • Bounce the MDT machine
  • Perform a repair installation of the ADK
  • Use DISM to mount the WIM manually and you get an error 577

We talked about this in Part 2 : Did you remember to patch the ADK?  🙂

Copypasta Closing

Hopefully these examples will help give you an idea of the overall troubleshooting process.  Most of the time the problems you’ll encounter will be caused by a typso, order of operations or a ‘known issue’ that requires a specific process to be followed.

As you make changes to your environment, here’s what I recommend:

  • Be diligent about keeping a change log so you can easily backtrack
  • Backup your CS.INI or Bootstrap.ini before you make any changes
  • Backup your ts.xml or unattend.xml (in DeploymentShare\Control\TaskSequenceID) before you make any changes
  • Introduce small changes at time with set checkpoints in between and set milestones markers where you backup core files (e.g cs.ini bootstrap.ini ts.xml unattend.xml etc) to help minimize frustration troubleshooting.

And if when you do run into some turbulence, upload relevant logs (at least smsts.log but be prepared to submit others depending on the issue) to a file sharing service like OneDrive, post on TechNet then give a shout to your resources on Twitter.

Good Providence to you!

Deployment Error Invalid DeploymentType value "" specified.  The deployment will not proceed.

MDT Tutorial Part 11: Troubleshooting Part 5: Invalid DeploymentType value “” specified. The deployment will not proceed.

Living Table of Contents

 

What These Guides Are:
A guide to help give you some insight into the troubleshooting process in general.

What These Guides Are Not:
A guide to fix all issues you’re going to encounter.

We’re going to role-play a bunch of scenarios and try to work through them.  Remember in math where you had to show your work?  Well, what follows is like that which is why this post is [more than] a [little] lengthy.

Invalid DeploymentType value “” specified. The deployment will not proceed.

You enabled the Windows Updates steps in the Build & Capture Task Sequence so you can have a fully patched Windows 10 v1511 WIM.

Troubleshoot-014.PNG

And you also updated your CustomSettings.ini so that your Build & Capture VM would set all the properties/variables but not start immediately.


[Settings]
Priority=MACAddress,GetAbbrModel,Build,Default
Properties=OfficeCode,AbbrModel

;vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
; BEGIN MACADDRESS SECTION
; This is my Windows 10 v1511 build & capture VM
[00:15:5D:13:79:01]
SkipTaskSequence=NO
TaskSequenceID=BC151164ENT
SkipComputerName=NO
OSDComputerName=BnC-#UCase(Right(Replace(Replace("0000000%SERIALNUMBER%"," ","",1,-1,1),"-","",1,-1,1),8))#
SkipDomainMembership=NO
JoinWorkgroup=BnC-WrkGrp
SkipUserData=NO
SkipComputerBackup=NO
ComputerBackupLocation=NETWORK
BackupDir=Captures\%OSDComputerName%
BackupFile=%OSDComputerName%_%TaskSequenceID%_#year(date) & "-" & month(date) & "-" & day(date) & "_" & Hour(Now()) & Minute(Now())#.wim
SkipProductKey=NO
SkipLocaleSelection=NO
SkipTimeZone=NO
SkipAdminPassword=NO
SkipCapture=NO
DoCapture=YES
SkipBitLocker=NO
SkipSummary=NO

; END MACADDRESS SECTION
;^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

;vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
; BEGIN GETABBRMODEL SECTION
; Lets get the abbreviated model
[GetAbbrModel]
UserExit=jgp_GetAbbrModel.vbs
AbbrModel=#GetAbbrModel#
; END GETABBRMODEL SECTION
;^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

;vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
; BEGIN BUILD SECTION
; Set things here for use below
[Build]
OSDComputerName=%OfficeCode%-%AbbrModel%-#UCase(Right(Replace(Replace("0000000%SERIALNUMBER%"," ","",1,-1,1),"-","",1,-1,1),8))#
; END GETABBRMODEL SECTION
;^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

;vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
; BEGIN DEFAULT SECTION
[Default]
OSInstall=Y
; Skip Screen: Task Sequence
SkipTaskSequence=NO
; Skip Screen: Computer Details
SkipComputerName=NO
; Skip Screen: Computer Details
SkipDomainMembership=NO
; Skip Screen: Move Data and Settings & User Data (Restore)
SkipUserData=NO
; Skip Screen: Computer Backup
SkipComputerBackup=NO
; Skip Screen: Product Key
SkipProductKey=NO
; Skip Screen: Locale & Time
SkipLocaleSelection=NO
KeyboardLocale=en-US
UserLocale=en-US
UILanguage=en-US
; Skip Screen: Locale & Time
SkipTimeZone=NO
; https://msdn.microsoft.com/en-us/library/ms912391(v=winembedded.11).aspx
TimeZoneName=Eastern Standard Time
; Skip Screen: Administrator Password
SkipAdminPassword=NO
; Skip Screen: Capture Image
SkipCapture=NO
; Skip Screen: BitLocker
SkipBitLocker=NO
; Skip Screen: Ready to begin
SkipSummary=NO
; Skip Screen: R
SkipFinalSummary=NO
SLShare=%DeployRoot%\TSLogs
SLShareDynamicLogging=%DeployRoot%\TSLogs\%OSDComputerName%
EventService=http://ITF1MDT01:9800
; END DEFAULTSECTION
;^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Having learned your lesson from last time, you test the updated CustomSettings.ini & spent a few minutes verifying the output in the console.  Feeling confident, you boot into WinPE and when the Wizard I displays, verify all the defaults are set correctly.

This slideshow requires JavaScript.

You click begin and almost immediately the process halts with an obscure error:

Deployment Error Invalid DeploymentType value

Deployment Error Invalid DeploymentType value “” specified.  The deployment will not proceed.

You’d be forgiven for thinking you’ve made a mistake and I’d be willing to bet you’d figure this out but that road wouldn’t be fun.

Fortunately Michael Niehaus himself confirmed this is a bug (SRC1, SRC2) and there are two options to fixing/working around the bug:

  1. Easiest: Update your CS.INI with SkipProductKey=YES.
  2. Hardest (and arguably unsupported?):
    1. Open DeployWiz_ProductKeyVista.vbs in the Scripts directory
    2. Find: ​if oProperties("DeploymentType") = "UPGRADE" then
    3. Replace: If Property("DeploymentType") = "UPGRADE" then
    4. Save the file and try again
Note: There appears to be a plausible explanation of what’s happening here if you’re interested.

Since you rarely need to prompt for a Product Key – especially considering you can stick it in the unattend.xml or you go down the easy path and now the image kicks off.

Troubleshoot-028.PNG

Copypasta Closing

Hopefully these examples will help give you an idea of the overall troubleshooting process.  Most of the time the problems you’ll encounter will be caused by a typso, order of operations or a ‘known issue’ that requires a specific process to be followed.

As you make changes to your environment, here’s what I recommend:

  • Be diligent about keeping a change log so you can easily backtrack
  • Backup your CS.INI or Bootstrap.ini before you make any changes
  • Backup your ts.xml or unattend.xml (in DeploymentShare\Control\TaskSequenceID) before you make any changes
  • Introduce small changes at time with set checkpoints in between and set milestones markers where you backup core files (e.g cs.ini bootstrap.ini ts.xml unattend.xml etc) to help minimize frustration troubleshooting.

And if when you do run into some turbulence, upload relevant logs (at least smsts.log but be prepared to submit others depending on the issue) to a file sharing service like OneDrive, post on TechNet then give a shout to your resources on Twitter.

Good Providence to you!

MDT Tutorial Part 11: Troubleshooting Part 4: Task Sequence Variable is Being Overwritten

Living Table of Contents

 

What These Guides Are:
A guide to help give you some insight into the troubleshooting process in general.

What These Guides Are Not:
A guide to fix all issues you’re going to encounter.

We’re going to role-play a bunch of scenarios and try to work through them.  Remember in math where you had to show your work?  Well, what follows is like that which is why this post is [more than] a [little] lengthy.

Task Sequence Variable is Being Overwritten – The Case of the Incorrectly Named Log Folder

After [finally] fixing your computer naming issue, you decide to take a look at the live BDD.log just to keep an eye on things.  You hop into the TSLogs directory & find 2 directories that have the same time stamp:

Troubleshoot-008

According to your CS.INI the “real” log directory should be named after the machine so how did that other one get created?  You open the BDD.log in BLD-HPV-22404895 and it’s practically empty, but you do see that the property is being set to the other directory.

Troubleshoot-009.PNG

There are some clues in the BDD that lead you to above that point to a smoking gun.

You open the BDD.log in the other directory & scroll to the top & see a familiar set of lines: The same ones you see when testing the CustomSettings.ini manually:

Troubleshoot-011

While the machine is imaging you press F8 to launch a console, fire up CMTrace, open the smsts.log (in %temp%\smstslog), scroll to the top & search downwards for ‘dyn’:

Troubleshoot-012.PNG

Ok, you’re piecing it together:

  1. Initially it’s good, points to the proper location
  2. Then at some point it changes
  3. In the first, short, BDD.log you see ‘Task Sequence’ mentioned
  4. In the second, long, BDD.log you see lines that look like it’s processing the CustomSettings.ini, something that also happens during the Task Sequence,
  5. The smsts.log shows a step that sets a variable
  6. SLShareDynamicLogging isn’t a property (or variable) that is ‘last write wins’, so it can’t be a case of a rogue CustomSettings.ini

So maybe it’s the Task Sequence?

Troubleshoot-013

Bingo was his name.

 

Copypasta Closing

Hopefully these examples will help give you an idea of the overall troubleshooting process.  Most of the time the problems you’ll encounter will be caused by a typso, order of operations or a ‘known issue’ that requires a specific process to be followed.

As you make changes to your environment, here’s what I recommend:

  • Be diligent about keeping a change log so you can easily backtrack
  • Backup your CS.INI or Bootstrap.ini before you make any changes
  • Backup your ts.xml or unattend.xml (in DeploymentShare\Control\TaskSequenceID) before you make any changes
  • Introduce small changes at time with set checkpoints in between and set milestones markers where you backup core files (e.g cs.ini bootstrap.ini ts.xml unattend.xml etc) to help minimize frustration troubleshooting.

And if when you do run into some turbulence, upload relevant logs (at least smsts.log but be prepared to submit others depending on the issue) to a file sharing service like OneDrive, post on TechNet then give a shout to your resources on Twitter.

Good Providence to you!

Title: Windows Setup Body: Windows could not parse or process unattend answer file [C:windowsPantherunattend.xml] for pass [specialize]. The answer file is invalid.

MDT Tutorial Part 11: Troubleshooting Part 3: Windows could not parse or process unattend answer file [C:\windows\Panther\unattend.xml] for pass [specialize].  The answer file is invalid.

Living Table of Contents

 

What These Guides Are:
A guide to help give you some insight into the troubleshooting process in general.

What These Guides Are Not:
A guide to fix all issues you’re going to encounter.

We’re going to role-play a bunch of scenarios and try to work through them.  Remember in math where you had to show your work?  Well, what follows is like that which is why this post is [more than] a [little] lengthy.

Windows could not parse or process unattend answer file [C:\windows\Panther\unattend.xml] for pass [specialize].  The answer file is invalid.

Your last victory is short lived as the same error message appears and this time unattend.xml looks fine:

Troubleshoot-010.PNG

Stumped, you might search for ‘Microsoft-Windows-Shell-Setup’ which might lead you here:
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup

As you review each section carefully the issue becomes clear: The computer name is more than 15 characters.

Copypasta Closing

Hopefully these examples will help give you an idea of the overall troubleshooting process.  Most of the time the problems you’ll encounter will be caused by a typso, order of operations or a ‘known issue’ that requires a specific process to be followed.

As you make changes to your environment, here’s what I recommend:

  • Be diligent about keeping a change log so you can easily backtrack
  • Backup your CS.INI or Bootstrap.ini before you make any changes
  • Backup your ts.xml or unattend.xml (in DeploymentShare\Control\TaskSequenceID) before you make any changes
  • Introduce small changes at time with set checkpoints in between and set milestones markers where you backup core files (e.g cs.ini bootstrap.ini ts.xml unattend.xml etc) to help minimize frustration troubleshooting.

And if when you do run into some turbulence, upload relevant logs (at least smsts.log but be prepared to submit others depending on the issue) to a file sharing service like OneDrive, post on TechNet then give a shout to your resources on Twitter.

Good Providence to you!

Title: Windows Setup Body: Windows could not parse or process unattend answer file [C:windowsPantherunattend.xml] for pass [specialize]. The answer file is invalid.

MDT Tutorial Part 11: Troubleshooting Part 2: Windows could not parse or process unattend answer file [C:\windows\Panther\unattend.xml] for pass [specialize].  The answer file is invalid.

Living Table of Contents

 

What These Guides Are:
A guide to help give you some insight into the troubleshooting process in general.

What These Guides Are Not:
A guide to fix all issues you’re going to encounter.

We’re going to role-play a bunch of scenarios and try to work through them.  Remember in math where you had to show your work?  Well, what follows is like that which is why this post is [more than] a [little] lengthy.

Windows could not parse or process unattend answer file [C:\windows\Panther\unattend.xml] for pass [specialize].  The answer file is invalid.

You boot your special VM, click the ‘Run the Deployment Wizard to install a new Operating System‘ button and it immediately starts.  Excellent!  It applies the OS, reboots and you’re faced with this error:

Title: Windows Setup Body: Windows could not parse or process unattend answer file [C:\windows\Panther\unattend.xml] for pass [specialize].  The answer file is invalid.

Windows could not parse or process unattend answer file [C:\windows\Panther\unattend.xml] for pass [specialize]. The answer file is invalid.

Well this is strange, because you didn’t touch the unattend.xml so what gives?
Fortunately, this dialog provides some meaningful insight:

    • The unattend file is C:\Windows\Panther\unattend.xml
    • The specific area is the specialize pass

Press SHIFT+F10 here to open a command prompt and then open C:\Windows\Panther\unattend.xml with notepad

Troubleshoot-005

You search for ‘specialize’ and after taking a very close look see that your computer name is incorrect.  It should be some two or three character prefix not %OfficeCode%.

Troubleshoot-006

Since that is set via the CS.INI, you run the CustomSettings.ini test again and now you see what was missed before:

Troubleshoot-007.PNG

You review the CS.INI and find your problems

  1. You didn’t define the OfficeCode property: Wasn’t added to the Properties line
  2. You didn’t set a value for OfficeCode.

With that fixed, you run the test again, the variable is populated and as you reimage the machine, you see it is named correctly in the logs.

Copypasta Closing

Hopefully these examples will help give you an idea of the overall troubleshooting process.  Most of the time the problems you’ll encounter will be caused by a typso, order of operations or a ‘known issue’ that requires a specific process to be followed.

As you make changes to your environment, here’s what I recommend:

  • Be diligent about keeping a change log so you can easily backtrack
  • Backup your CS.INI or Bootstrap.ini before you make any changes
  • Backup your ts.xml or unattend.xml (in DeploymentShare\Control\TaskSequenceID) before you make any changes
  • Introduce small changes at time with set checkpoints in between and set milestones markers where you backup core files (e.g cs.ini bootstrap.ini ts.xml unattend.xml etc) to help minimize frustration troubleshooting.

And if when you do run into some turbulence, upload relevant logs (at least smsts.log but be prepared to submit others depending on the issue) to a file sharing service like OneDrive, post on TechNet then give a shout to your resources on Twitter.

Good Providence to you!

MDT Tutorial Part 10: CustomSettings.ini Validation Testing & Troubleshooting Part 1

Living Table of Contents

 

Today’s Agenda: Troubleshooting

  • CustomSettings.ini Validation Testing
  • Troubleshooting OSD Issues

Recommended Reading

CustomSettings.ini Validation Testing

If you haven’t already done so, go ahead and make some useful edits to your CustomSettings.ini.  Since my aim is to have a dedicated ‘build’ machine that boots and automatically images the proper Task Sequence, this is what my CS.INI looks like now:


[Settings]
Priority=MACAddress,GetAbbrModel,Build,Default
Properties=AbbrModel

;vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
; BEGIN MACADDRESS SECTION
; This is my Windows 10 v1511 build VM
[00:15:5D:13:79:01]
SkipTaskSequence=YES
TaskSequenceID=B151164ENT
SkipComputerName=YES
SkipDomainMembership=YES
JoinWorkgroup=BLD-WrkGrp
SkipUserData=YES
SkipComputerBackup=YES
SkipProductKey=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipAdminPassword=YES
SkipCapture=YES
SkipBitLocker=YES
SkipSummary=YES
; END MACADDRESS SECTION
;^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

;vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
; BEGIN GETABBRMODEL SECTION
; Lets get the abbreviated model
[GetAbbrModel]
UserExit=jgp_GetAbbrModel.vbs
AbbrModel=#GetAbbrModel#
; END GETABBRMODEL SECTION
;^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

;vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
; BEGIN BUILD SECTION
; Set things here for use below
[Build]
OSDComputerName=%OfficeCode%-%AbbrModel%-#UCase(Right(Replace(Replace("0000000%SERIALNUMBER%"," ","",1,-1,1),"-","",1,-1,1),8))#
; END GETABBRMODEL SECTION
;^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

;vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
; BEGIN DEFAULT SECTION
[Default]
OSInstall=Y
SkipTaskSequence=NO
SkipComputerName=NO
SkipDomainMembership=NO
SkipUserData=NO
SkipComputerBackup=NO
SkipProductKey=NO
SkipLocaleSelection=NO
SkipTimeZone=NO
SkipAdminPassword=NO
SkipCapture=NO
SkipBitLocker=NO
KeyboardLocale=en-US
UserLocale=en-US
UILanguage=en-US
; https://msdn.microsoft.com/en-us/library/ms912391(v=winembedded.11).aspx
TimeZoneName=Eastern Standard Time
SLShare=%DeployRoot%\TSLogs
SLShareDynamicLogging=%DeployRoot%\TSLogs\%OSDComputerName%
; END DEFAULTSECTION
;^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Following the methods outlined in the recommended reading section, set up an area for testing your CustomSettings.ini.  When I execute my test, it runs, I see a bunch of data:

There are no obvious errors, I see see some custom properties and various built-in properties getting set so it looks good.  Time to execute for real!

Troubleshooting – Part 1

Troubleshooting MDT (and SCCM) is something of an art and this is not a once-size-fits-all silver bullet post.

I ran across this post SCCM 2012 – How to catch errors in Task Sequence around the same time I started using MDT and found it greatly helped me to hone in on OSD issues.  Because it has worked well for me, I’m recommending it – and others like it – to you.

Task Sequence Setup

Take a look at the links at the top to see how others are setting up their Task Sequences and adjust to suit your needs but here’s a basic example:

Troubleshoot-041.PNG

Right now when your Task Sequence fails you see this dialog:

Troubleshoot-042.PNG

This dialog is incredibly helpful without making any adjustments and you should ge able to get an idea as to what went wrong without having to go super deep into the logs.  But once you get into a production scenario, you’ll likely suppress this dialog and I find that having the Try/Catch steps in the Task Sequence makes it easier from a log reviewing perspective, especially after the Task Sequence gets busy.

Crack open the smsts.log and immediately you see red:

Troubleshoot-043.PNG

With the Try/Catch model you can easily hone in on the offending step:

  1. Scroll to the bottom of the log
  2. Search for key text in the log
    • Option 1: Search for: Try) ignored
    • Option 2: Search for: Catch) has been

Either one will get you just a few short lines away from the failure, so scroll up a bit and it should become apparent.

Troubleshoot-044.PNG

  • The blue line above is the ‘Catch) has been‘ match.
  • The first red line above that is the ‘Try) ignored‘ line
  • Just above that we see the second red line which is the actual failure:
    Failed to run the action: This will break it.
  • Above that are the details for that specific step.

This is obviously a very simple example, but the process is the same for all errors:

  • Review the smsts.log
  • Find the actual error
  • Evaluate if it’s a problem specific to that step OR if it was caused by an environmental issue such as dependencies.
  • Review other logs as necessary based on what you’re seeing in the smsts (e.g.: domain join failure)

In Closing

I don’t expect you to be an expert at this point, but I hope it and the links in the recommended reading section have helped to get you a little more comfortable with searching the smsts.log for errors.

When doing BnC’s I like to keep my changes small and modular:

  • Test that the basic BnC works fine: OS is installed, sysprep & capture is succesful
  • Add Windows Updates into the mix & repeat the test
  • Prepare your application payload:
    • for some complex applications you’ll rely on scripts so test them outside of the Task Sequence to confirm they are syntactically correct
    • for simple installations make sure you have the correct command line arguments
    • once installed validate the installation & configuration
  • Introduce applications a few at a time doing BnC’s to ensure nothing is broken.
  • Set milestones for yourself so you don’t have to go back to square one
  • Backup files (ts.xml, unattend.xml, scripts etc) before you make any changes.

Good Providence to you!

MDT Tutorial Part 9: Logging

Living Table of Contents

 

Today’s Agenda:

  • Centralized Logging
  • Enable Logging
  • Log Locations

At some point you’re going to run into a problem with your imaging process and knowing where to look to get some answers is going to be paramount.

Recommended Reading:

Centralized Logging

I prefer to keep logs in a central location so they’re easy to find when needed, and for that, we’ll create a new share on our MDT server.  Run the below from the MDT server.


New-Item -Path "C:\DeploymentShare\TSLogs" -ItemType directory

New-SmbShare -Name "TSLogs$" -Path "C:\DeploymentShare\TSLogs" -FullAccess Administrators

Enable Logging

Open your CustomSettings.ini and find a suitable place to add the entries for SLShare and SLShareDynamicLogging depending on your preferred scenario.  Either is fine, just depends on your preference and environment.

Hard Coded Path


SLShare=\\MDTServer\TSLogs$

SLShareDynamicLogging=\\MDTServer\TSLogs$

Relative Path


SLShare=%DeployRoot%\TSLogs

SLShareDynamicLogging=%DeployRoot%\TSLogs

Set Logging via Task Sequence

Alternatively you could add steps to the Task Sequence itself to set those variables to their appropriate values, be it hard coded or relative.

Logging-001

Get Creative!

You can get pretty creative, and for automated deployments, I usually default to something like this:


SLShare=%DeployRoot%\TSLogs\%TaskSequenceID%

SLShareDynamicLogging=%DeployRoot%\TSLogs\%TaskSequenceID%\%OSDComputerName%

This way I can see what Task Sequence a particular machine ran.
But, to each their own.

SLShare vs SLShareDynamicLogging

Both values do different things:

  • When the SLShare property is set, MDT will copy the deployment logs to that location in a directory named after the computer, pulled from the %OSDComputerName% Task Sequence property (aka variable).  So if you named your machine PC-1511amd64 the full path to find the logs will be \\MDTServer\TSLogs$\PC-1511amd64.
    .
  • The SLShareDynamicLogging property is used for real-time debugging as ALL MDT logs will be written to that file during the Task Sequence.  It will create a file named BDD.log in the specified directory which means if you set SLShareDynamicLogging it to \\MDTServer\Logs you’ll find a file named BDD.log in that directory.  This obviously presents a problem if multiple machines are being imaged at the same time: they’d all be logged in the same file which might make it challenging to follow along.  This is why I recommend appending \%OSDComputerName% to the path so that the BDD.log is in the ‘correct’ directory.
    For our purposes, you can leave this property enabled, but please note this enabling SLShareDynamicLogging does add a bit of overhead, so in a production environment:

    • Only enable it when actually actively troubleshooting an issue and
    • Ideally have it log to a location close to the machine being imaged versus a remote server to avoid traversing the WAN

Putting It All Together

With the CustomSettings.ini updated, image a machine and check your log directory for a folder structure:

Logging002

  • The %OSDComputerName% directory is an artifact caused by the fact that the property (or variable) OSDComputerName wasn’t set at the time the SLShareDynamicLogging property was processed in the CustomSettings.ini.  In my production environment, I have logic in the CustomSettings.ini to properly name the machine based on specific criteria so that by the time we get to the area where SLShareDynamicLogging is assigned, the OSDComputerName property (aka variable) is set resulting in properly named directories.  However in our lab, this logic doesn’t exist (yet), hence why that directory exists.  To fix this, just add something like OSDComputerName=LAB-%SerialNumber% to your CustomSettings.ini and please note that the OSDComputerName property (variable) does not need to be declared.
    .
  • The other directory is the correct directory and it contains the BDD.log that’s actively being updated.

While a machine is imaging, open the BDD.log (in the latter directory mentioned above) with CMTrace from your MDTServer (or whatever machine you’re working on) and you will see live updates:

Logging-003

When the Task Sequence is finished go back into the log directory for that machine and you will to find the logs that were copied up by MDT:

Logging-004

Log Locations

MDT Logs can be a little challenging to locate initially so I recommend you study up those links mentioned in the recommended reading section above.

  • In WinPE & the disk is NOT partitioned:
    • X:\MININT\SMSOSD\OSDLOGS
      .
  • In WinPE & the disk IS partitioned:
    • C:\MININT\SMSOSD\OSDLOGS
    • X:\MININT\SMSOSD\OSDLOGS (very small amount)
      .
  • In WinPE & Task Sequence is running
    • smsts.log will be in X:\Windows\Temp\SMSTSLog
    • All other logs will be in their respective directories mentioned above
      .
  • In Windows & Task Sequence is running
    • smsts.log will be in C:\Users\Administrator\AppData\Local\Temp\SMSTSLog
    • C:\MININT\SMSOSD\OSDLOGS

Keep in mind there are other non-MDT logs you’ll probably need to review that are not listed here.

In Closing

You now have some historical data to dig into if something goes wrong, which will hopefully be few & far in between!

Good Providence to you!

MDT Tutorial Part 8: Unattend.xml

Living Table of Contents

 

Today’s Agenda:

  • View Unattend.xml
  • Generate Catalog
  • Edit Unattend.xml

Recommended Reading

View Unattend.xml

The unattend.xml lives in subdirectory named after your Task Sequence ID that sits in the Control directory of your Deployment Share.  For example, if your Task Sequence ID is BC151164ENT then you can find the unattend.xml in either:

  • C:\DeploymentShare\Control\BC151164ENT
  • \\MDTServer\DeploymentShare$\Control\BC151164ENT

You can edit it using your favorite text editor, but I recommend using the Windows System Image Manager (SIM).

  1. Edit your Task Sequence
  2. Go to the OS Info tab
  3. Click the Edit Unattend.xml button
  4. Go make a pizza

Generate Catalog

Doing the above will require you to generate a catalog file for the WIM you imported.  Fortunately this process happens automatically.

Unattend-003

Unfortunately this process can take a while depending on your configuration.

Once the generation is complete, you’re free to make changes to your Unattend.xml.

Also, you may want to pre-generate catalogs in a separate SIM session since it takes a while:

Unattend-010

Edit Unattend.xml

Typically my first step is to run the Validation check to see what the SIM isn’t happy about.

Unattend-011

Double click on any results to be taken right to that setting to remediate any issues.

  1. For the first four in the screenshot above, I simply revert the change by secondary mouse-clicking on the setting and selecting that option.
    .
  2. For the NetworkLocation warning, I typically leave it as-is & ignore warning.  Even though it’s officially deprecated, it still seems to work but for how long is anyone’s guess.

Since we’re already in amd64_Microsoft-Windows-Shell-Setup__neutral/OOBE, why don’t we set ProtectYourPC to 3.

Make any other necessary changes, verify the answer file, save and exit.

In Closing

You can do a lot in the unattend.xml but since I’m prone to forgetting  🙂  I try to add just the bare minimum and put the rest in a Task Sequence; It’s much easier to manage/maintain that way but there are legitimate reasons to put something in the unattend.  Do what works for you.

Good Providence to you!

MDT Tutorial Part 7: Customizing Base MDT Template & ADK WinPE Template WIM

Living Table of Contents

 

Totally Optional NOT Required!

Nothing in this post is required for following along.  It’s merely here to make you aware that this level of customization is possible.  Think of this as an extension of Part 6.

Customizing the MDT Template

When you create a new Deployment Share a set of files and folders are populated in the desired location.  This isn’t generated on the fly from thin air but rather pulled from a template which can be found here:


C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution

If for whatever reason you find yourself constantly creating deployment shares, you can modify this template to include your customizations:

  • Pre-configured CustomSettings.ini
  • Pre-configured Bootstrap.ini
  • Modifications to out-of-box scripts
    • This is a no no to be honest so I recommend avoiding that at all costs.
      If you must, make sure you backup the original file(s).
  • Including your own custom scripts

A good example of this would be making sure that DaRT was an option for any newly created deployment shares.  To do that, add the appropriate architecture DaRT .CABs into the appropriate directories below


C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64

C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86

Once you make your changes to the ‘template’, create a new Deployment Share and you’ll see all of your customizations.

Note: Although you could include a pre-built bootable .ISO, it’s not ideal as it would be hard-coded to look at DeploymentShareA not NewDeploymentShareB requiring you to update the deployment share anyway.

Customizing WinPE Templates

Similarly you can also customize the base WinPE .WIM file by editing the winpe.wim file here:


C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us

C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\en-us

Make a copy of the existing .WIM file


Copy-Item -Path "${env:ProgramFiles(x86)}\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" -Destination "${env:ProgramFiles(x86)}\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim.orig"

Create a temporary mount directory & mount the .WIM


New-Item -Path "$env:SystemDrive\tmpDISMMount" -Type Directory

dism /mount-wim /wimfile:"${env:ProgramFiles(x86)}\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" /index:1 /mountdir:$env:SystemDrive\tmpDISMMount

Make your changes to the mounted .WIM


Copy-Item -Path "\\MDTServer\DeploymentShare$\Boot\ExtraFiles\amd64" -Destination "$env:SystemDrive\tmpDISMMount" -Recurse

Commit the changes


dism /Commit-Wim /MountDir:$env:SystemDrive\tmpDISMMount

Unmount the .WIM


dism /Unmount-Wim /MountDir:C:\test\offline /commit

Repeat for the x86 architecture

Why Should I Even Bother?

Paraphrasing Stephen Owen of FoxDeploy.com: TO solve the REAL problems!  By now, you’ve probably had to use CMTrace in WinPE a few times, and each time you launch it, you have to answer that ridiculous question:

Do you want to make this program the default viewer for log files?

Mike Terrill posted some very easy to follow instructions on his site, to solve this problem that has plagued many of us.

The process is fairly easy, and I altered Mike’s instructions for the MDT audience.

  1. Create DISM Mount Directory like:
    mkdir C:\tmpDISMMount
  2. Mount your winpe.wim from an elevated command prompt:
    dism /mount-wim /wimfile:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" /index:1 /mountdir:C:\tmpDISMMount
  3. Load the DEFAULT registry hive from the WinPE image:
    reg load HKU\winpe C:\tmpDISMMount\Windows\System32\config\default
  4. Create the entries needed to suppress that annoying pop up box:
    reg add HKU\winpe\Software\Classes\.lo_ /ve /d Log.File /f
    reg add HKU\winpe\Software\Classes\.log /ve /d Log.File /f
    reg add HKU\winpe\Software\Classes\Log.File\shell\open\command /ve /d "\"X:\Windows\System32\CMTrace.exe\" \"%1\"" /f
  5. Unload the WinPE registry hive:
    reg unload HKU\winpe
  6. Unmount the WIM file and commit the changes:
    dism /unmount-wim /mountdir:C:\tmpDISMMount /commit
  7. Repeat the process with the x86 media in “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\en-us\winpe.wim”

In Closing

This is a good little nugget to keep in mind.  Is this everything you can do?  No, just scratching the surface.  Remember, the objective of this tutorial is to just help you get started and get those creative juice flowing.

Just remember that every time a new MDT build or ADK is released, you’ll have to re-do these customizations for the new environment.  I’d recommend creating a script to do these customizations for you and keep good notes in the script to justify why you did it so you can easily ‘rebuild’ in the future.  But before you do anything, jump on Twitter or the TechNet forums to seek guidance; chances are someone else has already overcome the challenge you’re facing so there’s no need to recreate the wheel.

While you decide whether or not you want to do this, I bid you Good Providence!

MDT Tutorial Part 6: Customizing Boot Media

Living Table of Contents

 

Today’s Agenda:

  • Adding Files to Boot Media
  • Adding a Cool/Corporate Background
  • Adding Features to Boot Media

Although you can deploy an image with this boot media and so some basic tasks, we can add some additional, and very useful, functionality with ease.

Adding Files to Boot Media

In Part 5 we verified the changes we made to the Bootstrap.ini by not only experiencing it, as in the case of missing authentication prompt and the text customization, but also by viewing the BDD.log in notepad.  For most people that log might as well have looked like this:

If I said it would get easier with a little practice I wouldn’t be lying, but fortunately for us we can have access to a log viewer that’ll make the log viewing process a breeze.

To start, I recommend creating a folder structure to store all the files you want to add and I strongly urge you to separate between architectures.

If you’re remote:

mkdir \\MDTServer\DeploymentShare$\Boot\ExtraFiles\x64\Windows\System32
mkdir \\MDTServer\DeploymentShare$\Boot\ExtraFiles\x86\Windows\System32

If you’re on the MDT Server:

mkdir C:\DeploymentShare\Boot\ExtraFiles\x64\Windows\System32
mkdir C:\DeploymentShare\Boot\ExtraFiles\x86\Windows\System32

The reason is that the 64-bit WinPE media can only run 64-bit EXE’s and not 32-bit EXE’s.  Attempting to run a 32-bit EXE will result in an error similar to the following:

AddFiles-001

Be mindful of that when you select the files you want to bake into your boot media so you’re not bitten by the “Bitness Bug”!  Also, don’t go crazy because the more files you add, the larger the boot media.  Add just enough so you have what you need, not what you might need.

So just carve out the folder structure you want and drop the files wherever you need them to be.

CMTrace

These days CMTrace is the default go-to log viewer and is available publically:

  1. System Center 2012 R2 Configuration Manager Toolkit
  2. SCCM Evaluation ISO in
    1. SMSSETUP\TOOLS directory
    2. SMSSETUP\OSD\bin\I386
    3. SMSSETUP\OSD\bin\x64

However, as pointed out by Johan Arwidmark although the tool is ‘freely available’ it is not free as the EULA licensing states:

INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices running validly licensed copies of Microsoft System Center 2012 or later.

While disappointing, it is free to use during your evaluation.  So to quote Cathy Moya:

For anyone just using MDT, hey, install the eval copy and see what you’re missing with Config Manager. 🙂

That said once you have your eval setup you can move on with grabbing the EXE.  It’s probably easiest to grab it from the SCCM Evaluation ISO in the SMSSETUP\OSD\bin directories: I386 for x86 or 32-bit version and x64 for the 64-bit version.  If you’re using the toolkit hower:

  1. Download the MSI
  2. Run the installer (or perform an administrative installation)
  3. Copy the CMTrace.exe in the ClientTools folder
  4. Paste it in \\MDTServer\DeploymentShare$\Boot\ExtraFiles\x86\Windows\System32

This nets you the 32-bit version of CMTrace which is good for 32-bit boot media, but what about the 64-bit executable?  If you’re on a 64-bit machine you can:

  1. Run the CMTrace.exe in the ClientTools folder
  2. Open Task Manager
  3. Go to the Processes tab
  4. Sort by Apps and look for CMTrace_amd64.exe
  5. Secondary mouse click it and select ‘Open file location
  6. It will take you to %Temp% and point you to a file named TRAXXXX.tmp where XXXX are four random characters like 9644 or 1CD7.
  7. Copy the file, for example, TRA9644.tmp
  8. Paste it in \\MDTServer\DeploymentShare$\Boot\ExtraFiles\x64\Windows\System32
  9. Rename TRA9644.tmp to CMTrace.exe

Note: The above step works on Windows 10 and Server 2016; should work on Windows 8 and Server 2012 R2; if not use Process Explorer (or Process Monitor) to figure out where it’s running from.

Open the Deployment Workbench, go to your Deployment Share properties and click on the ‘Windows PE’ tab which will take you to the ‘General’ subtab.  Near the bottom look for ‘Extra directory to add’ next to an empty field where you can point to a location that contains the extra files you wish to add.  Type or browse to the path you created above and click Apply.

AddFiles-002.PNG

Once you finish with x86, at the top of the properties window just under the ‘Windows PE’ tab is a ‘Platform’ drop down.  Click it, select x64 and repeat your change there as well.

Adding a Cool/Corporate Background

While you’re on Extra Files tab, let’s add a Cool/Corporate background to the media!
This is totally optional but many do find it useful.

On the same ‘General’ subtab of the ‘Windows PE’ tab of the Deployment Share properties is a ‘Custom background bitmap file’ field that’s already filled in.  Just substitute that bitmap with one of your own.

AddBackground-001.PNG

Remember to also add the image to your x64 boot media via the ‘Platform’ drop down!

Adding Features to Boot Media

The WinPE boot media is lacking some key features we’re going to want to use so we need to fix that by adding some Optional Components.

Up until now we’ve been working in the ‘General’ subtab of the ‘Windows PE’ tab of the Deployment Share properties and we’re now going to move to the ‘Features’ subtab under the same ‘Windows PE’ tab.

AddFeatures-001

The Features available in this list are pulled from supported .CABs in

  • C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs
  • C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs
  • C:\DeploymentShare\Tools\x64
  • C:\DeploymentShare\Tools\x86

Just like before when adding files, add only what you need, and I recommend:

Software Assurance Subscribers Only

If you have an active SA subscription you can download MDOP and add DaRT to your boot media.

  1. Download the MDOP ISO
  2. Mount the ISO
  3. Go into the DaRT\DaRT 10\Installers\Language (e.g.: en-us)
  4. Go into the appropriate architecture subfolder and run the MSI (or perform an administrative installation)
  5. Go into C:\Program Files\Microsoft DaRT\v10
  6. Copy the two Tools .CAB files and place them into the appropriate architecture directory in C:\DeploymentShare\Tools (i.e.: Toolsx64.cab into C:\DeploymentShare\Tools\x64)
  7. Go back to the ‘Windows PE’ tab of your your Deployment Share properties
  8. Go into the ‘Features’ subtab and check ‘Microsoft Diagnostics and Recovery Toolkit (DaRT)’
  9. Repeat for the x64 platform

Updating Boot Media

Once you’ve finished customizing your boot media, it’s time to update the boot media, so whip out your PowerShell code you pulled from before and run it in an elevated PowerShell console or PowerShell ISE.


Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "C:\DeploymentShare"
update-MDTDeploymentShare -path "DS001:" -Verbose

From there, boot your updated ISO and you will see all of your changes:

UpdateBootMedia-001.PNG

  1. PowerShell is present
  2. Storage cmdlets present
  3. CMTrace is present
  4. Cool Background
  5. SA Subscribers: DaRT is present

In Closing

You now have feature rich bootable media that you can leverage to your advantage for various tasks related to OSD.

Good Providence to you!

MDT Tutorial Part 5: Bootstrap.ini

Living Table of Contents

 

Today’s Agenda:

  • Bootstrap.ini Overview
  • Facilitating Authentication
  • Skipping the Welcome Screen
  • Putting it All Together

Recommended Reading

Bootstrap.ini Overview

The BootStrap.ini is similar to the CustomSettings.ini in that the format, structure and processing logic is the same.  The major difference is mainly that the Bootstrap.ini is processed first and once when you boot into WinPE.  The CustomSettings.ini on the other hand is processed after the Welcome screen and at various points during the Task Sequence.

Just like the CustomSettings.ini, the Bootstrap.ini is accessible two ways:

  1. Via the ‘Edit Bootstrap.ini’ button on the ‘Rules’ tab of the Deployment Share properties.
  2. Via the Bootstrap.ini in the Control subdirectory of your Deployment Share, for example:
    1. C:\DeploymentShare\Control
    2. \\MDTServer\DeploymentShare$\Control

Currently your Bootstrap.ini is more bare bones than your CustomSettings.ini:


[Settings]
Priority=Default

[Default]
DeployRoot=\\ITF1MDT01\DeploymentShare$

Unlike the CustomSettings.ini however, when you make changes to your Bootstrap.ini, the changes are not ‘live’ immediately:  Because the Bootstrap.ini is baked into your boot media – hence its ability to be processed when WinPE loads – anytime you update your Bootstrap.ini you must update your Deployment Share to generate new media that contains your updated Bootstrap.ini.  Because of this, you probably want to keep edits to this file to a minimum, adding just the essentials to get you connected to the Deployment Share.

According to the documentation, there are only a handful of properties configured by Bootstrap.ini; so few I’ll include them here for reference:

_SMSTSOrgName Database DBID
DBPwd DeployRoot DestinationDisk
DestinationLogicalDrive DestinationPartition Instance
KeyboardLocale KeyboardLocalePE Location
NetLib Order Parameters
ParameterCondition Port Priority
Properties ResourceRoot Role
SkipBDDWelcome SQLServer SQLShare
StoredProcedure Table UserDomain
UserID UserPassword

However that same document doesn’t state you can use the ‘DefaultGateway’ in the Bootstrap.ini which is a completely valid configuration, so I’ll assume the documentation is dated or it was an oversight.

It’s also been said that you can customize the Bootstrap.ini to nearly the same degree as the CustomSettings.ini.  I personally have not done this so I can’t validate that (e.g.: will User Exit scripts work etc.) but since the documentation is clearly not complete, I also refute it either.  So yes, you can create new sections and custom properties but I will say this: Because edits to the Bootstrap.ini require rebuilding the media each time a change is made, I personally prefer to to keep it simple with the most static information possible.

Facilitating Authentication

The first thing I typically do is rid myself of that dreadful authentication prompt that appears after clicking the ‘Run the Deployment Wizard…’ button:

SBTS-002

And I accomplish that by adding the UserID, UserPassword and UserDomain properties to the Bootstrap.ini:


[Settings]
Priority=Default

[Default]
DeployRoot=\\ITF1MDT01\DeploymentShare$
UserID=Administrator
UserPassword=my sekret 1337 Cyph3r!
UserDomain=ITF1MDT01

The documentation states:

For a completely automated LTI deployment, provide this property in both CustomSettings.ini and BootStrap.ini.  However, note that storing the user credentials in these files stores the credentials in clear text and therefore is not secure.

This is an important thing to remember when setting this up and a documented risk for the security team.  Leading practice would be to use a dedicated MDT account with limited rights (like execute) to the Deployment Share and write access to the ‘Captures’ directory.  I would advise against using a privileged account, be it local to the ‘MDT Server’ or the a domain account.

Skipping the Welcome Screen

If you’re not a big fan of this screen:

SBTS-001

You can suppress it by adding the SkipBDDWelcome property and setting it to YES to the Bootstrap.ini.


[Settings]
Priority=Default

[Default]
DeployRoot=\\ITF1MDT01\DeploymentShare$
UserID=Administrator
UserPassword=my sekret 1337 Cyph3r!
UserDomain=ITF1MDT01
SkipBDDWelcome=YES

To undo, set it to NO or comment the code by placing a semicolon in front of it like ;SkipBDDWelcome=YES.

The documentation states:

For this property to function properly, it must be configured in both CustomSettings.ini and BootStrap.ini. BootStrap.ini is processed before a deployment share (which contains CustomSettings.ini) has been selected.

I’ll tell you that I don’t always add it to my CustomSetting.ini and yet the Welcome screen is been suppressed for every build and build & capture with that configuration.  Again, this could be a change in MDT behavior that wasn’t reflected in the documentation but I always recommend following the documentation.

Putting It All Together

Ok so now you’ve got the hang of it, let’s make some changes common to many environments.  Comments added to emphasize certain elements.


[Settings]
Priority=Init,DefaultGateway,BootStrapSection,Default
Properties=Office,MyBootStrapProperty

[Init]
DeployRoot=\\DFS\Namespace\DeploymentShare$
;SkipBDDWelcome=YES

[DefaultGateway]
; Put your real gateway for HQ
10.0.1.1=HQ
10.10.1.1=DC

[HQ]
; HQ is your current environment so put real information here
Office=HQ
; Point this to the real Deployment Share you setup
DeployRoot=\\ITF1MDT01\DeploymentShare$
; Use real credentials to connect to the above share
UserID=svc_ImagingAccount
UserPassword=Tr0ub4dor&3
UserDomain=ITF1MDT01

[DC]
; This is a fake location for illustration purposes
; But you could be in an environment with multiple Deployment Shares
Office=DC
DeployRoot=\\DCServer\DeploymentShare$
UserID=lclMDTUser
UserPassword=Correct Horse Battery St4pl3!
UserDomain=DCServer
SkipBDDWelcome=NO

[BootStrapSection]
MyBootStrapProperty=THIS IS MY BOOTSTRAP PROPERTY
_SMSTSOrgName=MDT Lab@%Office%

[Default]
SkipBDDWelcome=YES
; This is fake information because I set the real information above
; Again purely for illustration purposes
UserID=MDTAccount
UserPassword=my sekret 1337 Cyph3r!
UserDomain=DOMAIN.FQDN

And here’s how it’s going to be processed:

  1. [Init] Section – This is the ‘Init’ section where I can set some default settings.  This isn’t required and you may or may not need something like this; just know that you can do something like this.
    1. DeployRoot is set to \\DFS\Namespace\DeploymentShare$
      This would be a catch-all default for offices that don’t have a separate Deployment Share.  In this scenario, if someone’s gateway was 10.20.20.1 they would default to this Deployment Share because there’s no rule below for that particular gateway.
      .
    2. SkipBDDWelcome was initially set to YES at some point but commented out because technicians in some offices wanted to use the other options on the Welcome screen.
      SkipBDDWelcome, like most MDT properties, is a write-once property so if we set it to ‘YES’ in [Init] we can’t alter it later.  Better to leave it alone to allow offices to customize it to their liking.
      .
  2. [DefaultGateway] Section
    1. 10.0.1.1 – If the default gateway matches this, it will go to the [HQ] section
      1. [HQ] Section
        1. We set a new property called Office to HQ.
          This could be useful for a variety of things like naming computers based on location
        2. The DeployRoot is set to \\ITF1MDT01\DeploymentShare$.
          DeployRoot is one of 9 properties that are re-writable out of the box so I can set this as many times as I need to.
        3. UserID is the username we’re going to use to connect to the above Deployment Share, in DeployRoot.  We have to do this because they’re smart and not using common username & password like other offices.
        4. UserPassword is the password for the above user
        5. UserDomain is the domain we’re authenticating against, in this case the DCServer.
        6. SkipBDDWelcome is set to NO because this office prefers to see the screen.
          .adsasdasd..
    2. 10.10.1.1 – If the default gateway matches this, it will go to the [DC] section.
      1. [DC] Section
        1. We set a new property called Office to DC.
        2. The DeployRoot is updated to point to a local Deployment Share in that office.
        3. UserID is the username we’re going to use to connect to the above Deployment Share, in DeployRoot.  We have to do this because they’re smart and not using common username & password like other offices.
        4. UserPassword is the password for the above user
        5. UserDomain is the domain we’re authenticating against, in this case the DCServer.
        6. SkipBDDWelcome is set to NO because this office prefers to see the screen.
          .
  3. [BootStrapSection] Section – An arbitrary section I created just because I can
    1. A new property called MyBootStrapProperty is set to ‘THIS IS MY BOOTSTRAP PROPERTY” – again purely to show that it can be done.
    2. The _SMSTSOrgName property is set and it references the Office code set further up.
      .
  4. ​​[Default] Section
    1. SkipBDDWelcome is set to YES because most offices don’t want to see it.
      If it’s not already set, it will get set to YES.
    2. UserID is the username we’re going to use to authenticate to the default Deployment Share, held in property DeployRoot, that we set in the [Init] section.
    3. UserPassword is the password for the above username
    4. UserDomain is the domain we’re authenticating against.

The proof is in the pudding:

  • After making the changes to the Bootstrap.ini, update your Deployment Share to create new media
  • Boot your new media
  • You will no longer see the Welcome screen
  • You will no longer receive an authentication prompt
  • You will be taken directly to the Task Sequence page
  • If you run a Task Sequence (build or build & capture) you’ll see the updated text in the progress bar area:
    • Bootstrap-002

I recommend opening the BDD.log file to review the processing, but this is something we haven’t touched on yet so brace yourself.

While in WinPE – say when you’re looking at the Task Sequence list – press F8 on your keyboard to open a command prompt which is unequivocally indispensable when it comes to troubleshooting!  Please note that on some laptops you may need to press the Function (Fn) key and F8 simultaneously to get this to work.  This isn’t an MDT problem but a hardware specific issue.

Bootstrap-003

In the command window just type notepad hit return and notepad will open.  From there you can go to File > Open & browse to find the BDD.log, which is in one of two locations depending on the state of the hard drive of the machine you’re testing:

  • Drive has NOT been partitioned:
    The BDD.log – and others – can be found in X:\MININT\SMSOSD\OSDLOGS
    .
  • Drive HAS been partitioned:
    The BDD.log – and others can be found in C:\MININT\SMSOSD\OSDLOGS

This slideshow requires JavaScript.

Once you navigate to that location, you won’t see anything because of the default ‘Files of type’ filter in notepad.  Change the drop down from ‘Text documents (*.txt)’ to ‘All Files’ and like magic a bunch of files will appear.  Now open the BDD.log

MDT generated logs are a little difficult to navigate in notepad but this is the kind of thing that really builds character.  In the log, search (CTRL+F) for one of the properties you set, like _SMSTSOrg or ‘MDT Lab@’ and you should find what you’re looking for it pretty quickly.

Below is my marked up version of the BDD.log highlighting the custom properties, the order of operations (Rule Priority) as well as the sections it processed; between each you’ll find log entries for the actions performed, like setting Properties (aka variables) like UserID, MyBootstrapProperty etc.

Bootstrap-001

As you can see, everything was processed accordingly and set correctly.

In Closing

This Bootstrap.ini example is a little complex only because it accounts for possible real world scenarios: Office specific configuration, Multiple Deployment Shares (aka DeployRoot), Different Credentials for each Deployment Share, customizing the progress bar with your branding/corporate information and so on.

For your lab environment, you really just need a bare bones config like this:


[Settings]
Priority=Default

[Default]
; Customize this to your liking
_SMSTSOrgName=My Custom MDT Lab
; Point this to the real Deployment Share you setup
DeployRoot=\\ITF1MDT01\DeploymentShare$
; Use real credentials to connect to the above share
UserID=svc_ImagingAccount
UserPassword=Tr0ub4dor&3
UserDomain=ITF1MDT01
; You might want to skip this but maybe not - your call
SkipBDDWelcome=YES

But at least you know how to handle those scenarios and scale up.

Good Providence to you!