You are browsing the archive for OSD.

When deploying Windows Server 2012R2 using an Configmgr OSD Task Sequence, additional disks will be offline when the Task Sequence completes

12:25 pm in 2012R2, CM12, CM12 R2, CM12 R2 SP1, CM12 SP1, CM12 SP2, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, OSD by Kenny Buntinx [MVP]

 

When using a Configuration Manager OSD Task Sequence to deploy Windows Server 2012 or Windows Server 2012 R2 to a server (VM) that contains disks that are not local (such as SAN Disk), when the Task Sequence completes, the additional disks may not come online and may show as offline. Specifically in the Disk Management, the additional disks will show offline with the message:

Disk is offline due to a policy set by an administrator

If you look at my VM, you will see I have 2 separate disks that I will need in a later phase to install the backup software to the D:\ partition, residing on the other vmdk.

clip_image002

To resolve the issue, for the WinPE phase, the steps from KB971436 need to be added to the Task Sequence. For deployments from Operating System Images, a registry key value will need to be updated with the correct SAN policy value as shown below:

Just after the step where you apply the image, create a “RunCommand line called :”load system hive” and execute :” reg load HKUtemp "%OSPART%\WindowsSystem32ConfigSystem"”

clip_image004

Just after the step where you apply the “RunCommand line called :”load system hive”, create a “RunCommand line called :”Change Default SAN policy” and execute :”reg add HKUtempControlSet001HKLMSystemCurrentControlSetServicespartmgrParameters /v SanPolicy /t REG_DWORD /d 1 /f”

clip_image006

Just after the step where you apply the “RunCommand line called :”Change Default SAN policy”, create a “RunCommand line called :”Unload system hive” and execute :”reg unload HKUTEMP”

clip_image008

Next phase is to make sure that no drives will remain offline and all drives will still have the right driveletters assigned . Run a command line with : diskpart /s diskpart.txt

clip_image010

The contents of the diskpart.txt can be determined by yourself . Here is an example

clip_image012

Hope it Helps ,

Kenny Buntinx

MVP enterprise Client Management

Configmgr 2012 : Broken Applications in your task sequences after an upgrade (error 615)

1:08 pm in 615, Application Model, applications, CM12, CM12 R2, CM12 R2 SP1, CM12 SP1, CM12 SP2, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, ConfigMgr SP2, coretech, err, error 615, OSD, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 R2 SP1, SCCM 2012 SP1, troubleshooting, xmasblogroll by Kenny Buntinx [MVP]

 

Scenario: Upgrading a Configmgr 2012 RTM/SP1/R2 environment to a new R2 SP1 environment will end up into broken applications in your Task sequences with error 615 in the status messages.

Issue: After the upgrade was successfully performed , suddenly all applications within my OSD task sequence start failing with the following error code :

The task sequence failed to install application Intel Management Engine 6.0.40.1215(ScopeId_67A221E3-64F0-47D4-AA5A-BB3729EC221F/Application_2071f753-7604-42a5-b6be-b1b45c3c1f0a) for action (Install HW Driver Applications for HP8540P) in the group () with exit code 615. The operating system reported error 615: The password provided is too short to meet the policy of your user account. Please choose a longer password.

clip_image002

To be honest with my blog readers, this particular message can be caused by multiple reasons. I will list all possible solutions / workarounds that I have come across to solve this issue.

Cause 1 – Applications have no ContentID associated:

I blogged about this beginning of 2013 at http://scug.be/sccm/2013/01/08/configmgr-2012-sp1-broken-applications-after-upgrading-from-rtm/

After some checks, I saw that it concerned only applications and I discovered that had no ContentID associated to each Deployment Type. In other words, all the applications created and that are embedded in a TS with no direct deployments attached to the Application. It appears that the upgrade process broke all applications.

You can confirm this with the Application Catalog downloads as well. You will see “+++ Did not detect app deployment type”… in the AppDiscovery.log file. Additionally, the Software Center will show the error message “Failed”. Clicking on the details will result in “The software change returned error code 0x87D00607(-2016410105).”

We found as workaround, you have simply to add a comment to each DT and it will update the content ID. Nevertheless, the change means that a redistribution of your application on all your DP’s.

Following the steps as further discussed in this blog post at http://scug.be/sccm/2013/01/27/configmgr-2012-sp1-powershell-script-to-repair-broken-applications-after-upgrading-them-from-rtm/, the application will successfully install afterwards.

Cause 2 – Corrupt task sequence:

In some cases the policy that is related to the task sequence gets corrupt. This can be easily solved by creating a brand new task sequence and copying the steps from the older one side-by-side. Delete the old task sequence & create a new deployment for the just newly created task sequence.

Cause 3 – SMSMP parameter set incorrect:

I had also had problems after upgrading to SCCM R2 SP1. I was not able to install any applications as part of a task sequence as they all failed with error 615 or error 0x80004005. Installing applications outside of a Task sequence did work normally. The status message reported was exactly the same as described above "615 Password too short".

After investigating the client side log files it turned out, that the SCCM client was trying to download the application package using https first and after a few retry’s would switch to http only.

Because my DP is configured to accept http and https as like default behavior. I fixed the Problem by changing the value of the SMSMP parameter in the Task sequence step "Setup Windows and Configuration Manager" from

SMSMP=myserver.mydomain.local

to this:

SMSMP=http://myserver.mydomain.local

After this change, application installation worked as expected again.

clip_image004

Cause 4 – FIPS has been enabled :

Enabling FIPS mode makes Windows and its subsystems use only FIPS-validated cryptographic algorithms. An example is Schannel, which is the system component that provides SSL and TLS to applications. When FIPS mode is enabled, Schannel disallows SSL 2.0 and 3.0, protocols that fall short of the FIPS standards. Applications such as web browsers that use Schannel then cannot connect to HTTPS web sites that don’t use at least TLS 1.0. (Note that the same results can be achieved without FIPS mode by configuring Schannel according to KB 245030 and this blog post.)

Enabling FIPS mode also causes the .NET Framework to disallow the use of non-validated algorithms.

Microsoft advises not to use FIPS anymore as shown in the screenshot below : http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx

clip_image006

In our case this solved the issue with the error 615. Probably it was a combination of things , but this is certainly something to disable and try.

Cause 5 – Use the latest CU2 on CM12 R2 SP1 :

Always make sure to use the latest CU’s as they include important fixes . You can download CU2 over here : https://support.microsoft.com/en-us/kb/3100144#/en-us/kb/3100144

The two most important fixes that may help to avoid error 615 in CU2 for R2 SP1 are :

– Applications will not install when you use them with a dynamic variable list in a task sequence if no SMB package share was defined for the content. This affects only installations that use a dynamic variable list. Other installation methods are unaffected.

No Http location found
Failed to download content for SMS package PRI00080, hr=0x80004005
Install Dynamic software action failed to resolve content for packageID: ‘PRI00080′, programID: ‘TestApp’. Error Code 0x80004005

– In a Configuration Manager environment in which multiple certificates are deployed to client computers, the client may select the wrong certificate for use in management point communication. This occurs when one certificate is based on a version 2 template and one is based on version 3. The client will select the certificate that has the longest validity period. This may be the version 3 certificate, and this certificate may not be currently supported by Configuration Manager. Errors that resemble the following are recorded in the ClientIDManagerStartup.log file.

[RegTask] – Executing registration task synchronously.
RegTask: Failed to create registration request body. Error: 0x80090014

 

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Mobility

Detect if machine has an SSD and report on it thru custom HW inventory

7:18 am in ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, HW inventory, OSD, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 R2 SP1, SCCM 2012 SP1, SCCM v.Next, SSD, windows 10, Windows 7, Windows 7 SP1, windows 8, windows 8.1 by Kenny Buntinx [MVP]

 

Recently at a client, we needed to provide a report that was listing whether a workstation or laptop had an SSD or a spinning disk. That information had to be fed into the CMDB

Unfortunately, Windows or Configmgr 2012 does deliver out-of-the-box a way to determine a disk is spinning or solid state, and that means the information is not in the registry or WMI.

Dependencies :

Well I tried to find an easy way , and the customer required a solution that was :

– Flexible and dynamic as they where constantly upgrading physical disks to SSD and there CMDB had to be dynamically updated.

– Centrally managed code , meaning that if we needed to change anything to the code , it had to be intelligent enough to update it auto magically to all clients.

– Had to be reliable .

The solution :

– was to use a kind of detection powershell script for the SSD that we grabbed initially from here : “https://gist.github.com/grantcarthew/c74bbfd3eba167cd3a7a#file-test-ssd” but slightly altered it to fit our needs.

– The script was altered to be used with a “compliance Item” and deployed thru a “Baseline” as one of my colleagues Henrik Hoe explains here :  http://blog.coretech.dk/heh/configuration-items-and-baselines-using-scripts-powershell-example/ . By using a CI , you will meet the centrally managed code part , but also the automatically way of updating the detection logic to all clients.

Forget about the old package/program way and then a way to execute the script on regular basis ( That can all be done thru the Baseline deployment)

– The script will be executed and will write a registry value SSD_Detected = 1 or 0 and the baseline will report complaint when it has an SSD detected.

 

<# .SYNOPSIS Detects if the passed Physical Disk Id is a Solid State Disk (SSD) or a spindle disk. Returns true for an SSD and false for anything else. .DESCRIPTION The methods used for detecting are by reading the Nominal Media Rotation Rate and Seek Penalty. These values are measured through method calls into the Kernel32.dll. If either of the Win32 DLL calls return true then the script will return false. If an exception occurs in either of the Win32 DLL calls, the return value will be dependant on the remaining call. .PARAMETER PhysicalDiskId The LUN based physical disk id. #> $Code = @" using Microsoft.Win32.SafeHandles; using System; using System.Runtime.InteropServices; using System.Text; namespace Util { public class DetectSSD { // For CreateFile to get handle to drive private const uint GENERIC_READ = 0x80000000; private const uint GENERIC_WRITE = 0x40000000; private const uint FILE_SHARE_READ = 0x00000001; private const uint FILE_SHARE_WRITE = 0x00000002; private const uint OPEN_EXISTING = 3; private const uint FILE_ATTRIBUTE_NORMAL = 0x00000080; // CreateFile to get handle to drive [DllImport("kernel32.dll", SetLastError = true)] private static extern SafeFileHandle CreateFileW( [MarshalAs(UnmanagedType.LPWStr)] string lpFileName, uint dwDesiredAccess, uint dwShareMode, IntPtr lpSecurityAttributes, uint dwCreationDisposition, uint dwFlagsAndAttributes, IntPtr hTemplateFile); // For control codes private const uint FILE_DEVICE_MASS_STORAGE = 0x0000002d; private const uint IOCTL_STORAGE_BASE = FILE_DEVICE_MASS_STORAGE; private const uint FILE_DEVICE_CONTROLLER = 0x00000004; private const uint IOCTL_SCSI_BASE = FILE_DEVICE_CONTROLLER; private const uint METHOD_BUFFERED = 0; private const uint FILE_ANY_ACCESS = 0; private const uint FILE_READ_ACCESS = 0x00000001; private const uint FILE_WRITE_ACCESS = 0x00000002; private static uint CTL_CODE(uint DeviceType, uint Function, uint Method, uint Access) { return ((DeviceType << 16) | (Access << 14) | (Function << 2) | Method); } // For DeviceIoControl to check no seek penalty private const uint StorageDeviceSeekPenaltyProperty = 7; private const uint PropertyStandardQuery = 0; [StructLayout(LayoutKind.Sequential)] private struct STORAGE_PROPERTY_QUERY { public uint PropertyId; public uint QueryType; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public byte[] AdditionalParameters; } [StructLayout(LayoutKind.Sequential)] private struct DEVICE_SEEK_PENALTY_DESCRIPTOR { public uint Version; public uint Size; [MarshalAs(UnmanagedType.U1)] public bool IncursSeekPenalty; } // DeviceIoControl to check no seek penalty [DllImport("kernel32.dll", EntryPoint = "DeviceIoControl", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, uint dwIoControlCode, ref STORAGE_PROPERTY_QUERY lpInBuffer, uint nInBufferSize, ref DEVICE_SEEK_PENALTY_DESCRIPTOR lpOutBuffer, uint nOutBufferSize, out uint lpBytesReturned, IntPtr lpOverlapped); // For DeviceIoControl to check nominal media rotation rate private const uint ATA_FLAGS_DATA_IN = 0x02; [StructLayout(LayoutKind.Sequential)] private struct ATA_PASS_THROUGH_EX { public ushort Length; public ushort AtaFlags; public byte PathId; public byte TargetId; public byte Lun; public byte ReservedAsUchar; public uint DataTransferLength; public uint TimeOutValue; public uint ReservedAsUlong; public IntPtr DataBufferOffset; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] public byte[] PreviousTaskFile; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] public byte[] CurrentTaskFile; } [StructLayout(LayoutKind.Sequential)] private struct ATAIdentifyDeviceQuery { public ATA_PASS_THROUGH_EX header; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 256)] public ushort[] data; } // DeviceIoControl to check nominal media rotation rate [DllImport("kernel32.dll", EntryPoint = "DeviceIoControl", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, uint dwIoControlCode, ref ATAIdentifyDeviceQuery lpInBuffer, uint nInBufferSize, ref ATAIdentifyDeviceQuery lpOutBuffer, uint nOutBufferSize, out uint lpBytesReturned, IntPtr lpOverlapped); // For error message private const uint FORMAT_MESSAGE_FROM_SYSTEM = 0x00001000; [DllImport("kernel32.dll", SetLastError = true)] static extern uint FormatMessage( uint dwFlags, IntPtr lpSource, uint dwMessageId, uint dwLanguageId, StringBuilder lpBuffer, uint nSize, IntPtr Arguments); // Method for no seek penalty public static bool HasSeekPenalty(string sDrive) { SafeFileHandle hDrive = CreateFileW( sDrive, 0, // No access to drive FILE_SHARE_READ | FILE_SHARE_WRITE, IntPtr.Zero, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, IntPtr.Zero); if (hDrive == null || hDrive.IsInvalid) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } uint IOCTL_STORAGE_QUERY_PROPERTY = CTL_CODE( IOCTL_STORAGE_BASE, 0x500, METHOD_BUFFERED, FILE_ANY_ACCESS); // From winioctl.h STORAGE_PROPERTY_QUERY query_seek_penalty = new STORAGE_PROPERTY_QUERY(); query_seek_penalty.PropertyId = StorageDeviceSeekPenaltyProperty; query_seek_penalty.QueryType = PropertyStandardQuery; DEVICE_SEEK_PENALTY_DESCRIPTOR query_seek_penalty_desc = new DEVICE_SEEK_PENALTY_DESCRIPTOR(); uint returned_query_seek_penalty_size; bool query_seek_penalty_result = DeviceIoControl( hDrive, IOCTL_STORAGE_QUERY_PROPERTY, ref query_seek_penalty, (uint)Marshal.SizeOf(query_seek_penalty), ref query_seek_penalty_desc, (uint)Marshal.SizeOf(query_seek_penalty_desc), out returned_query_seek_penalty_size, IntPtr.Zero); hDrive.Close(); if (query_seek_penalty_result == false) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } else { return query_seek_penalty_desc.IncursSeekPenalty; } } // Method for nominal media rotation rate // (Administrative privilege is required) public static bool HasNominalMediaRotationRate(string sDrive) { SafeFileHandle hDrive = CreateFileW( sDrive, GENERIC_READ | GENERIC_WRITE, // Administrative privilege is required FILE_SHARE_READ | FILE_SHARE_WRITE, IntPtr.Zero, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, IntPtr.Zero); if (hDrive == null || hDrive.IsInvalid) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } uint IOCTL_ATA_PASS_THROUGH = CTL_CODE( IOCTL_SCSI_BASE, 0x040b, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS); // From ntddscsi.h ATAIdentifyDeviceQuery id_query = new ATAIdentifyDeviceQuery(); id_query.data = new ushort[256]; id_query.header.Length = (ushort)Marshal.SizeOf(id_query.header); id_query.header.AtaFlags = (ushort)ATA_FLAGS_DATA_IN; id_query.header.DataTransferLength = (uint)(id_query.data.Length * 2); // Size of "data" in bytes id_query.header.TimeOutValue = 3; // Sec id_query.header.DataBufferOffset = (IntPtr)Marshal.OffsetOf( typeof(ATAIdentifyDeviceQuery), "data"); id_query.header.PreviousTaskFile = new byte[8]; id_query.header.CurrentTaskFile = new byte[8]; id_query.header.CurrentTaskFile[6] = 0xec; // ATA IDENTIFY DEVICE uint retval_size; bool result = DeviceIoControl( hDrive, IOCTL_ATA_PASS_THROUGH, ref id_query, (uint)Marshal.SizeOf(id_query), ref id_query, (uint)Marshal.SizeOf(id_query), out retval_size, IntPtr.Zero); hDrive.Close(); if (result == false) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } else { // Word index of nominal media rotation rate // (1 means non-rotate device) const int kNominalMediaRotRateWordIndex = 217; if (id_query.data[kNominalMediaRotRateWordIndex] == 1) { return false; } else { return true; } } } // Method for error message private static string GetErrorMessage(int code) { StringBuilder message = new StringBuilder(255); FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM, IntPtr.Zero, (uint)code, 0, message, (uint)message.Capacity, IntPtr.Zero); return message.ToString(); } } } "@ # Function CheckSSD($PhysicalDiskId) { #initialize Add-Type -TypeDefinition $Code $hasRotationRate = $true $hasSeekPenalty = $true $driveString = "\\.\PhysicalDrive" + $PhysicalDiskId #Check RotationRate try { $hasRotationRate = [Util.DetectSSD]::HasNominalMediaRotationRate([string]$driveString) } catch { #"HasNominalMediaRotationRate detection failed with the following error;" # $Error[0].Exception.Message $hasRotationRate = $true } #Check SeekPenalty try { $hasSeekPenalty = [Util.DetectSSD]::HasSeekPenalty([string]$driveString) } catch { #"HasSeekPenalty detection failed with the following error;" #$Error[0].Exception.Message $hasSeekPenalty = $true } # Only return true if the disk has no rotation rate or no seek penalty. If ($hasRotationRate -eq 0 -and $hasSeekPenalty -eq 0) { #SSD detected New-ItemProperty -Path HKLM:\SYSTEM\ABPosdInstall -Name SSD_Detected -Value 1 -PropertyType DWORD -Force -ErrorAction SilentlyContinue | Out-Null Return 1 } Else { #No SSD detected New-ItemProperty -Path HKLM:\SYSTEM\ABPosdInstall -Name SSD_Detected -Value 0 -PropertyType DWORD -Force -ErrorAction SilentlyContinue | Out-Null Return 0 } } #initialize #Default No SSD detected $ResultCheckSSD=0 #check disk 0 Try { $ResultCheckSSD=CheckSSD(0) return $ResultCheckSSD } Catch { #error then no SSD detected $ResultCheckSSD=0 }

– We will pick the value up later with a custom registry key hardware inventory extension and use that in our reporting later on. For more details on how to do it : https://technet.microsoft.com/en-us/library/gg712290.aspx

 

Hope it Helps,

Kenny Buntinx

MVP Enterprise Client Management

CM12 R2 TS after upgrade: Failed to resume task sequence (0x800700EA) error

2:15 pm in 2012R2, bootimages, capture, CM12, CM12 R2, CM12 SP1, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, Cumulative Update, Deployment, OSD, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, Task Sequence by Kenny Buntinx [MVP]

 

I upgraded one of my customers site from SP1 to R2 on a Monday morning and have hit a number of hurdles. I have discovered that my customers OSD Task sequences were not functioning correctly. Everything seems to go fine, until it reaches the Setup Windows and ConfigMgr, and then once that step is complete, it reboots and I’m left on the ctrl+alt+del screen, with the computer joined to domain but no additional steps performed.

The TS does end with an error “Failed to resume task sequence (0x800700EA) error” , as if the new client gets installed and it just ends the TS!

**** Remember **** –> Support for Windows PE 3.1 boot images above of Windows ADK 8.1 is there as feature when upgraded to R2 !! **** Remember ****

I looked at my boot images and it looked good, but frankly the x64 boot image didn’t upgrade well and stayed to version 6.2.x instead of 6.3.x. I had a script to manually update it , but it didn’t like it so it failed again.

Created a new bootimage (x64) from scratch , updated my TaskSequence  to use the new bootimage and *BAM* , it worked again

Hope it Helps ,

Kenny Buntinx

MVP enterprise Client Management  

CM12 OSD : HP Zbook 17 is failing during OSD and is giving bluescreens all the way.

8:45 am in CM12, CM12 R2, CM12 SP1, OSD, wdf, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

 

Today we had a failing HP Zbook 17 and we where not able to do OSD staging on it . It remembered me at a blog post 6 months ago on an update called KB2685811 at http://support.microsoft.com/kb/2685811 to update the Kernel-Mode Driver Framework to v1.11

What it is – The Windows Driver Frameworks (WDF) is a set of libraries that you can use to write device drivers that run on the Windows operating system. WDF defines a single driver model that is supported by two frameworks: Kernel-Mode Driver Kernel Mode Driver Framework (KMDF) and User-Mode Driver Framework (UMDF). KMDF\UMDF are provided by Microsoft to allow component drivers to leverage the framework to minimize what is needed to be included with the driver.  This is great for the IT Professional until a driver is written to a specific version of the KMDF\UMDF which your system may not currently support.  This happened previously with Windows Vista and is now being seen on some Windows 7 systems that do not have the 1.11 version of KMDF and the 1.11 version of UMDF

Why you need them – Without these there is a potential of experiencing a failure in you Windows 7 OS Deployment process\ seeing devices in Device Manager that you know have drivers available to them, but aren’t properly installed. To ensure this does not happen you should update your base image with KMDF 1.11 and UMDF 1.11 to make sure that current and future drivers will be installed properly. Dell – HP – Lenovo are delivering more and more drivers released on the latest WDF framework !

Now here is the “gotcha”, in order for this to work for OS Deployments, you have 2 options based on Dustin Hedges blog called http://deploymentramblings.wordpress.com

– Build a brand new WIM file and inject the hotfix (using DISM). Then import that WIM back into SCCM for deployment, test, retest, retest, deploy to production. Apply the update using DISM: cmd.exe /c X:\windows\system32\dism.exe /ScratchDir:%OSDisk%\Scratch /Image:%OSDisk%\ /Add-Package /PackagePath:%_SMSTSMDataPath%\Packages\\Windows6.1-KB2685811-x64.cab

– Package it up and inject it offline during your existing deployments, see the following blog post at  http://deploymentramblings.wordpress.com/2013/10/24/osd-injecting-the-windows-7-kernel-mode-driver-framework-kmdf/

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client management

SCCM 2012 : “Another Installation is already in Progress” when deploying Applications thru OSD deployment.

11:26 am in agent, Application Model, applications, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, OSD, SCCM 2012, SCCM 2012 R2, SCCM 2012 SP1, Task Sequence by Kenny Buntinx [MVP]

 

At one of my current customers, I have been stuck for two days now, that one or two randomly selected applications where failing If we looked in the ‘Status Messages’ and dig al little deeper , we saw in there that :

‘Another installation is already in progress.Complete that installation before proceeding with this install.’

 image

Knowing this is a highly secured environment , my first guess would be policies. However I overruled this thinking strategy because during the OSD process , GPO’s aren’t applied …—> That is a fact , except for one scenario I already blogged about it as described here  ‘http://scug.be/sccm/2013/02/13/configmgr-2012-rtmsp1-applications-failed-to-install-during-osd-with-error-code-16389-and-denied-logon-for-domain-users-policy/’ , but that was not the issue…

Back to the drawing board and digging deeper in the smstslog file … Suddenly when hitting the F8 button a popup arrived that I needed a reboot to complete the “Kaspersky Antimalware Client”  … WTF is that doing in my task sequence.

Apparently someone at the customer decided to set a policy at the Kaspersky management server , to Push / Install a Kaspersky client when he detects and scans the network for computers that did not had a Kaspersky mgmt. agent installed. That little process hijacked my Task sequence installation process and jumped in the middle to install that Kaspersky agent .

Case Closed …My advise – before troubleshooting Configmgr , just start asking questions who did changes on other parts of the environment Emoticon die tong uitsteekt

Hope it Helps ,

Kenny Buntinx

Enterprise Client Management MVP

Configuration Manager 2012 OSD : Only import the Intel chipset drivers you really need for your brand/model !

6:31 pm in ConfigMgr 2007 R2, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, ConfigMgr SP2, configmgr2007, Deployment, Drivers, Operating System Deployment, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, sccm RTM, sccm2007 by Kenny Buntinx [MVP]

 

Yesterday I wrote a blogpost about the reason to keep your “Driver DB” and “driver packages” as clean as possible and that you do not need to import all the junk they provide in those so called “enterprise driver packages” for multiple models.

As a first tip for helping you accomplish that , we show you in this blog post how we can limit the number of *.inf files we need to import from Intel(R) Chipset Device Software . When downloading and extracting that Intel(R) Chipset Device Software package you will see that originally there are about  98 inf files present :

image

Now reduce the number of INF files :

Two override command switches for setup.exe from Intel(R) Chipset Device Software that will help us to reduce the *.inf files we need to import into our “Driver Package” :

-AONLY Extracts the needed INF files to install on the current system. If the install has been run once successfully, ‘-AONLY’ will not return any INFs when used in conjunction with ‘-OVERALL’ switch, all the needed INFs for the system will be extracted.

-P <Installation Path> Specifies the hard disk location to which the INF program files are copied. If this flag is not specified at the command line, the <Installation Path> directory is as follows: C:\Program Files\Intel\INFInst .

If this flag is used without the ‘-A’ option, only the Readme will be copied to <Installation Path>. The directory name can include spaces, but then a pair of double quotes (") must enclose the directory name. There should not be any space between the switch ‘-p’ and the directory name. This flag works in either Silent Mode or Interactive Mode.

Lets execute on the local brand/model that contains an intel chipset :

The result of running the setup with those parameters:

And then the result after running the tool on your local brand/model , you will see that the number of *.inf files are reduced to five (5) items ! isn’t that great ? Now copy those drivers to your regular driver import process and you reduced the number of bloat in your ConfigMgr driver database by 80% at least !

 

image

 

Hope it Helps ,

Kenny Buntinx

MVP enterprise Client Management

Configuration Manager 2012 and the need of keeping your Driver database lean and clean !

8:03 pm in CM12, CM12 R2, CM12 SP1, Deployment, Drivers, OSD, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, sccm RTM, Task Sequence by Kenny Buntinx [MVP]

 

Hi ,

Lately we had an issue on a CM2012 R2  production environment when exporting a “task sequence” from our Acceptance environment and importing that exported “task sequence” into production , and ran into an error where our task sequence import would fail with out of memory message.

The exact message was : “System.OutOfMemoryException , Exception of type ‘System.OutOfMemoryException’ was thrown” as shown in the picture below:

clip_image002

Several people recommended me to increase the WMI memory allocation by doing this : http://anoopcnair.com/2011/05/06/configmgr-sccm-how-to-increase-wmi-default-memory-allocation/ . Anoop links to the “_providerhostquotaconfiguration” class in his article. Anoop’s advice is not uncommon, although supportability of the matter is questionable without PSS/CSS support , it’s a common test/fix giving on PSS/CSS calls related to slow or underperforming console issues.

My advice : DON’T DO THIS BLINDLY or without PSS/CSS support . You’d be crazy doing anything to WMI on a ConfigMgr production environment that you don’t understand the impact off. And if it’s to a component as critical as WMI is to ConfigMgr than you’d better do your homework before implementing it in production.

And this blog post explains what the impact is: http://blogs.technet.com/b/askperf/archive/2008/09/16/memory-and-handle-quotas-in-the-wmi-provider-service.aspx

We increased the WMI memory allocation with PSS support until 8Gb memory (Server having 16 Gb physical memory) , but no luck at all.

A little recap and issue definition:

  1. 1. We created a OSD Task sequence deployment in our acceptance environment.
    2. Once validated , we exported the TS without content (Content is located on a shared UNC storage path) but with dependencies.
    3. We tried to import the exported TS into production, the import fails both trough the GUI and via the powershell cmdlts. The import in production of the exported tasksequence fails with an out of memory error as shown in the screenshot above
    4. We tested both on the Primary site server itself as via remote console –> same result
    5. We have sufficient memory available on the server. I saw that the PowerShell session on the primary site server used up to 1.5Gb ram during the import. (memory was not maxed out (74% used))

Further investigation leads us to the size of the exported Task Sequence , which was about 235 Mb ( without content , go figure ! ) . Probably you would say : “What the hell did you put into that task sequence ????? ”. Well , the customer needs to support 55 different hardware models because of the way they need to buy there hardware. Crazy , I know and the fact is that they know that as well , however they can’t change this purchase behavior.

That being said , they have 55 HW driver packs and they have around 4800 drivers imported in there CM12 Driver DB .

After testing , we discovered that if the imported task sequence is more or less bigger then 135Mb in size , it will fail to import with the error displayed above. Once we lowered the number of drivers being referenced in the driver packages and therefore also in the CM12 driver database itself and the exported TS would be below 135mb in size , the import succeeded. However we could never pinpoint the exact size of the task sequence when it would fail as this was between 135 and 145 Mb.

What I recommend you to do:

  • One of the biggest mistakes customers make is to go the manufacturer website and grab every driver with those so called “enterprise driver packs” that contain drivers for multiple models…. Hell no , mostly the drivers are out dated, full of additional crap…
  • Use common sense and  only import drivers that are applicable to machines in your environment. I do not recommend that drivers are blindly imported into ConfigMgr where there is no actual benefit. This will just cause the database to bloat and the task sequences to become unwieldy. I recommend that any unused drivers/driver packages are removed from ConfigMgr
  • If you have a large number of Manufacturers and models or you run into conflicts, you can apply the driver package based on category or apply a specific package, especially when exporting / importing task sequences .
  • Typically graphic cards , Intel Vpro , Soundcard drivers or custom “hotkey” drivers are “bad” drivers. Those should be installed with applications from the setup.exe or msi.

To give you an idea , we went for a Lenovo C30 desktop model from +_ 400 drivers to 22 drivers. Keep it clean and tight . It will cost you more energy in the beginning , but will save you a lot of time when you need to debug. That’s the message I am trying to give you !

Hope it helps ,

Kenny Buntinx

MVP Enterprise Client Management

OSD Capture fails on a HP Gen8 Hyper-V cluster

12:12 pm in 2012R2, capture, CM12, CM12 R2, CM12 SP1, hyper-V, OSD, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1 by Kenny Buntinx [MVP]

 

I’ve seen lots of people saying to use VMs to create images and my customer decided to do it using Hyper-V as they see the Hyper-V scenario as possible replacement for Vmware. We did it on Hyper-V 2012 R2.

However, I am having a problem capturing the image with the Build & Capture Task Sequence. I have the VM (running Windows 7 x64 Enterprise) . The VM ran through Sysprep and rebooted into WinPE, but then the problem starts. I checked the Captures folder to see if it started creating the WIM file,  only written 1KB and then fails with “Exiting with return code 0x80004005”. That’s right, 1 freaky’ KB.

I do have the Legacy Network adapter installed so I can perform PXE boots on the VMs that I have created.

This was the first time I’ve worked with Hyper-V 2012 R2 so I wasn’t sure what to expect as I had experiences with Hyper-V 2008 R2 and 2012 . I’ve looked at all the threads that mention "Hyper-V’ but none have said they are having any problems.

I’ll have tried a few things to see what happens, and to figure out what was wrong here. Finally we found out the issue :

We immediately thought at networking issues and not to a share or permission issue as we could write a file of 1kb.

1.When the VM started in Winpe to start capturing the image , we checked for an IP (F8 command prompt) . We saw the correct IP , but suddenly 5 seconds later , it changed back to an auto assign IP , short term APIPA (Automatic Private IP Addressing) . That was weird and we blamed it to the Networking team Smile . ( for once we thought we had a reason as the DHCP server was a linux box )

2. After ruling out the network ( giving it a fixed ip , MAC reservation ) , we start to search a little deeper . Maybe it was the Hyper-V cluster or the virtual switch ?

3. To rule out any virtual switch issues , we started to create a VM on the Hyper-V Host itself and BINGO ! The creation of the WIM file succeeded .

4. To make sure it was the Hyper-V cluster , we created a VM and tried it again . Same problem, The VM ran through Sysprep and rebooted into WinPE, but then the problem starts. I checked the Captures folder to see if it started creating the WIM file,  only written 1KB and then fails with “Exiting with return code 0x80004005”. That’s right, 1 freaky’ KB.  .

The solution:

Ok , The problem is related to the Hyper-V cluster . After a little investigation , we discovered that people had reported issues with networking drops on HP Generation 8 hardware. I’ve got answer with my connectivity issue.

Our case is the same as described on the Hyper-V.nu blog:

http://www.hyper-v.nu/archives/marcve/2013/11/vnics-and-vms-loose-connectivity-at-random-on-windows-server-2012-r2/

http://www.hyper-v.nu/archives/pnoorderijk/2013/11/the-story-continues-vnics-and-vms-loose-connectivity-at-random-on-windows-server-2012-r2/

As a workaround , disabling VMQ works . More info what VMQ does : http://blogs.technet.com/b/networking/archive/2013/09/10/vmq-deep-dive-1-of-3.aspx

The issue has been reported to HP support. We are awaiting feedback . In the meanwhile we will try this hotfix http://support.microsoft.com/kb/2913659 It seems that after patching our cluster nodes with the hotfix, we haven’t had a VM guest lose network connectivity for over 24 hours. It was happening quit regularly with several VM’s that are sending/recieving lots of network traffic . If you haven’t applied this hotfix and you are experience this issue and/or others with your virtual switches, do it before opening a case at HP

Hope it Helps ,

Kenny Buntinx

MVP enterprise Client Management .

HOTFIX is available for the "Operating System Deployment" feature of System Center 2012 R2 Configuration Manager

7:16 am in CM12 R2, OSD, PXE, sccm 2012 R2 by Kenny Buntinx [MVP]

 

All,

KB 2905002 has been posted to the hotfix servers to address two post-R2 issues:

This update resolves the following issues in Microsoft System Center 2012 R2 Configuration Manager.

Issue 1

After you enable the PXE Service Point role

(http://msdn.microsoft.com/en-us/library/jj217832.aspx)

on an instance of a specific distribution point, or you select the Deploy this boot image from the PXE-enabled distribution point property of a boot image, the Windows Deployment Service (WDS) stops running. Additionally, entries that resemble the following are logged in the Windows Application log:

Note This problem affects only distribution points that are installed on site servers.

Issue 2

When operating system image files are downloaded to Configuration Manager 2012 R2 clients, you may find that the download takes longer than it did in previous versions of Configuration Manager 2012 clients. You may see this behavior when the target client is running Windows PE or a full Windows operating system.

 

Please see the KB for details here : http://support.microsoft.com/kb/2905002

Hope it Helps ,

Kenny Buntinx

MVP enterprise Client Management