Month: May 2012

HP BIOSConfigUtility Command Line in a Task Sequence

Posted on

First, let me start by saying there is already a good blog post which outlines how to use HP’s BIOSConfigUtility in an MDT task sequence (which can be easily translated into an SCCM task sequence).

I recently implemented this tool for a client to enable the TPM feature in BIOS in preparation for BitLocker.  The utility was being run from a task sequence with command line such as:

cmd.exe /c c:\temp\BIOSConfigUtility.exe /SetConfig:TPMEnable.REPSET /NewAdminPassword:"P@55word!"

In my testing, the BIOS password was being set properly, but the TPM enable would not get enabled.  BIOSConfigUtility.exe would terminate with error code 10, which essentially meant it was trying to enable TPM but the provided password is incorrect.  What I found to fix the problem was to instead specify the full path to TPMEnable.REPSET file.  So instead, the switch would instead be:

/SetConfig:c:\temp\TPMEnable.REPSET

SCCM Guru Webcast Replay

Posted on Updated on

If you weren’t able to watch my SCCM Guru webcast (sponsored by BDNA) on March 28th on the Power of Task Sequences, the webcast is available to watch on YouTube or for download on iTunes.  Or you can watch it right from my blog!  Also, I have a post on Q&A from the webcast that you can read.

Creating New SCCM Boot Images from WAIK

Posted on Updated on

I recently needed to create a new boot image from scratch for use in SCCM to support a Windows 7 migration.  Typically I would create a boot image from scratch, but at one point an SCCM admin had deleted the default boot images and created their own, which I couldn’t trust were created properly.  So I copied winpe.wim from the installation directory of WAIK and then proceed with my custom process of adding HTA support into the boot image.

But what I also discovered was that I needed to add both scripting and WMI support as well since that’s not included by default into the boot images!  Microsoft has outlined how to add those features  as per http://msdn.microsoft.com/en-us/library/bb680372.aspx

***Update 7/24/2012***
A colleague of mine within Catapult happened to find an easier solution for this, which includes automatic addition of WMI/Scripting support!

  • Start “Deployment Tools Command Prompt” elevated
  • Run Copypd.cmd amd64 C:\Winpe
  • You will now have a x64 bit winpe that you can import as a boot image in sccm.

Recovering SCCM Site from a Failed Bad Backup

Posted on

Helped a client recently migrate their existing SCCM environment to new hardware.  We ran into some challenges and thought it would be good to share how we were able to work through the problems to get SCCM successfully migrated.

Going from:

  • Win2k3 Standard x86
  • SQL 2005 x86SP2
  • SCCM 2007 SP2 R2

Going to:

  • Win2k8 R2 Datacenter (x64 of course)
  • SQL 2005 x64SP4
  • SCCM 2007 SP2 R2

At a high level, the operations to migrate a site are:

  • Perform a backup, then shut everything down.
  • Replace the hardware and ensure the configuration is identical – drives, names, paths, etc.
  • Install the same software and pre-requisites
  • Install Configuration Manager using the same settings and paths.
  • Run the repair wizard from the shortcut on the menu and perform a restore. (not from the console)

However, the site repair wizard was failing on the first step of verifying the backup path. The GUI said that the SQL backup files and ConfigMgr inbox files are out of sync and the file stamps are different. Additionally, the RepairWizard.log file has several instances of “Initializer {GUID} will no be run, unsupported application type”.  Additionally, SMSbkup.log states “Backup task completed successfully with zero errors but there could be some warnings, AFTERBACKUP.BAT will be started if available in its predefined location”.  However, looking at the logs more closely above, I see line after line of errors.  Such as:

  • Error: Failed to backup \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\SMS\BackupTemp\SMSbkSiteRegNAL.dat up to D:\SMSBackup\Backup\SiteServer:\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\SMS\BackupTemp\SMSbkSiteRegNAL.dat is not readable.
  • Failed to copy file(s) Backup\SiteServer.
  • Error: Failed to backup \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\SMS\BackupTemp\SMSbkSiteRegSMS.dat up to D:\SMSBackup\Backup\SiteServer:\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\SMS\BackupTemp\SMSbkSiteRegSMS.dat is not readable.
  • Error: Backup Failed  for Component – Backup\SiteServer\SMSbkSiteRegSMS.dat.

So this showed that the site backup was truly not successful and was incomplete.  Upon comparing the contents of the directory against a known good backup in another environment, the backup was missing the following items

  • SMS/NAL registry key backups (as a .dat)
  • logs
  • 1/3 of the inboxes, including the site control
  • data folder
  • srvacct folder

Essentially to workaround the problem and move forward, I

  • Copied those folders straight from the old server’s installation directory (IMPORTANT: Do not recover the srvacct folder!! More info below)
  • Detached the “new” site databases in SQL and attach the “old” databases
  • Ran the site repair wizard EXCEPT selecting to not restore the database

Except for the restore of the SMS/NAL registry keys, the site restore seems to have worked at that point and the site is functioning (activity, inventory, SWD, reporting, etc.).  However, it was still critical to get the registry keys imported.  On the old site, I had exported those registry locations (HKLM\Software\Microsoft) and tried to just import them directly on the server (NOTE that since I was going from a 32-bit OS to a 64-bit OS, I had to a bulk search/replace to add Wow6432Node into the path).  The import action was blocked/prevented.

So, the recommendation was to boot the server into safe mode and then import the registry items.  So we did that but continued to get access denied problems with the SMS key.  So I started a process of elimination by cutting the registry file in half each time until finally we identified the problematic key that was causing the whole value to not import.  The guilty key?  The Certificates location – HKLM\SOFTWARE\Wow6432Node\Microsoft\SMS\MP\Certificates – which is logical that this would cause the entire import to fail.  Which is OK because installing a new MP will generate new cert keys.

Now the site is finally up and running.  Right?  Wrong!  When attempting to use run a task sequence, I received the issue as described in KB2509330 because of restoring the srvacct folder.  The “resolution” is to rebuild the entire server over again from scratch, which is not a good idea because of the effort to get this far.  Fortunately, I had a file system backup of the VM such that the original srvacct folder could be restored.  That backup saved me from having to start from the very beginning!  So, not overwriting the srvacct folder is critical.

Other items needing resolution after the migration

  • Recreate any boot media afterwards with the new site certificates
  • Reinstall an SMP to fix a cert mismatch
  • Fixing client certs by running “ccmsetup.exe RESETKEYINFORMATION=TRUE”

SCCM certificates are like sand, they get into everything :-)  Anyhow, this was quite a process to go through.  MORAL OF THE STORY?  Make sure you have good and complete backup of your site before migrating to new hardware!

VirtualBox NIC for WinXP, Win7, and WinPE

Posted on Updated on

I’ve been using VirtualBox lately for doing some lightweight virtualization to test various deployments.  Most recently, I was using it to test USMT hardlink migration in going from WinXP to Win7.  So after a quick setup of a WinXP test VM and installing the VM additions, I found that the network drivers were not present in WinPE.  So I added the network drivers into WinPE (in SCCM) and updated the SCCM distribution points.  The NIC still didn’t work in the VM.  So I used a different NIC that worked WinPE and Win7, but it didn’t work with WinXP even though the VM additions were installed (I don’t understand why the drivers are not included!).

Anyhow, if you need to use VirtualBox for the same kind of testing, I recommend configuring your VM as follows:

  1. Create your WinXP VM
  2. Configure the VM to use Bridged network and emulate the Intel MT Desktop device
  3. Configure the VM to auto mount a shared drive on the host computer (for quick access to files)
  4. Download the NIC drivers from Intel online to that shared folder
  5. Install the NIC drivers on the WinXP VM.

Now you have a VM that works with WinXP, Win7, and WinPE!

Adobe Acrobat X Install error = error

Posted on Updated on

I built a custom transform for Adobe Acrobat X using the standard Adobe customization wizard for that product.  Using command line “Setup.exe /sPB /rs /msi TRANSFORMS=AcroStan.mst”, I received a strange error message “error.”  Wow, that’s a helpful message.  Instead of using the setup.exe problem, I decided to use the .msi file directly, but was still having the same issue.

Additionally, if you enable logging it will show the following details.  Also not helpful.

Action start 15:16:05: CA_QV.
MSI (s) (28:D4) [15:16:06:040]: Product: Adobe Acrobat X Standard – English, Français, Deutsch —  error.
 error.
Action ended 15:16:06: CA_QV. Return value 3.
Action ended 15:16:06: INSTALL. Return value 3.

Long story short, I got on the horn with Adobe support.  And they gave me command line as “msiexec.exe /i AcroStan.msi SUITEMODE=1 TRANSFORMS=AcroStan.mst /qn”, which works.  Supposedly, the SUITEMODE parameter “activates” the transform or something.  I don’t know and I don’t think the support person really knew either.  Regardless, it got me on my way!