Service Common Issues and How to Resolve Them Rhonda J Layfield RJL INC RhondaDeploymentDrcom Session Code CLI315 Rhonda Layfield IT industry 25 years Contribute articles to Windows IT Pro ID: 499620
Download Presentation The PPT/PDF document "Top 10 Windows Deployment" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
Top 10 Windows Deployment Service Common Issues and How to Resolve Them
Rhonda J.
Layfield
RJL, INC.
Rhonda@DeploymentDr.com
Session Code: CLI315Slide3
Rhonda LayfieldIT industry 25+ years
Contribute articles to Windows IT Pro
mag
Setup and Deployment MVP
Desktop Deployment Product Specialist (DDPS)
Co-Author Windows Server 2003 R2 and Windows Server 2008 books
NEW Microsoft Deployment Book
Offer hands on deployment classSlide4
What I’ll CoverManaging the WDS Server
Installing and Configuring WDS
10) Permissions
9) 2K8 Deployment Failure
8) Renaming/Moving the WDS server
Creating an Image to Deploy
7)
WDSCaptureSlide5
OverviewDeploying an Image
6) Pre-staged settings do
NOT
take affect
5)
WinPE
Problems
4) Multicast
Automating the Deployment
3)
Unattend
Answer Files
Infrastructure Issues
2) DHCP Issues
1) PXE IssuesSlide6
WDS Requirements
WDS server must be a member of an Active Directory domain
DHCP
DNS
NTFS partition on which to store imagesSlide7
WDS Requirements
DHCP
WDS
AD/DNS
Bare-Metal
1
2
3Slide8
WDS on Server 2003
Installing WDS on a 2003
SP1
Server
Install RIS
Install patch from the WAIK: windows_deployment_services_update.exe
Installing WDS on a 2003
SP2
Server
Control Panel / Add/Remove Programs / Windows Components / WDSSlide9
WDS on Server 2008 (R2)
Installing WDS on a 2008 server
Server Manager
Add Roles
Select Windows Deployment Services from the list of rolesSlide10
Configuring WDSChoose path for the Remote Installation folder
DHCP Options
PXE Server SettingsSlide11
Configuring WDS
DemoSlide12
10) Permissions
Default Permissions
Local administrator on the WDS server
Full Control of the
RemoteInstall
folder
Full Control permissions on HKEY_LOCAL_MACHINE\System
Domain administrator (domain where the WDS server resides)
Full Control permissions on the Service Control Point (SCP) in AD DS for the WDS server. Slide13
WDS and SCPWDS depends on AD DS for the PXE provider to create computer accounts and service control points (SCPs) in AD.
The SCP is a child object under a WDS server’s account object used to store configuration data
Identifies the server as a WDS server
Finding the SCP - DEMO
ADSIEdit
-> Find your servers computer object -> Expand your server -> CN=
NameOfMyServer
-Remote-Installation-Services PropertiesSlide14
Permissions ContinuedEnterprise administrator
Dynamic Host Configuration Protocol (DHCP) authorization permissions
Admin Approval
The computer account is created using the server’s authentication token (not the
admins
token performing the approval)
WDSSERVER$ must have “create computer account objects” on the containers / OUs where the approved pending computers will be createdSlide15
Admin Approval ContinuedAdmin Approval of Pending Computers
R/W to the F:\RemoteInstall\MGMT
contains Binlsvcdb.mdb
Active Directory Users and Computers
Create a custom task to delegate on OU where the computer account will be created -> Write all properties on Computer ObjectsSlide16
Joining a Machine To a DomainADUC
R-click the container or OU and go to Properties
Click the Advanced button and add a user or group then click the Edit button
Under Apply to: This object and all descendant objects
Allow “Create Computer objects” Ok (3x)
BUT now that user can create computer objects and join machines to the domain
What if you only want someone to be able to join a machine to the domain?Slide17
The JoinRights Setting Part 1
JoinRights
registry setting determines the set of security privileges
located at:
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet
\Services\
WDSServer
\Providers\WDSPXE\Providers\BINLSVC\
AutoApprove
\<arch>
Name:
JoinRights
Type: DWORD
Value:
0 = JoinOnly.; 1 = FullSlide18
The JoinRights Setting Part 2
The
User
registry setting determines which users have the right to join the domain
User setting located at:
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet
\Services\
WDSServer
\Providers\WDSPXE\Providers\BINLSVC\
AutoApprove
\<arch>
Name: User
Type: REG_SZ
Value: group or user.Slide19
Non-English DCsCreating computer accounts against a non-English domain controller using the default user property.
Set the Auto-Add settings to use an account that does not contain extended characters.
Acceptable characters ([A-Z, a-z, 0-9, \, -, and so on])
For example if the German "
Domänen-Admins
“ is used the Auto-Add will fail.
WDSUTIL /set-server /
AutoAddSettingsSlide20
Common Permissions
TASK
Permission
Prestage
a computer
ADUC -> Create a custom task to delegate on OU where you are putting the computer account ->
Write all properties
on Computer Objects
Add/Remove Image or Image Group
FC
F:\RemoteInstall\Images\ImageGroup
Disable an image
R/W
for the image (on image properties in WDS)
ADD boot image
R/W
F:\RemoteInstall\Boot
R/W
F:\RemoteInstall\Admin (if upgrading from 2K3 server)
Remove boot image
R/W
F:\RemoteInstall\BootSlide21
Common Permissions
TASK
Permission
Manage properties on an OS image
R/W
on image Res.rwm file found:
F:RemoteInstall\Images\<
ImageGroup
>
Convert a RIPREP image
R
original RIPREP image
R/W
%TEMP% and destination folder
Create
Discover / Capture
image
R
original boot image
R/W
%TEMP% and destination folder
Create a multicast transmission
FC on: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\MulticastR F:\RemoteInstall\Images\<ImageGroup>Slide22
9) 2K8 WDS - Deployment Fails
Server 2008 increased the TFTP block size from 512 bytes to 1,456 bytes to speed things up.
If your network has a TFTP block size of less than 1,456 bytes this breaks WDS.
Resolution:
Install
hotfix
975710
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet
\services\
WDSServer
\Providers\WDSTFTP
Create a new
REG_DWORD
Name:
MaximumBlockSize Value range: 512–1456 Slide23
8) Renaming/Moving WDS Server Renaming a machine
Moving a machine from one domain to another
You’ll need to
uninitialize
& reinitialize WDS server
From a
cmd
on the WDS server
Wdsutil
/
uninitialize
-server
Wdsutil
/initialize-server /
reminst:E
:\RemoteInstallSlide24
7) Creating an Image to Deploy
WDSCapture
WinPE
Add boot.wim from a 2K8 Server .
iso
Right-click the boot.wim and choose “Create capture image…”
Add the new .
wim
file that you just created
Sysprep
-reseal
generalizeSlide25
Boot WDS Capture
No Volume to capture?Slide26
Deploying a W7 Client
DemoSlide27
6) Pre-Staged Settings IgnoredEnsure there are not duplicate machine accounts pre-staged for the same machine
Pre-stage using the MAC address
Swap the NIC to another machine
Dual
Admins
1
st
admin creates a computer object in ADUC
2
nd
admin pre-stages a computer object with the NIC
or GUID
The first one found is usedSlide28
5) WinPE Issues
Using an older boot.wim
Architectures and
WinPE
Copype
–
WinPE
Creating your ownSlide29
Which Boot.wim To Use…The most current will always be best
Windows 7 Boow.wim can deploy
Vista SP1
Windows Server 2003 R2
Windows 7
Server 2008 & R2
Accidently use a Vista or Vista SP1 boot.wim?
Vista boot.wim cannot deploy W7 or 2K8 R2
Failure on the Offline servicing pass even if it’s not configured to install patchesSlide30
Using an Old boot.wimSlide31
4) Multicast IssuesMulticast traffic running really slow
Which version of IGMP is being used?
V3 or v2?
Multiple WDS servers multicast traffic
Overlapping IP addresses
WDS snap-in -> Properties of Server -> Multicast tab -> change the IP addressesSlide32
3) Automating the DeploymentUnattend
.xml scripts (2)
XP & 2K3
vs
Vista and later
Unattend.xml does not process settings
Not named properly
Not stored in the correct folderSlide33
Automating The Deployment
DemoSlide34
2) DHCP
Bare-Metal
DHCP/WDS
Discover IP
Offer IP/PXE Server
Request
AcknowledgeSlide35
WDS & DHCP3 Scenarios
WDS and DHCP on the same subnet/ different servers
Client will find WDS by broadcasting
WDS and DHCP on different subnets
Client must find WDS through options 66 and 67 set in DHCP
WDS & DHCP on
same
server
Client must find WDS through Option 60 in DHCPSlide36
WDS & DHCP Same Subnet
Bare-Metal
DHCP
WDS
Discover IP/PXE Server
Discover IP/PXE Server
Offer IP
I’m WDS
Request
AcknowledgeSlide37
WDS & DHCP Different Subnets
Bare-Metal
DHCP
WDS
Discover IP/PXE Server
Offer IP Option 66 Option 67
Acknowledge
RequestSlide38
WDS & DHCP on The Same Server
Bare-Metal
DHCP / WDS
Discover IP
Offer IP Option 60 I’m also WDS
Request
AcknowledgeSlide39
WDS And DHCP on The Same Server? Slide40
1) Pre-Boot Execution Environmentaka…PXE
PXE Protocol is an extension of DHCP
Created by Intel as a standard with a set of pre-boot services stored in the boot firmware
The goal:
Perform a network boot
Find and download a network boot program (NBP) from a Network Boot ServerSlide41
The PXE ProcessFrom the client
Client receives an IP address
Discovers a Network Boot Server (NBS)
Downloads the Network Boot Program (NBP) from the NBS (TFTP) and executes it
From the server
Servers IP address
Name of a NBP the client may requestSlide42
Subnets, Routers and Switches OH NO!
All PXE / DHCP traffic is local traffic
only
DHCP – port UDP 67
PXE traffic – port UDP 4011Slide43
PXE Server SettingsSlide44
Known Client PXE bootSlide45
Unknown ClientsSlide46
No NBS or NBP Slide47
PXE Issues
IP helpers configured properly on your switches and routers are more reliable
Older PXE ROMs have issues with DHCP options 60,66,67
Options 66 & 67 are referred to as a Network Boot Referral (NBR)Slide48
What We CoveredManaging the WDS Server
Installing and Configuring WDS
10) Permissions
9) 2K8 Deployment Failure
8) Renaming/Moving the WDS server
Creating an Image to Deploy
7)
WDSCaptureSlide49
Wrapping IT UP..Deploying an Image
6) Pre-staged settings do
NOT
take affect
5)
WinPE
Problems
4) Multicast
Automating the Deployment
3)
Unattend
Answer Files
Infrastructure Issues
2) DHCP Issues
1) PXE IssuesSlide50
Troubleshooting ResourcesError codes for WDS & AD Integration (BINLSVC)
http
://technet.microsoft.com/en-us/library/dd299753(WS.10).aspx
Permissions for Server & Client
http://technet.microsoft.com/en-us/library/cc754005(WS.10,printer).aspx
Required Slide
Track PMs
will supply the content for this slide,
which will be inserted during
the final scrub.Slide51
Complete an evaluation on
CommNet
and enter to win an Xbox 360 Elite!Slide52Slide53
©
2009 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Required Slide