Solved

SCCM PE Image Unsigned Driver Injection

Posted on 2010-11-12
11
3,739 Views
Last Modified: 2013-11-21
Recently upgraded my SCCM 2007 R2 SP1 to SP2. Since doing so, whenever I try to add a unsigned driver to a boot image it fails with the following error.

   Error: Boot image to update:
      Microsoft Windows PE (x64)

   Error: Actions to perform:
      Add ConfigMgr binaries
      Disable Windows PE command line support
      Add drivers

   Success: Drivers that will be included:
      DELL CERC SATA 1.5/6ch RAID Controller

   Error: Failed to import the following drivers:
      DELL CERC SATA 1.5/6ch RAID Management Device - Failed to inject a ConfigMgr driver into the mounted WIM file

   Error: The wizard detected the following problems when updating the boot image.
      Failed to inject a ConfigMgr driver into the mounted WIM file
      Failed to inject a ConfigMgr driver into the mounted WIM file
      Failed to inject a ConfigMgr driver into the mounted WIM file
      Failed to inject a ConfigMgr driver into the mounted WIM file
      Failed to inject a ConfigMgr driver into the mounted WIM file
      The ConfigMgr Provider reported an error.: ConfigMgr Error Object:
      instance of SMS_ExtendedStatus
      {
            Description = "Failed to insert OSD binaries into the WIM file";
            ErrorCode = 2152205056;
            File = "e:\\nts_sms_fre\\sms\\siteserver\\sdk_provider\\smsprov\\sspbootimagepackage.cpp";
            Line = 4262;
            ObjectInfo = "CSspBootImagePackage::PreRefreshPkgSrcHook";
            Operation = "ExecMethod";
            ParameterInfo = "SMS_BootImagePackage.PackageID=\"MOH00027\"";
            ProviderName = "WinMgmt";
            StatusCode = 2147749889;
      };

This is just one of many drivers I am having this problem with. If I take this exact same driver, copied from the very place this process is using, and manually add it to the image using DISM with the /forceunsigned flag it works without a problem. After some digging there is a log file created by DISM during the image build using SCCM located at C:\Windows\Logs\DISM\dism.log. In this log I get the following error.

2010-11-12 12:47:38, Info                  DISM   DISM Driver Manager: PID=6024 Signature status of driver \\vsccm\Source\Drivers\Dell\PE\Dell-WinPE-Drivers-A02\winpe\x64\Storage\R129526\cercsr6.inf is: UNSIGNED - CDriverPackage::InitSignatureStatus
2010-11-12 12:47:38, Error                 DISM   DISM Driver Manager: PID=6024 Cannot install non-signed boot-critical drivers on amd64 images. Use /forceunsigned switch to override. \\vsccm\Source\Drivers\Dell\PE\Dell-WinPE-Drivers-A02\winpe\x64\Storage\R129526\cercsr6.inf - CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
2010-11-12 12:47:38, Error                 DISM   DISM Driver Manager: PID=6024 d:\w7rtm\base\ntsetup\opktools\dism\providers\dmiprovider\dll\drivermanager.cpp:1063 - CDriverManager::Internal_DoAddDriverPackage(hr:0x80070032)
2010-11-12 12:47:38, Error                 DISM   DISM Driver Manager: PID=6024 d:\w7rtm\base\ntsetup\opktools\dism\providers\dmiprovider\dll\drivermanager.cpp:519 - CDriverManager::ExecuteCmdLine(hr:0x80070032)
20

Now all this is great because I finally know why the builds are failing. The problem I'm having now is... how do you get SCCM to use the /forceunsigned switch?
0
Comment
Question by:midwestexp
  • 5
  • 4
  • 2
11 Comments
 
LVL 10

Expert Comment

by:Kezzi
ID: 34135533
You specify that in the Task Sequence for the Driver Package installation.  I have attached a screen shot. Task Sequence screenshot of Driver Install
0
 

Author Comment

by:midwestexp
ID: 34135647
That's for the TS. What I am trying to do is load "unsigned" drivers into my PE boot image so that I can even get a TS to run. Which prior to SP2, worked without problem.
0
 
LVL 10

Expert Comment

by:Kezzi
ID: 34137969
Not sure but i had issues during my upgrade.  Had to rerun sp2 after deleting my existing boot images so that they upgraded properly.  
0
 
LVL 10

Expert Comment

by:JonLambert
ID: 34141760
Haven't come accross this before, but you could definately manually mount the source boot WIM and insert the drivers using DSIM usingt he forced unsigned switch, and then updated the boot wim pakcage (to force the WIM to be re-created).

If you do this, ensure that you do mount and update the source boot wim, and not the package boot wim which is generated by SCCM (which has the SCCM Packaged ID in the name).

0
 

Author Comment

by:midwestexp
ID: 34144585
Jon,

I finally broke down yesterday and resorted to manually inserting the drivers in to a custom image. I trust you have upgraded to SP2? Do you have any trouble injecting 64bit "boot-critical" drivers? I could provide a link to the Dell PE drivers I am using if anyone wants to give them a go on their setup?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 10

Expert Comment

by:JonLambert
ID: 34149600
I did a Boot WIM with Dell server MSD and NIC drivers last week, when I'm on site I'll get the namd and versions of the drivers I used, and we can see if they differ.
0
 
LVL 10

Expert Comment

by:JonLambert
ID: 34153421
Attached is a jpg of some of the Dell drivers I attached  using the normal standard proccess. Maybe the driver version numbers can help you out

 Dell Boot Drivers Boot Drivers in WIM
0
 

Author Comment

by:midwestexp
ID: 34155070
I know one of the failing drivers I have is the same, other than version. It is the Dell CERC SATA 1.5/6ch RAID Controller as well as the management device. The version on mine is 4.1.1.7038. Which I got out of this cab file
 from Dell. On your sustem, is the driver you have for that signed?



0
 
LVL 10

Expert Comment

by:JonLambert
ID: 34158764
Yes it is signed
0
 
LVL 10

Accepted Solution

by:
JonLambert earned 500 total points
ID: 34158799
From memory I might have utilised the Dell Server Deployment Pack add-in for the SCCM console to download the drivers, but I don't currently have that installed so I cant validate that was how I downloaded  the drivers.
0
 

Author Closing Comment

by:midwestexp
ID: 34982609
Accepting based on effort. Issue has been submitted to Dell to correct.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now