Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SCCM PE Image Unsigned Driver Injection

Posted on 2010-11-12
11
3,856 Views
Last Modified: 2013-11-21
Recently upgraded my SCCM 2007 R2 SP1 to SP2. Since doing so, whenever I try to add a unsigned driver to a boot image it fails with the following error.

   Error: Boot image to update:
      Microsoft Windows PE (x64)

   Error: Actions to perform:
      Add ConfigMgr binaries
      Disable Windows PE command line support
      Add drivers

   Success: Drivers that will be included:
      DELL CERC SATA 1.5/6ch RAID Controller

   Error: Failed to import the following drivers:
      DELL CERC SATA 1.5/6ch RAID Management Device - Failed to inject a ConfigMgr driver into the mounted WIM file

   Error: The wizard detected the following problems when updating the boot image.
      Failed to inject a ConfigMgr driver into the mounted WIM file
      Failed to inject a ConfigMgr driver into the mounted WIM file
      Failed to inject a ConfigMgr driver into the mounted WIM file
      Failed to inject a ConfigMgr driver into the mounted WIM file
      Failed to inject a ConfigMgr driver into the mounted WIM file
      The ConfigMgr Provider reported an error.: ConfigMgr Error Object:
      instance of SMS_ExtendedStatus
      {
            Description = "Failed to insert OSD binaries into the WIM file";
            ErrorCode = 2152205056;
            File = "e:\\nts_sms_fre\\sms\\siteserver\\sdk_provider\\smsprov\\sspbootimagepackage.cpp";
            Line = 4262;
            ObjectInfo = "CSspBootImagePackage::PreRefreshPkgSrcHook";
            Operation = "ExecMethod";
            ParameterInfo = "SMS_BootImagePackage.PackageID=\"MOH00027\"";
            ProviderName = "WinMgmt";
            StatusCode = 2147749889;
      };

This is just one of many drivers I am having this problem with. If I take this exact same driver, copied from the very place this process is using, and manually add it to the image using DISM with the /forceunsigned flag it works without a problem. After some digging there is a log file created by DISM during the image build using SCCM located at C:\Windows\Logs\DISM\dism.log. In this log I get the following error.

2010-11-12 12:47:38, Info                  DISM   DISM Driver Manager: PID=6024 Signature status of driver \\vsccm\Source\Drivers\Dell\PE\Dell-WinPE-Drivers-A02\winpe\x64\Storage\R129526\cercsr6.inf is: UNSIGNED - CDriverPackage::InitSignatureStatus
2010-11-12 12:47:38, Error                 DISM   DISM Driver Manager: PID=6024 Cannot install non-signed boot-critical drivers on amd64 images. Use /forceunsigned switch to override. \\vsccm\Source\Drivers\Dell\PE\Dell-WinPE-Drivers-A02\winpe\x64\Storage\R129526\cercsr6.inf - CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
2010-11-12 12:47:38, Error                 DISM   DISM Driver Manager: PID=6024 d:\w7rtm\base\ntsetup\opktools\dism\providers\dmiprovider\dll\drivermanager.cpp:1063 - CDriverManager::Internal_DoAddDriverPackage(hr:0x80070032)
2010-11-12 12:47:38, Error                 DISM   DISM Driver Manager: PID=6024 d:\w7rtm\base\ntsetup\opktools\dism\providers\dmiprovider\dll\drivermanager.cpp:519 - CDriverManager::ExecuteCmdLine(hr:0x80070032)
20

Now all this is great because I finally know why the builds are failing. The problem I'm having now is... how do you get SCCM to use the /forceunsigned switch?
0
Comment
Question by:midwestexp
  • 5
  • 4
  • 2
11 Comments
 
LVL 10

Expert Comment

by:Kezzi
ID: 34135533
You specify that in the Task Sequence for the Driver Package installation.  I have attached a screen shot. Task Sequence screenshot of Driver Install
0
 

Author Comment

by:midwestexp
ID: 34135647
That's for the TS. What I am trying to do is load "unsigned" drivers into my PE boot image so that I can even get a TS to run. Which prior to SP2, worked without problem.
0
 
LVL 10

Expert Comment

by:Kezzi
ID: 34137969
Not sure but i had issues during my upgrade.  Had to rerun sp2 after deleting my existing boot images so that they upgraded properly.  
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 10

Expert Comment

by:JonLambert
ID: 34141760
Haven't come accross this before, but you could definately manually mount the source boot WIM and insert the drivers using DSIM usingt he forced unsigned switch, and then updated the boot wim pakcage (to force the WIM to be re-created).

If you do this, ensure that you do mount and update the source boot wim, and not the package boot wim which is generated by SCCM (which has the SCCM Packaged ID in the name).

0
 

Author Comment

by:midwestexp
ID: 34144585
Jon,

I finally broke down yesterday and resorted to manually inserting the drivers in to a custom image. I trust you have upgraded to SP2? Do you have any trouble injecting 64bit "boot-critical" drivers? I could provide a link to the Dell PE drivers I am using if anyone wants to give them a go on their setup?
0
 
LVL 10

Expert Comment

by:JonLambert
ID: 34149600
I did a Boot WIM with Dell server MSD and NIC drivers last week, when I'm on site I'll get the namd and versions of the drivers I used, and we can see if they differ.
0
 
LVL 10

Expert Comment

by:JonLambert
ID: 34153421
Attached is a jpg of some of the Dell drivers I attached  using the normal standard proccess. Maybe the driver version numbers can help you out

 Dell Boot Drivers Boot Drivers in WIM
0
 

Author Comment

by:midwestexp
ID: 34155070
I know one of the failing drivers I have is the same, other than version. It is the Dell CERC SATA 1.5/6ch RAID Controller as well as the management device. The version on mine is 4.1.1.7038. Which I got out of this cab file
 from Dell. On your sustem, is the driver you have for that signed?



0
 
LVL 10

Expert Comment

by:JonLambert
ID: 34158764
Yes it is signed
0
 
LVL 10

Accepted Solution

by:
JonLambert earned 500 total points
ID: 34158799
From memory I might have utilised the Dell Server Deployment Pack add-in for the SCCM console to download the drivers, but I don't currently have that installed so I cant validate that was how I downloaded  the drivers.
0
 

Author Closing Comment

by:midwestexp
ID: 34982609
Accepting based on effort. Issue has been submitted to Dell to correct.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question