roopesha2
asked on
SCCM OSD
Hi,
I am working on the SCCM OS deployment,please help me answer my querries,
•How to bypass/disable the boot authentication (to successfully do a zero-touch migration), if not possible, any workaround?
•How to decrypt the disk so WinPE and USMT can do offline hardlink migration?
•What tools or components required for SCCM and WinPE to implement zero-touch upgrade on encrypted hdd?
•Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?
I am working on the SCCM OS deployment,please help me answer my querries,
•How to bypass/disable the boot authentication (to successfully do a zero-touch migration), if not possible, any workaround?
•How to decrypt the disk so WinPE and USMT can do offline hardlink migration?
•What tools or components required for SCCM and WinPE to implement zero-touch upgrade on encrypted hdd?
•Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?
ASKER
Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?elaborated below,
If the workstations have Mcafee encryption then how we need to perform OSD using SCCM because once we complete the USMT it will ask reboot the workstation and then will try to boot the workstation.Now Mcafee encryption will not allow booting the workstation and will get fail.
What is the solution if we have workstations having Mcafee encryption enabled?What is our approach to handle this sitution.
If the workstations have Mcafee encryption then how we need to perform OSD using SCCM because once we complete the USMT it will ask reboot the workstation and then will try to boot the workstation.Now Mcafee encryption will not allow booting the workstation and will get fail.
What is the solution if we have workstations having Mcafee encryption enabled?What is our approach to handle this sitution.
ASKER
Any solution for the above
Check the following link, it may help u, I'll try to find solution if availabe for you
http://www.windows-noob.com/forums/index.php?/topic/2380-usmt-install-reinstall-and-replace-scenrio-in-the-same-task-sequence/
http://www.windows-noob.com/forums/index.php?/topic/2380-usmt-install-reinstall-and-replace-scenrio-in-the-same-task-sequence/
how we need to perform OSD using SCCM because once we complete the USMT it will ask reboot the workstation and then will try to boot the workstation.Now Mcafee encryption will not allow booting the workstation and will get fail
Can you please send error that you received?
Can you please send error that you received?
ASKER
Which log file will be recording the error information about failure...in the sense from SCCM server or client workstation log and name of the log file.....
Can you check SCCM OS Deployment Using Pointsec Drive Encryption
http://myitforum.com/cs2/blogs/smslist/archive/2009/05/27/mssms-sccm-os-deployment-using-pointsec-drive-encryption-jniawrs.aspx
http://myitforum.com/cs2/blogs/smslist/archive/2009/05/27/mssms-sccm-os-deployment-using-pointsec-drive-encryption-jniawrs.aspx
ASKER
I’m getting this very nasty error every time I try to do a User State Migration using SMP. The error code is 0x80004005 and details are in the enclosed smsts.log. In the event viewer there is an hourly recurring error as follows:
On 3/30/2011 8:19:57 PM, component SMS_STATE_MIGRATION_POINT on computer PWSCMAPOS01 reported: SMP Control Manager detected SMP is not responding to HTTP requests. The http status code and text is 500, Internal Server Error.
Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which SMS is configured to communicate.
I have tried the following but still to no avail:
1. Uninstall KB974571 in Windows XP
2. Reinstall SMP
3. Grant full permission to Local Service Account to F:\SMSSMP folder
4. Restart Server
My task sequence is pretty much very simple:
1. Request State Store
2. Capture User State
3. Release State Store
I’m using SCCM 2007 R3 without MDT module.
Don’t know if I missed something during SMP setup or other non-SCCM configuration is missed.
On 3/30/2011 8:19:57 PM, component SMS_STATE_MIGRATION_POINT on computer PWSCMAPOS01 reported: SMP Control Manager detected SMP is not responding to HTTP requests. The http status code and text is 500, Internal Server Error.
Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which SMS is configured to communicate.
I have tried the following but still to no avail:
1. Uninstall KB974571 in Windows XP
2. Reinstall SMP
3. Grant full permission to Local Service Account to F:\SMSSMP folder
4. Restart Server
My task sequence is pretty much very simple:
1. Request State Store
2. Capture User State
3. Release State Store
I’m using SCCM 2007 R3 without MDT module.
Don’t know if I missed something during SMP setup or other non-SCCM configuration is missed.
Can you verify you configured the SMP server role correctly?
http://technet.microsoft.com/en-us/library/bb693655.aspx
Please check system status and let me know if you have any other errors in MP.
You may also try to test Hard-link feature in USMT 4.0 for data migration, it's faster than SMP
http://www.ms-csm.com/sccm/?p=55
or
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Systems_Management_Server/A_2841-How-to-Configure-Hard-Link-Migration-in-User-State-Migration-Tool-4-0.html
http://technet.microsoft.com/en-us/library/bb693655.aspx
Please check system status and let me know if you have any other errors in MP.
You may also try to test Hard-link feature in USMT 4.0 for data migration, it's faster than SMP
http://www.ms-csm.com/sccm/?p=55
or
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Systems_Management_Server/A_2841-How-to-Configure-Hard-Link-Migration-in-User-State-Migration-Tool-4-0.html
ASKER
The above is very good information and helping ...
We have to fix the USMT SMP due to the request state store" problem
SMS requests failed with error: E_SMPERROR_FAILURE (99).
In USMT once we took backup if we login the workstation with user profile Name “ABC” and after deploying win7 image and joined the domain, if we login as “ABC” user and start restoring the user profile “ABC” is it works or will get error that we don’t have permission to do that because for other profile we can successfully restore.
We have to fix the USMT SMP due to the request state store" problem
SMS requests failed with error: E_SMPERROR_FAILURE (99).
In USMT once we took backup if we login the workstation with user profile Name “ABC” and after deploying win7 image and joined the domain, if we login as “ABC” user and start restoring the user profile “ABC” is it works or will get error that we don’t have permission to do that because for other profile we can successfully restore.
Sorry I didn't got your point regarding: when restore will success and when it will fail ?
In USMT once we took backup if we login the workstation with user profile Name “ABC” and after deploying win7 image and joined the domain, if we login as “ABC” user and start restoring the user profile “ABC” is it works or will get error that we don’t have permission to do that because for other profile we can successfully restore
In USMT once we took backup if we login the workstation with user profile Name “ABC” and after deploying win7 image and joined the domain, if we login as “ABC” user and start restoring the user profile “ABC” is it works or will get error that we don’t have permission to do that because for other profile we can successfully restore
ASKER
In Windows XP workstation we logged in as ABC user first.
Here ABC user is SCCM Administrator.
Login windows xp with user "ABC"
Start the USMT for User profile migration and it is successfully backup the ABC profile.
Deployed the Win7 image and it is success.
Login to the newly Win7 image deployed workstation with user "ABC"
start the reload for ABC user in Win7 new machine.
Now am getting error saying that you can't reload the ABC profile (you do not have permission )
Is it because i have logged in as ABC user which is SCCM administrator and reloading the same user profile(ABC) during same user(ABC) loggin.
Here ABC user is SCCM Administrator.
Login windows xp with user "ABC"
Start the USMT for User profile migration and it is successfully backup the ABC profile.
Deployed the Win7 image and it is success.
Login to the newly Win7 image deployed workstation with user "ABC"
start the reload for ABC user in Win7 new machine.
Now am getting error saying that you can't reload the ABC profile (you do not have permission )
Is it because i have logged in as ABC user which is SCCM administrator and reloading the same user profile(ABC) during same user(ABC) loggin.
I prefer to login with another account, and try to reload profile, and make sure that loggin account have local admin permission on spesific machine, try it and let me know.
ASKER
USMT hardlink migration worked and it is realy good.
But when we use the SMP with USMT during OSD of Win7,still have error in smpmgr.log file.
Call to HttpSendRequestSync failed for port 80 with status code 500, text: Internal Server Error
Health check request failed, status code is 500, “Internal Server Error”
We have done the uninstall SMP and reboot the SCCM server and reinstalled the SMP,But still same error as above.
But when we use the SMP with USMT during OSD of Win7,still have error in smpmgr.log file.
Call to HttpSendRequestSync failed for port 80 with status code 500, text: Internal Server Error
Health check request failed, status code is 500, “Internal Server Error”
We have done the uninstall SMP and reboot the SCCM server and reinstalled the SMP,But still same error as above.
I happy to hear from you that Hardlink is worked, plus I recommend to use hardlink and not use SMP, but if you still need to know the reason of the error above, I'll try to help you.
Which Operating System you have for SCCM? is it Windows Server 2003!
IF Yes
the reason of this error is ASP.NET registry keys are missing. The ASP.NET registry keys are missing when you install ASP.NET after the Enable32bitAppOnWin64 Microsoft Internet Information Services (IIS) metabase setting is set to a value of 1. Because IIS is configured to run in 32-bit mode, the ASP.NET installation does not create the ASP.NET registry keys in the 64-bit registry. The ASP.NET installation creates the ASP.NET registry keys only in the 32-bit registry.
To solve it, follow these steps
To enable 64-bit mode:
1. Click Start, click Run, type cmd, and then click OK.
2. To enable the 64-bit mode, type the following command, and then press ENTER:
cscript %SYSTEMDRIVE%\inetpub\admi nscripts\a dsutil.vbs SET W3SVC/AppPools/Enable32bit AppOnWin64 0
3. Type the following command, and then press ENTER:
cd C:\WINDOWS\Microsoft.NET\F ramework64 \v2.0.5072 7
4. To install the 64-bit version of ASP.NET, type the following command, and then press ENTER:
aspnet_regiis -i
5. Type the following command, and then press ENTER:
iisreset
----
To enable the 32-bit mode:
1. Type the following command, and then press ENTER:
cscript %SYSTEMDRIVE%\inetpub\admi nscripts\a dsutil.vbs SET W3SVC/AppPools/Enable32bit AppOnWin64 1
2. Type the following command, and then press ENTER:
cd C:\WINDOWS\Microsoft.NET\F ramework\v 2.0.50727
3. To install the 32-bit version of ASP.NET, type the following command, and then press ENTER:
aspnet_regiis -i
4. Type the following command, and then press ENTER:
iisreset
Important: This article does not apply to Windows Server 2008. Do not run these steps on a Windows Server 2008-based computer
Which Operating System you have for SCCM? is it Windows Server 2003!
IF Yes
the reason of this error is ASP.NET registry keys are missing. The ASP.NET registry keys are missing when you install ASP.NET after the Enable32bitAppOnWin64 Microsoft Internet Information Services (IIS) metabase setting is set to a value of 1. Because IIS is configured to run in 32-bit mode, the ASP.NET installation does not create the ASP.NET registry keys in the 64-bit registry. The ASP.NET installation creates the ASP.NET registry keys only in the 32-bit registry.
To solve it, follow these steps
To enable 64-bit mode:
1. Click Start, click Run, type cmd, and then click OK.
2. To enable the 64-bit mode, type the following command, and then press ENTER:
cscript %SYSTEMDRIVE%\inetpub\admi
3. Type the following command, and then press ENTER:
cd C:\WINDOWS\Microsoft.NET\F
4. To install the 64-bit version of ASP.NET, type the following command, and then press ENTER:
aspnet_regiis -i
5. Type the following command, and then press ENTER:
iisreset
----
To enable the 32-bit mode:
1. Type the following command, and then press ENTER:
cscript %SYSTEMDRIVE%\inetpub\admi
2. Type the following command, and then press ENTER:
cd C:\WINDOWS\Microsoft.NET\F
3. To install the 32-bit version of ASP.NET, type the following command, and then press ENTER:
aspnet_regiis -i
4. Type the following command, and then press ENTER:
iisreset
Important: This article does not apply to Windows Server 2008. Do not run these steps on a Windows Server 2008-based computer
ASKER
No we are using Win 2008 R2
Any solution for Windows 2008 R2 servers ...
Any solution for Windows 2008 R2 servers ...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://technet.microsoft.com/en-us/library/ee126219(WS.10).aspx
2- What tools or components required for SCCM and WinPE to implement zero-touch upgrade on encrypted hdd?
If the destination computer is running Windows Vista® or Windows® 7, Encrypting File System (EFS) certificates will be migrated automatically. However, by default, User State Migration Tool (USMT) fails if an encrypted file is found (unless you specify an /efs option).
How To Migrate EFS Files and Certificates
http://technet.microsoft.com/en-us/library/cc722147(WS.10).aspx
Migrate EFS Files and Certificates
http://technet.microsoft.com/en-us/library/dd560749(WS.10).aspx
3- How to bypass/disable the boot authentication (to successfully do a zero-touch migration), if not possible, any workaround
For OSD feature in ConfigMgr -> PXE password is an optional settings and you can remove it but I suggest to keep it to control network boot.
Open Console -> System Center Configuration Manager -> Site Database -> Site Managment -> Sitecode - Domain name -> Site Settings -> Site Systems -> Site server name -> PXE Service Point Proprties -> uncheck "Required a password for computers to boot using PXE"
Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?
What do you mean by this question, do you want to distibute Mcafee encryption during task sequence, if yes follow the below steps:
1- Create a new Package for Mcafee encryption
2- Copy source to distribution point.
3- create a new program, command line depend of setup file, is it exe or msi?
for msi example: msiesec /i setup.msi /q
for exe example : setup.exe /quiet
to know the required parameters go to run and run filesetupname.exe /? or filesetupname.msi /?
4- Go to Program proprties :
a- It's important to go proprties of prgram -> Environment -> Run mode "Run with administrator rights", and in program can run choose "whether or not a user is loged in".
b- Go to prgram -> advanced -> choose "Suppress program notification" and Allow this program to be installed from install software task sequence without being advertised.
Edit your task sequence and add software then select your package