Solved

SCCM OSD

Posted on 2011-03-22
17
3,696 Views
Last Modified: 2013-11-21
Hi,
I am working on the SCCM OS deployment,please help me answer my querries,

•How to bypass/disable the boot authentication (to successfully do a zero-touch migration), if not possible, any workaround?
•How to decrypt the disk so WinPE and USMT can do offline hardlink migration?
•What tools or components required for SCCM and WinPE to implement zero-touch upgrade on encrypted hdd?
•Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?
0
Comment
Question by:roopesha2
  • 9
  • 8
17 Comments
 
LVL 13

Expert Comment

by:Abduljalil Abou Alzahab
ID: 35196267
1- Step-by-Step: Offline Migration with USMT 4.0:
http://technet.microsoft.com/en-us/library/ee126219(WS.10).aspx

2- What tools or components required for SCCM and WinPE to implement zero-touch upgrade on encrypted hdd?
If the destination computer is running Windows Vista® or Windows® 7, Encrypting File System (EFS) certificates will be migrated automatically. However, by default, User State Migration Tool (USMT) fails if an encrypted file is found (unless you specify an /efs option).

How To Migrate EFS Files and Certificates
http://technet.microsoft.com/en-us/library/cc722147(WS.10).aspx
Migrate EFS Files and Certificates
http://technet.microsoft.com/en-us/library/dd560749(WS.10).aspx

3- How to bypass/disable the boot authentication (to successfully do a zero-touch migration), if not possible, any workaround

For OSD feature in ConfigMgr -> PXE password is an optional settings and you can remove it but I suggest to keep it to control network boot.
Open Console -> System Center Configuration Manager -> Site Database -> Site Managment -> Sitecode - Domain name -> Site Settings -> Site Systems -> Site server name -> PXE Service Point Proprties -> uncheck "Required a password for computers to boot using PXE"

Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?
What do you mean by this question, do you want to distibute  Mcafee encryption during task sequence, if yes follow the below steps:
1- Create a new Package for  Mcafee encryption
2- Copy source to distribution point.
3- create a new program, command line depend of setup file, is it exe or msi?
for msi example: msiesec /i setup.msi /q
for exe example : setup.exe /quiet
to know the required parameters go to run and run filesetupname.exe /? or filesetupname.msi /?
4- Go to Program proprties :
a- It's important to go proprties of prgram -> Environment -> Run mode "Run with administrator rights", and in program can run choose "whether or not a user is loged in".
b- Go to prgram -> advanced -> choose "Suppress program notification" and Allow this program to be installed from install software task sequence without being advertised.

Edit your task sequence and add software then select your package
0
 

Author Comment

by:roopesha2
ID: 35204775
Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?elaborated below,
If the workstations have Mcafee encryption then how we need to perform OSD using SCCM because once we complete the USMT it will ask reboot the workstation and then will try to boot the workstation.Now Mcafee encryption will not allow booting the workstation and will get fail.

What is the solution if we have workstations having  Mcafee encryption enabled?What is our approach to handle this sitution.
0
 

Author Comment

by:roopesha2
ID: 35229383
Any solution for the above
0
 
LVL 13

Expert Comment

by:Abduljalil Abou Alzahab
ID: 35229859
Check the following link, it may help u, I'll try to find solution if availabe for you
http://www.windows-noob.com/forums/index.php?/topic/2380-usmt-install-reinstall-and-replace-scenrio-in-the-same-task-sequence/
0
 
LVL 13

Expert Comment

by:Abduljalil Abou Alzahab
ID: 35230245
how we need to perform OSD using SCCM because once we complete the USMT it will ask reboot the workstation and then will try to boot the workstation.Now Mcafee encryption will not allow booting the workstation and will get fail

Can you please send error that you received?
0
 

Author Comment

by:roopesha2
ID: 35235170
Which log file will be recording the error information about failure...in the sense from SCCM server or client workstation log and name of the log file.....
0
 
LVL 13

Expert Comment

by:Abduljalil Abou Alzahab
ID: 35239253
0
 

Author Comment

by:roopesha2
ID: 35271549
I’m getting this very nasty error every time I try to do a User State Migration using SMP. The error code is 0x80004005 and details are in the enclosed smsts.log. In the event viewer there is an hourly recurring error as follows:

On 3/30/2011 8:19:57 PM, component SMS_STATE_MIGRATION_POINT on computer PWSCMAPOS01 reported:  SMP Control Manager detected SMP is not responding to HTTP requests.  The http status code and text is 500, Internal Server Error.

Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which SMS is configured to communicate.

I have tried the following but still to no avail:

1.    Uninstall KB974571 in Windows XP
2.    Reinstall SMP
3.    Grant full permission to Local Service Account to F:\SMSSMP folder
4.    Restart Server

My task sequence is pretty much very simple:

1.    Request State Store
2.    Capture User State
3.    Release State Store

I’m using SCCM 2007 R3 without MDT module.
Don’t know if I missed something during SMP setup or other non-SCCM configuration is missed.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 13

Expert Comment

by:Abduljalil Abou Alzahab
ID: 35274462
Can you verify you configured the SMP server role correctly?
http://technet.microsoft.com/en-us/library/bb693655.aspx

Please check system status and let me know if you have any other errors in MP.

You may also try to test Hard-link feature in USMT 4.0 for data migration, it's faster than SMP
http://www.ms-csm.com/sccm/?p=55
or
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Systems_Management_Server/A_2841-How-to-Configure-Hard-Link-Migration-in-User-State-Migration-Tool-4-0.html
0
 

Author Comment

by:roopesha2
ID: 35302899
The above is very good information and helping ...

We have to fix the USMT SMP due to the request state store" problem
SMS requests failed with error: E_SMPERROR_FAILURE (99).


In USMT once we took backup if we login the workstation with user profile Name “ABC” and after deploying win7 image and joined the domain, if we login as “ABC” user and start restoring the user profile “ABC” is it works or will get error that we don’t have permission to do that because for other profile we can successfully restore.
0
 
LVL 13

Expert Comment

by:Abduljalil Abou Alzahab
ID: 35306546
Sorry I didn't got your point regarding: when restore will success and when it will fail ?

In USMT once we took backup if we login the workstation with user profile Name “ABC” and after deploying win7 image and joined the domain, if we login as “ABC” user and start restoring the user profile “ABC” is it works or will get error that we don’t have permission to do that because for other profile we can successfully restore
0
 

Author Comment

by:roopesha2
ID: 35307543
In Windows XP workstation we logged in as ABC user first.

Here ABC user is SCCM Administrator.
Login windows xp with user "ABC"

Start the USMT for User profile migration and it is successfully backup the ABC profile.

Deployed the Win7 image and it is success.

Login to the newly Win7 image deployed workstation with user "ABC"

start the reload for ABC user in Win7 new machine.

Now am getting error saying that you can't reload the ABC profile (you do not have permission )

Is it because i have logged in as ABC user which is SCCM administrator and reloading the same user profile(ABC) during same user(ABC) loggin.
0
 
LVL 13

Expert Comment

by:Abduljalil Abou Alzahab
ID: 35308151
I prefer to login with another account, and try to reload profile, and make sure that loggin account have local admin permission on spesific machine, try it and let me know.
0
 

Author Comment

by:roopesha2
ID: 35364517
USMT hardlink migration worked and it is realy good.
But when we use the SMP with USMT during OSD of Win7,still have error in smpmgr.log file.

Call to HttpSendRequestSync failed for port 80 with status code 500, text: Internal Server Error
Health check request failed, status code is 500, “Internal Server Error”

We have done the uninstall SMP and reboot the SCCM server and reinstalled the SMP,But still same error as above.
0
 
LVL 13

Expert Comment

by:Abduljalil Abou Alzahab
ID: 35366287
I happy to hear from you that Hardlink is worked, plus I recommend to use hardlink and not use SMP, but if you still need to know the reason of the error above, I'll try to help you.

Which Operating System you have for SCCM? is it Windows Server 2003!
IF Yes

the reason of this error is  ASP.NET registry keys are missing. The ASP.NET registry keys are missing when you install ASP.NET after the Enable32bitAppOnWin64 Microsoft Internet Information Services (IIS) metabase setting is set to a value of 1. Because IIS is configured to run in 32-bit mode, the ASP.NET installation does not create the ASP.NET registry keys in the 64-bit registry. The ASP.NET installation creates the ASP.NET registry keys only in the 32-bit registry.

To solve it,  follow these steps

To enable 64-bit mode:

1. Click Start, click Run, type cmd, and then click OK.

2. To enable the 64-bit mode, type the following command, and then press ENTER:

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0  

3. Type the following command, and then press ENTER:

cd C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727

4. To install the 64-bit version of ASP.NET, type the following command, and then press ENTER:

aspnet_regiis -i

5. Type the following command, and then press ENTER:

iisreset

----

To enable the 32-bit mode:

1. Type the following command, and then press ENTER:

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1

2. Type the following command, and then press ENTER:

cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

3. To install the 32-bit version of ASP.NET, type the following command, and then press ENTER:

aspnet_regiis -i

4. Type the following command, and then press ENTER:

iisreset

Important: This article does not apply to Windows Server 2008. Do not run these steps on a Windows Server 2008-based computer


0
 

Author Comment

by:roopesha2
ID: 35371171
No we are using Win 2008 R2
Any solution for Windows 2008 R2 servers ...
0
 
LVL 13

Accepted Solution

by:
Abduljalil Abou Alzahab earned 500 total points
ID: 35375066
Pleas try the below actions:
1- Remove the MP role on the server.
2- Remove IIS completely and Reboot the server.
3- Verify that the DTS Service is enabled.
4- Verify that the Task Scheduler is enabled.
5- Verify that the Windows Management Instrumentation service isrunning.
6- Enable BITS, enable WEBDEV and install IIS.
7- Verify that the World Wide Web Publishing Service is running.
8- Verify that the MP machine account has been added to the SMS_SiteSystemToSQLConnection_<site_code> group.
9- Enable MP role on the server.
10- Restart Server.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Fully delete GPO 2 41
upgrade Vcenter to V6 10 71
Very slow DFSR update to audit permissions on files 8 36
What is this Task? 4 38
My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now