Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3878
  • Last Modified:

SCCM OSD

Hi,
I am working on the SCCM OS deployment,please help me answer my querries,

•How to bypass/disable the boot authentication (to successfully do a zero-touch migration), if not possible, any workaround?
•How to decrypt the disk so WinPE and USMT can do offline hardlink migration?
•What tools or components required for SCCM and WinPE to implement zero-touch upgrade on encrypted hdd?
•Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?
0
roopesha2
Asked:
roopesha2
  • 9
  • 8
1 Solution
 
Abduljalil Abou AlzahabCommented:
1- Step-by-Step: Offline Migration with USMT 4.0:
http://technet.microsoft.com/en-us/library/ee126219(WS.10).aspx

2- What tools or components required for SCCM and WinPE to implement zero-touch upgrade on encrypted hdd?
If the destination computer is running Windows Vista® or Windows® 7, Encrypting File System (EFS) certificates will be migrated automatically. However, by default, User State Migration Tool (USMT) fails if an encrypted file is found (unless you specify an /efs option).

How To Migrate EFS Files and Certificates
http://technet.microsoft.com/en-us/library/cc722147(WS.10).aspx
Migrate EFS Files and Certificates
http://technet.microsoft.com/en-us/library/dd560749(WS.10).aspx

3- How to bypass/disable the boot authentication (to successfully do a zero-touch migration), if not possible, any workaround

For OSD feature in ConfigMgr -> PXE password is an optional settings and you can remove it but I suggest to keep it to control network boot.
Open Console -> System Center Configuration Manager -> Site Database -> Site Managment -> Sitecode - Domain name -> Site Settings -> Site Systems -> Site server name -> PXE Service Point Proprties -> uncheck "Required a password for computers to boot using PXE"

Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?
What do you mean by this question, do you want to distibute  Mcafee encryption during task sequence, if yes follow the below steps:
1- Create a new Package for  Mcafee encryption
2- Copy source to distribution point.
3- create a new program, command line depend of setup file, is it exe or msi?
for msi example: msiesec /i setup.msi /q
for exe example : setup.exe /quiet
to know the required parameters go to run and run filesetupname.exe /? or filesetupname.msi /?
4- Go to Program proprties :
a- It's important to go proprties of prgram -> Environment -> Run mode "Run with administrator rights", and in program can run choose "whether or not a user is loged in".
b- Go to prgram -> advanced -> choose "Suppress program notification" and Allow this program to be installed from install software task sequence without being advertised.

Edit your task sequence and add software then select your package
0
 
roopesha2Author Commented:
Is there a tried and tested SCCM-OSD task sequence for machines with Mcafee encryption?elaborated below,
If the workstations have Mcafee encryption then how we need to perform OSD using SCCM because once we complete the USMT it will ask reboot the workstation and then will try to boot the workstation.Now Mcafee encryption will not allow booting the workstation and will get fail.

What is the solution if we have workstations having  Mcafee encryption enabled?What is our approach to handle this sitution.
0
 
roopesha2Author Commented:
Any solution for the above
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
Abduljalil Abou AlzahabCommented:
Check the following link, it may help u, I'll try to find solution if availabe for you
http://www.windows-noob.com/forums/index.php?/topic/2380-usmt-install-reinstall-and-replace-scenrio-in-the-same-task-sequence/
0
 
Abduljalil Abou AlzahabCommented:
how we need to perform OSD using SCCM because once we complete the USMT it will ask reboot the workstation and then will try to boot the workstation.Now Mcafee encryption will not allow booting the workstation and will get fail

Can you please send error that you received?
0
 
roopesha2Author Commented:
Which log file will be recording the error information about failure...in the sense from SCCM server or client workstation log and name of the log file.....
0
 
Abduljalil Abou AlzahabCommented:
0
 
roopesha2Author Commented:
I’m getting this very nasty error every time I try to do a User State Migration using SMP. The error code is 0x80004005 and details are in the enclosed smsts.log. In the event viewer there is an hourly recurring error as follows:

On 3/30/2011 8:19:57 PM, component SMS_STATE_MIGRATION_POINT on computer PWSCMAPOS01 reported:  SMP Control Manager detected SMP is not responding to HTTP requests.  The http status code and text is 500, Internal Server Error.

Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which SMS is configured to communicate.

I have tried the following but still to no avail:

1.    Uninstall KB974571 in Windows XP
2.    Reinstall SMP
3.    Grant full permission to Local Service Account to F:\SMSSMP folder
4.    Restart Server

My task sequence is pretty much very simple:

1.    Request State Store
2.    Capture User State
3.    Release State Store

I’m using SCCM 2007 R3 without MDT module.
Don’t know if I missed something during SMP setup or other non-SCCM configuration is missed.
0
 
Abduljalil Abou AlzahabCommented:
Can you verify you configured the SMP server role correctly?
http://technet.microsoft.com/en-us/library/bb693655.aspx

Please check system status and let me know if you have any other errors in MP.

You may also try to test Hard-link feature in USMT 4.0 for data migration, it's faster than SMP
http://www.ms-csm.com/sccm/?p=55
or
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Systems_Management_Server/A_2841-How-to-Configure-Hard-Link-Migration-in-User-State-Migration-Tool-4-0.html 
0
 
roopesha2Author Commented:
The above is very good information and helping ...

We have to fix the USMT SMP due to the request state store" problem
SMS requests failed with error: E_SMPERROR_FAILURE (99).


In USMT once we took backup if we login the workstation with user profile Name “ABC” and after deploying win7 image and joined the domain, if we login as “ABC” user and start restoring the user profile “ABC” is it works or will get error that we don’t have permission to do that because for other profile we can successfully restore.
0
 
Abduljalil Abou AlzahabCommented:
Sorry I didn't got your point regarding: when restore will success and when it will fail ?

In USMT once we took backup if we login the workstation with user profile Name “ABC” and after deploying win7 image and joined the domain, if we login as “ABC” user and start restoring the user profile “ABC” is it works or will get error that we don’t have permission to do that because for other profile we can successfully restore
0
 
roopesha2Author Commented:
In Windows XP workstation we logged in as ABC user first.

Here ABC user is SCCM Administrator.
Login windows xp with user "ABC"

Start the USMT for User profile migration and it is successfully backup the ABC profile.

Deployed the Win7 image and it is success.

Login to the newly Win7 image deployed workstation with user "ABC"

start the reload for ABC user in Win7 new machine.

Now am getting error saying that you can't reload the ABC profile (you do not have permission )

Is it because i have logged in as ABC user which is SCCM administrator and reloading the same user profile(ABC) during same user(ABC) loggin.
0
 
Abduljalil Abou AlzahabCommented:
I prefer to login with another account, and try to reload profile, and make sure that loggin account have local admin permission on spesific machine, try it and let me know.
0
 
roopesha2Author Commented:
USMT hardlink migration worked and it is realy good.
But when we use the SMP with USMT during OSD of Win7,still have error in smpmgr.log file.

Call to HttpSendRequestSync failed for port 80 with status code 500, text: Internal Server Error
Health check request failed, status code is 500, “Internal Server Error”

We have done the uninstall SMP and reboot the SCCM server and reinstalled the SMP,But still same error as above.
0
 
Abduljalil Abou AlzahabCommented:
I happy to hear from you that Hardlink is worked, plus I recommend to use hardlink and not use SMP, but if you still need to know the reason of the error above, I'll try to help you.

Which Operating System you have for SCCM? is it Windows Server 2003!
IF Yes

the reason of this error is  ASP.NET registry keys are missing. The ASP.NET registry keys are missing when you install ASP.NET after the Enable32bitAppOnWin64 Microsoft Internet Information Services (IIS) metabase setting is set to a value of 1. Because IIS is configured to run in 32-bit mode, the ASP.NET installation does not create the ASP.NET registry keys in the 64-bit registry. The ASP.NET installation creates the ASP.NET registry keys only in the 32-bit registry.

To solve it,  follow these steps

To enable 64-bit mode:

1. Click Start, click Run, type cmd, and then click OK.

2. To enable the 64-bit mode, type the following command, and then press ENTER:

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0  

3. Type the following command, and then press ENTER:

cd C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727

4. To install the 64-bit version of ASP.NET, type the following command, and then press ENTER:

aspnet_regiis -i

5. Type the following command, and then press ENTER:

iisreset

----

To enable the 32-bit mode:

1. Type the following command, and then press ENTER:

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1

2. Type the following command, and then press ENTER:

cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

3. To install the 32-bit version of ASP.NET, type the following command, and then press ENTER:

aspnet_regiis -i

4. Type the following command, and then press ENTER:

iisreset

Important: This article does not apply to Windows Server 2008. Do not run these steps on a Windows Server 2008-based computer


0
 
roopesha2Author Commented:
No we are using Win 2008 R2
Any solution for Windows 2008 R2 servers ...
0
 
Abduljalil Abou AlzahabCommented:
Pleas try the below actions:
1- Remove the MP role on the server.
2- Remove IIS completely and Reboot the server.
3- Verify that the DTS Service is enabled.
4- Verify that the Task Scheduler is enabled.
5- Verify that the Windows Management Instrumentation service isrunning.
6- Enable BITS, enable WEBDEV and install IIS.
7- Verify that the World Wide Web Publishing Service is running.
8- Verify that the MP machine account has been added to the SMS_SiteSystemToSQLConnection_<site_code> group.
9- Enable MP role on the server.
10- Restart Server.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now