Monday, April 30, 2007

Windows Deployment Services Part 2 - Installing/Pushing an Image

Ok, so last week I got WDS installed on the server and working. I ran into problems actually pushing an XP image I had captured. Microsoft has made it very difficult to push Windows XP over WDS. They want you to run Vista, for better or worse. Deplying Windows Vista is in fact extremely easy to do, everything you need comes factory on the Vista disc (install.wim and boot.wim) and since the .WIM format is the new MS image format, of course an XP disc won't have it. There were no white papers on using XP with WDS. They simply say it's possible. I had tried just about everything and here is what I have found:

- You can use Business Desktop Deployment (free download) to create a boot image for installing XP, then importing it into WDS as a boot image.


- You can obtain a factory Windows Vista disc and pull the boot.wim file from it and import it to WDS under Boot Images. (note - A Dell OEM Vista boot.wim WILL NOT WORK, this is what caused my headaches, there IS a difference in boot.wim files between MS Vista and OEM Vista discs.)

Once you have the correct boot.wim file, PXE boot the target machine and you will get a nice Graphical User Interface (GUI) to select and push the image of your choice down to the machine. The technical term is 'Down-Level Image'.

For me, now that WDS is functional, the image tweaking process begins. I would recommend spending a little time with your master image to make sure all drivers are installed and things are configured correctly. A basic checklist for any machine image is as follows:

- Drivers
- Service Packs
- Copy i386 folder to %systemroot%\Windows folder (thus removing the need for the OS disc)
- Modify registry to point the install source path to the above folder.
- open regedit
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
- change 'Installation Sources' to whatever Drive letter your %systemroot% is on (C:\)
- change 'SourcePath' to %systemroot%\Windows
- Do not set administrator password (you will set this in your image configuration files via unattend or sysprep)
- Do not add to domain (you will do this also with config files later)
- Sysprep and reseal (ALWAYS use Sysprep, do not use a 'flat' image as this does not regenerate the security ID's used by Windows)

Remember using the new IMAGEX included with the Automated Installation Kit you may mount an image and modify its setting without fear of breaking the image (as happened in ADS and RIS)

EDIT: If you are having trouble obtaining an IP address while pushing an image within the WDS boot image, make sure 'Spanning Tree Port Fast' is enabled on the switch/port!

Tuesday, April 24, 2007

Windows Deployment Services Part 1

Currently testing Windows Deployment Services. I have to say there is a lot Microsoft doesn't tell you.

First you need to just backup your ADS (if you use it). The following article is most useful - Backing up ADS and then completely do away with ADS. Remove the services and update the server to 2003 Service Pack 2. Once this is done you may proceed with the installation on WDS as per this article - Step by Step Guide to WDS Once you have WDS and associated services installed. Now what? Hmmm PXE won't boot into PE. Why? Well Microsoft decided that we should already have this knowledge programmed in so they didn't include it in the step by step guide.

What needs to be done at this point is the boot image needs to be loaded into the WDS server. You will need to download and mount the Windows Automated Installation Kit which includes the files you will need to boot into the Preinstallation Environment from Microsoft here - Windows Automated Installation Kit I had to mount the .img file with Nero, once mounted, copy the data to the HDD and run the AIK install. This copies all the boot image files you will need to get going.

Once this is done you will need to go into your Windows Deployment Services Management Console (under Administrative Tools) and go to the WDS Server properties - Boot tab and make sure you have the selected for your x86 architecture. If you are running 64-bit make sure you also make the appropriate changes under this tab. Restart the services (WDS and TFTP).

In a large environment like the one I am in, you will need to configure your VLAN's scope options in the DHCP Snap-In. This includes modifying the 066 Boot Server Host Name and the 060 PXEClient to reflect the name/IP of the WDS server. I also had to go into the routers physically and add the helper file to the running config to ensure the clients could connect to the WDS server.

Build your reference machine and Sysprep and then boot into PXE (F12 usually) and you should be up and going! I am still currently researching unattended installs etc. for use with WinPE. Hope this helps as I love common sense answers to this kind of thing.

Wednesday, April 18, 2007

Issues with Automated Deployment Services Certificates

In case anyone here is planning on updating ADS to WDS (Windows Deployment Services) I would recommend first backing up the ADS SQL Database and uninstalling ADS in its entirety. I have had nothing but problems with a mixed environment for imaging, not that one would want that in the first place...

I ended up ditching WDS for now until I can implement a virtual server solution. Turns out that reinstalling ADS severs the tie between the managed devices (160+ servers) and the ADS Controller. One MUST reinstall the ADSAdministrationAgent on each device. This can prove to be a little tedious but it has to be I am in the process of reinstalling the service and re-linking the adsroot certificate to the controller so I can manage my servers.

This can be done one of two ways...via command line or by reinstalling the package included with the ADS install. The command line options are as follows:

/l - lists current certificates installed
/d - deletes currently registered certificate

Unless you have an excellent knowledge of certificates and how they work, I have found that it is easier to just use the package to reinstall the adsadmin service and bind the adsroot.cer correctly.

Also it is Microsoft's best practice to actually copy the certificate (adsroot.cer) down to the server and register the cert there locally as opposed to pointing the service out to the controller.

I have been looking into Windows Deployment Services which replaces ADS and RIS and rolls everything up into a nicely managed snap-in in which you can use to push images to servers and PC's alike. More to come...