Category Archive: Deployment

Sep 01

Updating Windows 7 SP1 with the Convenience Rollup and having Windows and Microsoft Update actually still work after

I am not sure how many of you have tried adding the Convenience Rollup (KB3125574) to a Windows 7 SP1 image from a stock SP1 ISO, but I’ve just had the experience of trying to take an SP1 WIM without any updates to fully patched, including the rollup, as part of a deployment.

I am not amused.

While there may be multiple ways to achieve this, I tried a few approaches and ended up settling on this particular approach which was repeatable (paths below are the ones I used – obviously substitute for your own).

1. Mount the WIM:
dism /mount-wim /wimfile:D:\temp\source\sources\install.wim /index:1 /MountDir:D:\temp\mount

2. Inject the April 2015 servicing stack update (KB3020369):
dism /image:D:\temp\mount /add-package /packagepath:”D:\Temp\Updates\WIM_Integrate\Updates\AMD64-all-windows6.1-kb3020369-x64_5393066469758e619f21731fc31ff2d109595445.msu”

3. Dismount and commit the WIM:
dism /unmount-wim /mountdir:D:\temp\mount /commit

4. Re-mount the WIM:
dism /mount-wim /wimfile:D:\temp\source\sources\install.wim /index:1 /MountDir:D:\temp\mount

Permanent link to this article: http://www.cluberti.com/blog/2016/09/01/updating-windows-7-sp1-with-the-convenience-rollup-and-having-windows-and-microsoft-update-actually-still-work-after/

Sep 10

KB2966828 breaks Net.Pipe listener adapter service and more!

NOTE – This has been fixed with the MS14-053 update.

 

 

Install from Windows Server 2012 R2 Update 1 media (technet, MSDN, etc. – doesn’t matter):
Install Server 2012 R2

Add the features .NET 3.5, HTTP, and Non-HTTP activation, and you will end up with the service in question, Net.Pipe Listener Adapter:
Service is working...

Install KB2966828, and restart (that is the awesome PSWindowsUpdate in action):
Install KB2966828...

The service is now busted:
It's not working anymore!

I’ve also encountered it causing issues with starting ASP.NET app pools and causing failures while running iisreset. A quick workaround is to add the public key token that is failing (b03f5f7f11d50a3a, found while debugging the crash) to the registry in the strong name validation bypass list:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StrongName\Verification\*,b03f5f7f11d50a3a

Adding that will allow things to work again, until the problem is fixed by Microsoft at some point.

Permanent link to this article: http://www.cluberti.com/blog/2014/09/10/kb2966828-breaks-net-pipe-listener-adapter-service-and-more/

Feb 17

KB2871690, Hyper-V, Server 2012, and Gen2 VMs

If you’re finding this post, it’s possible (or maybe even likely) that you’ve tried to install KB2871690 onto a Generation 2 Windows Server 2012 virtual machine on a Hyper-V host, and the installation failed. For those of you that haven’t run into this issue yet, you will if you attempt to install this particular update on a Windows Server 2012 (or Windows 8.0) Gen2 VM. It’s very frustrating to have a few hundred VMs patch, reboot, and fail to install a particular update and restart again… and then have the update offered again, and go through the cycle yet again because the admin installing updates was unaware this update wasn’t going to work, the update wasn’t pulled from WSUS or SCCM, etc. It happens.

Permanent link to this article: http://www.cluberti.com/blog/2014/02/17/kb2871690-hyper-v-server-2012-and-gen2-vms/

Feb 12

Enable RDP, firewall exceptions, and NLA settings via PowerShell and WMI (aka “the right way”)

I’ve come across quite a few folks over the years that enable RDP by setting the registry values to do so manually, and enabling firewall rules the same way (or disabling the firewall service itself, which is not supported by Microsoft, so don’t). While neither of these things are “the right way” to do it (I found this out from dealing with Microsoft support on this, and apparently doing it manually via the registry can cause issues), the right way isn’t really called out as such very well that I can find either.

I’ve created a very simple PowerShell script (I put it in my MDT and SCCM task sequences when deploying machines as one of the first things done after the OS is deployed) that enables RDP for the Administrators group, opens the right port on the firewall, and can also be used to set it to NLA only if $NLAEnable = 1. Credit where credit is due, the script below was based on a script that does this same thing here. Thanks Robin!

Permanent link to this article: http://www.cluberti.com/blog/2014/02/12/enable-rdp-firewall-exceptions-and-nla-settings-via-powershell-and-wmi-aka-the-right-way/

Aug 19

Installing IE10 into your Windows 7 image offline? You’re missing an update or two…

If you’re like me, you like to make sure the latest version of Internet Explorer supported by your organization is baked into the images you push into production, and IE10 on Windows 7 is no different.  Whether you’re slipstreaming it into the base image, or (better) using MDT to rebuild your base image and including IE10 into it, Microsoft has provided a handy list of updates that you should have already included before you attempt to install IE10 on Windows 7 without internet access (as most image build environments should be – right?  Right????):
How to obtain prerequisite updates for Internet Explorer 10 for Windows 7 that fail to install

That article lists 5 hotfix packages you will need – KB2533623, KB2670838, KB2729094, KB2731771, and KB2786081.  However, the astute amongst you have probably noticed that the IE10 installer, when left to it’s own devices during install, actually installs 6 hotfix packages, not 5.  That “extra” hotfix package is:
“0x00000050” Stop error after you install update 2670838 on a computer that is running Windows 7 SP1 or Windows Server 2008 R2 SP1

Permanent link to this article: http://www.cluberti.com/blog/2013/08/19/installing-ie10-into-your-windows-7-image-youre-missing-an-update-or-two/

Jun 28

MDT for the small(er) guys – Part 3

In part 3 of this series, you’ll be configuring MDT – specifically, you will go about adding Windows 7 SP1 and XP SP3.  You’ll also be adding Office 2010 (with SP1), and handling drivers for both Win7 and XP.

 

Create and Configure Your Distribution Point

The first thing you need to do, of course, is to create a distribution point.  This is the main structure for deploying, so you need to do this first.  To begin, open the Deployment Workbench from the start menu on your MDT virtual machine:

Once the workbench is open, right-click the Deployment Shares folder and select “New Deployment Share” from the menu:

The New Deployment Share Wizard will open – you will need to select a local folder to store your deployment files, the folder name, the share to expose from the server, and a few other options.  Here you can see what I’ve chosen for my particular build share (C:\MDT\Build, Build, and Build$ – took the defaults for other options):

Permanent link to this article: http://www.cluberti.com/blog/2011/06/28/mdt-for-the-smaller-guys-part-3/

Jun 23

MDT for the small(er) guys – Part 2

In part 2 of this series, you will be creating a second virtual machine which will be used to install and configure MDT for deploying Windows and applications.  I’ll dive right into creating a virtual machine for your MDT server, which will be very much the same as creating the virtual machine for your domain controller in part 1.

 

Create a Virtual Machine for your MDT server

In the Hyper-V Manager, click Action > New > New Virtual Machine to bring up the New Virtual Machine wizard.  On the first page, give the new VM a name that will show up in the Hyper-V console (I chose “MDT”), and click the “Next” button:

Next, give the virtual machine some RAM – I chose 2GB – then click the “Next” button:

Permanent link to this article: http://www.cluberti.com/blog/2011/06/23/mdt-for-the-smaller-guys-part-2/

Jun 23

MDT for the small(er) guys – Part 1

After writing a piece about MDT and installation from a USB key, I’ve gotten a steady stream of requests for a more in-depth piece on the actual installation of MDT, how I recommend it be configured, and some tips and tricks about managing it for a smaller organization, or a small (non-royalty) OEM, or even how it can be used in an environment for building machines for friends or relatives in machines someone might be stuck supporting.  With that in mind, I’ve gone ahead and rebuild my lab (as promised earlier this year), and taken some screenshots to go along with this post.  I will cover the installation of the WAIK, MDT 2010 Update 1, and DHCP and Windows Deployment Services (for those with a domain, as WDS requires a domain to work properly).  I think it’s worth noting that nothing I post here is specifically exclusive to this site, and most of what I’m putting together here has probably been posted on and/or discussed at length all over the internet.  I’m just putting together a beginning to end document for those who are looking for a one-stop shop to at least get started, and are willing to try some of the more advanced stuff on their own.

Permanent link to this article: http://www.cluberti.com/blog/2011/06/23/mdt-for-the-smaller-guys-part-1/

May 27

Windows 7 setup debugging and disconnect on first boot?

I’ve been troubleshooting an issue with Windows 7 setup on a specific hardware model in MDT with a hodge-podge of a particular vendor’s drivers in the driver store, and I ran into a little issue with Windows 7 setup debugging that I thought I’d share – it doesn’t seem to work right on the first try.  It will connect, then almost immediately disconnect the remote debugger.  If you simply leave the debugger running and attached (in my case, to COM1) and restart the debuggee, it reconnects properly the second time.

I still have no idea why this happens or why it’s so reproducible, but I thought I’d share.  Oh, if you want to do debugging during setup, simply press F8 before the splash screen and select the debugging option from the Advanced Boot Options menu, similar to what you can do in a full Win7 install.

Permanent link to this article: http://www.cluberti.com/blog/2011/05/27/windows-7-setup-debugging-and-disconnect-on-first-boot/

Mar 12

Windows 7 SP1 language packs and MDT 2010 giving errors?

Seems like Microsoft changed the name of the Language Packs from “Microsoft-Windows-Client-LanguagePack-Package” to “Microsoft-Windows-Client-Refresh-LanguagePack-Package”.  A small distinction, but huge when MDT or SCCM can’t find the language pack name!  In MDT, go to the DeploymentShare’s \Scripts folder, edit “Deploywiz_Initialization.vbs”, and go down to line 1101 – you’ll see that LPQuery is set to look for only the old Language Pack package name.  Add the new package name, and things will work again (you will have to update any media you’ve created, of course).

I found this while searching TechNet, here:
http://social.technet.microsoft.com/Forums/en-US/mdt/thread/5253b2e3-a60e-43a5-921d-a9acc6485d35

The change should have line 1101 looking like this when you’re done:
LPQuery = “PackageType = ‘LanguagePack’ and (ProductName = ‘Microsoft-Windows-Client-LanguagePack-Package’ or ProductName = ‘Microsoft-Windows-Client-Refresh-LanguagePack-Package’) and substring(ProductVersion,1,7) = ‘” & left(ImgBuild,7) & “‘ and substring(ProductVersion,5,4) >= ‘” & mid(ImgBuild,5,4) & “‘”

Permanent link to this article: http://www.cluberti.com/blog/2011/03/12/windows-7-sp1-language-packs-and-mdt-2010-giving-errors/

Older posts «

Bad Behavior has blocked 394 access attempts in the last 7 days.