search

FriendsOfMDT / PSD

PowerShell Deployment
MIT License
504 stars 78 forks source link

PSD Wizard not showing list of apps, and failing to image #118

Closed IT-Roman closed 8 months ago

IT-Roman commented 9 months ago

I've tried this on a physical machine, a VM, and I've tried this on an upgraded existing MDT share, and after creating one from scratch and copying all of the files over.

The first screen in the PSD wizard asks me to name the computer, set time and language, but it also has a section for a "role". I'm not sure what it does. no apps in wizard and list of roles

Regardless of what is being entered into those fields, once I hit Start, it does not prompt me with a menu of applications. It simply states "OSD Success", and once I press OK it crashes to a CMD window. Once I close that window the whole thing reboots.

PowerShellCrack commented 9 months ago

Have you tried using the new PSDWizard? This is the ideal wizard to use. You can follow how to configure it here:

but mainly you just need two settings added (plus the properties) to the CustomSettings.ini

` [Settings] Priority=Default Properties=PSDWizard,PSDWizardTheme

[Default] PSDWizard=PSDWizardNew PSDWizardTheme=Classic `

IT-Roman commented 9 months ago

Have you tried using the new PSDWizard? This is the ideal wizard to use. You can follow how to configure it here:

but mainly you just need two settings added (plus the properties) to the CustomSettings.ini

` [Settings] Priority=Default Properties=PSDWizard,PSDWizardTheme

[Default] PSDWizard=PSDWizardNew PSDWizardTheme=Classic `

Thank you so far. I've added this to the CustomSettings.ini. It now shows the pretty new wizard, it lets me select applications.

But it still just shows the "OSD success" windows and then crashes to CMD.

PowerShellCrack commented 9 months ago

Do u have any Skip options in the customsettings.ini? Can u share the file?

IT-Roman commented 9 months ago

Do u have any Skip options in the customsettings.ini? Can u share the file?

This is a redacted version. It was originally copied from my production MDT share.

` [Settings] Priority=Default Properties=PSDWizard,PSDWizardTheme

[Default] PSDWizard=PSDWizardNew PSDWizardTheme=Classic _SMSTSOrgName=CompanyName OSInstall=Y SkipRoles=YES SkipCapture=YES SkipBitLocker=YES SkipUserData=YES SkipDomainMembership=NO SkipFinalSummary=NO SkipLocaleSelection=YES SkipTimeZone=YES TimeZoneName=Central Standard Time

SkipAdminPassword=YES AdminPassword=AdminPassword1234

SkipProductKey=YES ProductKey=KEY-KEY-KEY-KEY

SkipTaskSequence=YES TaskSequenceID=WIN10PSD

UserID=MDTAdmin UserDomainPassword=Password4321 UserDomainDomain=domainaddress.com MachineObjectOU=OU=MDT_Staging,DC=domainaddress,DC=com

SkipApplications=NO 'Automate MandatoryApplications001={3e00ea08-4f4b-427f-8610-96354211b1fd} 'Adobe MandatoryApplications002={ce8d4727-17ae-40f1-bcfd-0382ff814baa} 'Mitel MandatoryApplications003={b0441455-2203-4eac-aa69-1e80afb939ed} 'Chrome MandatoryApplications004={8ec53dd6-4545-4c5b-ab66-6a1f66e70346} 'LAPS MandatoryApplications005={ccd42b20-634b-489e-a9f4-078d926067ae} 'Umbrella MandatoryApplications006={235b90c7-00d1-43be-8d50-955247dd5df7} 'HP-CMSL MandatoryApplications007={22d4008f-8e6e-4e62-93f1-b37df23783bb} 'WorkOptima Scanning Driver MandatoryApplications008={94479f9a-44dd-466e-88a1-a2805778af69}

SLShare=\MDT01\MDT Logs SLShareDynamicLogging=\MDT01\MDT Logs

JoinDomain=domainaddress.com DomainAdmin=MDTAdmin DomainAdminDomain=domainaddress.com DomainAdminPassword=Password4321 `

PowerShellCrack commented 9 months ago

this looks ok to me. Are you getting the appropriate screens in the PSDWizard? Try setting SkipTaskSequence=NO to see if it sees the tasksequence and its valid (it will check for the OS guid)

This will produce verbose logging. Assuming you have all prerequisites for PSD configured and using the PSD template to create the new task sequence. Ad this to help understand what is going on:

[Settings]
Priority=Default
Properties=PSDWizard,PSDWizardTheme,PSDDebug

[Default]
PSDDebug=YES

view the logs when in WinPE

If you get to the format process it will add logs to the windows partition (eg. S:):

Something I do when building a new device is to run the command:

diskpart
select disk 0
clean
exit

This is to remove any stored MDT data on drive that is trying to recover from.

WARNIING: This will erase everything.

Hope these tips help and follow up.

GeoSimos commented 9 months ago 
SLShare=\MDT01\MDT Logs
SLShareDynamicLogging=\MDT01\MDT Logs

These settings do not look good though, they're not going to work even if we supported UNC paths for logging locations. Please check the documentation, to enable logging via IIS (we have helper scripts for that). Also you haven't showed us the bootstrap.ini file of yours, could you do so please?

IT-Roman commented 9 months ago

These settings do not look good though

I didn't format my post correctly, so it drops the first slash. The UNC path worked in MDT. I'll take it out and will look into properly setting up logging.

After reading the comment @PowerShellCrack I double checked my task sequence and found that I did not use the correct template. I have recreated the task sequence using the correct template and updated the share by forcing it to recreate the boot image. However now I run into error -2147467259

Boostrap.ini is below

` [Settings] Priority=Default

[Default] DeployRoot=\\MDT01\Win10PSD UserID=MDTAdmin UserPassword=password UserDomain=domain

`

Khroners commented 9 months ago

Hello, PSD don't support UNC paths for the deployment shares (see here https://github.com/FriendsOfMDT/PSD/issues/115)

GeoSimos commented 9 months ago

These settings do not look good though

I didn't format my post correctly, so it drops the first slash. The UNC path worked in MDT. I'll take it out and will look into properly setting up logging.

After reading the comment @PowerShellCrack I double checked my task sequence and found that I did not use the correct template. I have recreated the task sequence using the correct template and updated the share by forcing it to recreate the boot image. However now I run into error -2147467259

Boostrap.ini is below

` [Settings] Priority=Default

[Default] DeployRoot=\MDT01\Win10PSD UserID=MDTAdmin UserPassword=password UserDomain=domain

`

Please read the documentation, the solution is different from MDT, we don't support UNC paths, it will save you time and trouble if you invest some time to do so. We have been replying the same questions for some time now, it will help us all support you better if you do the setup per the documentation we provide.

IT-Roman commented 9 months ago

we don't support UNC paths

Ok, I assumed that UNC paths weren't supported only in specific use cases. I didn't realize that ALL UNC paths weren't supported.

GeoSimos commented 9 months ago

The only reason we need the UNC paths are for the MDT Deployment Workbench, the rest is based on HTTP/HTTPS via IIS.

IT-Roman commented 8 months ago

I've gone through and set up IIS by following documentation, I've also added the following section into bootstrap.ini, and took out the UNC path.

[PSDRoots] PSDDeployRoots=https://mdt01.domain.com/Win10PSD/

I'm now getting the same error I used to get before I had the UNC path in bootstrap. It states that it cannot access the deploymentshare and tells me to check the network.

GeoSimos commented 8 months ago

Hello @IT-Roman and Happy New Year!

Two things to note:

  1. I would remove the trailing slash from the end of the PSDDeployRoots property.
  2. You need an account with Read only access to access the web based deployment share (if you look in the authentication section of the DS's website, you will see that only "Windows Authentication" is enabled, as the screenshot below shows). image

Also for every change of the BootStrap.ini file, you have to rebuild the boot image and if you're using WDS to replace it as well for that specific entry. Please refer to the setup documentation here PSD/MDT Shares and Content, the Build account is used for accessing the deployment share, it needs only Read access to the production deployment share(s) and for deployment shares that build and capture an image (non PSD ones), it requires modify access (to save the captured image).

Please check and report your progress.

IT-Roman commented 8 months ago

Hello and Happy New Year to all of you as well!

I've removed the slash. I've verified that Windows Auth is enabled, and that there is an account that has read and write access to the share. I've made sure that the UserID, UserPassword, and UserDomain are in both CS and BS ini files. I've recreated the image completely and updated it on WDS.

There's no change. I am still missing something.

GeoSimos commented 8 months ago

Some logs would be useful to further assist you, also a question, is this a fresh PSD deployment share or an upgrade of an MDT one?

IT-Roman commented 8 months ago

It's an existing MDT server, but I've created a new blank deployment share for PSD and copied drivers, applications, and OS from my production MDT share. Now, every time I make a change, I recreate the image completely, run the driver script (do I need to do this every time, or only when I update drivers?), and then I replace the image in WDS.

I've followed the documentation to set up logging, but it doesn't appear to be working either. I have also recreated the task sequence again in case I didn't use the right template.

I'm thinking that somehow it doesn't know where the deploy root is. It fails at "Validating network access to" step, but it doesn't say anything after "to". Also in the red Error message it shows "DeployRoot:" as blank. It is getting an IP address and all of the network info looks correct.

For testing, I have a blank Hyper-V VM. It is able to image from the old MDT share with no issue, but has that error in PSD.

GeoSimos commented 8 months ago

Hi @IT-Roman,

Can you send your Bootstrap.ini file's contents please as well? Something tells me that you're missing the declaration of the PSDDeployRoots property...

The template included in the solution is the following:

[Settings]
Priority=PSDRoots,Default
Properties=PSDDebug, PSDDeployRoots,PSDPrestartMode

[PSDRoots]
PSDDeployRoots=https://mdt01.corp.viamonstra.com/mdtproduction
;UserDomain=MDT01
;UserID=MDT_BA
;UserPassword=P@ssw0rd

[Default]
SkipBDDWelcome=YES
PSDPrestartMode=Native
PSDDebug=NO

You need to do something similar and rebuild your boot image. Also you have to set a read only account to access the deployment share over the web server, uncomment the User* lines and enter the proper information, if you use a local account on the deployment server, leave the UserDomain commented.

IT-Roman commented 8 months ago

That was it! I needed to add Properties=PSDDeployRoots to bootstrap.ini Was there something in documentation about that? I might have missed it.

It was able to get the task sequence to execute, but it returned the error -2147467259 again. Looking at a few other posts that mentioned that error, I saw that wiping the drive may help, so I reverted to a checkpoint with a wiped disk. It was able to install the OS, and some applications, but it seemed to freeze while installing one of them. My guess is that this happened because the VM fell asleep. Either way, this issue is resolved. If I need assistance with something else I'll open a separate thread.

Thank you all for your help!

GeoSimos commented 8 months ago

Glad to be of help!

There is actually a reference in the Operations Guide: