1 / 53

Top 10 Windows Deployment Service Common Issues and How to Resolve Them

Top 10 Windows Deployment Service Common Issues and How to Resolve Them. Rhonda J. Layfield RJL, INC. Rhonda@DeploymentDr.com Session Code: CLI315. Rhonda Layfield. IT industry 25+ years Contribute articles to Windows IT Pro mag Setup and Deployment MVP

leoma
Télécharger la présentation

Top 10 Windows Deployment Service Common Issues and How to Resolve Them

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Top 10 Windows Deployment Service Common Issues and How to Resolve Them Rhonda J. Layfield RJL, INC. Rhonda@DeploymentDr.com Session Code: CLI315

  2. Rhonda Layfield • IT industry 25+ years • Contribute articles to Windows IT Pro mag • Setup and Deployment MVP • Desktop Deployment Product Specialist (DDPS) • Co-Author Windows Server 2003 R2 and Windows Server 2008 books • NEW Microsoft Deployment Book • Offer hands on deployment class

  3. What I’ll Cover • Managing the WDS Server • Installing and Configuring WDS 10) Permissions 9) 2K8 Deployment Failure 8) Renaming/Moving the WDS server • Creating an Image to Deploy 7) WDSCapture

  4. Overview • Deploying an Image 6) Pre-staged settings do NOT take affect 5) WinPE Problems 4) Multicast • Automating the Deployment 3) Unattend Answer Files • Infrastructure Issues 2) DHCP Issues 1) PXE Issues

  5. WDS Requirements • WDS server must be a member of an Active Directory domain • DHCP • DNS • NTFS partition on which to store images

  6. WDS Requirements DHCP 2 3 1 AD/DNS WDS Bare-Metal

  7. WDS on Server 2003 • Installing WDS on a 2003 SP1 Server • Install RIS • Install patch from the WAIK: windows_deployment_services_update.exe • Installing WDS on a 2003 SP2 Server • Control Panel / Add/Remove Programs / Windows Components / WDS

  8. WDS on Server 2008 (R2) • Installing WDS on a 2008 server • Server Manager • Add Roles • Select Windows Deployment Services from the list of roles

  9. Configuring WDS • Choose path for the Remote Installation folder • DHCP Options • PXE Server Settings

  10. Demo Configuring WDS

  11. 10) Permissions • Default Permissions • Local administrator on the WDS server • Full Control of the RemoteInstall folder • Full Control permissions on HKEY_LOCAL_MACHINE\System • Domain administrator (domain where the WDS server resides) • Full Control permissions on the Service Control Point (SCP) in AD DS for the WDS server.

  12. WDS and SCP • WDS depends on AD DS for the PXE provider to create computer accounts and service control points (SCPs) in AD. •  The SCP is a child object under a WDS server’s account object used to store configuration data • Identifies the server as a WDS server • Finding the SCP - DEMO • ADSIEdit -> Find your servers computer object -> Expand your server -> CN=NameOfMyServer-Remote-Installation-Services Properties

  13. Permissions Continued • Enterprise administrator • Dynamic Host Configuration Protocol (DHCP) authorization permissions • Admin Approval • The computer account is created using the server’s authentication token (not the admins token performing the approval) • WDSSERVER$ must have “create computer account objects” on the containers / OUs where the approved pending computers will be created

  14. Admin Approval Continued • Admin Approval of Pending Computers • R/W to the F:\RemoteInstall\MGMT • contains Binlsvcdb.mdb • Active Directory Users and Computers • Create a custom task to delegate on OU where the computer account will be created -> Write all properties on Computer Objects

  15. Joining a Machine To a Domain • ADUC • R-click the container or OU and go to Properties • Click the Advanced button and add a user or group then click the Edit button • Under Apply to: This object and all descendant objects • Allow “Create Computer objects” Ok (3x) • BUT now that user can create computer objects and join machines to the domain • What if you only want someone to be able to join a machine to the domain?

  16. The JoinRightsSetting Part 1 • JoinRightsregistry setting determines the set of security privileges • located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSPXE\Providers\BINLSVC\AutoApprove\<arch> Name: JoinRights Type: DWORD Value: 0 = JoinOnly.; 1 = Full

  17. The JoinRights Setting Part 2 • The User registry setting determines which users have the right to join the domain • User setting located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSPXE\Providers\BINLSVC\AutoApprove\<arch> Name: User Type: REG_SZ Value: group or user.

  18. Non-English DCs • Creating computer accounts against a non-English domain controller using the default user property. • Set the Auto-Add settings to use an account that does not contain extended characters. • Acceptable characters ([A-Z, a-z, 0-9, \, -, and so on]) • For example if the German "Domänen-Admins“ is used the Auto-Add will fail. • WDSUTIL /set-server /AutoAddSettings

  19. Common Permissions

  20. Common Permissions

  21. 9) 2K8 WDS - Deployment Fails • Server 2008 increased the TFTP block size from 512 bytes to 1,456 bytes to speed things up. • If your network has a TFTP block size of less than 1,456 bytes this breaks WDS. • Resolution: • Install hotfix975710 • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSTFTP • Create a new REG_DWORD • Name:MaximumBlockSize • Value range: 512–1456

  22. 8) Renaming/Moving WDS Server • Renaming a machine • Moving a machine from one domain to another • You’ll need to uninitialize & reinitialize WDS server • From a cmd on the WDS server • Wdsutil /uninitialize-server • Wdsutil /initialize-server /reminst:E:\RemoteInstall

  23. 7) Creating an Image to Deploy • WDSCaptureWinPE • Add boot.wim from a 2K8 Server .iso • Right-click the boot.wim and choose “Create capture image…” • Add the new .wim file that you just created • Sysprep • -reseal • generalize

  24. Boot WDS Capture No Volume to capture?

  25. Demo Deploying a W7 Client

  26. 6) Pre-Staged Settings Ignored • Ensure there are not duplicate machine accounts pre-staged for the same machine • Pre-stage using the MAC address • Swap the NIC to another machine • Dual Admins • 1st admin creates a computer object in ADUC • 2nd admin pre-stages a computer object with the NIC or GUID • The first one found is used

  27. 5) WinPE Issues • Using an older boot.wim • Architectures and WinPE • Copype – WinPE • Creating your own

  28. Which Boot.wim To Use… • The most current will always be best • Windows 7 Boow.wim can deploy • Vista SP1 • Windows Server 2003 R2 • Windows 7 • Server 2008 & R2 • Accidently use a Vista or Vista SP1 boot.wim? • Vista boot.wim cannot deploy W7 or 2K8 R2 • Failure on the Offline servicing pass even if it’s not configured to install patches

  29. Using an Old boot.wim

  30. 4) Multicast Issues • Multicast traffic running really slow • Which version of IGMP is being used? • V3 or v2? • Multiple WDS servers multicast traffic • Overlapping IP addresses • WDS snap-in -> Properties of Server -> Multicast tab -> change the IP addresses

  31. 3) Automating the Deployment • Unattend .xml scripts (2) • XP & 2K3 vs Vista and later • Unattend.xml does not process settings • Not named properly • Not stored in the correct folder

  32. Demo Automating The Deployment

  33. 2) DHCP Discover IP DHCP/WDS Bare-Metal Offer IP/PXE Server Request Acknowledge

  34. WDS & DHCP • 3 Scenarios • WDS and DHCP on the same subnet/ different servers • Client will find WDS by broadcasting • WDS and DHCP on different subnets • Client must find WDS through options 66 and 67 set in DHCP • WDS & DHCP on same server • Client must find WDS through Option 60 in DHCP

  35. WDS & DHCP Same Subnet DHCP Bare-Metal Request Acknowledge Offer IP Discover IP/PXE Server Discover IP/PXE Server WDS I’m WDS

  36. WDS & DHCP Different Subnets DHCP Bare-Metal Discover IP/PXE Server Offer IP Option 66 Option 67 Acknowledge Request WDS

  37. WDS & DHCP on The Same Server Discover IP DHCP / WDS Bare-Metal Offer IP Option 60 I’m also WDS Request Acknowledge

  38. WDS And DHCP on The Same Server?

  39. 1) Pre-Boot Execution Environmentaka…PXE • PXE Protocol is an extension of DHCP • Created by Intel as a standard with a set of pre-boot services stored in the boot firmware • The goal: • Perform a network boot • Find and download a network boot program (NBP) from a Network Boot Server

  40. The PXE Process • From the client • Client receives an IP address • Discovers a Network Boot Server (NBS) • Downloads the Network Boot Program (NBP) from the NBS (TFTP) and executes it • From the server • Servers IP address • Name of a NBP the client may request

  41. Subnets, Routers and Switches OH NO! • All PXE / DHCP traffic is local traffic only • DHCP – port UDP 67 • PXE traffic – port UDP 4011

  42. PXE Server Settings

  43. Known Client PXE boot

  44. Unknown Clients

  45. No NBS or NBP

  46. PXE Issues • IP helpers configured properly on your switches and routers are more reliable • Older PXE ROMs have issues with DHCP options 60,66,67 • Options 66 & 67 are referred to as a Network Boot Referral (NBR)

  47. What We Covered • Managing the WDS Server • Installing and Configuring WDS 10) Permissions 9) 2K8 Deployment Failure 8) Renaming/Moving the WDS server • Creating an Image to Deploy 7) WDSCapture

  48. Wrapping IT UP.. • Deploying an Image 6) Pre-staged settings do NOT take affect 5) WinPE Problems 4) Multicast • Automating the Deployment 3) Unattend Answer Files • Infrastructure Issues 2) DHCP Issues 1) PXE Issues

  49. Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Troubleshooting Resources Error codes for WDS & AD Integration (BINLSVC) http://technet.microsoft.com/en-us/library/dd299753(WS.10).aspx Permissions for Server & Client http://technet.microsoft.com/en-us/library/cc754005(WS.10,printer).aspx

More Related