The D-Spot (The Deployment Spot)

Meanwhile MDT 2010 has reached Update 1, time to catch up where we left in part 2.

We will configure WDS to use PXE boot, use SQL Server to retrieve the computer name and have some beer afterwards.

PXE Boot

First configure a DHCP scope to serve the clients with an IP address. Then install the Windows Deployment Service (WDS) role on your MDT box, and configure WDS. I like to have a PXE delay of 3 seconds and I’m running DHCP on the same server as WDS. So I need to check ‘Do not listen on port 67’ and ‘Configure DHCP option 60 to indicate that this server is also a PXE server’.

 

Now we have to import the WinPE boot images, previous generated by MDT, into WDS:

Browse to the Boot-folder in the Deployment Share, and select the LiteTouch-wim-file(s) (I’m importing the x64 version only, as I don’t use Windows 7 x86 for now):

Boot your client machine and hit F12 to boot into PXE, or choose boot from network card in the BIOS.

We still have to choose a computer name during deployment:

Using MS SQL Server (Express) you can fully automate this!

Preparing SQL Server

In my test lab I will use SQL Express 2008 SP1. Open SQL Server Configuration manager, set SQL Server Browser to automatic and start the service:

Enable Named Pipes in SQL Server Configuration Manager:

Restart the SQL Server service:

Start SQL Management Studio and create a Security Login (I’ll use my MDT domain-join-user):

 

Add the db_datareader and db_datawriter permissions for the domain\svc-join user to the MDT database:

Create a database

Open the Deployment Workbench and Create a new database:

   

We have finished creating the MDT database.

Now we have to configure CustomSettings.ini before we can use the database:

By clicking Configure Database Rules, you actually adding extra lines to CustomSettings.ini in order to make a connection to the database. Select what you need:

Take a look at your CustomSettings.ini file (by right-clicking the DeploymentShare > Properties > Rules tab):

You can modify CustomSettings.ini further. To join a domain for example:

SkipDomainMembership=YES
JoinDomain=thedspot.local
DomainAdmin=svc-join
DomainAdminDomain=thedspot.local
DomainAdminPassword=*
MachineObjectOU=OU=Computers,OU=Unmanaged,DC=thedspot,DC=local

Obtaining Computer names from the SQL database

Hit Computers > New to add a MAC address and corresponding computername (OSDComputerName):

 

Our LiteTouch deployment succeeded:

The computer name was retrieved from the database and domain join was successful.

Please find other parts here:

Windows 7 Lite Touch installation with MDT 2010 – Part 1

Windows 7 Lite Touch installation with MDT 2010 – Part 2

Windows 7 Lite Touch installation with MDT 2010 – Part 4

Microsoft released an update for the company’s free operating system deloyment solution.  If you’re planning to migrate to Windows 7, Server 2008 R2 or Office 2010, MDT is the tool you need.  Here at the D Spot we have blogged a lot about MDT already.  Keep yourself up to date and read our MDT related posts.

What has changed in MDT 2010 Update 1

 

For native MDT users (Lite Touch Installation)

Support for Office 2010. Easily configure Office 2010 installation and deployment settings through the Deployment Workbench and integration with the Office Customization Tool.

Improved driver importing. All drivers are inspected during the import process to accurately determine what platforms they really support, avoiding common inaccuracies that can cause deployment issues.

 

For ConfigMgr 2007 users (Zero Touch)

New User Driven Installation deployment method. An easy-to-use UDI Wizard allows users to initiate and customize an OS deployment on their PCs that’s tailored to their individual needs.

Support for Configuration Manager R3 Prestaged Media.For those deploying Windows 7 and Office 2010 along with new PCs, a custom OS image can easily be loaded in the factory and then customized once deployed.

 

For all users

A smooth and simple upgrade process. Installing MDT 2010 Update 1 will preserve your existing MDT configuration, with simple wizards to upgrade existing deployment shares and Configuration Manager installations.

Many small enhancements and bug fixes. Made in direct response to feedback received from customers and partners all around the world, MDT 2010 Update 1 is an indispensible upgrade for those currently using MDT (as well as a great starting point for those just starting).

Continued support for older products. MDT 2010 Update 1 still supports deployment of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office 2007.

 

Download binaries and documentation at Microsoft.

This kit will help you complete a Proof of Concept (PoC) at your organization, at a customer or get familar with some Microsoft products in a lab environment.

Allowing you to quickly evaluate the new Microsoft desktop technologies, including Windows 7, Office 2010, Internet Explorer 8, and Application Virtualization (AppV) with Microsoft Desktop Optimization Pack technology.

It will also familiarize you with some of the important deployment tools provided by Microsoft to assist with your broader deployment efforts. This PoC isn’t meant to be comprehensive training mechanism but rather an introductory set of modules to familiarize you with tools and technologies.

Included in the package:

• Microsoft Assessment and Planning Toolkit (MAP)
• Microsoft Application Compatibility Toolkit (ACT)
• Microsoft Office Migration and Planning Manager (OMPM) (A tool to assess and upgrade Office versions and files, like macro compatibility for example)
• Microsoft Deployment Toolkit (MDT)
• Windows 7 Enterprise 90-day Trial image
• Microsoft Office Professional Plus 2010
• Office 2010 with Application Virtualization (App-V)

In short, a package that any consultant arriving on a mission around Windows 7 should have.

Download: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=26301cd1-cc72-4dd8-819e-12ef48322743

Last Wednesday we hosted our seminar “Managing the dynamic desktop? Windows 7 deployment”. This seminar not only listed many of the new features and functionality that are included in Windows 7 but also answered many deployment questions. Some of them were “how do I know which deployment system is best-suited for my organization?” and “how can I certify this to be my final mass deployment”.

The result can be found here:

http://seminar.the-d-spot.org/Windows 7 Presentation_part1.pdf

http://seminar.the-d-spot.org/Windows 7 Presentation_part2.pdf

When capturing a reference image using VMWare Workstation/Server your WinPE image needs the right nic driver to contact the Deployment Share.

Here is how to obtain and inject these vmware drivers into your WinPE boot image.

First download the drivers from VMWare (link updated Sept 2010). (PCnet Family network adapter, NDIS5 Driver)

Import them (I used \WinXP_SignedDriver\netamd.inf, pcntpci5.cat and PCNTPCI5.sys) into your deployment share:

Make sure drivers are injected into your WinPE images:

And rebuild the Deployment Share, to regenerate the WinPE boot images.

Last step: import the new WinPE boot images into your PXE boot server. (or rewrite your bootcd’s with the WinPE ISO file)

While setup some MDT lab environments this SQL error crossed my path a couple of times.

ZTI error opening SQL Connection. SQL server does not exist or access denied.

Unable to establish database connection using [CSETTINGS] properties. SQL Server does not exist or access denied.

Unable to establish database connection using [CROLES] properties. SQL Server does not exist or access denied.

I’m using a hidden share on the SQL Server box that MDT will use for authentication to the SQL Server. The same credentials are used to connect to the MDT database. So I had granted sufficient share and NTFS permissions to the hidden share and granted this user the db_datareader role on the MDT database.

If we read the error again it is clear that MDT cannot contact the SQL Server, it even cannot find the server.

Troubleshooting-time!

I hit F8 during deployment to get into a command prompt. Once in the command prompt I could contact the SQL Server box with the ping command.

A ping to the server gave a response of a wrong IP address. Turns out that the DNS server was holding an old IP address from the previous MDT and SQL Server installation. Deleting this A-record and register (ipconfig /registerdns) the SQL Machine again, was the solution for this issue.

In another lab environment I could ping and map a share on the SQL Server box.

net use * \\Servername\Hiddenshare$

Turns out that we forgot to open the Windows Firewall for SQL Server. Add an exception for sqlservr.exe and sqlbrowser.exe is enough. You don’t have to turn the complete firewall off.

With the firewall configured as it should and all DNS records registered, no error occurred and deployment went successfully.

Microsoft Deployment Toolkit 2010 has some nice improvements to its successors in the driver handling department. I will describe how I like to manage drivers in MDT 2010.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model.  This is what my folder tree looks like:

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at command prompt: ‘wmic csproduct get name’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude E5500”. My colleague for example, uses a HP laptop “HP Compaq 6730b (GW687AV)”. Use this info to build up folders in MDT’s Out-of-Box Drivers (you can make your own structure, as long as the computer and Model names are correct).

Now that we have drivers imported in our Deployment Share, it’s time to move on.

 

MDT has two different methods to manage drivers (actually three, but we skip DriverPaths used in BDD 2007, as support will probably be removed in future versions).

 

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree. You don’t want to query dead horses.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

I use ‘DriverGroup001’ as Task Sequence Variable, and Win7x64\%Make%\%Model% as value for my Windows 7 x64 TS . You have to adapt this to your Out-of-Box tree. (Don’t use an underscore in your TS variable variable name as I intentional did. thanks Tom!)

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup001=%Make%\%Model%
DriverGroup002=Printers

 

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

First you have to create a Profile (or use one of the default profiles):

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

You can add  Selection Profiles for printer drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64

 

Please do comment if you have any suggestions.

Just a quick tip, nobody likes to read much during holidays

If you want to troubleshoot a client deployment, a command prompt can be very handy. To get into one, just hit F8 during WinPE startup, it even works during operating system installation.

At the command prompt you can verify network settings, check log files during operating system install and so on.

The second Truesec Deployment CD by MVP Johan Arwidmark has been released. This disc contains PDF guides and training videos. Covering Lite-Touch Deployments using the Microsoft Deployment Toolkit and Zero-Touch Deployments using System Center Configuration Manager. This new version covers MDT2010 and SCCM 2007 SP2 R2.

The CD consists of step-by-step guides and video tutorials:

Lite Touch Deployments:

• Installing the server for MDT 2010 Lite Touch
• Creating a Windows 7 reference image using Lite Touch
• Deploying a Windows 7 image using Lite Touch
• Dynamic Settings, creating and using the deployment database

Zero Touch Deployments :

• Installing the server for MDT 2010 Zero Touch and ConfigManager 2007 R2
• Creating a Windows 7 reference image using ConfigManager 2007 SP2
• Deploying a Windows 7  image using ConfigManager 2007 SP2
• Dynamic Settings, creating and using the deployment database

Additional Presentations:

• New features in MDT2110
• Upgrading MDT 2008 to MDT 2010
• Migrating Windows XP to Windows 7

Get your copy at a deploymentcd.com

Suddenly my deployment environment had issues connecting to the deployment share while performing a MDT 2010 LTI Refresh scenario.

Log files BDD.log and LiteTouch.log says this: Unable to connect to DeploymentShare Connection OK Possible cause: invalid credentials A connection to the deployment share DeploymentShare could not be made The deployment will not proceed.

Error:

I found some solutions on the web, but only the last one did the trick for me.

Possible solution: Change ZTIUtility.vbs

Microsoft posted a solution for the ‘Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed” problem with MDT 2010. By changing the script ZTIUtility.vbs.

Replace this code:

Case Else
' Case &h800704C3 ' Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed.
' Case &h8007052E ' Logon failure: unknown user name or bad password.
' There was a some kind of fatal error.
If ErrDesc <> "" then
             MapNetworkDriveEx = ErrDesc
Else
             MapNetworkDriveEx = "Unable to map UNC Path " & sShare & " :" & "( 0x" & hex(HasError) & " ) "
End if
oLogging.CreateEntry MapNetworkDriveEx & "", iLogType
Exit function
End select

With this code:

Case Else
Err.Clear
On Error Resume Next
oNetwork.MapNetworkDrive  chr(sDrive)&":", sShare, False
HasError = err.number
ErrDesc = err.Description
On Error Goto 0
If Err.Number <> 0 Then
' There was a some kind of fatal error.
             If ErrDesc <> "" then
                                        MapNetworkDriveEx = ErrDesc
             Else
                                        MapNetworkDriveEx = "Unable to map UNC Path " & sShare & " :" & "( 0x" & hex(HasError) & " ) "
             End if
             oLogging.CreateEntry MapNetworkDriveEx & "", iLogType
                           Exit function
Else
      Exit Function
End If
End select

However, this didn’t solved my issue at all.  I tried some other possible fixes found on the wild wild web; like using the pushd-command, using the IP address and FQDN name, and disconnecting all network connections (with net use * /d) before the actual installation begins. But none of this actually solved my issue.

The solution was map a network drive to the deployment share, with the same credentials as these used in bootstrap.ini and launching Litetouch.vbs from there. I found the solution on the Minasi forum (post by Johan Arwidmark).