tacke

LOGS location: SCCM installation folder \logs Verify services and corresponding locks: Tools\ConfigMgr Service Manager or registry under HKLM/Software/Microsoft/ccm/logging...or HKLM/software/wow6432node\microsoft/ccm/logging...

The MCR has a lot of prerequisites on the system where it should be installed: 1. W2k8 OS 2. WDS should be installed before enabling MCR 3. IIS and WEBDAV, ISAPI ext and IIS6 management compatibility must be installed before 4. UDP Ports should be configured on Firewalls (Soft+Hardware) for OS deployment with Multicast 5. Bits should be configured before enabling 6. Distribution Point (not Branch and not Server share) should be configured before enabling MCR (MCR cannot be enabled if this role is not installed!) 7. Windows Firewall settings has to be adjusted to allow connection of clients 8. Local Security (GPEDIT.MSC / SEPOL.MSC) has to be adjusted when running SCCM on a DC! 9. OS packages should be activate for Multicast and deployed to the MCR DP after enabling MCR! 10. Verify that the MP has signed the MCR. Check SignedSerializedMCSkey in Registry section of MCS. It should not be empty otherwise MCR will not work in your environment! ON other server: 11. Healty SCCM primary Server with MP is the first preliminary as the MP is responsible for the signing of the Role! 12. DHCP Service should be configured for dyn. Multicast client support only if you not use the static configuration within SCCM or WDS for Multicast clients 13. IPHelper should be configured in segmented networks to reach the WDS,PXE Server OPTIONAL INFORMATION ADD Network Access Account User Account to the PXE share with read rights to all folders. => After configuration of the ACL right for the Network Access Account deploy your WinPE images only to the PXE Share and not as always suggested also to "normal" package shares! During the Setup of the Role the Network Access Account will not be added to the PXE share!

in winpe: Option1: disable FW in unattended.xml file Option2: run Command: cmd.exe /c wpeutil disableFirewall in Windows (after Setup Windows and ConfigMgr): Option1: disable FW in unattended.xml file Option2: run command: cmd /c netsh advfirewall set allprofiles state off Option3: use GPO to deactivate FW in the OU where you prestage the machine You should activate the FW later after installation automatically again with a predefined Ruleset for your environment/domain!

for security reasons I would not install the wds service on the DC Just add the Features: Remote Server Administration Tools->Windows Deployment Services Tools and you will be able to pre-stage Computers with the GUID! Note: Do not use the GUID which you see in the BIOS! This may differ from the SMBIOS GUID! =>Due to this your machine will not boot your wINPE image Use instead the SMBIOS GUID which you will see in the logs of SCCM PXE Server (SMSPXE.log) or the WDSSERVER!