Phylum Posted June 27, 2014 Report post Posted June 27, 2014 Hi all - New to the forums but anonymously lurking for quite some time. I'm also quite new to SCCM so I'm hoping for a little grace & mercy. I'm really struggling here & I can't figure out what I'm doing wrong. I need the help of some more seasoned SCCM admins. My main objective is to automate the build of my reference image. Something I can reuse: when office-wide core applications change (e.g.: Office 2007 to 2010 to 2013, Adobe Acrobat vs Nuance etc.) to roll-up all the other updates/patches/hotfixes Microsoft released over the past n months (e.g.: Office updates, SQL Express 2005 and up, Report Viewer, Visual C++ & Visual Studio for Office etc.) when I create a brand new image be it Windows 7, 8/8.1, Server etc. From my perspective, the task sequence should look something like this (see photo) Start with a vanilla Windows 7 SP1 WIM straight from the ISO Use Schedule Updates to patch it fully Create a new Build & Capture TS Apply patched vanilla Windows 7 SP1 WIM Apply offline hotfixes (e.g.: KB277551-v2, KB2732673, KB2728738, KB2878378, KB2459268, KB2522623, KB2581608, KB2729094, KB2731771, KB2533623, KB2670838, KB2786081, KB2834140, KB2639308, KB2888049, KB2882822) (source: 1,2 - can't find the other link) Setup ConfigMan with SMSMP, FSP, DNSSUFFIX set Install application set 1 .NET 4.5.2 WMF 4.0 (KB2819745) Application dependencies: Visual C++ 2005/08/10, Visual Studio Tools for Office Runtime, MSXML6 [Parser] etc. Opt-in to Microsoft Updates Scan for updates: WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE (source: 1, 2, 3 & more) Install updates Run steps 7 & 8 again to ensure its fully patched (source) Install application set 2 Internet Explorer 11 (customized via IEAK) Office 2010 Scan for updates again Install updates again Run steps 11 & 12 ... again Re-arm Office Prepare CM Client Prepare OS Capture Reference Image Is this a valid configuration? Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted June 27, 2014 Report post Posted June 27, 2014 what exactly is the problem ? where is it failing, feel free to attach your smsts.log files so we can take a look. Quote Share this post Link to post Share on other sites More sharing options...
Phylum Posted June 27, 2014 Report post Posted June 27, 2014 Thanks for the reply - I apologize for being so vague; wasn't my intention. I was posting in an effort to get feedback on whether or not my new proposed Build & Capture TS was sound process wise. How does it stack against 'best practices' or what others are doing? (And so on) At the time of posting I was incredibly frustrated and struggling with a couple of issues that were driving me insane. I suspect the order in which I was doing things and the extra reboots were to blame. While I don't necessarily understand why it wasn't working, I moved onto the TS I outlined above. In the interest of full disclosure should someone else stumbles across this thread, I've outlined my two issues I was having using the old TS. Issue 1: When I ran Windows Updates after Step 6 the packages below failed to install. The TS would fail with a 80004005 error. SMSTS log shows that the first package (.NET) failed to install because the "application download failed". What's really odd is that I have packages that executed successfully prior to this step, the only difference (at the time) being Windows Updates & reboots in between those packages and the one that failed. I "merged" all the logs into one view so I can see what happened chronologically, highlighting the application id to make it easier to spot. Errors of concern are: failed to resolve version for ScopeID_whatever/application_ProblematicApplication Conformant Rule:whatever_ScopeId_whatever_ProblematicApplication_version_Configuration_PolicyDocument not found GetLogonUserSid failed at GetTokenSids 0x800703f0 Failed to send Location Request Message Failed to create Location Request Message body GetLocationSyncEx failed with error 0x8000000a Unable to get locations, no need to continue with download CheckLocations failed. Error = 0x87d00607 No location available : CTaskConsumer(application scopeid) State transition to (Failure), Param(-2016410105) : CTaskConsumer(application scopeid) Unable to retrieve AD site membership Boundaries and Boundary Groups are set: After all, I was able to select & start the TS, image came down, packages prior to that step came down fine. Other OSD's (e.g.: vanilla Windows 7, another image I captured months ago) on the same physical switch & same VLAN succeed. Installation properties of ConfigMan Installation had the following set: SMSMP=Server.FQDN FSP=Server.FQDN DNSSUFFIX=FQDN Issue 2: If I rebooted after Step 7.3, Windows Updates would run and at some point the machine would just boot into Windows. I believe this may have been the cause: http://support.microsoft.com/kb/2894518 BUT LETS NOT FOCUS ON THE ABOVE: I'VE MODIFIED THE TS SO I THINK THE ABOVE IS NO LONGER AN ISSUE! I don't mean to be rude, just don't want anyone to spend time on those issues since the TS has changed! [Very] Late last night I kicked off the process using the following TS and it completed successfully. Right now (27-06-2014) the only problem I'm seeing is that after the capture, I cannot login due to a user profile service error. After capture, the reference machine reboots & goes through OOBE. I fill in the information (username, username, time zone etc.) It automatically logs on but fails with: The User Profile Service service failed the logonUser profile cannot be loaded. I'm aware of this http://support.microsoft.com/kb/947215 but here's what I'm doing to fix it: Reboot into safe mode Browse to C:\Users Show hidden folders Right click C:\Users\Default Properties Security tab Advanced Change permissions Check the box 'Replace all child object permissions with inheritable permissions from this object' Apply Yes OK OK OK Restart Its a brand new profile - just finished OOBE; its the very first login of any kind I didn't do anything special during the deployment or capture, like use a customsettings.ini or unattended.xml, beyond what's in the TS shown above. There's something fundamentally wrong somewhere. I suspect maybe KB2728738 is to blame based on a quip made about the User Profile service on this page but that's not conclusive. I'm aware the profile issue goes beyond the scope of this forum so to honor everyone's time, I'll post about that specific issue in the TechNet forums. Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted June 27, 2014 Report post Posted June 27, 2014 if a software update forces the ts to reboot it can break the ts in some cases, so yes you may need to get more methodical about what updates you are applying and remove suspect updates suce as KB2965788 which does cause double reboots on some hardware 2 Quote Share this post Link to post Share on other sites More sharing options...
Peter33 Posted June 27, 2014 Report post Posted June 27, 2014 if a software update forces the ts to reboot it can break the ts in some cases, so yes you may need to get more methodical about what updates you are applying and remove suspect updates suce as KB2965788 which does cause double reboots on some Hardware Thanks for the info, Niall. I was wondering which update was messing with our Windows 7 OSD this week. Is Microsoft aware of the problem already? Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted June 28, 2014 Report post Posted June 28, 2014 Yes, there is even a technet article listing these updates, see: http://support.microsoft.com/kb/2894518/en-us 1 Quote Share this post Link to post Share on other sites More sharing options...
Phylum Posted June 30, 2014 Report post Posted June 30, 2014 I'm now applying the dual-reboot specific updates offline via: cmd.exe /c x:\windows\system32\dism.exe /ScratchDir:%OSDisk%\Mount /Image:%OSDisk%\ /Add-Package /PackagePath:%_SMSTSMDataPath%\Packages\<PACKAGE_ID>\<PACKAGE_MSU>.msu If I have any issues beyond that I suppose I'll create a new thread. Quote Share this post Link to post Share on other sites More sharing options...
Iroqouiz Posted July 3, 2014 Report post Posted July 3, 2014 In my opinion Johan Arwidmark's simple but genious MDT tweaks and powershell script is superior to any other reference build solution. http://www.deploymentresearch.com/Research/tabid/62/EntryId/172/Deploying-a-reference-image-VM-fully-unattended.aspx I use this method and it's failsafe. I set up a separate wsus server and approved all my desired updates to the unassigned computers group (does not matter since the build client is the only machine directed to that server). Then you edit the customsettings.ini file with your wsus server. And in the ts you add all the MDT apps you wish. It will take you a day to set this up (craating apps in MDT deployment workbench etc) but you will save sooo much time when its done, and every time you want to build a new image. Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted July 5, 2014 Report post Posted July 5, 2014 while Johans method is great, not every customer is willing to have copies of their apps both in MDT and Configuration Manager, Quote Share this post Link to post Share on other sites More sharing options...
