Quantcast
Channel: Ivanti User Community : All Content - OS Deployment and Provisioning
Viewing all 1803 articles
Browse latest View live

Provisioning - Preferred Servers configuration best practises

$
0
0

Purpose:

 

This article describes our recommendations regarding Preferred Servers configuration to avoid problems with capture/deploy image within Provisioning task.

 

I. Configure Preferred Server three times: NetBIOS, FQDN, IP

 

In some environments it is hard to determine which value (NetBIOS, FQDN, IP) should be used when configuring Preferred Server to work properly for Provisioning actions: Capture/Deploy Image. To avoid problems, please set up same Preferred Server three times with NetBIOS, FQDN, IP. Configuration should look similar to one below:

 

preferred_server_conf.PNG

 

II. Capture Image - account permissions

 

To successfully capture an image during Provisioning job our process needs to have sufficient permissions to network share on a Preferred server. Provisioning uses the same configuration as the Content replication module. However, it was not designed to switch between Read-only and Write account:

Provisioning process uses account configured as Read-only in Preferred Server configuration to map network drive then to write image file there. Please remember to give "Write" permissions to "read-only" account if Preferred Server is in use for Provisioning tasks.

The warning "The user name and password should provide only READ access to the preferred server" applies mainly to content replication/SWD and does not take Provisioning into account. When imaging from Preferred servers, the account needs to have read and write privileges to the network share.

Related articles:

 

How to configure the Preferred Server (Target) for Content Replication: https://community.ivanti.com/docs/DOC-20782

How to configure a Preferred Package Server: https://community.ivanti.com/docs/DOC-1385


Dell Optiplex 7060 PXE boot issues.

$
0
0

Hello All,

     We just received two Dell Optiplex 7060 PC's. One full size one mini. We are having issues trying to PXE boot them. I've loaded the correct drivers both in 32bit and 64bit WinPE. Sometimes it will boot and image and sometimes it will not even boot into PXE. We tried both Legacy and UEFI boot.

Any Ideas??????

 

Thanks

How to configure Preferred Servers as a PXE Representative and Host a Web Share for Vboot Files

$
0
0

Information

 

LANDESK Management Suite includes support for OS Provisioning clients to download vBoot related files from a PXE Server.

 

Now the Boot.wim file that contains the Windows PE image does not have to come directly from the Core.  A peer or preferred server can now be utilized.

 

The boot images are over 200 megabytes so it can be important to store the boot images on the local subnet or in a more optimal location for the client than the Core may provide.

 

New "Attempt Peer, "Attempt Preferred Server", and "Allow Source" radio buttons have been added to the "Boot to Managed WinPE (Virtual Boot)" selection for the "Reboot/Shutdown" Provisioning Action.  Note: Downloading of the boot.wim from Preferred Server or Peer at this time only applies to Vboot (Virtual Boot).  It does not apply to PXE boot.

 

This eliminates the need for the clients to go back to the core to download the 200+ megabytes of support files in order to virtual boot.

 

In order for the vboot files to be accessible to the clients, the proper web share must be configured on the Preferred Server.

 

Resolution

 

Attached to this article is a .ZIP file Containing the following:

 

  • Deploy PXE Rep and Configure IIS.ldms  (Package Bundle)
  • ps-pxe-setup.bat

 

Steps to import and configure package bundle.

 

  1. Download the attached PreferredServerWithPxeHostVboot.zip file
  2. Unzip the downloaded .zip file to the desired location on the core server.
  3. Open the Distribution Packages tool in the LANDESK Management Suite console.
  4. Right click "My Packages" and select "Import"
  5. Browse to the location where the .ZIP file was uncompressed to.
  6. Double click the Deploy PXE Rep and Configure IIS.ldms file.
  7. This will import a package bundle into the LANDESK Management Suite console under "My Packages"
    Click here for more information about Package Bundles.
  8. Within this bundle, you will find a package called Configure Preferred Server to host vboot files.
  9. In addition, this bundle contains the default PXE Representative Deployment package.
  10. Copy the ps-pxe-setup.bat file to your regular software distribution share.
  11. Modify the properties of the Configure Preferred Server to host vboot files package for your environment

          a. Modify the server name under the Package Information section to reflect the proper server name for your package share

          b. Under the Additional Files section browse to the location where you have copied the ps-pxe-setup.bat file and add it as an additional file
              (By default in the imported package this defaults to http://coreservername/ldlogon.

 

Scenarios for distributing package bundle or only the distribution package:

 

Scenario 1:

  • PXE Representative is already installed on the Preferred Server

 

    In this instance, you can simply select the package Configure Preferred Server to host vboot files, right-click and select "Create scheduled task".

Scenario 2:

 

  • PXE Representative is not installed on the Preferred Server and you want to configure IIS to host the vboot files

 

          In this instance, right-click the package bundle called "Deploy PXE Rep and Configure IIS" and select "Create Scheduled Task".

 

     This will first configure install the PXE Representative and then configure the Preferred Package Server to host the vboot files in a Web Application called "landesk" and a virtual directory below that called "vboot"
     This virtual directory points to the following physical path:

"%programfiles(x86)%"\landesk\pxe\system\image\boot"

Issue : "Change settings" action in provisioning template can't be saved

$
0
0

Issue

You try to add a "Change settings" action in a provisioning template. After selecting the agent settings you want to change, the "OK" button is not working and you are not able to validate this step.

This issue has been seen only in french and german versions of EPM. A bug has been created and the fix will be release as soon as possible.

 

Workaround

 

1. Open Tools > Configuration > Agent Settings.

2. Click on the calendar with the clock, top left, and choose Change settings.

3. Select the settings you want to change and save it.

4.. Go to Tools > Distribution packages

5. A new package has been created with name "Change settings".

6. Open your provisioning template.

7. Add an action "Distribute software".

8. Choose the package previously created

9. OK

Machine Mapping with USMT profile restore?

$
0
0

I've been searching, but haven't been able to answer this question: can Machine Mapping be used to restore a profile with USMT on a new computer?  (We are on 9.6 SP2)

 

I've played around a bit with the SMA profile restoration and can restore a profile on a new computer using the Machine Mapping.  The negative of SMA is that it is no longer supported by Lenovo and the latest documentation they have is from 2009.  I would rather use an utility that is current and supported.

 

I have created a template that captures the profile off to a network share and then kicks off another template to load the OS and licensed software with the Machine Mapping tool.  This process works really well and I would like to be able to add the profile restore action to the kicked off template.  When specifying the store to capture the profile to in the capture template, I use the %ldhostname% variable for the store path:  \\server\share\profiles\%ldhostname% .  The launched template with the profile restore action will have a different name and thus the %ldhostname% will be different than the source computer. 

 

To back up a bit, I create a Bare Metal Server for the new computer (COMPUTER2) and map COMPUTER1 to COMPUTER2 in machine mapping.  We prefer to have a unique name for the second machine, but we would need to keep one machine name through this process, we may consider going that route.

 

Has anyone done this and if so, how did you do it?

 

Thanks.

Error: "PXE-E52: ProxyDHCP offers were received."

$
0
0

Issue

PXE boot fails and the following error shows up when PXE booting:

 

PXE-E52: ProxyDHCP offers were received. No DHCP offers were received.

 

Cause

This occurs when the PXE client receives a response from a PXE proxy but cannot contact the DHCP server.

A DHCP server is necessary for network booting to work correctly.

 

Understanding the PXE boot process

Resolution

Resolve the problem with the DHCP server.

 

Common issues and things to check
  • Is the IP Address scope full?
  • Are any addresses available for the PXE client?
  • Is network latency causing the client to time out before contacting the DHCP server?
    (Check ping between client subnet and DHCP)
  • Is the DHCP server down or is the DHCP Service stopped?
  • Are BootP packets being blocked between the PXE client and the DHCP server?

 

More information on PXE boot errors

 

Troubleshooting PXE boot (OSD)

Issue: First Action Fails in Provisioning Template after Booting into Windows

$
0
0

Purpose

This article will walk through resolving the issue of the first action after CTOS failing (usually installing the agent) when deploying Windows 10.

 

Problem

Provisioning fails at the first action in the system configuration area of the template when deploying a Windows 10 (Build 1703) image.

 

Cause

This appears to be an issue first discovered with Windows 10 Creator's Edition 1703.

A link to a discussion on a Microsoft website for more information is below:

Windows 10 v1703 - Provisioning Package - Microsoft Partners Forum

 

Solution

There are currently two working solutions:

 

1.) Include "<SkipMachineOOBE>true</SkipMachineOOBE> <SkipUserOOBE>true</SkipUserOOBE>" in the oobeSystem part of the unattend file being used (this is included by default in the LD_Default_Unattend.xml).

1703fix2.PNG

 

2.) Add a reboot with 100-second delay as the first action in system configuration area

1703fix.PNG

Provisionning - Dell optiplex 7060 - don't boot after restarting

$
0
0

Hello,

 

We receive new Dell optiplex 7060, but we have problem to image them with Landesk 2017.

I have no problem with others models of Dell (laptop and workstation)

 

 

I have install the good network driver and he start my template without problem.

the problem is after installig the new OS. The PC restarts, but he don't find the disk and start again on the network

 

 

He makes many tries on 2 PCs  : Disk on AHCI, on Raid, start on UEFI only, start on Legacy, nothing happends correctly.

On my PC, the Windows Manager Boot disappears f I was on UEFI mode...

 

 

I don't see where the problem is.

Has someone the same probleme ? How to solve it ?

 

 

Thanks a lot for your comeback

Stéphane


Need a PowerShell script to create a Bare Metal Device

$
0
0

Has anyone used or come up with a way to use PowerShell to create a Bare Metal Provision device?

Forcing provisioning to create a GPT

$
0
0

With the newest model of Dell laptop (Precision 7730) we have been having a bear of a time getting provisioning working, in part because the 32 bit Dell NIC drivers do not work if we use the legacy PXE boot option (which Dell has been zero help in).  To get around this, we are UEFI booting off a thumbdrive that has the boot.wim on it.  This works great, until the computer reboots, planning to go into Windows.  At this point, there is no Windows Boot manager, and we have no way to boot into the Windows installation we just put on the machine.  It seems the problem is because the provisioning job is creating an MBR instead of a GPT.  We are using the automatic "create partition" action, which says it will use GPT if it sees we are in UEFI, but it only ever uses MBR instead.

 

My question is, is there a way to force the job to use GPT instead of MBR?  If not, how do manually set up the GPT configuration?

 

Alternatively, if anyone knows what  can use for a NIC driver to get legacy boot to work on these Dell Precision 7730's, I would be happy with that as well (legacy boot works fine on our other Dell laptops and desktops).  We are using the latest 32bit Dell WinPE driver pack.

 

Thanks!

Update Base OS Deployment Image

$
0
0

Does anyone out there have a reliable way of integrating / updating a base windows OS image with MS updates for deployment?

 

Currently when we deploy our desktops and servers from LANDesk we have to sit for a couple of hours whilst it patches and updates.

 

I would love to be able to capture an updated image to use as a base deployment image but can't seem to find a reliable way to do this.

 

Just wondered if anyone else was doing anything that works.

How To: Launch Provisioning on a Client in Windows

$
0
0

Problem

 

In some situations it may be desirable to initiate a Provisioning task client side, without booting into WinPE.

Example: Launching a deploy profile Provisioning template.

 

 

Steps

 

  • Create a directory on the client to contain the ldprovision.exe
    • C:\ldprovision
  • Download/copy ldprovision.exe to the client machine.
    • Example location on Core: "C:\Program Files\LANDesk\ManagementSuite\ldlogon\provisioning\windows\ldProvision.exe"
    • Example destination on client: C:\ldprovision\ldProvision.exe
  • Launch ldProvision.exe as the Local System Account
  • ldProvision.exe will begin downloading prerequisites
  • When ldProvision.exe is ran as the Local System Account, it will present the Provisioning GUI which allows users to authenticate to the Core, and select templates.

gui1.png

 

gui2.png

 

 

Note: If ldProvision.exe is ran as any account other than Local System, it will present a command line interface.

Though this interface will allow users to authenticate to the core in the same manner as the GUI, its menu is not navigatable, as the directional keys/arrows act as escape commands.

 

 

cli.png

Landesk 9.5 SP2 and Lenovo P71 Help

$
0
0

I have been trying unsuccessfully to deploy an image to a Lenovo P71 laptop that has an Intel I219-V NIC. I have tried every driver I can find. I also called into support and was told that I need to boot into UEFI mode instead of Legacy. I have tried that and keep getting a PXE-E99: Unexpected Network Error after receiving an IP address. In Legacy Mode I keep getting "Waiting for IP address". I am desperate to get this laptop imaged. Does anyone know the magical driver I will need to make this work with version 9.5 SP2? We will be getting a new server, but it is going to be a while. Thanks.

Install Pxe server or uninstall pxe server

$
0
0

I'm running 2016 SP3 (self electing subnet services)

 

1. Do you have to push a full agent with the PXE set to make a computer a PXE server or is there a easier way.

 

2. If you no longer want a computer to be chosen as a PXE server do you have to Uninstall the complete agent then install a agent without the PXE set?

Will not PXE boot using UEFI

$
0
0

Running 2016 SP3

 

Has anyone out there had a problem where using Legeacy Rom bios setting works fine but UEFI bios settings do not even get the bootx64.wim pushed down?

I have tried 2 different computers. Took a computer that will boot using UEFI at another site but will not Pxe boot here using UEFI.

Tried different network jacks at different locations in case it was a switch or port.

Tried using 3 different designated PXE servers.

I have a case open but not seeming to get anywhere with support.


Provisioning pop up message

$
0
0

Hi All,

 

Does anyone know of a way of displaying a pop up message to notify the end user that a provisioning template is complete.

 

We us OS deployment via provisioning and i would like to display a pop up on screen when the provisioning template is complete. Without this end users cannot see when a machines has been imaged and provisioned. They have to call me up and ask "is it finished yet?"

 

very annoying!! this message would have to display on the CTRL-ALT DEL screen. I have tried using a VBscript to run as my last action in a template, but nothing is diplayed on screen,  i have tested a template that works when a user is logged in but cannot get it to display pre-logon?

 

Any ideas?

Deploying: Windows could not parse or process unattend answer file

$
0
0

When deploying my windows 10 image I get the error:

 

'Windows could not parse or process unattend answer file [C:\WINDOWS\Panther\unattend.xml] for pass [specialize]. The answer file is invalid.'

 

I don't get it i have succesfully used this unattend file previously for other images. Could there be a problem with the image i created it did something go wrong when the system went through the sysprep?

 

I have attached a copy of my unattend file if you could take a look and see if theres any issues with it?

 

much appreciated!

How to capture a Windows 10 image using IMAGEW.EXE.

$
0
0

Overview:

This document provides the steps necessary to capture a Windows 10 image using IMAGEW.EXE v2 for use in a provisioning template. The screenshots and steps in this document show Windows 10 but the same steps will work for Windows 7, 8 or 8.1.

 

 

Create a provisioning template to capture the image

1_OSProv.png

1. Open the Operating System Provisioning tool in the LANDESK Console by clicking Tools | Provisioning | OS Provisioning.

 

2_Capture.png

2. In the Operating system provisioning tool, click on the All my templates folder.

3. Click New Template and select the Capture Template option.

 

3_Capture.png

4. Enter a name for the template.

5. Enter a description for the template which is optional.

6. Select LANDESK ImageW V2 for the Image Type.

7. Enter the UNC path including the filename to the location where the image file will be saved. The filename extension will be .tbi.

8. If the image share does not exist, create it before trying to capture the image. You will also need to setup a preferred server for the computer where the image share is located if it has not already been done. Following Community article has information on setting up preferred servers:

How to configure the Preferred Server (Target) for Content Replication

 

Note: You must have Write Credentials specified in the preferred server section, the account used must have modify rights to the image share in order to capture the image.

 

9. Click Create.

4_Capture.png

10. The template created will show up in the Operating system provisioning tool under All my templates.

 

Install a PXE Representative

If PXE representatives have not already been installed, install a PXE representative on the same subnet as the Windows 10 computer. Instructions for installing PXE representatives is available in the following Community article:

How to configure Self Electing PXE services in LDMS 2016.3 or higher

 

Note: PXE representatives cannot have multiple NICs/LANs and they cannot have WIFI.

 

Prepare the Windows 10 Computer for Capturing the Image

1. Install Windows 10 on a computer or get a computer that already has Windows 10 installed. Make sure the LANDESK Agent is not already installed on the computer or it will need to be removed before capturing the image.

 

Note: Install the OS on the smallest partition possible so it can be deployed to as many different hard drives in the environment. ImageW captures all partitioned space and will only deploy to hard drives big enough to hold the captured partitions. It will expand the last partition to fill the drive if there is free space left over.

 

2. After the OS is installed, configure the OS with any Company requirements.

3. Install all OS patches currently available because this will save time in the long run so that the computers do not have to be patched later.

4. Install all applications that are common for all users in the company that this image will be deployed for their use.

 

Run SYSPREP.EXE to Prepare the OS for Capturing

SYSPREP.EXE is located in the Windows\System32\Sysprep folder on the Windows 10 computer.

For use in LANDESK, the computer can be sysprepped in Audit mode without the Generalize box checked or it can be sysprepped in OOBE mode with the Generalize box checked.

 

sysprep.png

Select the options for sysprep then click OK to run it. When sysprep is complete, the computer will shutdown.

 

Note: Do not let the computer boot into the OS until after the image is captured or you will have to run sysprep again.

 

Add a Bare Metal Server Entry

6_BareMetal.png

1. In the LANDESK Console, expand Configuration.

2. Right-click Bare Metal Devices and select Add Devices.

 

7_BareMetal.png

3. In the Add bare metal device window, select MAC address for the Identifier type from the drop-down list.

4. Click the Add button.

 

8_BareMetal.png

5. In the Bare Metal Device window, enter a name for the device in the Name box. Name it whatever you like because the name does not matter for the capture.

6. Make sure the Identifier type has MAC address selected then enter the MAC address of the Windows 10 computer in the Identifier box.

7. Click the Add button.

 

9_BareMetal.png

8. The MAC address will show up in Server identifiers. Click OK.

 

10_BareMetal.png

9. The computer added will show up in the Add a bare metal device window. Click OK.

 

11_BareMetal.png

10. The computer added will show up in the LANDESK Console in the Configuration | Bare Metal Devices folder after the LANDESK Inventory Server service processes it.

 

Create a Scheduled Task for the Capture Template

12_Task.png

1. Drag and drop the Bare Metal device on the Capture Template that was created previously.

 

13_Task.png

2. Click Save.

 

14_Task.png

3. Right-click the task created in the Scheduled tasks tool and select Start now | All.

 

15_Task.png

4. Expand the task and click on All devices under the task.

5. Give the task a minute to completely initialize and verify the task Status shows Waiting.

 

Network Boot the Windows 10 Computer to Capture the Image

1. Network boot the computer. Refer to the computers documentation, if you need help with how to network boot the computer.

 

16_PXE.png

2. WINPE is downloading from the PXE representative. The IP address shown is the IP address of the PXE representative that the client is communicating with which is useful to know for troubleshooting.

 

17_PXE.png

3. WINPE has finished downloading and is now initializing to run the template.

 

19_PXE.png

4. The provisioning template is running.

 

20_PXE.png

5. ImageW is now running and capturing the image.

 

21_PXE.png

6. When ImageW finishes, it will report a success or failure. Hopefully, it will report a success as shown in the screenshot above. The template progress window will only remain open for short time before closing. Check the status in the scheduled task to make sure it was successfully.

Vboot and Bitlocker

$
0
0

Hello

We normally deploy images by PXE. I'm testing deploying by rebooting a system into vboot and imaging said system.

I am running in to an issue where if a system is bitlockered, when it reboots and tries to go in to the WinPE environment it's asking for the bitlocker key.

Easy right, just suspend bitlocker... well, not that easy as I am finding.

 

What is the best method to suspend bitlocker before rebooting to vboot?

Disconnected Template Best Practices And How To Troubleshoot USB Creation Errors

$
0
0

What are we going through?

This article will cover best practices for creating a disconnected template and to help prevent some of the "gotchas" that commonly occur when creating one.

 

Items needed:

You will need a thumb drive large enough to fit all of the boot wims and image files.

Patience.

 

Step by Step:

 

  1. Make sure the core is configured as a preferred server in the content replication tool.
    1. The disconnected template tool needs to use credentials to authenticate with the core server when copying the files to the thumb drive.
    2. Add the core servers FQDN, Shortname, and IP address with valid read credentials (this is a best practice for provisioning):
  2. Go through your template and remove any actions that require communication to the core server. This includes, but is not necessarily limited to:
    • HII Actions
    • Public Variables (Including variables in the Unattend.xml)
    • Actions that require pulling preferred server credentials
    • Patching Actions
    • Software Distribution Actions
    • Device Name Prompter
      • As an alternative to the device name prompter, you can add a wait after the unattend is injected and then manually add the desired computer name to the unattend xml. Or you can rename the computer after the image is laid down.

Ivanti Support will not assist with any disconnected template issue if any of the actions are attempting (or need) to communicate with the core server. That is not an intended or supported configuration for disconnected templates.

   3. If you are creating a Deploy template, make sure the following is done before attempting creation of the disconnected template USB:

    1. Make sure the image is captured or split into 2 GB chunks
      1. If using ImageW TBI, use the following command line syntax when capturing the image (This cannot be done after the image is captured):/b /d:0 /rb:0 /max:2GB /f:\\Your_Image_Path\Capture.tbi
      2. If using an ImageX WIM, open an admin CMD window and use the following command to split the WIM into multiple SWM files: Dism /Split-Image /ImageFile:C:\YOUR_WIM_PATH\YOUR.WIM /SWMFile:C:\YOUR_WIM_PATH\YOUR.SWM /FileSize:2000

            b. If deploying a WIM/SWM file, make sure the deploy command line syntax is correct for split SWM file. See my example below:

 

 

            c. If you plan on installing an agent in the template, use the option "Use Self-Contained Client..." and point the template action to a self contained agent executable.

 

 

   4. Once your template has been sanitized of any actions that require communication to core server, grab your thumb drive, plug it into your Core Server or Remote Console, and right click the sanitized template and select "Create Disconnected Template".

    • Once you hit create, all data on the drive will be wiped and the thumb drive will be formatted into a disconnected template.
    • If everything is successful, you will have a functioning disconnected template!

 

 

Troubleshooting steps when the disconnected template fails creation:

 

Assuming that you are using a functioning sanitized template, there are a few errors that can occur when trying to create a disconnected template. The first place to look would be the disconnected template log:

 

C:\Program Files\LANDesk\ManagementSuite\log\provisioning\Disconnectedprovisioning.log

 

Check the log and see what errors are occurring during creation of the USB media. Here is a few snippets of errors that can occur and the ways to fix them:

 

ERROR BootMediaHelper  10/16/2018 3:06:08 PM  : Error Mapping drive, lddwnld returned: 100003
ERROR PActionOffline  10/16/2018 3:06:08 PM  : Could not copy image file: \\ps-ldms-us\Images\SvrStd_2012R2_16gb.tbi

 

The above error can be resolved by splitting the image file into 2GB chunks.

 

ERROR   PActionOffline      10/16/2018 11:46:31 AM   : Could not copy agent deploy to media.  This will not fail media creation but template will not work correctly.  Please manually fix this issue.

ERROR   POfflineProvisiong      10/16/2018 11:46:31 AM   : Could not copy some files referenced in the template. Template may have exported correctly, but the media will be missing some files.  Please manually copy files to media or fix configuration and retry.

 

The above error can be resolved by using a self contained agent in the template and verifying the path to the EXE is reachable through UNC.

 

ERROR   BootMediaHelper     10/16/2018 11:46:37 AM   : Error Mapping drive, lddwnld returned: 100003

ERROR   POfflineProvisiong      10/16/2018 11:46:37 AM   : Could not download provisioning tools. Template may have exported correctly, but the media will be missing some files.  Please manually copy files to media or fix configuration and retry.

 

The above error can be resolved by adding the core server to preferred server tool and verifying that the read credentials are valid. If using a remote console, make sure there is an agent installed on the remote console computer

Viewing all 1803 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>