I don’t deploy large amounts of servers at once, so Windows Server sysprep is not as important as it is with the client operating systems I deploy. But I do need to create virtual machine templates, (mostly for testing), but some clients like to have server templates. I prefer to manually sysprep and shutdown a server then either convert or clone it to a template.
Thankfully sysprep is in the same place as it was with Server 2008 R2.
Solution
As before you can either run sysprep from command line by navigating to its location and running it with the correct switches. Or simply browse to it with Windows Explorer and double click it.
Related Articles, References, Credits, or External Links
Seen while attempting to install Microsoft Management Framework 5.1 on Server 2012 R2, (to upgrade PowerShell).
Windows Update Standalone Installer
The update is not applicable to your computer
Solution
Well in the the end it turns out I was being a doofus! I was installing W2K12-KB3191565-x64.msu which is for Server 2012 (Not Server 2012 R2!) Look a bit lower, you need Win8.1AndW2K12R2-KB3191564-x64.msu.
The solution was in front of me the whole time!
Related Articles, References, Credits, or External Links
Life was simpler when we had DVD Drives and a wallet full of CD/DVDs! I was building an HP DL360 This morning and needed to install Windows. I created a bootable USB with Unetbootin and selected a Windows Server ISO, it wouldn’t boot. So I thought ‘Fine I’ll play the game” I pressed F10 for Intelligent Provisioning.
After selecting USB media – the system could not see my USB Drive?
After a couple of seconds head scrathing the penny dropped, it wants the iso not a bootable drive, (doofus!) So I used a FAT formatted USB and that didn’t work either?
Option 1: Use iLO
Before you all start emailing me, you can install an operating system from virtual media WITHOUT and advanced iLO licence! Annoyingly I was building the server on the bench, so I had to connect my laptop into the iLO with a crossover cable but, here’s me proving it works.
Option 2: Use ExFAT
Format your USB drive using ExFAT, luckily I use macOS and Disk Utility will format a drive using ExFAT for me.
Note: Windows will also format as ExFAT 🙂
Then simply put your install .iSO file(s) on the media.
Now you can see your install media.
Option 3: Use the HP Media Creator
I didn’t try this option, but feel free to download it and give it a try, comment below to let me know how you get on.
I needed to work out how to bulk disable some domain users from a .CSV file this week, so I thought I’d write it up.
Disable Domain Users in Bulk from CSV
Well firstly, you need to have your users in a CSV file. For the live job I just exported all the SamAccountNames to a CSV, but here for testing I just loaded a few in manually;
While replacing a server, I copied over some scripts, (batch files) the client was using to back up some data. I scheduled them on the new server, but noticed they were finishing with a status of 0x1. (and not actually backing anything up!)
Solution
Edit the properties of the job > General Tab > Tick “Run with the highest privileges”.
Note: You can also tick “Do not store password. This task will only have access to local computer resources” if the process is only running on this machine.
Actions > Select the Action and edit it > Change the ‘Start In‘ section, so that it points to the folder the script is in > OK >Apply > OK.
Rerun the job and it should complete with a 0x0 status (successful).
Related Articles, References, Credits, or External Links
I needed to add .Net 3.5 to a Windows Server for an application install, but when I added it as a ‘feature’ it failed.
Server 2016
The request to add or remove features on the specified server failed. The source files could not be found. Use the “Source” option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077. Error: 0x800f08081f
Server 2012
Installation of one or more roles, role services, or features failed.
The source files cannot be found. Try installing the roles, role services, or features again in a new Add Roles and Features Wizard session, and on the Confirmation page of the wizard, click “Specify an alternate source path” to specify a valid location of the source files that are required for the installation. The location must be accessible by the computer account of the destination server.
Solution
1. Open an Administrative Command Window.
2. Insert the Server 2012 Install DVD (or present the .ISO if its a virtual machine) >Execute the following command;
[box]
Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess
Where D: is the DVD Drive Letter
[/box]
That Didn’t Work?
I had this problem again this week at a clients site. They were running Server 2012 R2 and needed .Net 2.0 for an application they used. However, when I tried to install it (as above) this happened;
[box]
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Windows\system32>dism /online /enable-feature /featurename:NetFx3 /ALL /Source:D:\sources\sxs /LimitAccess
Deployment Image Servicing and Management tool
Version: 6.3.9600.17031
Image Version: 6.3.9600.17031
Enabling feature(s)
[===========================66.2%====== ]
Error: 0x800f081f
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information
on specifying a source location, see
http://go.microsoft.com/fwlink/?LinkId=243077.
The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
C:\Windows\system32>
[/box]
Error: 0x800f081f
So I tried via PowerShell and got this;
[box]
Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. All rights reserved.
PS C:\Windows\system32> Install-WindowsFeature -name NET-Framework-Core -source D:\sources\sxs
Install-WindowsFeature : The request to add or remove features on the specified server failed.
Installation of one or more roles, role services, or features failed.
The source files could not be downloaded.
Use the "source" option to specify the location of the files that are required to restore the feature. For more
information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077. Error: 0x800f0906
At line:1 char:1
+ Install-WindowsFeature -name NET-Framework-Core -source D:\sources\sxs
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (@{Vhd=; Credent...Name=localhost}:PSObject) [Install-WindowsFeature],
Exception
+ FullyQualifiedErrorId : DISMAPI_Error__Cbs_Download_Failure,Microsoft.Windows.ServerManager.Commands.AddWindowsF
eatureCommand
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
False No Failed {}
PS C:\Windows\system32>
[/box]
Error: 0x800f0906
If you are having similar problems, try running the install from Server Manager > Manage > Add/Remote Roles and features, then specify a different source;
Or you can try using the Microsoft .Net Framework Repair Tool;
There is a ‘known problem’ That is caused by Window update 2966828.
To see if you have it installed, run the following command;
[box]
Get-Hotfix | Where HotfixID -match "2966828"
[/box]
Above you can see I DON’T have it installed, if you do, then remove it.
Another ‘known problem’ is, if your server has multiple language packs installed, run ‘lpksetup’ and remove any other language packs, (you can add them back afterwards.) So it looks like this;
None of the above worked for me, what I did was download a new ISO image for Server 2012 R2, then I copied the ‘sources’ directory from the ISO to the servers C: drive, then ran the following command;
I first saw this problem a few months ago, when I wasted to download some .bin and .pkg files from a web server running IIS, into a Cisco firewall. Then again this week I needed to get a large .iso file into a clients network so I put it on a publicly accessible web server running IIS, and had the problem again.
Solution
On the IIS server, open administrative tools > Internet Information Services (IIS) Manager > Drill down to the default website > Locate the ‘MIME Types‘ and open them.
You will probably find there is not one for the file extension you cannot download (in this case .iso) > Add one in > Set the MIME type to;
application/octet-stream
Then re-try your download.
Related Articles, References, Credits, or External Links
VMware Workstation, is a great test tool, if i need to take a look at some new software, or plan how I’m going to do a job, and I don’t have access to the ESX server, or test bench, it’s a great tool to have on my laptop.
If you build machines form scratch, every time you need one it can take a while. To address that you can create a template and deploy machines from that. To make things even more efficient you can make then ‘linked clones’. If you use VDI you will probably be aware of linked clones, they use the hard drive of the machine they were created from, and maintain a ‘delta disk’ that holds the differences, this make them very efficient at using hard drive space, (which is good if you are running on a laptop!)
Solution
1. I’ve titled this Windows 8 and Server 2012, but this process works for just about any modern version of Windows. Build the machine that will be the template, and install all the latest updates. Locate sysprep.exe uisually in C:WindowsSyste32Sysprep, and run it. Ensure the ‘Generalize’ option is selected, and the shutdown option is set to ‘Shutdown’.
2. Once finished the machine will shutdown, in VMware Workstation right click the VM > Snapshot > Take Snapshot > Give the snapshot a sensible name > Take Snapshot.
3. Once complete > Right Click the VM again > Settings > Options Tab > Advanced > Select ‘Enable Template mode (to be used for cloning) > OK.
4. Now every time you want a new VM simply right click the template > Manage > Clone > When the wizard starts > Next.
5. Choose the snapshot name you picked in step 2 > Next > Linked Clone (if you choose full clone it creates a complete new machine and will take a LOT of system resources) > Next > Give it a name > Finish.
6. Power on your new machine and it will run the mini windows setup, and behave like a completely new VM.
Related Articles, References, Credits, or External Links
ESXi comes with a self signed certificate, and for most people thats fine, but some clients want to have a ‘Trusted’ certificate on theirs, and have their own PKI infrastructure for issuing them.
Below I will generate a new certificate for my ESXi server using the Active Directory Certificate Services role on Windows Server 2012. Then replace the self signed certificate with my new one.
Solution
Generating a Certificate Request From the ESXi Server
1. Before we start there are a couple of hoops to jump through, and a Windows machine (it does not mater which one), install the following tow pieces of software;
Microsoft Visual C++ 2008 Redistributable Package (x86) and Shining Light Productions installer for OpenSSL x86 version 0.98r (or later)
Accept all the defaults and it should install to C:OpenSSL-Win32 go there, and in the bin directory make a backup of the openssl.cfg file.
2. Open the original openssl.cfg file and delete everything out of it, then paste in the following text, replace the values in red with your own, and save the file.
You will notice rui.csr has been created in the bin directory this is the file you need to request your certificate, if you open the file with Notepad you can copy the text.
Submit the Certificate Request and Get an ESX Certificate From a Windows CA
4. Open the web console of your certificate services server (it needs to be running the Certification Authority Web Enrollment role). The URL is usually http://{servers IP or Name}/Certsrv. Select ‘Request a certificate’.
5. Advanced certificate request.
6. Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
7. Paste in the text from your csr file (with no extra spaces!). Set the Certificate Template to ‘Web Server’ (the default lifetime for the Web Server template is 2 years. If you require longer, I suggest you clone the Web Server Template, change the lifetime and republish it in Active Directory Certificate Services).
8. Base 64 encoded> Download certificate.
9. Save the file as rui.cer and put it in the bin directory.
10. ESX needs the certificate to be in x509 format, so open a command window and execute the following commands;
[box]
cd C:OpenSSL-Win32bin
openssl x509 -in rui.cer -out rui.crt
12. Connect to the ESX host via SSH, and make a backup of the current keys (just in case).
[box]
cd /etc/vmware/ssl
mv rui.crt backup.rui.crt
mv rui.key backup.rui.key
[/box]
13. Using WinSCP copy the rui.crt and the rui.key files from the bin directory, to the /etc/vmware/ssl directory on your ESX host. WARNING: Set the copy type to ‘Text’ or ASCII or you may get some strange results.
14. Then either restart the management agents, or from your SSH session execute the following command;
[box]/sbin/services.sh restart[/box]
15. The simplest way to check is browse to the FQDN or your ESX host (the same name you used as the common name in step 2), and take a look at the certificate.
Related Articles, References, Credits, or External Links