WDS Deploying Windows  Part 3: Carry Out an Unattended Deployment

KB ID 0000738

Problem

In part two we built our reference machine and took an image of it using WDS. Now to automate the deployments we need to create some unattended answer files, these will answer all the questions that the Windows 8 machines will ask while they are building. We will take those files and import them into the WDS server we configured in part one. Finally to make sure everything is working we will deploy Windows 8.

Solution

Download and Install the Windows Assessment and Deployment Kit for Windows 8

1. We used to have the WAIK for Windows 7, now this has been replaced with the ADK. (download link).

2. It’s a MASSIVE download, it will take a long time.

Create a WDS Distribution Share

1. On a drive that has some room (Approx 5GB should be fine,) create a folder.

2. Launch the System Image Manager.

3. In the top left section > Right click ‘Select a Distribution Share’ > Select ‘Create Distribution Share..’

4. Navigate to the folder you created earlier.

5. Now you don’t need to do this next part, but I copy the full contents of the Windows 8 DVD into this folder as well.

6. Like so.

7. Then in the bottom left section > Right click > ‘Select Windows Image..’.

8. Navigate to the Windows 8 Media > Sources Directory > Select ‘install.wim’.

Note: The install.wim MUST match the version you are going to deploy, it’s no good pointing to a Windows 8 Pro image if you are going to deploy Windows 8 Enterprise.

9. Select the version you are going to deploy > OK.

10. This is normal, select yes to create a catalog file. It will take a while, it has to mount the image, interrogate it and create all the components. Now would be a good time to put the kettle on.

Create the Unattended file for WDS (WDSUnattended.xml)

This unattended file will be just for the WDS settings, it will not be applied to the image you are going to deploy. It sets the keyboard and language settings for WDS to use, then it gives the credentials to connect to WDS, and wipes all the partitions from the target machines hard drive. It then repartitions it ready for deployment.

WARNING: As reiterated below, the disk configuration settings below will wipe the target machines drive of ALL partitions, even manufacturers rescue partitions. If you are imaging machines anyway this should not be a problem, but don’t email me to complain of you lose the recovery files for a laptop/PC while you were practicing!

1. Create a new answer file.

2. The components may not start amd64 (if you are deploying x86 images) and some of the numbers might be different on yours. But the main titles of the components will be the same. Locate Microsoft-Windows-Internationa-Core-WinPE.

3. Add it to Pass 1. If you are unfamiliar with SIM, you add a component (or a sub component) to one of the ‘Passes’ in the center, then you can select that component (or sub component) and set the values for its settings in the top right hand section. The SIM builds an XML file in the background which will become the unattended answer file.

4. You will now see this component under pass 1, select it and set the following settings. (These are for my local English Great Britain settings, you may need to change your settings according to your locale).

InputLocale = en-GB SystemLocale = en-GB UILanguage = en-GB UILanguageFallback = en-GB UserLocale = en-GB

5. Select the SetupUILanguage sub component.

UILanguage = en-GB

Wiping the Targets Hard Drive and Partitions with WDS

6. Locate the Microsoft-Windows-Setup component > Disk Configuration sub component.

7. Add to Pass 1.

8. Right click > Insert New Disk.

9. Expand > Disk > Create Partitions > Right click > ‘Insert New CreatePartition’.

10. Select the DISK.

Disk ID = 0 WillWipeDisk = true

11. Select the Partition.

Extend = true Order = 1 Type = Primary

12. Right click ModifyPartition > Insert New ModifyPartition.

13. With the new ModifyPartition selected.

Action = AddlistItem Active = true Extend = false Format = NTFS Label = SYSTEM Letter = C Order = 1 PartitionID = 1

Select Partition to install Image to

1. Locate the WindowsDeploymentService sub component, (also in Microsoft-Windows-Setup).

2. Add to Pass 1.

3. Expand Image Selection > Install To.

Disk ID = 0 PartitionID = 1

4. Expand Login > Credentials.

Domain = {Your domain name i.e. petenetlive.com would be PETENETLIVE). Password = {Of a user with administrative rights – IT WILL GET OBFUSCATED*). Username = {Of a user with administrative rights).

*I used to say ‘encrypted‘, but thats NOT the case, they are simply Base64 encoded.

Attach the Answerfile to the WDS Server

1. Save the file you have just created.

2. Place it in your Remoteinstall folder in the WdsClientUnattend sub folder.

3. Launch the Windows Deployment Services management console > Expand Servers > Right click your server > Properties.

4. Client tab > Tick to enable unattended installation > I’m deploying x64 bit images so next to that option > Browse.

5. Navigate to and select the file you have just created > Open > Apply > OK.

Create the Unattended file for Your Image (OOBEUnattend.xml)

1. Create a new answer file.

2. Locate the Microsoft-Windows-Shell-Setup component.

3. Add to Pass 4.

4. With the component selected.

ComputerName = * CopyProfile = true (Unless you don’t want to copy the profiles from your source image). ProductKey = Your 25 character Windows 8 unlock code Note: Only put in a code of you are deploying with MAK keys or Retail Keys, if you are planning on using KMS leave this option blank RegisteredOrganization = Your business name. RegisteredOwner = Your owners name. ShowWindowsLive = false {now depreciated for Windows 8} TimeZone = GMT Standard Time Note: For other time zones see here

Automatically Join the Domain

1. Locate the Microsoft-Windows-UnattendedJoin component

2. Add to Pass 4.

3. With Identification selected.

JoinDomain = {Your domain name i.e. petenetlive.com would be PETENETLIVE). UnsecureJoin = true

Set the Image Language and Keyboard Settings

4. Locate the Microsoft-Windows-International-Core component.

5. Add to Pass 7.

6. With the component selected.

InputLocale = en-GB SystemLocale = en-GB UILanguage = en-GB UILanguageFallback = en-GB UserLocale = en-GB

7. Locate the Microsoft-Windows-Shell-Setup component > OOBE sub component

8. Add to Pass 7.

9. With the OOBE sub component selected.

HideEULAPage = true HideLocalAccountScreen = true HideOnlineAccountScreen =true HideWirelessSetupInOOBE = true NetworkLocation = Work {sets the firewall settings} ProtectYourPC = 1

Set the Local Administrator Password and Add a Local Administrator

Note: The local admin account is disabled by default, so here I’m setting the local admin’s password, and then creating a new local admin user called Sysadmin.

1. Locate the Microsoft-Windows-Shell-Setup component > UserAccounts sub component

2. Add to Pass 7.

3. With AdmnistratorPassword selected set the password value.

4. Right click LocalAccounts > Insert New LoacalAccount.

5. With LocalAccount selected.

Action = AddListItem Description = Sysadmin DisplayName = Sysadmin Group = Administrators Name = Sysadmin

6. Then set the password value.

7. Save the answer file.

8. Save the file as OOBEUnattand.xml

Attach the Answer file to the Windows 8 Image

1. Launch the Windows Deployment Services Management console.

2. Locate the Windows 8 Image you are attaching the answer file to > Right click > Properties.

3. Tick the option ‘Allow image to install in unattended mode’ > Select File > Browse.

4. Select the OOBEUnattend.xml file you created earlier.

5. Note: It makes a copy of the file and stores it elsewhere calling it ImageUnattend.xml (watch out for this if you need to edit the answer file and nothing changes!)

Deploy Your Windows 8 Image.

1. Boot your target machine to the network via pXe > Press F12 to boot from the WDS.

2. Install an Image.

3. Select the image you want to deploy.

4. After the install, the machine should reboot and present you with a domain logon.

5. And your programs and settings will be pre-configured.

Related Articles, References, Credits, or External Links

2012 – WDS Deploying Windows 8 Part 2: Prepare Windows 8, and Capture to WDS

ASA Upgrading and Imaging a Hardware CX Module

KB ID 0001025

Problem

Last time I had to do one of these the process was very straight forward, one command and the ASA got its new image from FTP, extracted it, and then installed it.

I had a CX module fail last week, and Cisco shipped me out a replacement. After installing it and running the setup, I needed to upgrade it (it will be managed by PRSM). It was running version 9.0.2 (probably been on the shelf a while!). And every time I tried to run a system upgrade it told me this, (regardless of what version I tried to install).

[box]This package is not applicable to release 9.0.2.[/box]

If I tried to set a boot image in the ASA, I got the following errors;

[box] Module 1 cannot be recovered.

OR

ERROR: Module in slot 1 does not support recovery

[/box]

Well there is a boot image especially for the 5585-X CX module, so how do you use it?

Solution

Remember the ASA-SSP-CX unit is basically the same hardware as the ASA, you need to boot that card to ROMMON, then install the boot image via TFTP. Once that’s loaded you can run setup and install the new software package.

1. As you can see this one’s running a very old OS.

[box] Petes-CX>show version

Cisco ASA CX Platform 9.0.2 (103)

Cisco Prime Security Manager 9.0.2 (103) for Petes-CX firewall

Petes-CX>

[/box]

2. Reload the module and as it starts to boot, send a ‘break’ keystroke.

[box] Petes-CX>system reload
Are you sure you want to reload the system? [N]: y
Broadcast message from root (console) (Mon Jan 19 14:47:09 2015):
The system is going down for reboot NOW!
INIT: SwitchingStopping OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 3862)
.
Stopping Advanced Configuration and Power Interface daemon: no /usr/sbin/acpid found; none killed
stopping Busybox inetd: inetd… stopped inetd (pid 3875)
done.
Stopping Vixie-cron.
Stopping ntpd: stopped process in pidfile ‘/var/run/ntp.pid’ (pid 3880)
done
Stopping syslogd/klogd: done
Deconfiguring network interfaces… done.
Stopping CGroup Rules Engine Daemon…stopped /usr/sbin/cgrulesengd (pid 3865)

Success
CGRE[3865]: Stopped CGroup Rules Engine Daemon at Mon Jan 19 14:47:13 2015
Stopping cgconfig service: Success
Sending all processes the TERM signal…
Sending all processes the KILL signal…
Unmounting remote filesystems…
Deactivating swap…
Unmounting local filesystems…
umount2: Device or resource busy

——————————————
–Output Removed for the Sake of Brevity–
——————————————

The system is restarting…

CISCO SYSTEMS

Embedded BIOS Version 2.0(13)0 20:40:45 10/21/11

USB storage device found … SMART eUSB USB Device

Total memory : 12 GB

Total number of CPU cores : 8

CPLD revision 0008h
Cisco Systems ROMMON Version (2.0(13)0) #0: Fri Oct 21 20:01:34 CDT 2011

Use BREAK or ESC to interrupt boot.Use SPACE to begin boot immediately.Boot in 10 seconds.

Boot interrupted.

Management0/0
Link is UP
MAC Address: 6c20.5658.928c

Use ? for help.
rommon #0>

[/box]

3. Remember in ROMMON mode you need to set up all the network settings to copy in the boot image (where 192.168.1.10 will be the CX,and .101 is the TFTP server).

Note: This is the BOOT image, it will have a .img file extension.

[box] rommon #0> ADDRESS=192.168.1.10
rommon #1> SERVER=192.168.1.101
rommon #2> GATEWAY=192.168.1.1
rommon #3> IMAGE=asacx-boot-9.3.2.1-9.img
rommon #4> [/box]

4. Make sure you can ping the TFTP server.

[box]rommon #4> ping 192.168.1.101
Sending 20, 100-byte ICMP Echoes to 192.168.1.101, timeout is 4 seconds:
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20)[/box]

5. Issue a sync command, then start the transfer.

[box]

rommon #5> sync

Updating NVRAM Parameters…

rommon #6> tftp
ROMMON Variable Settings:
ADDRESS=192.168.1.10
SERVER=192.168.1.101
GATEWAY=192.168.1.1
PORT=Management0/0
VLAN=untagged
IMAGE=asacx-boot-9.3.2.1-9.img
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20

tftp asacx-boot-9.3.2.1-9.img@192.168.1.010 via 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

——————————————
–Output Removed for the Sake of Brevity–
——————————————

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received 65605385 bytes

Launching TFTP Image…

Execute image at 0x14000
[STUB]
Boot protocol version 0x209

——————————————
–Output Removed for the Sake of Brevity–
——————————————

Starting syslogd/klogd: done
Cisco ASA CX Boot Image 9.3.2.1

Petes-CX login: admin
Password: ************

Cisco ASA CX Boot 9.3.2.1 (9)
Type ? for list of commands
Petes-CX-boot>

[/box]

WARNING the following procedure will erase all the settings from your CX module

6. Partition the CX module drive. (This takes a long time, good time to put the kettle on!)

[box]

Petes-CX-boot>partition
WARNING: You are about to erase all policy configurations and data.
You cannot undo this action.
Are you sure you want to proceed? [y/n]:y
Logical volume “data” successfully removed
Logical volume “var” successfully removed
Logical volume “packages” successfully removed

——————————————
–Output Removed for the Sake of Brevity–
——————————————

Persistent partition is there so create symbolic link /etc/ntp.conf
Persistent partition is there so create symbolic link /etc/hosts
Petes-CX-boot>

[/box]

7. Run the basic setup.

[box]

Petes-CX-boot>setup

Welcome to Cisco Prime Security Manager Setup
[hit Ctrl-C to abort]
Default values are inside []

Enter a hostname [asacx]: Petes-CX
Do you want to configure IPv4 address on management interface?(y/n) [Y]: Y
Do you want to enable DHCP for IPv4 address assignment on management interface?(y/n) [N]: N
Enter an IPv4 address [192.168.8.8]: 192.168.1.10
Enter the netmask [255.255.255.0]: 255.255.255.0
Enter the gateway [192.168.8.1]: 192.168.1.1
Do you want to configure static IPv6 address on management interface?(y/n) [N]: N
Stateless autoconfiguration will be enabled for IPv6 addresses.
Enter the primary DNS server IP address: 192.168.1.20
Do you want to configure Secondary DNS Server? (y/n) [n]: Y
Enter the secondary DNS server IP address: 192.168.1.21
Do you want to configure Local Domain Name? (y/n) [n]: Y
Enter the local domain name: petenetlive.com
Do you want to configure Search domains? (y/n) [n]: Y
Enter the comma separated list for search domains: petenetlive.com
Do you want to enable the NTP service? [Y]: Y
Enter the NTP servers separated by commas: 192.168.1.31,192.168.1.32
Do you want to enable the NTP symmetric key authentication? [N]: N
Please review the final configuration:
Hostname:Petes-CX
Management Interface Configuration

IPv4 Configuration:static
IP Address:192.168.1.10
Netmask:255.255.255.0
Gateway:192.168.1.1

IPv6 Configuration:Stateless autoconfiguration

DNS Configuration:
Domain:petenetlive.com
Search:
petenetlive.com
DNS Server:
192.168.1.20
192.168.1.21

NTP configuration:
192.168.1.31,192.168.1.32
CAUTION:
You have selected IPv6 stateless autoconfiguration, which assigns a global address based on network prefix and a device identifier. Although this address is unlikely to change, if it does change, the system will stop functioning correctly.
We suggest you use static addressing instead.

Apply the changes?(y,n) [Y]: Y
Configuration saved successfully!
Applying…
Restarting network services…
Restarting NTP service…
Done.
Press ENTER to continue…
Petes-CX-boot>

[/box]

8. You can now upgrade the CX module from FTP.

Note: This is the SYSTEM image, it will have a .pkg extension.

[box]

Petes-CX-boot>system install ftp://192.168.1.101/asacx-sys-9.3.2.1-9.pkg
Verifying..
Downloading..
Extracting..
Package Detail
Description:Cisco ASA-CX 9.3.2.1-9 System Upgrade
Requires reboot:Yes

Do you want to continue with upgrade? [y]: y

Warning: Please do not interrupt the process or turn off the system.
Doing so might leave system in unusable state.

Upgrading..
Starting upgrade process ..
Populating new system image..
Copying over new application components..
Cleaning up old application components..
Reboot is required to complete the upgrade. Press ‘Enter’ to reboot the system.

PRESS ENTER

Broadcast message from root (consoStopping OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 2883)

[/box]

9. After the module has reloaded, log in and make sure every thing is working.

[box]

Petes-CX login: admin
Password:***********


    Cisco Prime Security Manager 9.3.2.1 (9) for Petes-CX firewall
  Type ? for list of commands

Petes-CX>show services status
============================================================
Process           | PID   | Up    | Up Time
============================================================
HTTP Server       | 6139  | True  | 00:02:00
Data Plane        | 6665  | True  | 00:01:35
Opdata Helper     | 6299  | True  | 00:01:59
AD Interface      | 6674  | True  | 00:01:35
HW Regex Server   | 6572  | True  | 00:01:43
Message Nameserver| 6279  | True  | 00:01:59
HTTP Auth Daemon  | 6469  | True  | 00:01:57
Management Plane  | 6481  | True  | 00:01:57
signup            | 6347  | True  | 00:01:59
PDTS              | 6442  | True  | 00:01:59
Predictive Defense| 6679  | True  | 00:01:35
HTTP Inspector    | 6689  | True  | 00:01:35
HPM Monitor       | 6684  | True  | 00:01:35
Updater           | 7772  | True  | 00:00:19
Card Manager      | 6071  | True  | 00:02:00
ARP Daemon        | 6458  | True  | 00:01:58
Event Server      | 6512  | True  | 00:01:52
TLS Proxy         | 6719  | True  | 00:01:35
============================================================
Petes-CX>

[/box]

 

Related Articles, References, Credits, or External Links

Special thanks to Veronika Klauzova from Cisco TAC