I don’t deploy large amounts of servers at once, so Windows Server sysprep is not as important as it is with the client operating systems I deploy. But I do need to create virtual machine templates, (mostly for testing), but some clients like to have server templates. I prefer to manually sysprep and shutdown a server then either convert or clone it to a template.
Thankfully sysprep is in the same place as it was with Server 2008 R2.
Solution
As before you can either run sysprep from command line by navigating to its location and running it with the correct switches. Or simply browse to it with Windows Explorer and double click it.
Related Articles, References, Credits, or External Links
Thankfully I don’t see a SID error very often these days;
The following error occurred when attempting to join the domain ‘{domain-name}
The domain join cannot be completed because the SID of the domain you attempted to join was identical to the SID of this machine. This is a symptom of an improperly cloned operating system install. You should run Sysprep on this machine in order to generate a new machine SID.
Resolve SID Errors (Joining Domains)
In my case it was a server I was deploying into EVE-NG and I hadn’t ran says-rep on the image, (typically I only need one Windows server in my EVE-NG labs, but this time I needed another), so then I added a second and tried to add it to a domain, this happened. I should know better really!
If you have ever deployed or imaged Windows you can probably guess what the fix is, ‘Run Sysprep‘.
Note: I will probably get emails saying ‘Why not just run NewSID?’, well because it’s not officially supported any more, and sysprep is.
Navigate to C:\Windows\System32\Sysprep and run sysprep.exe > Tick the ‘Generalize’ option > Set the Shutdown option to ‘Reboot” > OK.
Go and have a coffee, when the server reboots, run though the OOBE setup, and try to join the domain again.
Related Articles, References, Credits, or External Links
Before you start troubleshooting clients, how long have you waited? I usually setup and configure WSUS up at the start of a job, then leave it alone for a few DAYS, before I start worrying.
Here are the steps I usually follow to get the machines listed in the WSUS management console.
Solution
Before doing anything further, simply try running the following two PowerShell commands, (on the problem client,) and then waiting for a few hours;
1. Assuming you are deploying your WSUS settings by GPO, make sure the machine in question is actually trying to apply the policy, you can do this by running rsop.msc like so:
Or by running gpresult /R from command line
Note: If you cannot see Computer Policy / Computer Settings, i.e. you can only see user settings, then you are probably not running the command window as ‘Administrator’ (Locate cmd.exe > right click > Run as Administrator).
2. If you are enforcing by GPO, or directly via registry edit, your next step is to check that the registry entries exist. Start > In the Search/Run box type regedit {Enter}. Navigate to:
[box]HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows > WindowsUpdate[/box]
3. Start > In the Search/Run box type services.msc {enter} Locate the Windows Update service and ensure it is running.
4. Then locate the Background Intelligent Transfer Service and make sure that’s also running.
5. To make sure the client can see the WSUS website, open a browser window, and navigate to http://{name-of-the-wsus-server}/iuident.cab and make sure you can open/download the file.
6. If all the above is OK, you can try forcing a registration with the following command;
[box]wuauclt /detectnow[/box]
7. All update events are being logged, you can find the log at c:windowsWindowsUpdate open the file with notepad.
8. Scroll all the way to the end, then work upwards looking for errors.
9. Sometimes if you image a machine (Or clone a VM) it keeps it’s unique update ID, if this happens then the first machine with this ID to register gets listed, and all the rest do not. To find out if this is your problem, locate and stop the Windows update service on an affected client.
10. Open the registry Editor and navigate to:
[box]HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > WindowsUpdate[/box]
Locate and delete the SusClientId entry.
11. Restart the Windows Update service and run the following two commands:
I’ll cover the ones that have tripped me up, if you find some new ones feel free to post them below.
Solutions
Before continuing, the image needs to have the Horizon Agent installing within it, and it has to be the SAME version that your Composer and Connection servers are running, (or newer). Also your Horizon servers are connecting to VMware vCenter using an account, (in a lot of cases that will be the domain administrator account, or an account you setup for this reason), make sure that account has global administrator properties in vSphere.
Also in your image install the LATEST version of VMWare Tools, Note: that might be NEWER than the one that you have on your ESX servers, download it and install it manually, (to do this uninstall the old VMWare Tools, then Uninstall the Horizon Agent, then Install the NEW VMWare Tools, then finally reinstall the Horizon Agent again. (Note: If using Horizon Composer, make sure you install the composer option!)
Horizon Inability to get a licence for your KMS Server.
For sysprep obviously you need to be deploying images with sysprep and NOT quick prep, if you are using sysprep check the error log, (if the error log is empty, then sysprep is not your problem).
Navigate to: C:\Windows\System32\Sysprep\Panther\setuperr.log
Sysprep Problem 1
Problem 0x0f0043 Failed DeleteInstance AntiSpywareProduct
Error [0x0f0073] SYSPRP RunExternalDlls:Not running DLLs; either the machine is in an invalid state or we couldn't update the recorded state, dwRet = 0x1f
Error SYSPRP WinMain:Hit failure while processing sysprep re-specialize internal providers; hr = 0x8007001f
Error SYSPRP Error 0x-2147417850: Failed to re-enable Compat-Gentel custom trigger.[gle=0x0000047e]
Error SYSPRP setupdigetclassdevs failed with error 0
[/box]
This is happening because the machine you are using as your image has been sysprepped too many times, you nee to make some changes on the reference image to reset/rearm it, so it can be sysprepped.
On your image machine run regedit and navigate to;
HKLM > SYSTEM > Setup > Status > Sysprep Status
Ensure the following;
CleanupState is set to 2
GeneralizationState is set to 7
Open an administrative command window and execure the following commands;
[box]
msdtc -uninstall
msdtc -install
[/box]
Back in registry editor navigate to
HKLM > SOFTWARE > Microsoft > Windows NT > CurrentVersion > SoftwareProtectionPlatform
Set SkipRearm to 1
Try again.
Related Articles, References, Credits, or External Links
While building a new Windows 10 machine to be used as a template, I ran Sysprep to generalise the installation, and got this;
Sysprep was not able to validate your Windows Installation.
Review the log file at
%WINDIR%\System32\Sysprep\Panther\setupact.log for
details. After resolving the issue, use Sysprep to validate yout
Installation again.
Solution
What I did was Google the error, instead of looking at the log file, and read a post that said this can happen if the reference machine has not been activated, and went down a blind alley because THATS NOT TRUE of course you can generalise a newly deployed ‘non-activated’ reference machine.
When I finally read the error log, I found the following;
[box]
Package Microsoft.LanguageExperiencePacken-GB_17763.6.14.0_neutral__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.
Failed to remove apps for the current user: 0x80073cf2
Exit code of RemoveAllApps thread was 0x3cf2.
[/box]
This problem is being caused by an app, (Windows has suffered with this since Windows 8!) I’ve highlighted the app name above, yours may have a different name, but the fix is the same. We need to remove that app, and stop Windows connecting to the internet to install more app shenanigans!
Disconnect the reference machine from the internet by disconnecting its NIC, (below I’m using a VMware VM).
Run a PowerShell window, (as Administrator) and execute the following command, (obviously use the name of your offending app rather than mine if it’s different!).
VMware Workstation, is a great test tool, if i need to take a look at some new software, or plan how I’m going to do a job, and I don’t have access to the ESX server, or test bench, it’s a great tool to have on my laptop.
If you build machines form scratch, every time you need one it can take a while. To address that you can create a template and deploy machines from that. To make things even more efficient you can make then ‘linked clones’. If you use VDI you will probably be aware of linked clones, they use the hard drive of the machine they were created from, and maintain a ‘delta disk’ that holds the differences, this make them very efficient at using hard drive space, (which is good if you are running on a laptop!)
Solution
1. I’ve titled this Windows 8 and Server 2012, but this process works for just about any modern version of Windows. Build the machine that will be the template, and install all the latest updates. Locate sysprep.exe uisually in C:WindowsSyste32Sysprep, and run it. Ensure the ‘Generalize’ option is selected, and the shutdown option is set to ‘Shutdown’.
2. Once finished the machine will shutdown, in VMware Workstation right click the VM > Snapshot > Take Snapshot > Give the snapshot a sensible name > Take Snapshot.
3. Once complete > Right Click the VM again > Settings > Options Tab > Advanced > Select ‘Enable Template mode (to be used for cloning) > OK.
4. Now every time you want a new VM simply right click the template > Manage > Clone > When the wizard starts > Next.
5. Choose the snapshot name you picked in step 2 > Next > Linked Clone (if you choose full clone it creates a complete new machine and will take a LOT of system resources) > Next > Give it a name > Finish.
6. Power on your new machine and it will run the mini windows setup, and behave like a completely new VM.
Related Articles, References, Credits, or External Links
It’s been a while since I wrote Part 4, so it’s time to wrap this up. Now we have Composer installed on the Virtual Center, we can start to deploy our linked clone desktops.
Solution
VMware View – Prepare your Source Machine
1. I’ve already covered how to prepare your Windows 7 client machine to be a View client here. Once that’s done, release its IP address (ipconfig /release) and shut it down.
2. With your source machine shut down, take a snapshot of the machine.
VMware View – Create an Automated Linked Clone Pool
3. Log into your VMware View Administrator console > Inventory > Pools > Add.
4. Automated > Next.
5. Dedicated > Next (unless you want a floating user assignment, the description of each is on this page).
6. View Composer linked clones > Next (ensure your vCenter is listed, and has “Yes” in the View Composer section).
7. Give the pool an ID, name, and description. (Note: If you use folders for your VM’s, you can also select those here).
8. I tend to stick with the defaults, except I let the users reset their desktops > Next.
9. I’m not redirecting any disposable files or profiles > Next.
10. Expand Security > Logins > Create a new login.
11. For the default Image, browse to your source machine, then select the snapshot. Set the Folder, Host/Cluster, and Resource pool as applicable. Then browse for a datastore.
12. Here I’ve selected to store my disks on different datastores. If you can, put your replica disk on the FASTEST storage, as this gets the most “Read” traffic > OK > Next.
13. The domain should auto populate > Pick an OU to place the new machines into, then select either to use quickprep (the VMware one), or Sysprep (the Microsoft one). > Next.
Note: You can also use a customization specification (yes Americans are worse at spelling than me!), you set these up in the VI client on the home screen under ‘Customization Specifications Manager’.
14. Review the information > Finish.
15. Now you have you pool, you need to allow your users to connect to it, with it selected press ‘Entitlements’.
16. Add in the users and/or groups you want to grant access to > OK.
17. It can take a while for the replica to be created then all the linked clones to become ‘Available’ watch progress under ‘Inventory > Desktops’.
18. When available you should be able to connect to them using the VMware View Client.
19. And finally get your new Windows 7 linked clone desktop.
Related Articles, References, Credits, or External Links
For newer servers I don’t really use templates anymore, but if you are deploying a lot of 2003 Windows servers in vSphere, then they can save you some time. Back in the days of vCenter 2.5 you just uploaded those sysprep files to the relevant folder in,
[box]C:Documents and SettingsAll UsersApplication DataVmwareVmware Virtual Centersysprep[/box]
But that location no longer exists (since Server 2008).
A client who we recently did a WDS (Windows 7) install for, needed to image a couple of Windows XP machines, (They had some software that either would not run, or was not supported on Windows 7).
They asked me for some documentation on how to do this, it’s been such a long time since I imaged any XP machine, so I took the opportunity to document it properly.
Solution
Before you begin, be aware you need to be building your reference machine with a Volume Licenced copy of Windows XP NOT an OEM or Retail copy (i.e. DONT build the machine with manufacturers rescue disks like Dell or HP). If you don’t do this you will need to activate every Windows machine that you deploy with Microsoft.
Make sure the version of sysprep you are using is at the same service pack level as the reference machine or bad things will happen.
1. Build your reference machine, and configure it as you require.
2. Create a folder on the root of the C: Drive called ‘Sysprep”. Insert the Windows XP CD and locate the Deploy cabinet file. (This is ‘like’ a zip file and it’s in the supporttools folder).
3. Double click the support cab, then copy over the sysprep.exe file, the setupcl.exe file and the setupmgr.exe file to your c:sysprep folder.
4. You can now run sysprep.exe and skip to step 13. BUT if you require an answerfile (a script that will answer all the questions Windows will ask while it’s reinstalling post sysprep) then run the setupmgr.exe program, at the welcome screen click next.
5. Create New > Sysprep Setup > Windows XP Professional.
6. Fully Automate > Enter Name and Organisation > Set the Display Properties.
7. Set Time Zone > Enter the Volume Licence unlock code > If you are joining a domain, I suggest generating a random name then changing it later.
8. Set the Local Administrators password > Typical settings will enable DHCP > Supply any domain and domain credentials you need to join your domain.
9. Telephony (I just skip this) > Regional Settings > Languages.
10. Printers > Run Once commands > Additional Commands.
11. Enter a string that will go into the registry, and can be identified later > Finish > Accept the default save path > OK > At this point it looks like it’s crashed, you can manually close the setupmgr.
12. Now you can run sysprep.exe > OK > I select ‘mini-setup’ (If you don’t, it will run the welcome to windows session and play the annoying music you cant turn down!) > If you have installed applications and are going to image the machine click Reseal > OK.
Note: Factory will literally set the machine back to a ‘day one’ install of Windows XP.
The machine will then shut down and can be imaged.
Final Note: If you power it back on, it will rebuild itself and delete the c:sysprep directory. Which is fine unless you are doing some testing and realise you have to do the whole thing from scratch!
Related Articles, References, Credits, or External Links
You have a 2008 R2 Server to sysprep, but your not sure where sysprep is.
Solution
1. Thankfully in Server 2008 R2, there’s no messing about, its in c:windowssystem32sysprep. (Note: to regenerate a SID don’t forget to tick “Generalize”).
Server 2008 – It’s in the same place.
Server 2003 – As with Windows XP, you need to get it from the Windows install CD, its in the supporttoolsdeploy.cab.
Once the files are extracted you can run sysprep (Note: setupmgr.exe is used to create the unattended / answer files for sysprep.)
Related Articles, References, Credits, or External Links