Boot image concurrence is key!
Note – This is a follow-up to my previous post on SCCM Prestaged Media and Dell CFI in a Multi-Site Environment.
One of the challenges with pre-loading an image at the factory is image management. Many of us have a hard enough time juggling multiple images across multiple sites, keeping a handle on development, version control, and so forth. This is all the more difficult when you have to package that image up and send it off to factory because the processes, while clearly defined and relatively straightforward, require you to build in additional time and resources.
In working with the Dell CFI scenario I laid forth in my previous post, I have since found a few caveats that I want to pass along:
Boot Image Concurrence
After successfully receiving machines from the factory with our prestaged media image loaded, I was surprised to get a call from one of our field technicians a few weeks later saying they couldn’t image a machine with the new prestaged build. They were able to get through the custom wizard in the boot image fine, but not long after the Task Sequence started running it would error out. A look at the smsts.log file showed the following errors:
Failed to install boot image. Unspecified error (Error: 80004005; Source: Windows)
Failed to install WinPE. Code(0x80004005)
I fired up the Task Sequence to apply the CFI prestaged media build to one of my test machines…the very same machine in fact that originally arrived from the factory and successfully imaged…and saw the very same error. Looking at the Task Sequence I did immediately notice that a newer version of the boot image was assigned to the Task Sequence than the one I originally used to build the prestaged media (as an aside, this is yet another reason to create a new boot image for any major changes to WinPE instead of just continually updating the same boot image). As soon as I assigned the previous version of the boot image to the Task Sequence and retested, everything went fine.
(There is supposed to be a hotfix from Microsoft that addresses this issue: KB2586709. However, even after applying this hotfix to the SCCM site server where I created the prestaged media, I was continuing to see the same error. So we’ll proceed as though you too are having this same error and the hotfix does not resolve it.)
Now we have a dilemma. The whole point of this solution is to accommodate multiple SCCM primary sites, and now we need to have the same boot image that’s in the prestaged media build assigned to the Task Sequence for all sites. Well, chances are if you have multiple primary sites you also have a parent primary/central administration site above them (as the original post for this solution details). Your solution to this dilemma then is to create a centralized boot image on the parent primary, replicating it down to the child primary (and all relevant DP’s), and using that boot image both to create the prestaged media build and as the assigned boot image for the relevant Task Sequences.
Once updated with this new boot image, you should now find this solution working appropriately across all sites without the boot image failures.
I left in implied in the original post but will clearly state it here: you obviously need to include the TsEnv2.exe file in your boot image in order to be able to execute it from the pre-execution hook command in the TSConfig.ini. There are several ways to do this, including adding it during boot image creation:
64-bit Boot Images
While testing this solution to deploy a Windows 7 Enterprise 64-bit image, I discovered that the TsEnv2.exe utility provided on 1E’s site is 32-bit only. I contacted 1E and confirmed with them that only the 32-bit version is available for free general download, and that licensed users of 1E’s Nomad Enterprise/PXE Lite 1.6 have access to the 64-bit version (also named TsEnv2.exe) via that product. Adaptiva also provides a similar utility, OneSiteDownloader.exe (or OneSiteDownloader64.exe) for customers with a OneSite license. So if you are already a customer of 1E or Adaptiva you should have access to a 64-bit solution. If not, this is another great reason to consider their excellent products!
Management Point Authentication
I’ve talked with a few people who have run into a different issue related to Management Point authentication. Basically, using boot media created from one MP to connect to another MP generates a “signature verification failed” error. While I have not been able to reproduce this, another engineer has come up with an alternative solution which I will detail in another blog post.