none
Strangeness with MDT and my unattend.xml

    Question

  • Greetings,

    I do my Windows 7 x64 workstation deployments with MDT or I did until about a month ago. I have a backup device on my network that has a unix or linux based OS, Buffalo is the manuf. We use this device as network storage to backup user data. About month ago machines deployed using MDT can no longer connect to this device over the network. Nothing we have tried, turning off firewalls, addressing the machine via it's IP address has worked. I cannot find any setting that has been changed from the reference machine. I have narrowed it down to deployment task sequences in which I have opened or modified the unattend.xml in a text editor or Windows System Image Manager. The reference machine and .iso installs are not impacted by this and connect to the appliance just fine. 

    This is a deal killer for my management who was not very sold on MDT as a deployment solution to begin with.

    Things I have tried: re-installing WAIK and MDT, re-installing the OS on the technician machine and then re-installing WAIK and MDT. 

    Below is an example of an my unattend.xml:

    <unattend xmlns="urn:schemas-microsoft-com:unattend">

    <settings pass="windowsPE">

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <ImageInstall>

    <OSImage>

    <WillShowUI>OnError</WillShowUI>

    <InstallTo>

    <DiskID>0</DiskID>

    <PartitionID>1</PartitionID>

    </InstallTo>

    <InstallFrom>

    <Path>.\Operating Systems\7_2_2013A\7_2_2013A.wim</Path>

    <MetaData>

    <Key>/IMAGE/INDEX</Key>

    <Value>1</Value>

    </MetaData>

    </InstallFrom>

    </OSImage>

    </ImageInstall>

    <Display>

    <ColorDepth>16</ColorDepth>

    <HorizontalResolution>1024</HorizontalResolution>

    <RefreshRate>60</RefreshRate>

    <VerticalResolution>768</VerticalResolution>

    </Display>

    <ComplianceCheck>

    <DisplayReport>OnError</DisplayReport>

    </ComplianceCheck>

    <UserData>

    <AcceptEula>true</AcceptEula>

    <ProductKey>

    <Key/>

    </ProductKey>

    </UserData>

    </component>

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <SetupUILanguage>

    <UILanguage>en-US</UILanguage>

    </SetupUILanguage>

    <InputLocale>0409:00000409</InputLocale>

    <SystemLocale>en-US</SystemLocale>

    <UILanguage>en-US</UILanguage>

    <UserLocale>en-US</UserLocale>

    </component>

    </settings>

    <settings pass="generalize">

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <DoNotCleanTaskBar>true</DoNotCleanTaskBar>

    </component>

    </settings>

    <settings pass="specialize">

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <Identification>

    <Credentials>

    <Username/>

    <Domain/>

    <Password/>

    </Credentials>

    <JoinDomain/>

    <JoinWorkgroup/>

    <MachineObjectOU/>

    </Identification>

    </component>

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <ComputerName/>

    <ProductKey/>

    <RegisteredOrganization>CBA Technology Group</RegisteredOrganization>

    <RegisteredOwner>Thomas Jackson</RegisteredOwner>

    <DoNotCleanTaskBar>true</DoNotCleanTaskBar>

    <TimeZone>Pacific Standard Time</TimeZone>

    </component>

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <Home_Page>http://cba.ua.edu</Home_Page>

    <DisableFirstRunWizard>true</DisableFirstRunWizard>

    <DisableWelcomepage>true</DisableWelcomepage>

    </component>

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <RunSynchronous>

    <RunSynchronousCommand wcm:action="add">

    <Description>EnableAdmin</Description>

    <Order>1</Order>

    <Path>cmd /c net user Administrator /active:yes</Path>

    </RunSynchronousCommand>

    <RunSynchronousCommand wcm:action="add">

    <Description>UnfilterAdministratorToken</Description>

    <Order>2</Order>

    <Path>

    cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f

    </Path>

    </RunSynchronousCommand>

    <RunSynchronousCommand wcm:action="add">

    <Description>disable user account page</Description>

    <Order>3</Order>

    <Path>

    reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f

    </Path>

    </RunSynchronousCommand>

    </RunSynchronous>

    </component>

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <InputLocale>0409:00000409</InputLocale>

    <SystemLocale>en-US</SystemLocale>

    <UILanguage>en-US</UILanguage>

    <UserLocale>en-US</UserLocale>

    </component>

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-TapiSetup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <TapiConfigured>0</TapiConfigured>

    <TapiUnattendLocation>

    <AreaCode>""</AreaCode>

    <CountryOrRegion>1</CountryOrRegion>

    <LongDistanceAccess>9</LongDistanceAccess>

    <OutsideAccess>9</OutsideAccess>

    <PulseOrToneDialing>1</PulseOrToneDialing>

    <DisableCallWaiting>""</DisableCallWaiting>

    <InternationalCarrierCode>""</InternationalCarrierCode>

    <LongDistanceCarrierCode>""</LongDistanceCarrierCode>

    <Name>Default</Name>

    </TapiUnattendLocation>

    </component>

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <DisableSR>1</DisableSR>

    </component>

    </settings>

    <settings pass="oobeSystem">

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <UserAccounts>

    <AdministratorPassword>

    <Value>

    VgBpAHIANgBpAG4AaQA0AEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==

    </Value>

    <PlainText>false</PlainText>

    </AdministratorPassword>

    </UserAccounts>

    <AutoLogon>

    <Enabled>true</Enabled>

    <Username>Administrator</Username>

    <Domain>.</Domain>

    <Password>

    <Value>VgBpAHIANgBpAG4AaQA0AFAAYQBzAHMAdwBvAHIAZAA=</Value>

    <PlainText>false</PlainText>

    </Password>

    <LogonCount>999</LogonCount>

    </AutoLogon>

    <Display>

    <ColorDepth>32</ColorDepth>

    <HorizontalResolution>1024</HorizontalResolution>

    <RefreshRate>60</RefreshRate>

    <VerticalResolution>768</VerticalResolution>

    </Display>

    <FirstLogonCommands>

    <SynchronousCommand wcm:action="add">

    <CommandLine>wscript.exe %SystemDrive%\LTIBootstrap.vbs</CommandLine>

    <Description>Lite Touch new OS</Description>

    <Order>1</Order>

    </SynchronousCommand>

    </FirstLogonCommands>

    <OOBE>

    <HideEULAPage>true</HideEULAPage>

    <NetworkLocation>Work</NetworkLocation>

    <ProtectYourPC>1</ProtectYourPC>

    </OOBE>

    <RegisteredOrganization>CBA Technology Group</RegisteredOrganization>

    <RegisteredOwner>Thomas Jackson</RegisteredOwner>

    <TimeZone/>

    </component>

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <InputLocale>0409:00000409</InputLocale>

    <SystemLocale>en-US</SystemLocale>

    <UILanguage>en-US</UILanguage>

    <UserLocale>en-US</UserLocale>

    </component>

    </settings>

    <settings pass="offlineServicing">

    <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

    <DriverPaths>

    <PathAndCredentials wcm:keyValue="1" wcm:action="add">

    <Path>\Drivers</Path>

    </PathAndCredentials>

    </DriverPaths>

    </component>

    </settings>

    <cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="catalog://reprisal/deploymentshare$/operating systems/7_2_2013a/7_2_2013a_7_1_2013uploadddrive.clg"/>

    </unattend>



    • Edited by pwhite106 Wednesday, July 03, 2013 1:08 PM
    Wednesday, July 03, 2013 1:05 PM

All replies

  • I think somehow it's changing something about my IPV4 settings. But I'm not sure what.
    Wednesday, July 03, 2013 4:05 PM
  • The first thing I can think of.....can you check permissions on that Linux box?  Ensure that the machine can even ping the IP of the Linux box?  If not then something is causing the Linux box to drop the packets....Firewall/ACL???  If your able to ping it but unable to access the shares then it sounds like permissions and you need to give access to the computers/user accounts.

    Be kind and Mark as Answer if I helped.

    Wednesday, July 03, 2013 5:30 PM
  • On the impacted machine I can ping the linux box by name so it can see it and resolve the IP address. The linux appliance has a web interface and I can open a browser on the impacted machine and reach that interface. I just cannot map a drive to it or reach it by UNC, anything that would give me access to the file system. I get connection errors. Desktops built with just standard install media built from the same .iso I using with MDT have no issues reaching it. So I don't think it's a setting or anything with the appliance. 
    Wednesday, July 03, 2013 6:50 PM
  • Also when I deploy using a task sequence in which I have not opened the unattend.xml file with some kind of editor, I don't have this issue. I know this doesn't make sense but...

    Wednesday, July 03, 2013 6:54 PM
  • Try disabling the firewall on the imaged machine and then map a drive to the linux box, for curiosity's sake.

    Be kind and Mark as Answer if I helped.


    Wednesday, July 03, 2013 7:55 PM
  • I turned the firewall off. I'm still not able to map or UNC.
    Wednesday, July 03, 2013 9:06 PM
  • I don't think it is permissions. We use an account on the Linux box to access the share. The same account works on a machine built with a standard .iso install media but does not work on a machine built via an MDT built image.
    Monday, July 08, 2013 3:55 PM
  • I doubt this would work but to appease curiosity.....can you disable IPv6 on the network adaptors?  You can just go to the properties of the network adapters and uncheck the boxes for IPv6.  Reboot after this and then see if that helps.

    Be kind and Mark as Answer if I helped.


    Monday, July 08, 2013 7:47 PM
  • Sorry I tried this and it doesn't help. I have since built another image and edited the unattend file but it works fine. Some I'm really lost as to why this is happening.
    Tuesday, July 16, 2013 2:02 PM
  • If anyone cares I have more information:

    It seems when I deploy an image some registry settings are being changed and I'm not sure why. I have built a reference machine and tested it for full connectivity, connecting to several shares both windows and unix. But when I upload this image and deploy it the registry has been modified, I'm not sure what all is changing but I know that "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Polices\Microsoft" is having a "WindowsFirewall" key added. Making it impossible to turn off the Windows firewall (graying that option out). I can't help but think the solution lies in these unwanted changes. Can anyone think of why this would be happening.

    Wednesday, July 17, 2013 9:33 PM
  • with that information i'd say it was a Group Policy because it graying out options typically means "An administrator has made these changes for you...".  BUT since it isn't on other machines its just odd.

    WAIK and MDT don't add anything in that you don't tell it to because, as your probably aware, it isn't adding files other than the unattend.xml.  I would say its the media your using but you also mentioned that your reference machine is ok.  Maybe try building a machine that is off your domain so it never receives any group policies and see if it has trouble accessing your appliance (it will be a more manual process of entering valid domain credentials to access the appliance but it should work.).  Just a stock Windows 7 build off the domain and once you ensure it works then capture it.


    Be kind and Mark as Answer if I helped.

    Thursday, July 18, 2013 12:36 AM
  • Thanks for the reply.

    I guess the easiest thing to do is go over what I did yesterday:

    I built a fresh reference machine with standard installation media. Still off my domain, I tested all known symptoms, I connected to my appliance and another unix share, I connected to a windows share, I checked the above mentioned registry key and also insured I could turn off the firewall. All of this operated normally. I then put this machine on my network and repeated the test and everything operated as it did off the network.

    I then removed the machine from my network and captured an image of this reference machine. Then I put this image back on the same hardware. Checking it before I put it on the network I found that I could NOT connect to any of the unix shares including my appliance, The "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Polices\Microsoft" had been modified a "WindowsFirewall" key (at least) had been added. This grays the option to turn off the firewall on the control panel.

    I know this doesn't make any sense but everything is fine until I capture the image with MDT. Then it's broken. It seems to me there has to be some setting or something in MDT or WAIK that would make these modifications but I don't know what they would be.


    • Edited by pwhite106 Thursday, July 18, 2013 1:50 PM incorrect description
    Thursday, July 18, 2013 12:26 PM
  • Is there some way I could have unwittingly changed a setting or configured something incorrectly when I set up MDT or WAIK?
    Thursday, July 18, 2013 2:16 PM
  • Is there anything added to your Task Sequence thats beyond just applying the OS?  Any applications being installed afterwards?  

    Be kind and Mark as Answer if I helped.

    Thursday, July 18, 2013 3:43 PM
  • No. The Task Sequence is set up pretty much using the defaults. But just for arguments sake what could be done in the task sequence to cause something like this?


    • Edited by pwhite106 Thursday, July 18, 2013 9:14 PM clarify
    Thursday, July 18, 2013 9:13 PM