none
Strange behavour of physical machine during MDT deployment RRS feed

  • Question

  • Hi Guys

    Hope someone can shed some light on this as it has me baffled.

    Scenario is this

    Replacing windows 32 bit with 64bit on our client machines, have USMT backing up the profiles to a network share (hardlink is to dangerous incase build fails)

    our Task Sequence loads the USMT variables from our custome settings.ini everything works as expected until the following

    This is our process

    1) Log on to client pc (at this stage 32bit) as using a domain account that is part of the local admin group

    2) browse to litetouch.vbs on our deployment share and run it

    3) select to backup our profiles to the share created (i know i can automate this location in the cs.ini but for the moment during testing i am entering manually)

    4) click next, choose not to backup pc and the task kicks off.

    at this point as you would expect it gathers etc then moves onto the user state capture, i can see the usmt.mig file in my network share no worries all is good.

    computer then boots into win pe and applies the 64 bit OS (all good)

    finishes the os imaging and boots into pc as administrator (local) as expected and continues with the other task sequences that i have setup (install McAfee, sms agent then join domain)

    mdt build completes and reports success.

    Now the problem is that it hasn't brought back down the profiles from the network share so i did abit of testing.  I put a 10 minute pause into the task sequence just before the user state restore runs so i could check connectivity to network share.

    at this point it prompts me for creds for the network share (even though it has Z: mapped to the same server.

    The very odd thing is i did the exact same sequence as i have laid out above with a Virtual machine and during the 10 minute pause i created it does not ask me for creds for the network share that its USMT.mig is located (even though i am logged on as local admin) but when i run the sequence stated above on a physical PC it promts me for creds for the share.

    Anyone seen this behavior before, i am absolutely stumped, i have made sure EVERYTHING is identical in the way i run the sequence (same domain account used, computer names never change, both use the same deployment share, both use the same share for the USMT files.

    the only differences between the 2 are

    1) one is virtual client and the other is a physical machine

    2) one is on ip range .66 and the other is on .80

    Any insights would be appreciated

    Friday, April 15, 2016 1:46 PM

Answers

  • Hi Ty

    The share permissions are set to allow everyone read/write and the ntfs permissions have the account we are using added to it (via membership of another group.) we can access the shares fine.

    As i mentioned before whats weird is that during the pause i put into my task sequence there is a drive mapped to the deployment share (which is on the same server as my USMT files are backed up to) and we can browse that mapped drive (even though at that point we are logged in as local admin of the workstation as we are still midway through the MDT process however if i try to browse to the server during the pause using \\servername\ it prompts for creds.

    I have the workaround in place at the moment and i am happy with that, its just one of these things that doesnt make much sense.

    thanks for your help

    Martyn

    Thursday, April 28, 2016 3:11 PM

All replies

  • Post a URL link to your logs.

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.

    Friday, April 15, 2016 3:01 PM
    Moderator
  • i cant post links as my account isnt verified

    i will get my account verified and post them then.

    thanks for the reply Ty

    Friday, April 15, 2016 3:30 PM
  • Successful deployment logs

    http://s000.tinyupload.com/?file_id=33997551832683229129

    Failure deployment logs

    http://s000.tinyupload.com/?file_id=52996332746077771217

    i have a work around in place at the moment, i basically run a command line

    net use \\servername\sharename "password" /user:domain\username  just before it goes to the load state and it works fine.

    thanks


    • Edited by Ty GlanderModerator Monday, April 25, 2016 3:52 PM changed the links to open in new windows
    Friday, April 22, 2016 9:46 AM
  • Does what you use for your NET USE match what is in the logs?

    i. e. /user:in1.ad.innovene.com\-adm-hxd65375

    You might want to use the short name of the domain.


    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.


    Saturday, April 23, 2016 3:23 PM
    Moderator
  • Hi Ty

    No, the user i use in my "net use" command is a user account i created just for access to that folder, the account in the logs "-adm-hxd65375" is an eleveated account which has access to the share also (via being part of the local admins group.

    In the net use command i use the shortname "in1\domainuser.

    I will give it a go with using the short name and report back.

    Thanks for your reply

    Monday, April 25, 2016 9:16 AM
  • Sorry the way I said things might have been confusing.  From your logs:
    Property userdomain is now = in1.ad.innovene.com Wizard 4/14/2016 9:40:49 AM 0 (0x0000)

    The UserDomain in this instance should be in1 instead of in1.ad.innovene.com


    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.

    Monday, April 25, 2016 3:53 PM
    Moderator
  • Hi Ty

    tried it with the short name and still no dice.

    Property userdomain is now = in1

    Such a weird scenario

    Tuesday, April 26, 2016 1:01 PM
  • What are the share permissions set to and what are the NTFS file permissions?

    https://keithga.wordpress.com/2015/10/02/mdt-uberbug11-security-vs-usability/

    You could try using the IP address of the server instead of the server name to eliminate external issues. You would need to update your boot images after the change.


    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.


    Tuesday, April 26, 2016 3:18 PM
    Moderator
  • Hi Ty

    The share permissions are set to allow everyone read/write and the ntfs permissions have the account we are using added to it (via membership of another group.) we can access the shares fine.

    As i mentioned before whats weird is that during the pause i put into my task sequence there is a drive mapped to the deployment share (which is on the same server as my USMT files are backed up to) and we can browse that mapped drive (even though at that point we are logged in as local admin of the workstation as we are still midway through the MDT process however if i try to browse to the server during the pause using \\servername\ it prompts for creds.

    I have the workaround in place at the moment and i am happy with that, its just one of these things that doesnt make much sense.

    thanks for your help

    Martyn

    Thursday, April 28, 2016 3:11 PM