MDT2013 - Won't sysprep if PC is domain member RRS feed

  • Question

  • I was able to image a machine in 2010U1 w/out issue and now I can't in 2013. 

    I did find this thread that describes how to sidestep this requirement:


    I've commented out the section w/in LTISysprep.wsf yet I still can't get it to capture the image.  I still get 7 errors:

    Are these errors still related to the machine being on the domain?  If so, is there something else that needs to be done to allow this?  The above link was in reference to MDT2012, so I'm assuming there's something else that's been added that needs to be adjusted.

    Main reason for this is because I'm having issues imaging the machine when it's on a workgroup.  I was able to do it the first time, but now every time I try to capture, it errors out saying it can't find LiteTouch.vbs.  I've even gone so far as to map the drive and try to access and then it errors out saying it can't find LiteTouch.wsf.

    Don't understand why it's an issue to sysprep a domain machine when it was never an issue prior...

    Any help would be greatly appreciated as now I'm stuck...I've got my REF image, but can't get anything going for my GOLD image.


    Thursday, November 14, 2013 10:37 PM

All replies

  • 1. If you are having problems within sysprep, check the panther logs.

    2. You didn't really explain what the problem are with MDT when joined to the workgroup, just a couple of unknown errors. I really don't see the need to join the domain when capturing.

    Keith Garner - keithga.wordpress.com

    • Proposed as answer by Keith GarnerMVP Friday, November 15, 2013 4:48 AM
    • Unproposed as answer by lavee45 Friday, November 15, 2013 3:43 PM
    Friday, November 15, 2013 4:47 AM
  • As I know, more better doing susprep on workgroup pc. I use MDT for 3 years, started from MDT 2010 and always make susprep on workgroup pc. I don`t remember exactly why, but more correctly do it like this.
    Friday, November 15, 2013 1:40 PM
  • Hi lavee45,

    In my knowledge, I always heard that we NEVER sysprep a machine linked to the domain.

    Despite the fact that before, this was possible technically. It seems that MDT 2013 doesn't allow that, at least, not in a natural process.

    In my case, I never use a domain machine for my REF/GOLD image. I build the image in Workgroup environment. Then, I join my domain during the deployment of clients.

    In my view, that's the best way to avoid some mystical issues.
    • Proposed as answer by AcetiK Friday, November 15, 2013 2:08 PM
    • Unproposed as answer by lavee45 Friday, November 15, 2013 3:43 PM
    Friday, November 15, 2013 2:08 PM
  • Keith,

    First off, thanks for the reply.

    1.  where are the panther logs?  I've pulled over the logs from the deploymentshare folder that it creates.

    2.  I don't know how else to explain it to you other than the fact that when I try to connect to the deployment share to access the LiteTouch.vbs in the scripts folder, it does not see it...states that it can't find the file...just like I stated in the OP:

    I remove the PC from the domain, reboot...I log in with local admin profile...open CMD, type "\\MDTServer\DeploymentShare$\Scripts\LiteTouch.vbs" and it comes back stating can't find file (it never asks for credentials to access the drive).  I have no problems pinging the server.  I map the drive (this way it asks for the credentials to access the server)...go back to CMD, change to the network drive, type "LiteTouch.vbs" and this time it states it can't find "LiteTouch.wsf".  How else am I supposed to run the script to sysprep/image the machine? 

    Friday, November 15, 2013 4:54 PM
  • I've used 2010U1 for the past couple years without issue when sysprepping/imaging a Domain joined PC...did this I don't know how many times and never a problem...it was the most stable deployment system I've had. 
    Friday, November 15, 2013 4:55 PM
  • yet everything I read, there is no reason NOT to have it on Domain as sysprep removes any semblance of the domain from the machine...so if sysprep removes the machine from the domain, I don't see the issue?

    regardless, if MDT2013 no longer allows sysprep to do it's job of removing the machine from the domain, and there is no way around this (as it seems was capable in 2012 per my OP link), then I need to figure out why I can't access the network share from the PC that's in a workgroup...see OP/reply to Keith

    Friday, November 15, 2013 5:02 PM
  • Ok...so here are the screenshots that I've acquired...

    I can ping the server...I attempt to access the litetouch file...I attempt to net use with credentials...nothing.

    Next...I map the drive via WindowsExplorer and try again via CMD:

    Friday, November 15, 2013 7:19 PM
  • I think I might have found the culprit on this...I was just blowing thru the pop-ups and it dawned on me about UAC after I got this:

    turned UAC off, rebooted, mapped the drive, went to CMD and entered everything in and then it pulled everything up for taking an image...don't know why all of a sudden UAC is a problem as I've never had this be an issue with all the images I've pulled.

    Going to start over with a fresh REF deployment and try the sysprep again with UAC turned off first...

    • Edited by lavee45 Friday, November 15, 2013 9:53 PM
    Friday, November 15, 2013 7:46 PM
  • I don't get it...UAC was enabled the first time I created the REF wim...now for some reason when I go to capture the updated image...I can't have UAC enabled (default settings).  The other thing that makes me scratch my head, is I have to map the deployment share drive only...I can't map the drive directly to the Scripts folder, otherwise it fails saying it can't find "litetouch.vbs".  So if I map to the deployment share only, then go to CMD, change to Scripts folder and then execute litetouch.vbs...everything works...just so long as UAC is off...

    Sure seems like there are way more hoops to jump thru since 2010U1...

    Anyone understand why UAC causes problems with running "LiteTouch.wsf" when it never did before?  Is it because I'm trying to image a machine that had a REF image applied to it?  Instead of a fresh deployment by MDT?

    Friday, November 15, 2013 9:52 PM
  • Checking back in to see if anyone knows why UAC has to be turned off?
    Friday, November 22, 2013 6:13 PM