locked
MDT 2013 Update 2 BitLocker Failure OSSKU not defined RRS feed

  • Question

  • At the end of my deployment I am getting

    FAILURE: False: Verify %OSSKU% is defined.

    I am deploying Windows 10 Enterprise LTSB. 

    What am I doing wrong here?

    Wednesday, May 11, 2016 1:12 PM

Answers

  • ok - All storage is blocked here at work but I did some quick digging - Turns out TLSB's OSSKU is null in MDT due to the GetOSSKU() function in ZTIGather.wsf does not including SKU 125 in it's case.

    running this: (get-wmiobject -class Win32_OperatingSystem).OperatingSystemSKU in LTSB returns 125. Doing the same on a non-LTSB is 4 which is flagged as ENTERPRISE.

    From bdd.log:

    Getting OS SKU info ZTIGather 5/24/2016 1:26:10 PM 0 (0x0000)
    Unknown OS SKU = 125 ZTIGather 5/24/2016 1:26:10 PM 0 (0x0000)
    Property OSSKU is now = ZTIGather 5/24/2016 1:26:10 PM 0 (0x0000)
    Finished getting OS info ZTIGather 5/24/2016 1:26:11 PM 0 (0x0000)

    So I updated ZTIGather.wsf at line 839:

    Case "125"
    sSKU = "ENTERPRISE"
    I'll be re-running my E7550 as a test to see if bitlocker encrypts now.

    • Marked as answer by Ty Glander Wednesday, May 25, 2016 9:50 PM
    Wednesday, May 25, 2016 1:07 PM

All replies

  • I haven't used LTSB. What SKU does it show during gather? If will be in BDD.log.

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.

    Wednesday, May 11, 2016 2:32 PM
  • I got it to work by commenting out parts of the ZTIBde.wsf script.. I believe this to be a bug in MDT 2013 Update 2. It does NOT detect Windows 10 LTSB as being an Enterprise edition!!

    '//----------------------------------------------------------------------------
    '//  Check to see if BDE is supported in this OS
    '//----------------------------------------------------------------------------

    '// Check to see if we are running Vista or later and exit if we are not
    '//If iOSCVMajor < 6 Then
    '// oLogging.CreateEntry "Bitlocker is not supported on this version of Windows", LogTypeInfo
    '// Main = iRetVal
    '// Exit Function
    '// Check to see if the SKU supportes Bitlocker
    '//ElseIf not oUtility.IsHighEndSKU then
    '// oLogging.CreateEntry "Bitlocker is only supported on Windows Enterprise or Windows Ultimate or Windows Server", LogTypeInfo
    '// Main = iRetVal
    '// Exit Function
    '//Else
    '// oLogging.CreateEntry "We are running a OS that supports BitLocker", LogTypeInfo
    '//End if

    • Marked as answer by Prince Ali Ababwa Wednesday, May 11, 2016 5:45 PM
    • Unmarked as answer by Ty Glander Wednesday, May 25, 2016 9:50 PM
    Wednesday, May 11, 2016 5:45 PM
  • It isn't Enterprise exactly. Can you post BDD.log so I can tell you the correct script edit?

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.

    Wednesday, May 11, 2016 6:06 PM
  • Hi Ty,

    Here is my failure log: 

    <![LOG[Microsoft Deployment Toolkit version: 6.3.8330.1000]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[The task sequencer log is located at C:\Users\ADMINI~1\AppData\Local\Temp\SMSTSLog\SMSTS.LOG.  For task sequence failures, please consult this log.]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Write all logging text to \\Server\Deployment$\Logs\Dynamic]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Validating connection to \\Server\Deployment$\Logs\Dynamic]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Mapping server share: \\Server\Deployment$]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Already connected to server Server as that is where this script is running from.]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[SUCCESS: 0: Create object: Set oScriptClass = New ZTIBde]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[System drive is: C:]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[The deployment method is not using ConfigMgr.]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[This script is not currently running in Windows PE]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[FAILURE: False: Verify %OSSKU% is defined.]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="2" thread="" file="ZTIBde">
    <![LOG[Bitlocker is only supported on Windows Enterprise or Windows Ultimate or Windows Server]LOG]!><time="13:38:11.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[ZTIBde processing completed successfully.]LOG]!><time="13:38:12.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[No NAA credentials specified. Using default.]LOG]!><time="13:38:12.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[About to execute web service call using method GET to http://Server:9800/MDTMonitorEvent/PostEvent?uniqueID=764c49c4-df4f-4350-ac21-21df793b3a01&computerName=itdepartment5&messageID=41001&severity=1&stepName=Enable BitLocker&currentStep=112&totalSteps=153&id=4C4C4544-004C-4B10-8036-B1C04F463732,F8:CA:B8:2C:A2:44&message=ZTIBde processing completed successfully.&dartIP=10.10.10.230&dartPort=49416&dartTicket=994-949-410&vmHost=&vmName=]LOG]!><time="13:38:12.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[ --Attempt #1]LOG]!><time="13:38:12.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Response from web service: 200 OK]LOG]!><time="13:38:12.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Successfully executed the web service.]LOG]!><time="13:38:12.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Event 41001 sent: ZTIBde processing completed successfully.]LOG]!><time="13:38:12.000+000" date="05-24-2016" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    Tuesday, May 24, 2016 8:53 PM
  • I need a link to your BDD.log. ztibde.log by itself isn't enough information.

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.

    Wednesday, May 25, 2016 6:19 AM
  • ok - All storage is blocked here at work but I did some quick digging - Turns out TLSB's OSSKU is null in MDT due to the GetOSSKU() function in ZTIGather.wsf does not including SKU 125 in it's case.

    running this: (get-wmiobject -class Win32_OperatingSystem).OperatingSystemSKU in LTSB returns 125. Doing the same on a non-LTSB is 4 which is flagged as ENTERPRISE.

    From bdd.log:

    Getting OS SKU info ZTIGather 5/24/2016 1:26:10 PM 0 (0x0000)
    Unknown OS SKU = 125 ZTIGather 5/24/2016 1:26:10 PM 0 (0x0000)
    Property OSSKU is now = ZTIGather 5/24/2016 1:26:10 PM 0 (0x0000)
    Finished getting OS info ZTIGather 5/24/2016 1:26:11 PM 0 (0x0000)

    So I updated ZTIGather.wsf at line 839:

    Case "125"
    sSKU = "ENTERPRISE"
    I'll be re-running my E7550 as a test to see if bitlocker encrypts now.

    • Marked as answer by Ty Glander Wednesday, May 25, 2016 9:50 PM
    Wednesday, May 25, 2016 1:07 PM
  • Interesting and not too surprising I guess. LTSB didn't exist yet when update 2 was finished.

    Although:

    sSKU="ENTERPRISES"

    Your code will work however just the gather is not correct.


    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.


    • Edited by Ty Glander Wednesday, May 25, 2016 9:50 PM added proper sku
    Wednesday, May 25, 2016 7:09 PM
  • I created a github project with the changes for sSKU.  I haven't tested all 97 sSKU options though (and I probably won't).

    https://github.com/tyglander/MDT/blob/master/ZTIGather.wsf


    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.

    Thursday, May 26, 2016 1:48 AM
  • Hi!

    I needed to add the lines Nathaniel B suggested:

    Case "125"

    sSKU = "ENTERPRISE"

    When I used sSKU="ENTERPRISES", Bitlocker wouldn't turn on and the logs would say that Bitlocker is only supported for Enterprise, Ultimate and Server Operating systems.

    Could be that by using sSKU="ENTERPRISES" the SKU would be more accurate, but then some additional modifications to Bitlocker scripts are also needed.

    -klaus



    • Edited by Klaus123 Wednesday, November 2, 2016 8:37 AM
    Wednesday, November 2, 2016 8:37 AM
  • I needed to do as Nathaniel B suggested also, but for Education Edition.

    Case "121"

    sSKU = "EDUCATION"

    Wednesday, November 30, 2016 8:51 AM