none
MDT update 2 offline media fails UEFI secureboot authentication RRS feed

  • Question

  • I am currently the head of a project where I need to deploy Windows 10 to 100 tablets a week.  For some retarded reason which I can still not accept, I am unable to gain access to or permission to set up a WDS instance, despite being a member of a domain network.  Anyway, this has left me few options, so I have chosen to create offline bootable MDT media on external disks and deploy operating systems this way.  I am able to create the content easily enough, but when I attempt to boot from the external device, I get an error message saying that secureboot failed to authenticate the bootable image, "ACCESS DENIED".  When I go into the bios and disable secure boot, it works like a dream, but as I have to do this for every single one of the 100 devices a week I have to image, this can take a good bit of time.  Am I doing something wrong that would cause this issue?  If not, is there a solution?  What is the root cause?
    Sunday, May 1, 2016 2:58 PM

All replies

  • What ADK are you using?

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.

    Monday, May 2, 2016 1:47 AM
    Moderator
  • Check your offline media in the console.

    This likely means your WINPE is out of date, or does not contain the secureboot Cmdlets

    Regenerate your WINPE with all the components required.

    Monday, May 2, 2016 10:00 PM
  • Hmmm.  I used the Windows 10 adk downloaded from here:

    https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx

    Its interesting you should mention the secureboot cmdlets: When I generate the media, I always include all of the components excluding the fonts.  However, I have noticed that certain pieces of the full deployment share do not copy over to the offline media, like the customsettings.ini file.  I'll try regenerating the media, but I don't think it will do anything seeing as nothing is being altered (all  components minus the fonts are enabled already)
    Thursday, May 5, 2016 6:24 AM
  • There are some known issues with the ADK. Try only adding the components you need.

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.

    Thursday, May 5, 2016 2:54 PM
    Moderator