none
Windows 8 Deployment Secure Boot to packed hard drive-MDT 2012 RRS feed

  • Soru

  • Thought I would throw this out here to see if anybody could help.  The company I'm working for has decided to go with Samsung Ultrabook Series 5 for Windows 8 deployment.  This is the first mass deployed system for us that has been a non-Dell system and of course, also the first to use the featured secure boot.  Now we've been successful at image these bad boys from the MDT 2012 server, but failed at creating a self packaged hard drive that will install itself once the user boots up.  I've tried this 4 different ways and wound up with 3 different issues.  The closest being the 2nd scenario.  This secure boot has left me limited, but this is the way that our IT director wants the laptops imaged and understandably so.  

    Scenario 1: Create a litetouch OEM installation from the live MDT server.

    I PXE boot into this server and run litetouch OEM.  It fails after the hard drive format.  

    Error: Failed to run the action: Copy Media CD to Local Hard disk for OEM pre-installation.  Execution has been aborted.  The SMB requested a CSE FSCTL on a non-CSE file.  (Google search yielded nada.  Even one site I found humorously defined this error by simply restating the error.)

    Scenario 2:  Create a Media ISO from Deployment Share and use Hyper V with mounted VHD.  Format partition option is standard NTFS

    This actually goes all the way through, and I copy the VHD to an SSD via a partition editor.  

    Error:  No error message really.  Just the hard drive won't boot.  

    Scenario 3: Same as scenario 2 except format partition option is GPT.

    This will copy the contents of the ISO to the hard drive, but then it fails at Staging Media with what looks like an invalid media error code.  

    Error:  Sorry, I didn't write this down but it appears relate to invalid media code and what I wonder might be a limitation of Hyper V and secure boot.

    Scenario 4:  Same as scenario 1 except deployment through Hyper V instead of the actual laptop.  

    Error:  Failure is the same as error for #1.  

    Also as a side note, I've done step 2 before exactly as is with the Dell Latitudes that we deploy too.  Hard drive once installed on the laptop boots and unpacks successfully.  

    11 Mart 2013 Pazartesi 19:17

Tüm Yanıtlar

  • Have you tried disabling "Secure Boot" in the BIOS?

    J W Stuart: http://www.pagestart.com


    Never be afraid to ask. This forum has some of the best people in the world available to help.

    12 Mart 2013 Salı 00:46
  • Yeah it will work fine with secure boot disabled, but that is not an option.  Our IT Director wants the laptops to have secure boot for Windows 8.  It works on live deployment, but I can't seem to get a staged hard drive.  
    12 Mart 2013 Salı 12:59
  • One last thing...I forgot a scenario.  I tried manually copying the deployment share structure down to a bootable flash drive.  I had to format GPT with FAT32, but I got stuck transferring the WIM saying the file was too big for the destination source.  The destination source was 256gb, and the WIM was only 9gb.  This sounds like an incorrectly stated error message due to the limits of FAT32.  
    12 Mart 2013 Salı 13:09
  • Sorry the bootable flash drive was a USB hard drive that I set up to boot.  
    12 Mart 2013 Salı 13:10
  • I'm going to reply to my own post for an update.  The company I work for has premier Microsoft support, and I'm working with 2 techs on this issue.  This is where we are.  Just an FYI, this is meant only for UEFI Secure boot Litetouch OEM.  If you are using a Legacy BIOS that you are making Litetouch OEM drives for, stay the course.  Also to note, the current method you are using will work with both EFI and Legacy BIOS, but not with the Secure boot option on.  This is the headache in MDT 2012 deployment.  After trying workaround for the scenarios above, this is what the techs are having me do.  

    1) Set up separate deployment share (Already done)

    2) Import Windows 8 OS that you are going to use (Already done)

    3) Set up 2 task sequences....1 OEM an 1 Deployment task sequence (Already done)

    4) Create a bootable flash medium to boot on an UEFI laptop with secure boot (This was my problem) 

    This part below was what they had me do, and in essence worked the task sequence.

    1. Take a USB hard drive
    2. Make two partitions F: and G:
    3. Format the F: with Fat32
    4. Run the bootsect.exe /nt60 F: to get the boot code generated on that drive.
    5. Navigate to the deployment share “boot” folder and mount the “litetouchPE_x64.iso” on to your local win8 machine and copy the content of it to the F drive. It  would have the directories ( Boot, EFI and sources along with bootmgr and bootmgr.efi files)
    6. Set the partition as “active” from diskpart
    7. Format the G: with NTFS
    8. Copy the “deploy” folder from the generated content media to the G: drive
    9. Now eject the hard disk and boot the UEFI based machine to the USB and choose the LTIOEM task sequence
    10. Once that is done the machine shutdown.

    All these steps worked properly, and I was finally able to run the OEM Task Sequence to deploy to the hard drive.  This also allowed for proper staging of media and a a proper shutdown.  ***NOTE:  This part was successful.****

    HOWEVER...

    Rebooting laptop led to BSOD.  Windows 8 secure boot message indicated boot files or missing or corrupt.  Slaving the hard drive on my system did confirm the EFI partition was missing files.  Incidentally, the OEM Task Sequence did properly format and deploy the task sequence, placing the boot files on the EFI partition.  

    {Incidentally if you need to check the EFI partition, you will have to run diskpart list vol and assign letter=(whatever drive letter you have free).  You have to remember to remove it when you done by remove letter=(same drive letter you used), otherwise the drive letter stays permamently}

    The BDD log indicates numerous BCDSTore errors.  It says the system cannot find the file specified.  

    Here's that portion of the BDD log:

    Run Command: X:\windows\SYSTEM32\bcdedit.exe /export "V:\boot\bcd.save" LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The store export operation has failed. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Create {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} -d "Microsoft Deployment WinPE" /application OSLOADER LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /enum {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    FAILURE: False: Create element: {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /enum {ramdiskoptions} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Create {ramdiskoptions} -d "Ramdisk Device Options" LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Set {ramdiskoptions} ramdisksdidevice partition=V: LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Set {ramdiskoptions} ramdisksdipath \Boot\boot.sdi LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /enum {ramdiskoptions} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Set {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} device ramdisk=[V:]\sources\boot.wim,{ramdiskoptions} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Set {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} osdevice ramdisk=[V:]\sources\boot.wim,{ramdiskoptions} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Set {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} path \windows\system32\boot\winload.efi LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Set {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} systemroot \windows LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Set {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} detecthal yes LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /Set {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} winpe yes LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /enum {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    FAILURE: False: BCDObjectExistsEx(", {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} ) LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /timeout 0 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /displayorder {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} /addfirst LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /bootsequence {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Run Command: X:\windows\SYSTEM32\bcdedit.exe /default {d22e7e91-9ee7-46eb-89d7-c5859e4302f0} LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The boot configuration data store could not be opened. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCD> The system cannot find the file specified. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    BCDEdit returned ErrorLevel = 1 LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Property BootPE is now = True LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    LTI Windows PE applied successfully LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    LTIApply processing completed successfully. LTIApply 3/19/2013 1:58:24 AM 0 (0x0000)
    Command completed, return code = 0 LiteTouch 3/19/2013 1:58:25 AM 0 (0x0000)
    LTI deployment completed successfully LiteTouch 3/19/2013 1:58:25 AM 0 (0x0000)
    Property RetVal is now = 0 LiteTouch 3/19/2013 1:58:25 AM 0 (0x0000)
    Unable to copy log to the network as no SLShare value was specified. LiteTouch 3/19/2013 1:58:25 AM 0 (0x0000)
    CleanStartItems Complete LiteTouch 3/19/2013 1:58:25 AM 0 (0x0000)
    TSCore.dll not found, not unregistering. LiteTouch 3/19/2013 1:58:25 AM 0 (0x0000)
    About to run command: wscript.exe "X:\Deploy\Scripts\LTICleanup.wsf" LiteTouch 3/19/2013 1:58:25 AM 0 (0x0000)
    Microsoft Deployment Toolkit version: 6.1.2373.0 LTICleanup 3/19/2013 1:58:25 AM 0 (0x0000)
    Removing AutoAdminLogon registry entries LTICleanup 3/19/2013 1:58:25 AM 0 (0x0000)
    VSSMaxSize not specified using 5% of volume. LTICleanup 3/19/2013 1:58:25 AM 0 (0x0000)
    Logs contained 2 errors and 2 warnings. LTICleanup 3/19/2013 1:58:25 AM 0 (0x0000)
    No Windows PE image to delete (OEM Scenario). LTICleanup 3/19/2013 1:58:25 AM 0 (0x0000)
    Checking mapped network drive. LTICleanup 3/19/2013 1:58:25 AM 0 (0x0000)
    Cleaning up D:\MININT directory. LTICleanup 3/19/2013 1:58:25 AM 0 (0x0000)
    Cleaning up TOOLS, SCRIPTS, and PACKAGES directories. LTICleanup 3/19/2013 1:58:25 AM 0 (0x0000)

    This is where I stand.  The BCDEdit command is in the windows\system32 file where it is being called from, so I don't know why it's not working.  

    19 Mart 2013 Salı 13:51
  • Why not just split your wim into .SWM files to get around the file size limitation in FAT32?

    The volume size on FAT32 is not the issue, you can have large volumes.....you just can't have individual files over 4GB.

    Split them with DISM: http://technet.microsoft.com/en-us/library/hh825096.aspx

    And then just update your script to do the restore from the .SWM's?

    -Aaron


    Me

    26 Mart 2013 Salı 21:47
  • Thanks for responding.  We have a few Microsoft techs looking at the problem.   I'll shoot on trying this tomorrow.

    29 Mart 2013 Cuma 21:15
  • I couldn't find a clear way for Aaron's process to work.  I could see how to split the wim, but not rejoin which is what it needs to be on the deployed hard drive. 

    The problem also seems to have a different root related with what I'm facing as well.  I tried another idea including deploying to a hyper v machine using the media ISO except I created a Litetouch OEM Task Sequence that forced a disk partition format for GPT that would format the vhd 4 ways:  Windows RE Tools (NTFS 500mb), EFI Partition (FAT32, 600mb-bootable partition), MSR (128mb), and OSDisk (NTFS, remainder of disk).  This process did work manually, as MDT did copy the Windows log folder over to Windows RE Tools (not sure why),  the Deploy folder to the NTFS partition, and the EFI partition had the boot files, albeit it was missing some boot files but making more progress as the sources folder appeared on the boot partition (that folder hadn't been created before with other techniques I had tried).  It was missing some key ingredients in the boot folder such as the boot64x.efi (naming that off the top of my head), and also the bootmgr.efi in the root of the EFI partition.  BTW...copying these over didn't solve the problem, it still wouldn't boot up. 

    I have found ways to get the EFI to boot up by copying boot files over from the live deployment boot iso into the EFI partition.  The laptop either would boot up prompting for the live deployment or will run the deployment on the hard drive failing at the inject drivers phase citing that it couldn't find a disk/partition.  

    The boot scenario is like a locked door, and I can find a key that will fit, but not turn the lock, and the one that will turn the lock is broken.

    Another theory that I'm fleshing out is related to the way the media content is created in MDT 2012.  I think the boot folder inside the deploy folder does not have all the boot contents there.  Just enough to get the Legacy BIOS systems working, but not the UEFI.

    MDT 2012 will work in live environments all I typically have to do in the BIOS is switch on PXE boot, and I have WDS wim that is set for zero touch deployment.  Once it connects, it deploys out. 

    31 Mart 2013 Pazar 22:19
  • Thought I would revise this forum by saying that this issue was traced to an error in the MDT 2012 LTIApply.wsf.  Some Microsoft techs assisted me with the issue, and they came up with a revised LTIApply.wsf that got me to make a master hard drive ready for the Ultrabook. 

    If anyone is interested, I can see if I can set up a link for the updated LTIApply.wsf script to assist them. 

    21 Mayıs 2013 Salı 03:41
  • Hi radiodave1, I am interested in the updated script. Could you post the link? Thanks.


    Gabriel Lopez

    21 Mayıs 2013 Salı 14:41
  • Well this is a blast from the past. I found this thread because I did a search for this nonsensical error:

    "The SMB requested a CSE FSCTL on a non-CSE file"

    It seems the issue is you can not run the OEM task from boot flash that connects to a smb share. You have to use media iso (or the contents directory) that has all the files on it. It needs to be local and not over the network.

    I am having a lot of fun trying to create a bootable Fat32 UEFI Flash drive. Having MDT split the WIM file is not working.

    So now I'm trying the UEFI/Fat32 hybrid approach.

    Be careful of USB Hard drives that show up as fixed disks. MDT will think that's the drive you want to deploy to (even though is not disk 0) and will screw it all up.


     

    • Düzenleyen PeteBC 10 Eylül 2019 Salı 14:56
    10 Eylül 2019 Salı 14:55