Easy OS deployment
|Executive Summary: Configure Microsoft System Center Configuration Manager (SCCM) 2007 to deploy an operating system contained in a Windows Imaging Format (WIM) file.|
I recently had an important client who asked me to install Microsoft System Center Configuration Manager 2007 (SCCM) and configure it to deploy Windows Server 2008 and Windows Server 2003—all within a day. Although I accomplished the task, I hit some bumps along the way. In this article I share the process I followed, the problems I encountered, and the solutions I employed. Because this is a high-level overview of OS deployment through SCCM, I don’t discuss SCCM installation. The article assumes that you already have SCCM 2007 installed, as well as a working knowledge of it. (For information about SCCM, see the Learning Path.)
Before you try to deploy an OS, you need to ensure that your environment is healthy.
- Check for errors in your SCCM site systems. Open SCCM and navigate to Site Database, System Status, Site Status. Under the site's name, view the Component Status and Site System Status areas, as Figure 1 shows. If you encounter any problems, view the error messages, then resolve the errors. You can also check C:\Program Files\Microsoft Configuration Manager\Logs to see detailed messages about many of the components.
- Make sure you have site boundaries defined. Open SCCM and navigate to Site Database, Site Management. Under the site’s name, select Site Settings, Boundaries.
- Make sure you have a distribution point and management point enabled. Open SCCM and navigate to Site Database, Site Management. Under the site’s name, select Site Settings, Site Systems.
- Install Windows Deployment Services (WDS) on the SCCM server that will be the Preboot Execution Environment (PXE) boot point. Don't try to configure WDS directly; SCCM does all the configuration work. Install WDS with zero configuration.
- Use the Microsoft Management Console (MMC) DHCP snap-in to authorize the WDS (SCCM) server in Active Directory (AD) for DHCP. Most likely, the SCCM server isn’t the DHCP server. However, you shouldn’t need to set scope options on the DHCP server to point to SCCM for PXE. If you have multiple networks and your routers are forwarding packets correctly, your clients should be able to receive responses. Alternatively, you can use DHCP option 67 to set your boot image to a value of \SMSBoot\x86\wdsnbp.com and option 66 to your SCCM server’s Fully Qualified Domain Name (FQDN) to force DHCP to tell clients the SCCM server.
- Create a standard AD user account for the network access account. Open SCCM and navigate to Site Database, Site Management. Under the site’s name, select Site Settings, Client Agents, Computer Client Agent. Configure the account in the Computer Client Agent Properties dialog box, as Figure 2 shows. Make sure the account is a local administrator account on the SCCM server, or at least give the account rights to the smspxeimages$ share and make it a member of the SMSAdmins group. Otherwise, when clients boot from PXE they won't have permission to read the Windows Preinstallation Environment (WinPE) files from the share. For more information about best practices for the network access account, see the Microsoft article “About the Network Access Account.”
For more OS deployment tips, see the Microsoft Operating System Deployment Checklists website.
Configuring the SCCM Server for OS Deployment
The first step in OS deployment is to prepare the server for the OS images.
- Create a folder and share to store the Windows Imaging Format (WIM) files. Copy the files into this folder, giving them useful names (e.g., vistasp1x86.wim rather than install.wim).
- Import the WIM files from the share into the Operating System Deployment portion of the SCCM management console. Note that by default, if you import a WIM file that has multiple images in it, SCCM uses the name of the first image (e.g., Windows Vista Business) to name the entire group of imported images. A better alternative is to use a more meaningful name, such as Windows Vista SP1 x86.
- Add a distribution share for the new images.
- Add a PXE distribution point for each of the boot images. (By default, SCCM already has the boot images for x86 and x64 that contain the WinPE environment; however, no distribution points are assigned to these images.)
- Enable PXE boot capability on the SCCM server. Open SCCM and navigate to Site Database, Site Management. Under the site’s name, select Site Settings, Site Systems, PXE Service Point. Then, enable the PXE site role to open various ports in your firewall.
Although SCCM 2007 R2 can deploy OSs to unknown computers, I recommend deploying only to computers for which you have the MAC address. Deploying to an unknown computer can result in SCCM wiping and reinstalling the computer.
In my case, I was deploying to a new computer that didn’t have an AD account and wasn’t known to SCCM. Therefore, I needed to create an SCCM record and add the computer to a collection.
Open SCCM and navigate to Site Database, Computer Management, Operating System Deployment, Computer Associations, Import Computer. Select Manual and enter the computer name and MAC address. Force an update of the All Systems collection (by first selecting the Rebuild action, then the Refresh action) to display the new computer.
Next, you need to create a collection where you can target your OS deployments. Create a collection called OSDeployment, and use a static rule to add to the collection any computers that need the OS. (If you’re just doing initial testing and need a controlled environment, add only your test machines.) Another option for bulk deployments is to create dynamic collections with membership based on attributes such as existing OS and computer locations.
Finally, create an application package as follows, so you can actually deploy the SCCM client to new installations.
- Navigate to Site Database, Computer Management, Software Distribution, Packages, New Package.
- Configure the package so that it has source files. The source should be \\sccm server\sms_site code\Client.
- Select the options Always obtain files from a source directory and Access distribution folder through common ConfigMgr package share. Accept all the other default settings.
- Create a program under the package. Set the value for the command line as ccmsetup.exe.
- Under Requirements, select Run on any platform.
- Under Environment, set the Program can run option to Whether or not a user is logged on, and set the Drive mode option to Runs with UNC name.
- Make sure all the advanced options are unchecked.
- Add a distribution point.
Next, you need to create a task sequence to deploy the OS and SCCM client package. (For more information about deploying images, see the Microsoft TechNet article “How to Deploy Operating System Images to a Computer”; for more information about creating a task sequence, see “How to Create a Task Sequence to Install an Existing Operating System Image Package.”
- Navigate to Site Database, Computer Management, Operating System Deployment, Task Sequences.
- Select Install an existing image package.
- Enter a name for the task sequence and select the option Boot image matching OS deploy type. (Alternatively, you can select the x86 option, which covers both x86 and and 64 architectures.)
- Specify the OS image, partitioning, product key, licensing, and administrator password action, as Figure 3 shows.
- Continue through the options for configuring the workgroup and domain to join.
- Under Install ConfigMgr, select the package you created for the SCCM client.
- Click through the rest of the screens. Note that you can configure patch and application deployments and can later change these settings through Task Sequences.
By default, the disk formatting portion of the OS deployment is quite slow. To improve the speed, you can change the disk partition to the format and partition option, which has a fast format option. Add the rule to prevent formatting of the disk if a cache exists that SCCM created by default, as Figure 4 shows.
Next, advertise the task sequence to the collection you created, by adding a mandatory advertisement. In my case, I wanted the advertisement take place immediately because I had a controlled test collection. In a live environment, you might want to set a certain time to start the advertisement. You could advertise to the unknown computers collection, to allow OS deployment on unknown computers. However, you should be careful doing this, as I discussed previously. In fact, you should be careful with this advertisement in general, because if you create the advertisement to the wrong collection of computers, you could end up rebuilding all the computers in your company.
Deploying the OS
If you configured everything correctly, your test machine will boot over the network and install the OS when you turn it on. Although I used a Vista image for illustration purposes, you can use any OS for which you have a WIM. I later prepared a Windows Server 2003 WIM for the client by installing Server 2003 on a virtual machine (VM). I patched the Server 2003 installation, making sure not to install virtual additions. I downloaded the correct version of Sysprep, ran Sysprep with the /generalize, /oobe, /shutdown, and /reseal switches, then booted into WinPE and captured a WIM file. I then imported the WIM file in SCCM and followed the steps I outline in this article.
If you encounter problems, view SCCM’s message and log files for help. Additional troubleshooting tips include the following:
- If you have a problem with PXE, open the collection and clear the last PXE advertisement, as Figure 5 shows. You can then retest the computer with the full advertisement.
- If you have a problem with WinPE, try enabling the command prompt in the boot images. Navigate to Site Database, Computer Management, Operating System Deployment, Boot Images, then right-click the boot image and select Properties. On the Windows PE tab, select the Enable command support option. After you update the boot images, be sure to refresh their distribution points.
- If WinPE fails to partition or format the disk, use the DiskPart utility (diskpart.exe) to partition and format the disk from the command line, then try deploying the OS again. This action will create the log file smsts.log, which will store failure information. I initially had problems accessing the SMSPXEIMAGES$ share, because the network access account lacked permission. When I tried to use the Net Use command on the \\sccm server\SMSPXEIMAGES$ share, the command failed.
Now that you have an environment capable of deploying an OS contained in a WIM file, you can build on it to perform more automated OS configuration, services and application deployment, patch deployment, and driver deployment. Once SCCM is fully configured, you have a complete zero-touch deployment solution.