MSitPros.com

Feb 06

Install fonts to Windows 7 with Microsoft Deployment Toolkit

Categories:

This is not the first time I have seen that someone tries to solve how to install fonts on a Windows 7 machine during deployment. Most of the methods use a vbscript of some kind that creates a object on the destination folder (C:\Windows\Fonts) and uses the copyhere method. An Example can be seen on my colleagues post here: http://msitpros.com/?p=739

And after a little googling I found out that no one has made a “MDT” script / Application that does this. So guess what I did………. Yes, you guessed it. I made a “MDT” Font installer script based on the custom script template in MDT. Okay , so why did I do that you might ask…. The main reason is logging. When a deployment is done I get a log with all the fonts that are installed during the Deployment. And I also prefer of doing it this way.

In order to use this you create a folder under your applications in your deployment share that you can call
“ INSTALL – FONTS ”
Inside this folder you place the .WSF script I have made. Inside this folder you also create a source folder. In the source folder you place the fonts that you want to install. It looks like this:

The script can be downloaded here:
https://skydrive.live.com/?cid=7bc34ea39529a4cd&sc=documents&uc=1&id=7BC34EA39529A4CD%21140#

When you define it as an application in the Workbench you define it like this:

Application without source files or elsewhere on the network.

Give the application a name. I called mine “INSTALL – FONTS”.

Command line is:” cscript install-fonts.wsf “
Working dir is:“ .\applications\INSTALL – FONTS
(change it to what you called it)

Okay so now you can add it as a normal application and it will install the fonts during the deployment. Remember to place the fonts you need inside the source folder. All logging will be done to the BDD.log and a log file called install-fonts.log. Good luck.

Tags: Fonts, microsoft deployment toolkit, Script

1 comment

Feb 02

ZTIDomainJoin.wsf and 0×534 error in Netlogon.log

Categories:

Deployment

by Oddvar

Famous first words of a consultant: “I had a strange issue at a customer”.
The customer had the well known message box during logon. You know the message the states that you are not allowed to logon if you are not a authorized user and so on.(legal disclaimer).

So I have read that this will break MDT. I first read about it in Johan Arwidmarks blog (this guy has seen it all). This article here:
http://www.deployvista.com/Blog/JohanArwidmark/tabid/78/EntryID/147/language/en-US/Default.aspx
It suggested 2 workarounds. One is to enable WMI queries on the group policy object that has the logon message box setting. This was not an option in my scenario. So I choose to go for option number 2. Postpone the domain join process. Johan referred to a blog article by Keith Garner (on of the MDT developers). This one:
http://deployment.xtremeconsulting.com/2009/12/08/new-for-mdt-2010-ztidomainjoin-wsf/

This article states that you should remove DomainJoin settings in the zticonfigure.xml (or the unattend.xml and unattend.txt). So I removed the settings from the zticonfigure.xml. I did a search and delete for these variables in the XML file:

JoinDomain
DomainAdmin
DomainAdminDomain
DomainAdminPassword
MachineObjectOU

The next thing I did was to remove these variables from the customsettings.ini file. And I added the following command directly in the Task sequence in the very end:

cscript.exe "%SCRIPTROOT%\ZTIDomainJoin.wsf " /JoinDomain:childdomain.customer.int /DomainAdmin:mdt-joinaccount /DomainAdminDomain:childdomain.customer.int /DomainAdminPassword:SoNowYouKnowThePasswordToMyCustomer /DomainErrorRecovery:Auto /MachineObjectOU:OU=Workstations Standard,OU=Arendal,DC=childdomain,DC=customer,DC=int

Well I actually added this command twice in the task sequence. One for laptops and one for desktops. With conditions of course (isLaptop, isDesktop). I also disabled the default step “Recover from the Domain”. After all of this I was ready to test a deployment and see if the computer was actually joined to the domain. After 15 minutes I was ready to check the results. What….Not in the domain..But But….. Okay, log checking time.

I started checking out the netsetup.log. It stated:

NetpDoDomainJoin: status: 0×534

I converted this to Hex by using this command: set /a c=0×534

The command returned 1332.

I the asked net helpmsg for help with this command:

Net helpmsg 1332

It stated:

No mapping between account names and security IDs was done.

Okay that’s strange. There is no machine object in the domain with this computer name. I looked at the ztidomainjoin.log file also and it said that there is probably a machine account already in a different OU.

Just to be sure I did a search in Active Directory….No machine account.

The next thing I did was to check google. I stumbled over this one:

http://social.technet.microsoft.com/Forums/en-US/mdt/thread/152aba62-5442-45d6-a626-7454838d5dd5

okay, no direct solution. But what I noticed was the discussion about if there should be “ “ in the MachineObjectOU. I then came to think about the OU structure at my customer.

OU=Workstations Standard,OU=Arendal,DC=childdomain,DC=customer,DC=int

Yeah. There is a space in the Workstations Standard OU. And since I have done my part of VBscripting I know that this could easily be an issue. So I changed the command to this:

cscript.exe "%SCRIPTROOT%\ZTIDomainJoin.wsf " /JoinDomain:childdomain.customer.int /DomainAdmin:mdt-joinaccount /DomainAdminDomain:childdomain.customer.int /DomainAdminPassword:SoNowYouKnowThePasswordToMyCustomer /DomainErrorRecovery:Auto /MachineObjectOU:"OU=Workstations Standard,OU=Arendal,DC=childdomain,DC=customer,DC=int"

And voila. It worked. So this is probably a bug in the ZTIDomainJoin.wsf script. If you are very observant you can see in the ZTIDomainJoin.log that it says MachineObjectOU=Workstations and not the whole path as it should. I will check if this is resolved in MDT 2012 and make a new post then.

Tags: bug, Domain Join, microsoft deployment toolkit, net helpmgs, zticonfigure.xml, ztidomainjoin.wsf

Leave comment

Feb 01

Event 4105: The Remote Desktop license server cannot update the license attributes for user objects

Categories:

Active Directory, Server

by Christian

Got this error on a Windows 2008 R2 Terminal Server. This server also hosted the Terminal Server lisencing service.

The Remote Desktop license server cannot update the license attributes for user “USER” in the Active Directory Domain “DOMAIN”. Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain “DOMAIN”.

If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.

If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Remote Desktop Licensing service to track or report the usage of RDS Per User CALs.

Win32 error code: 0×80070005

The following steps resolved the error:

Run adsiedit.msc
Open “Default Naming Context”
Browse to where your user object are located
Right-click on CN=<Your OU> and choose Properties
On the Security tab, click the Advanced button
Click the Add button, type Terminal Server License Servers and click OK
On the Properties tab, select Descendant User objects in the Apply onto box
Select Allow for all of the following:

Read msTSExpireDate Write msTSExpireDate Read msTSLicenseVersion Write msTSLicenseVersion Read msTSManagingLS Write msTSManagingLS

This post has no tag

Leave comment

Jan 26

Unable to unauthorize DHCP Server

Categories:

Active Directory, Server

by Christian

From time to time I see old/orphaned objects in the DHCP Server authorized lists. This happens often when you change IP address and DNS is not resolving the old IP address.

When you try to unauthorize following error message appears:

—————————

DHCP

—————————

There is no such object on the server.

—————————

What you need to do is removing some references in AD.

Open Adsiedit
Connect to “CN=NetServices,CN=Services,CN=Configuration,DC=Your Domain,DC=com”
Expand, and then you should see CN = DhcpRoot.
Edit dhcpServers attribute on DhcpRoot to reflect (delete the orphaned servers)
Verify the Authorized list in DHCP

This post has no tag

Leave comment

Jan 13

VSS error and no Active Directory partition Backup

Categories:

Server

by Oddvar

I had a strange issue on two 2008 domain controllers. I was just taking a health check before I started my assigned task. I scrambled through the event logs for errors and found this one on both of them:

Okay, so there has been no system state backup of these servers in some time. The next thing I did was to check the backup. The costumer uses a cloud based backup system that uses VSS to take backup. Everything in the backup logs looked okay. I also verified that system state was checked, and it was. I then checked if there was any newer version of the backup software. But the customer had the most recent one. Yeah…. What now?

I then looked again over the event logs on the domain controllers and found this one at same time the backup runs:

“ Volume Shadow Copy Service error: Unexpected error VSS_E_WRITER_STATUS_NOT_AVAILABLE “

I than did a hotfix search and finally stumbled over this one:
http://support.microsoft.com/kb/970770

The most time consuming was to find the right hotfix. There are pretty many when you search for VSS and 2008.

I then installed this hotfix on both and booted them. Then I retried the backup and the problem went away. And of course Directory services stopped complaining about the no backup of directory partition issue.

Hope this helps someone else with the same problem.

Tags: Active Directory, Backup, hotfix, vss

Leave comment

Jan 04

Hydrating on Virtualbox

Categories:

Deployment

by Oddvar

Johan Arwidmark has made some excellent hydration solutions that are time saving. (http://www.deploymentresearch.com/Blog/tabid/62/EntryId/29/YAHK-Yet-Another-Hydration-Kit-This-one-for-ConfigMgr-2012-Beta-2.aspx ).
I am currently stuck on Oracle virtualbox as my hypervisor (at least until Windows 8 is in beta). I therefore took the liberty of creating script number 4 in the hydration solution for CM2012Beta that creates the VM’s to do it on virtualbox. I know it is not a pretty/good looking PowerShell script, but it does what it is supposed to do. So the script looks like this:

# Addition to Johans Arwidmarks Hydration kit using Sun Virtualbox instead of Vmware or Hyper-V.
# http://www.deploymentresearch.com/Blog/tabid/62/EntryId/29/YAHK-Yet-Another-Hydration-Kit-This-one-for-ConfigMgr-2012-Beta-2.aspx
# Author: Oddvar Moe, http://msitpros.com

$PathToExe = "C:\program files\oracle\virtualbox\"

#HYDRATION-DC01
$VM = "HYDRATION-DC01"
$DiskLocation = "C:\VMs\$VM\disk1.vhd"
md C:\VMs\$VM
cd $PathToExe
.\VboxManage.exe createhd --filename $DiskLocation --size 300000 --format VHD | out-null
.\VboxManage.exe createvm --register --name $VM --ostype Windows7_64 | out-null
.\VBoxManage.exe storagectl $VM --name "IDE Controller" --add ide --controller PIIX4 --hostiocache on | out-null
.\VBoxManage.exe storageattach $VM --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium emptydrive
.\VBoxManage.exe storagectl $VM --name "Sata Controller" --add sata --sataportcount 1 | out-null
.\VBoxManage.exe storageattach $VM --storagectl "Sata Controller" --port 0 --type hdd --medium $DiskLocation | out-null
.\VboxManage.exe modifyvm $VM --memory 1024 --vram 21 --pae off | out-null
.\VboxManage.exe modifyvm $VM --nic1 intnet --macaddress1 00155D000011 | out-null
.\VBoxManage.exe modifyvm $VM --dvd C:\HydrationServers\HydrationServers.iso | out-null

#HYDRATION-DC02
$VM = "HYDRATION-DC02"
$DiskLocation = "C:\VMs\$VM\disk1.vhd"
md C:\VMs\$VM
cd $PathToExe
.\VboxManage.exe createhd --filename $DiskLocation --size 300000 --format VHD | out-null
.\VboxManage.exe createvm --register --name $VM --ostype Windows7_64 | out-null
.\VBoxManage.exe storagectl $VM --name "IDE Controller" --add ide --controller PIIX4 --hostiocache on | out-null
.\VBoxManage.exe storageattach $VM --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium emptydrive
.\VBoxManage.exe storagectl $VM --name "Sata Controller" --add sata --sataportcount 1 | out-null
.\VBoxManage.exe storageattach $VM --storagectl "Sata Controller" --port 0 --type hdd --medium $DiskLocation | out-null
.\VboxManage.exe modifyvm $VM --memory 1024 --vram 21 --pae off | out-null
.\VboxManage.exe modifyvm $VM --nic1 intnet --macaddress1 00155D000012 | out-null
.\VBoxManage.exe modifyvm $VM --dvd C:\HydrationServers\HydrationServers.iso | out-null

#HYDRATION-CM01
$VM = "HYDRATION-CM01"
$DiskLocation = "C:\VMs\$VM\disk1.vhd"
md C:\VMs\$VM
cd $PathToExe
.\VboxManage.exe createhd --filename $DiskLocation --size 300000 --format VHD | out-null
.\VboxManage.exe createvm --register --name $VM --ostype Windows7_64 | out-null
.\VBoxManage.exe storagectl $VM --name "IDE Controller" --add ide --controller PIIX4 --hostiocache on | out-null
.\VBoxManage.exe storageattach $VM --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium emptydrive
.\VBoxManage.exe storagectl $VM --name "Sata Controller" --add sata --sataportcount 1 | out-null
.\VBoxManage.exe storageattach $VM --storagectl "Sata Controller" --port 0 --type hdd --medium $DiskLocation | out-null
.\VboxManage.exe modifyvm $VM --memory 4096 --vram 21 --pae off | out-null
.\VboxManage.exe modifyvm $VM --nic1 intnet --macaddress1 00155D000013 | out-null
.\VBoxManage.exe modifyvm $VM --dvd C:\HydrationServers\HydrationServers.iso | out-null

I tried to search for PowerShell modules that add virtualbox cmdlets, but I could not find any. That is not entirely true since I found this one: http://jdhitsolutions.com/blog/2011/06/managing-virtualbox-with-powershell/

But it did not have all the cmdlets I needed, so I wrote a simple script instead. This script can of course be used as an example when you need to create a bunch of virtual servers in virtualbox for other needs also. Hope you find this useful.

Tags: Hydration, powershell, SCCM, Virtualbox

Leave comment

Jan 04

AD discovery CM 2012 Feature I love

Categories:

Deployment

by Oddvar

I must say that I am please to see that they finally have this feature implemented in CM 2012.

Only discover computers that have logged on to a domain in a given period of time.

Many customers do not have any control of the computer objects that actually are in use. This will sure help on getting better status on actual clients that are in use. Great!

Tags: Active Directory, AD discovery, CM 2012, feature

Leave comment

Jan 02

Modify the task manager

Categories:

Client

by Oddvar

I got a challenge when trying to add some columns in the task manager under processes in a deployment for a colleague.

He wanted to automatize so that every one got the same task manager view. I started out searching for scripts that would do this for me. Could not find any. Okay, so I am on my own again trying to figure this one out. I fired up Process monitor to try to figure out what happens when I change columns. I changed the filter to show only Operation equals RegSetValue. I then started the monitoring and changed the layout of the task manager, but then nothing showed up in Process monitor. That was strange. I then thought about other applications that actually does not write anything to the registry until they are closed. So I repeated the whole thing and closed the task manager. And there it was. I found the registry keys that controls the layout of the task manager.

It was the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\Preferences

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\UsrColumnSettings

And of course this is binary so the easiest way is just to make the changes, remember to close the task manager and then export the keys. (editing binary values directly is hard!)

So now you can just import this settings to either the default profile or run the import during logon or add it to your build image…… I leave that up to your preferred method.

Hope this helps someone that want to customize the task manager.

Tags: Process monitor, Registry, Task manager

Leave comment

Jan 02

Ignore original message, Spellcheck Outlook 2010

Categories:

Office

by Sem

There is an feature in outlook which should get the spellcheck to ignore original message text in reply or forward. Which can be found if you press the File -> Option ->Mail

You would believe that when you check the checkbox it should work.
However it’s not that simple. There is a big chance that you will still experience that it infect does check the original text.

In my case the function only work if I had the “Mark grammar as you type” checked and “Check grammar with spelling” unchecked. as displayed below

When I checked my friend Google a lot of users are struggling with this on several outlook versions. I have only tested it on the 2010 32bit version but give it a try and please comment if it helps you with another version.

Tags: Outlook 2010, spellcheck

1 comment

Dec 15

Install ActiveX for all users on 2008R2 Remote Desktop Server

Categories:

Server

by Oddvar

This is primary notes for my self, because for some reason I always spend much time dealing with this during installation of Remote Desktop Servers.

First of all there is a part of Windows that is called ActiveX Installer Service that needs to be configured. This is default enabled in Windows 7. In Vista you have to add this as feature through add windows features. I always assume that if something is in Windows 7 it is also implemented in the Server 2008 R2 OS, since it is the same core (and on Vista and 2008). In this case this is not true at all. In order to get Server 2008 R2 to enable the ActiveX installer service there is a hotfix required. The same goes for 2008.

ActiveX installer service for 2008 R2 Hotfix: http://support.microsoft.com/kb/2508120
ActiveX installer service for 2008 Hotfix: http://support.microsoft.com/kb/2582841

Okay, so after installing this hotfix you can start configuring the ActiveX installer Service with Group policy. Yoho!

Edit your group policy that affects your Remote Desktop Server and browse to the following:

Here you will have a setting that you want to edit (Approve Installation Sites for ActiveX Controls):

But before you enable this you have to know where the ActiveX is coming from. In my scenario it was coming from http://webint.customer.local/ . Edit the setting and choose enable and click show:

You might want to understand the value field in this setting. You have 4 different switches.

The first one controls what to do when installing ActiveX controls that have trusted signatures.
0 = Prevents users from installing
1 = Prompts the user before installing
2 = Installs ActiveX

The second controls what to do when the signed ActiveX is not the trusted root.
0 = Prevents users from installing
1 = Prompts the user before installing
2 = Installs ActiveX

The third controls what to do when the ActiveX is unsigned.
0 = Prevents users from installing
1 = Installs the unsigned ActiveX

The fourth controls what to do when any errors are returned in a https session:
0 = Specifies that the connection must pass all verification checks. (default).
0×00000100 = Ignore errors caused by unknown certification authorities (CAs).
0×00001000 = Ignore errors caused by an invalid common name (CN).
0×00002000 = Ignore errors caused by a certificate’s date.
0×00000200 = Ignore errors caused by improper certificate use.

So in my scenario I want to install this no matter what so my values are 2,2,1,0 . Since the connection is not HTTPS I can safely set 0 in last control since there are no certificate involved in the connection to the web server.

To verify it is working you can have look in the event log:

If it fails the event ID is 4097.

More detailed information on this here :
http://technet.microsoft.com/en-us/library/dd631688(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc721964(WS.10).aspx

Now it is up to Internet Explorer to handle the ActiveX as an add-on. So if the ActiveX is denied then you need to adjust the settings regarding the ActiveX in the Zone it lives in. I choose to set this setting per user under the intranet zone, because this web service is in this zone.

I adjust the following settings for my ActiveX:

Hopes this helps someone else having the same problem.

Tags: ActiveX, Group policy, Remote desktop services

Leave comment

MSitPros Blog

Knowlegde is of no value unless you put it into practice

Install fonts to Windows 7 with Microsoft Deployment Toolkit

ZTIDomainJoin.wsf and 0×534 error in Netlogon.log

Event 4105: The Remote Desktop license server cannot update the license attributes for user objects

Unable to unauthorize DHCP Server

VSS error and no Active Directory partition Backup

Hydrating on Virtualbox

AD discovery CM 2012 Feature I love

Modify the task manager

Ignore original message, Spellcheck Outlook 2010

Archives

Category

Newest Comments

Top posts

Authors

Oddvars Twitter feed

Sems twitter feed

Copyright