Potential USMT Errors & Resolution

, , , , , , , , ,
Potential USMT Errors


Failure when “trying to reboot into WinPE”
appears on the Task Sequence UI (forgot to take screenshot)

 Potential USMT Errors & Resolution

 

      Check the “SMSTS.LOG” “C:WindowsCCMLogs”

 

         In the screenshot below look for a line like “Unable to find a volume that is suitable for staging the boot image” in the log file 

 

Potential USMT Errors
       This is typically for 2 different reasons.
      1.  The drive is locked by bitlocker encryption and you need to first disable bitlocker in the task            sequence. once this is done then the task sequence engine can identify the drive to stage the        boot image locally
      2.   This can also be because the drive is still undergoing the encryption process. You must wait             until the drive is fully encrypted before you can execute this task sequence from windows.
       To verify the drive is finished encrypting launch powershell as an admin and type “Get-BitlockerVolume” and do not attempt to run the installation until the “Encryption KeyProtector Percentage” is are 100%  
Potential USMT Errors
NOTE: it is possible you receive this error when you are trying to stage the boot image onto the disk and the disk cannot be read b/c of a different encryption software locks the disk. For example if you are running Dell Credant you must be logged into the system then the TS Engine will be able to read the disk.
To identify Dell Credant systems via SQL…this is a hybrid of one my queries that I use in my production environment but you can modify it to abosrb only bitlocker information by commenting out not needed parts

SELECT Distinct

v_R_System.Name0 AS System,

Computer_System_DATA.Model00 AS [System Model],

___System_INSTALLED_SOFTWARE0.ARPDisplayName00,

V_R_System.AD_Site_Name0 AS [AD Site],

CASE V_R_System.Build01

When ‘6.1.7601’ THEN ‘Windows 7’

WHEN ‘10.0.14393’ THEN ‘Win 10 v1607’

WHEN ‘10.0.15063’ THEN ‘Win 10 v1703’

END AS [Operating System],

CASE V_R_System.Client0

When ‘0’ THEN ‘No Client’

WHEN ‘1’ THEN ‘Client Installed’

END AS [Client],

v_GS_ENCRYPTABLE_VOLUME.DriveLetter0 AS [Drive Letter],

–v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0 AS [Protection Status],

CASE v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0

WHEN ‘0’ THEN ‘not encrypted’

WHEN ‘1’ THEN ‘encrypted’

WHEN ‘2’ THEN ‘Encrypted Requires Pin’

END AS [Bitlocker Status]

FROM

v_GS_ENCRYPTABLE_VOLUME

INNER JOIN v_R_System ON v_GS_ENCRYPTABLE_VOLUME.ResourceID = v_R_System.ResourceID

INNER JOIN Computer_System_Data ON V_R_System.Name0 = Computer_System_Data.Name00

INNER JOIN INSTALLED_SOFTWARE_DATA AS ___System_INSTALLED_SOFTWARE0 ON ___System_INSTALLED_SOFTWARE0.MachineID = V_R_System.ResourceID

Where

v_GS_ENCRYPTABLE_VOLUME.DriveLetter0 = ‘C:’

AND Computer_System_DATA.Model00!= ‘VMware Virtual Platform’

AND Computer_System_DATA.Model00!= ‘Virtual Machine’

–AND v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0 = ‘0’ –for not bitlocker encrypted systems–

–AND V_R_System.Name0 = ‘P620268’

AND ___System_INSTALLED_SOFTWARE0.ARPDisplayName00 like N’Credant_WindowsShield%’

 

Potential USMT Errors

 

 
Failure when trying to connect to SMP Share
 
This failure is more often seen when trying to rerun on a failed system (can be seen during backup or restore part of the process) 
 
Potential USMT Errors
For this we corrected the issue is to open PowerShell and running the following.

 

Remove-Item -Path ‘HKLM:SOFTWAREMicrosoftSystemCertificatesSMSCertificates*’ -force; restart-service ccmexec

I would also recommend opening registry location to verify this has successfully been deleted.
Once this runs successfully you should then be able to re-run the task sequence successfully.
File Not Found: 
of course there is the standard make sure your commands are typed correctly. In the example below we see a file not found error. Make sure you type out your file names correctly etc.
Potential USMT Errors
Potential USMT Errors
NOTE: I have seen cases where a variable is set for Packages, but it does not always translate, so I tend to just hard code the package ID when I set restore/capture options into a variable see the example below
Potential USMT Errors
Connection to SMP Refused: 
Make sure when you being your deployment strategy that you plan for an adequate number of connections to the SMP. The default for this I believe is 100 connections, but that does not mean concurrent connections. The criteria that goes into the count is any established connection (completed or in progress) within the your deletion policy time period. If you have a problem where the connection is actively refused by the SMP you should increase the max allowed connections you have configured.
Potential USMT Errors
I tried to create as many Potential USMT Errors as I could think of to help out the community. If I  encounter anymore or can think of new ones I will add them to this blogpost.

Successfully added DaRT to boot image….or did it?

, , , , , , , , ,
Successfully added DaRT to boot image….or did it? Here is how to identify the problem and  a link to fix it!
I was recently onsite with a customer where the proposed design document included MDOP DaRT integration into the boot images. DaRT is a great tool to have because it gives the engineer the ability to remotely connect to the machine while within the WinPe environment. This particular customer is undergoing a massive and understaffed windows 10 migration where every bit of efficiency really makes a difference on deployment nights.
First a quick review on installing MDOP DaRT, Enabling Monitoring, and creating the boot image.
  1.  Install MDOP DaRT on primary site server
  2.  Copy the Toolsx86/64 cab files into proper directories into the MDT deployment share
  3.  Enable Monitoring on deployment share
Deployment share \SERVERD$DeploymentShare
Ports: 9800 (Event port) 9801 (Data port)

Connect to deployment share > Right click on “Monitoring” > Navigate to Monitoring Tab and fill the check box

Once this is filled you will start to see systems as they image from this view. 
DaRT
If you are in an environment that is not really using the MDT deployment share you would still open up the MDT toolkit and modify the CustomSettings.INI. This customer is heavily utilizing the MDT Deployment Share with all the settings applied we can access the “Rules” tab and see the setting is automatically applied after we enabled monitoring. The great part about using the deployment share in this scenario is that we can make constant on demand changes and not have to worry about hash mismatch errors like if were working within the MDT toolkit package.
DaRT
 We are now able to make our DaRT integrated boot image from the console on our primary site server. Begin by selecting “Create Boot Image using MDT” Make sure to select the following optional components “MDAC/ADO Support, and DaRTT”
 
DaRT
From this point we distributed the enabled the boot image for PXE deployment, added drivers, and attach it to a task sequence. In the screenshot below you will notice we are missing something? We do not have the “DaRT Remote Control” option that we should have.

 

DaRT
NOTE: Sometimes when the boot image is “Successfully” created it does not add the “DaRT” tool. I am able to verify this to be a LIE by looking into the PEMananger.LOG located in my temp folder.

C:Users%UserNameAppDataLocalTemp5PEManager.12520PEManager.log

DaRT
When we look at the command that was ran by accessing the “RunCMD.CMD” we see that only the WinPE-MDAD_EN-US.CAB is the only package even attempted to be added.
DaRT
You can investigate further by opening up DISM GUI and searching for any trace of DaRT on the boot image. As you can see DaRT did not even attempt to be installed into the wim.
Manually modify boot image to include Dart functionality by using the script below.
HOW TO FIX IT: Johan Arwidmark has a script available online that I have used to inject the Dart into a newly created WIM.

 

Once we ran the script created by Johan and injected the drivers I was able to start using DaRT tools.
After the USMT toolkit is called and the Gather step starts to run a box on the bottom left will appear  on the system being imaged but minimized. This is your indicator to let you know that you can now use DaRT functionality.

 

DaRT
From the Monitoring Node in the deployment workbench right click the computer we are trying to troubleshoot > Select Properties > Select DaRT Remote Control
DaRT
DaRT
TL;DR
Do not always take the console UI at face value and always verify with log files. Some occasions the console indicates something was done correctly but you need to check the logs. If this happens then you need to go old school and use the tried/true methods. If you run into a problem always do a quick search b/c the Deployment Research guys might already have a work-around.
To vote for this to be fixed from SCCM team please visit the link below.
 https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/32344414-dart-bug
 

USMT Estimation Report

, , , , , ,

USMT Estimation Report

USMT Estimation Report – One of the deliverable items at a customers site was to identify the amount of data each machine would would have to backup. This is important data to capture to help plan your estimated migration times as well as identify systems that will not be able to successfully perform a backup. This data is not something that SCCM will automatically absorb, but Jason Sandy already has a solution for that. We used his script here with a few mods for our environment we were able to capture this information.

let me point out that if you look inside of the MDT Toolkit for ZTIUserState.wsf you will see that it is estimated to need 1.1 times the size of the data you are trying to catpure. This is something that was pointed out from a co-worker.
USMT Estimation Report
OLD Report Visuals
USMT Estimation Report

New Report Visuals

 

USMT Estimation ReportUSMT Estimation Report

 

The new report allows you to look up specific computers, interactive sorting, better visuals, graphs, and more efficient SQL logic.

you will have to modify the CASE WHEN statements to fit your own environment. Please do some testing and then modify for the “USMT Only Time Estimate” column. Several factors go into consideration for determining this value. These are things such as server specs, amount of systems running the task concurrently, bandwidth, etc.

THE RDL: https://gallery.technet.microsoft.com/USMT-Space-Estimator-2c5d728b