The Error Message That Wasted Part Of My Day – or – I Am Not A Smart Man…

, , , , , , ,

The Error Message That Wasted Part Of My Day – or – I Am Not A Smart Man…

I’ve run into an issue that I couldn’t find documented anywhere, so I am hoping this post can help someone else in the future.

I recently stood up a new environment for a school district and it’s running ConfigMgr 1902 with ADK 1903. I prefer to have a custom boot image that is separate from the default boot images that are created with the set-up. Because I don’t want to risk breaking a boot image during an upgrade of ConfigMgr/ADK in the future. So, I open the Deployment and Imaging Tools Environment cmd prompt and run:

copype.cmd amd64 c:\bootimagex64

I take the boot.wim file from c:\bootimagex64\media\sources and place it in my site server sources folder for import. I go to Software Library -> Operating Systems -> Boot Images, select Add Boot Image, type out the UNC path to my site server sources folder and the new boot.wim file. Easy Peasy … but then I’m presented with the following error message:

The specified UNC path does not contain a valid boot image file or you do not have permission to access it. Specify a valid path.

The specified UNC path does not contain a valid boot image file or you do not have permission to access it. Specify a valid path.

The path IS valid! The Add Boot Image Wizard even completes my UNC path as I type it …

The specified UNC path does not contain a valid boot image file or you do not have permission to access it. Specify a valid path.

Yet it still gives me that error!

The specified UNC path does not contain a valid boot image file or you do not have permission to access it. Specify a valid path.

Welp – Time to troubleshoot.

typey, typey, type

First thing I checked is permissions. I verified that the site server computer account had full permissions for NTFS on that drive and within sharing for that particular share. Also, I verified that the service account had full permissions to NTFS and sharing, just in case. I even checked the permissions on the boot.wim file thinking maybe they didn’t inherit properly. None of that seemed to matter.

Next thing I checked is if the boot.wim is a valid boot image. I started up psexec in the context of system so I could run dism to verify that I could mount the boot.wim with:

psexec -i -s cmd

and then:

dism /mount-image /imagefile:”c:\bootimagex64\media\sources\boot.wim” /index:1 /mountdir:”C:\bootimagex64mount”

Then I go browse over to c:\bootimagex64mount and I can see the boot image successfully mounted so I know I can unmount it with:

dism /unmount-image /mountdir:”c:\bootimagex64mount” /discard

I was still unable to add this boot image to ConfigMgr.

So, I did what any self-respecting sysadmin would do and I went grovelling to my community for assistance. I tried the winadmins slack first, but the ideas presented didn’t get me anywhere.

[If you aren’t in the winadmins slack yet, then head on over and join us]

  • I tried using an alternate boot.wim, like the ones found at <ConfigMgrInstallDirectory>\OSD\boot\x64, but was met with the same error message as before.
  • Also, I really didn’t want to rollback the ADK, even just for testing purposes. I was willing to try it, as a last recourse. Since the support matrix shows it supported, but I’m stubborn.
Windows 10 ADK & ConfigMgr Support Matrix

https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk

Next I went to reddit and posted on /r/sccm to see if I could get any help there.

reddit post

https://www.reddit.com/r/SCCM/comments/c1qdiq/issues_importing_boot_image/

I was fully prepared for Jason Sandys to jump in and comment as he seems to be on the most popular Google results for this error message and he’s present on technet and reddit comments that I was looking at during my research, but I think I got an even better response…

I love you /u/vsoro00

https://www.reddit.com/r/SCCM/comments/c1qdiq/issues_importing_boot_image/erf7apl

I blame Jeffrey Snover for making me not want to click buttons, but really … I’m not a smart man. I cannot believe I never thought to browse to the damn wim file.

Windows 10 ADK & ConfigMgr Support Matrix

https://twitter.com/jsnover/status/386104326000627713

I came into the office today and decided to listen to /u/vsoro00 and click that browse button:

Windows 10 ADK & ConfigMgr Support Matrixand wouldn’t you know it … it worked!

I still don’t understand how this is functionally different from my typing it … but hey!

SUCCESS!

Woot! Now let’s make sure it will fully import…

The Error Message That Wasted Part Of My Day - or - I Am Not A Smart Man...

There we have it folks … a new boot image added successfully!

I want to say a heartfelt thank you to /u/vsoro00, who I assume is Vladimir Sorokin over on the ConfigMgr team at Microsoft, for taking time to answer my post in reddit with exactly what I needed to hear. Also, I don’t understand the technical limitations they are working with or what he means about how expensive the process can be to validate everything I type in, but if this is truly an issue for others than I look forward to them removing the typing functionality altogether! I love this community!

Chris Thomas
@AutomateMyStuff

Set-CMDistributionPoint Maintenance Mode

, , , , , , , , ,

Potential USMT Errors & Resolution

, , , , , , , , ,
Potential USMT Errors


Failure when “trying to reboot into WinPE”
appears on the Task Sequence UI (forgot to take screenshot)

 Potential USMT Errors & Resolution

 

      Check the “SMSTS.LOG” “C:WindowsCCMLogs”

 

         In the screenshot below look for a line like “Unable to find a volume that is suitable for staging the boot image” in the log file 

 

Potential USMT Errors
       This is typically for 2 different reasons.
      1.  The drive is locked by bitlocker encryption and you need to first disable bitlocker in the task            sequence. once this is done then the task sequence engine can identify the drive to stage the        boot image locally
      2.   This can also be because the drive is still undergoing the encryption process. You must wait             until the drive is fully encrypted before you can execute this task sequence from windows.
       To verify the drive is finished encrypting launch powershell as an admin and type “Get-BitlockerVolume” and do not attempt to run the installation until the “Encryption KeyProtector Percentage” is are 100%  
Potential USMT Errors
NOTE: it is possible you receive this error when you are trying to stage the boot image onto the disk and the disk cannot be read b/c of a different encryption software locks the disk. For example if you are running Dell Credant you must be logged into the system then the TS Engine will be able to read the disk.
To identify Dell Credant systems via SQL…this is a hybrid of one my queries that I use in my production environment but you can modify it to abosrb only bitlocker information by commenting out not needed parts

SELECT Distinct

v_R_System.Name0 AS System,

Computer_System_DATA.Model00 AS [System Model],

___System_INSTALLED_SOFTWARE0.ARPDisplayName00,

V_R_System.AD_Site_Name0 AS [AD Site],

CASE V_R_System.Build01

When ‘6.1.7601’ THEN ‘Windows 7’

WHEN ‘10.0.14393’ THEN ‘Win 10 v1607’

WHEN ‘10.0.15063’ THEN ‘Win 10 v1703’

END AS [Operating System],

CASE V_R_System.Client0

When ‘0’ THEN ‘No Client’

WHEN ‘1’ THEN ‘Client Installed’

END AS [Client],

v_GS_ENCRYPTABLE_VOLUME.DriveLetter0 AS [Drive Letter],

–v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0 AS [Protection Status],

CASE v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0

WHEN ‘0’ THEN ‘not encrypted’

WHEN ‘1’ THEN ‘encrypted’

WHEN ‘2’ THEN ‘Encrypted Requires Pin’

END AS [Bitlocker Status]

FROM

v_GS_ENCRYPTABLE_VOLUME

INNER JOIN v_R_System ON v_GS_ENCRYPTABLE_VOLUME.ResourceID = v_R_System.ResourceID

INNER JOIN Computer_System_Data ON V_R_System.Name0 = Computer_System_Data.Name00

INNER JOIN INSTALLED_SOFTWARE_DATA AS ___System_INSTALLED_SOFTWARE0 ON ___System_INSTALLED_SOFTWARE0.MachineID = V_R_System.ResourceID

Where

v_GS_ENCRYPTABLE_VOLUME.DriveLetter0 = ‘C:’

AND Computer_System_DATA.Model00!= ‘VMware Virtual Platform’

AND Computer_System_DATA.Model00!= ‘Virtual Machine’

–AND v_GS_ENCRYPTABLE_VOLUME.ProtectionStatus0 = ‘0’ –for not bitlocker encrypted systems–

–AND V_R_System.Name0 = ‘P620268’

AND ___System_INSTALLED_SOFTWARE0.ARPDisplayName00 like N’Credant_WindowsShield%’

 

Potential USMT Errors

 

 
Failure when trying to connect to SMP Share
 
This failure is more often seen when trying to rerun on a failed system (can be seen during backup or restore part of the process) 
 
Potential USMT Errors
For this we corrected the issue is to open PowerShell and running the following.

 

Remove-Item -Path ‘HKLM:SOFTWAREMicrosoftSystemCertificatesSMSCertificates*’ -force; restart-service ccmexec

I would also recommend opening registry location to verify this has successfully been deleted.
Once this runs successfully you should then be able to re-run the task sequence successfully.
File Not Found: 
of course there is the standard make sure your commands are typed correctly. In the example below we see a file not found error. Make sure you type out your file names correctly etc.
Potential USMT Errors
Potential USMT Errors
NOTE: I have seen cases where a variable is set for Packages, but it does not always translate, so I tend to just hard code the package ID when I set restore/capture options into a variable see the example below
Potential USMT Errors
Connection to SMP Refused: 
Make sure when you being your deployment strategy that you plan for an adequate number of connections to the SMP. The default for this I believe is 100 connections, but that does not mean concurrent connections. The criteria that goes into the count is any established connection (completed or in progress) within the your deletion policy time period. If you have a problem where the connection is actively refused by the SMP you should increase the max allowed connections you have configured.
Potential USMT Errors
I tried to create as many Potential USMT Errors as I could think of to help out the community. If I  encounter anymore or can think of new ones I will add them to this blogpost.