The Error Message That Wasted Part Of My Day – or – I Am Not A Smart Man…

, , , , , , ,

The Error Message That Wasted Part Of My Day – or – I Am Not A Smart Man…

I’ve run into an issue that I couldn’t find documented anywhere, so I am hoping this post can help someone else in the future.

I recently stood up a new environment for a school district and it’s running ConfigMgr 1902 with ADK 1903. I prefer to have a custom boot image that is separate from the default boot images that are created with the set-up. Because I don’t want to risk breaking a boot image during an upgrade of ConfigMgr/ADK in the future. So, I open the Deployment and Imaging Tools Environment cmd prompt and run:

copype.cmd amd64 c:\bootimagex64

I take the boot.wim file from c:\bootimagex64\media\sources and place it in my site server sources folder for import. I go to Software Library -> Operating Systems -> Boot Images, select Add Boot Image, type out the UNC path to my site server sources folder and the new boot.wim file. Easy Peasy … but then I’m presented with the following error message:

The specified UNC path does not contain a valid boot image file or you do not have permission to access it. Specify a valid path.

The specified UNC path does not contain a valid boot image file or you do not have permission to access it. Specify a valid path.

The path IS valid! The Add Boot Image Wizard even completes my UNC path as I type it …

The specified UNC path does not contain a valid boot image file or you do not have permission to access it. Specify a valid path.

Yet it still gives me that error!

The specified UNC path does not contain a valid boot image file or you do not have permission to access it. Specify a valid path.

Welp – Time to troubleshoot.

typey, typey, type

First thing I checked is permissions. I verified that the site server computer account had full permissions for NTFS on that drive and within sharing for that particular share. Also, I verified that the service account had full permissions to NTFS and sharing, just in case. I even checked the permissions on the boot.wim file thinking maybe they didn’t inherit properly. None of that seemed to matter.

Next thing I checked is if the boot.wim is a valid boot image. I started up psexec in the context of system so I could run dism to verify that I could mount the boot.wim with:

psexec -i -s cmd

and then:

dism /mount-image /imagefile:”c:\bootimagex64\media\sources\boot.wim” /index:1 /mountdir:”C:\bootimagex64mount”

Then I go browse over to c:\bootimagex64mount and I can see the boot image successfully mounted so I know I can unmount it with:

dism /unmount-image /mountdir:”c:\bootimagex64mount” /discard

I was still unable to add this boot image to ConfigMgr.

So, I did what any self-respecting sysadmin would do and I went grovelling to my community for assistance. I tried the winadmins slack first, but the ideas presented didn’t get me anywhere.

[If you aren’t in the winadmins slack yet, then head on over and join us]

  • I tried using an alternate boot.wim, like the ones found at <ConfigMgrInstallDirectory>\OSD\boot\x64, but was met with the same error message as before.
  • Also, I really didn’t want to rollback the ADK, even just for testing purposes. I was willing to try it, as a last recourse. Since the support matrix shows it supported, but I’m stubborn.
Windows 10 ADK & ConfigMgr Support Matrix

https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk

Next I went to reddit and posted on /r/sccm to see if I could get any help there.

reddit post

https://www.reddit.com/r/SCCM/comments/c1qdiq/issues_importing_boot_image/

I was fully prepared for Jason Sandys to jump in and comment as he seems to be on the most popular Google results for this error message and he’s present on technet and reddit comments that I was looking at during my research, but I think I got an even better response…

I love you /u/vsoro00

https://www.reddit.com/r/SCCM/comments/c1qdiq/issues_importing_boot_image/erf7apl

I blame Jeffrey Snover for making me not want to click buttons, but really … I’m not a smart man. I cannot believe I never thought to browse to the damn wim file.

Windows 10 ADK & ConfigMgr Support Matrix

https://twitter.com/jsnover/status/386104326000627713

I came into the office today and decided to listen to /u/vsoro00 and click that browse button:

Windows 10 ADK & ConfigMgr Support Matrixand wouldn’t you know it … it worked!

I still don’t understand how this is functionally different from my typing it … but hey!

SUCCESS!

Woot! Now let’s make sure it will fully import…

The Error Message That Wasted Part Of My Day - or - I Am Not A Smart Man...

There we have it folks … a new boot image added successfully!

I want to say a heartfelt thank you to /u/vsoro00, who I assume is Vladimir Sorokin over on the ConfigMgr team at Microsoft, for taking time to answer my post in reddit with exactly what I needed to hear. Also, I don’t understand the technical limitations they are working with or what he means about how expensive the process can be to validate everything I type in, but if this is truly an issue for others than I look forward to them removing the typing functionality altogether! I love this community!

Chris Thomas
@AutomateMyStuff

Set-CMDistributionPoint Maintenance Mode

, , , , , , , , ,

In the MEMCM Lab…

, , , ,

In the MEMCM Lab

With a pen and a pad, trying to get this deployment off

Updated: 7/8/2020 on https://doug.seiler.us/

My first lab was Johan’s hydration kit. It’s incredibly powerful, customizable, and educational. Unfortunately it takes a little more time and know-how than a novice like myself was initially prepared for.

However, at MMS Steve Jesok pointed out that Microsoft provides an all-in-one solution: the Windows and Office Deployment Lab Kit. Within minutes, we can have a fully functional domain controller and MEMCM server.

The Requirements

  1. Set up a host device – For this lab, I’m using a Windows 10 Pro workstation with an old i7 CPU, 16GB of RAM, and a secondary 500GB hard drive.
  2. Enable Hyper-V – If Hyper-V is not yet installed, open Turn Windows features on or off, check Hyper-V, and click OK. Reboot.
    enable_hyper-v.PNG
  3. Configure networking – Launch Hyper-V as administrator, and open the Virtual Switch Manager. Under Virtual Switches, select New virtual network switch. Select External and click Create Virtual Switch. Name it Lab and and leave everything else default. Click OK, and if you are prompted with a warning, click OK again.
    configure_virtual_switch.PNG

The Setup

  1. Download the kit from the link above. It has the virtual machines and step-by-step documentation on how to configure services. This is the only thing we need to download.
    labdownload.PNG
  2. Extract the lab zip file, preferably to a drive that is large and fast.
  3. Install – Right click Setup.exe and run as administrator. If prompted by SmartScreen, click More Info and then click Run anyway.
    run_setup_exe.PNG
  4. Setup Wizard – Click Next all the way through to the end. It will import all the VMs into Hyper-V.
    setup_wizard.png
  5. Configure VM Settings – You should see HYD-DC1 and HYD-GW1 already running. Shut them down. We won’t be using HYD-GW1 again.
  6. Domain Controller – Right click HYD-DC1 and select Settings. Set Maximum Memory to 2048MB and leave Enable Dynamic Memory checked. Set CPU to one virtual processor.
    hyd-dc1_settings.png
  7. MEMCM Server – Right click HYD-CM1 and select Settings. Leave memory settings at default. Set CPU to two virtual processors.
    hyd-cm1_settings.PNG

NAT Networking

Note: We will NOT be using the external virtual switch called Lab from Step 3 of the Requirements section. It was only necessary so that Setup.exe from the Setup section would run.
  1. NAT Networking – We’ll use Ami Arwidmark’s NAT network script instead of the Internet Gateway (HYD-GW1) to make the lab simpler. You can learn more about NAT networking here.
  2. Prepare the Virtual Switch – The Deployment Lab Kit creates it’s own private network switch, so we need to make it an Internal one to work with Ami’s script. In Hyper-V click Virtual Switch Manager. Click on HYD-CorpNet. Select Internal network and click OK.
    internal_network.PNG
  3. Customize the script – On the host system, launch Windows Powershell ISE as Administrator. Copy and paste the following code into the top script pane. This is an edited version of Ami’s code customized for our Microsoft lab. Hit F5 to run it.
     New-NetIPAddress IPAddress 10.0.0.254 -PrefixLength 24 -InterfaceAlias "vEthernet (HYD-CorpNet)" 
     New-NetNat Name HYD-CorpNetNATNetwork InternalIPInterfaceAddressPrefix 10.0.0.0/24
    
  4. We now have our host Windows 10 OS performing NAT on the internal virtual switch HYD-CorpNet. Our VMs are already pointing to it as the default gateway.

The Test

  1. Power on HYD-DC1 and wait for the log on screen. This is so our servers and workstations can talk to Active Directory.
  2. Power on HYD-CM1 and log in. The passwords for the local administrator accounts and for CORP\LabAdmin is P@ssw0rd
  3. Confirm the MEMCM server has internet access by launching command prompt and pinging 8.8.8.8.
  4. Give HYD-CM1 another moment for services to start up. Launch the Microsoft Endpoint Manager Configuration Manager Console and confirm that it loads successfully.
    memcm_console.png

Refer to the troubleshooting section at the end if anything isn’t working at this point

The Finishing Touch

Now that we’ve got a functioning domain, MEMCM server, and internet access, it’s time to update.
  1. In the MEMCM console, navigate to the Administration node and select Updates and Servicing. Click on Check for updates.
    check_for_updates.png
  2. If the latest version hasn’t already started downloading, select it (in this case 1902), right click and choose Download.
  3. Once it is downloading, on the bottom pane click on the Show Status link.
  4. On the Updates and Servicing Status page for our chosen update, right click update package and choose Show Status again.
  5. From here, we can follow the download AND installation statuses of the latest MEMCM upgrade.
    updates_and_servicing.PNG
  6. Once the download is complete, go back to the Administration node and click on Updates and Servicing again. The update we downloaded should now say Ready to install.
  7. Right click the update and select Install Update Pack. Check Ignore any prerequisite check warnings… and click Next until we reach the License Terms. Check the box, and keep clicking Next until the wizard completes successfully. Click Close.
    ignore_prereq_warnings.PNG
    install_update_pack.PNG
  8. Repeat steps 3 and 4 and watch the update installation progress. Refresh until the Update Wizard is complete and click Close.
    install_status.PNG
  9. Close the MEMCM console and relaunch it. We may be prompted to upgrade the console to the new version. Click OK, and if prompted for elevation click OK again.
    update_console.PNG

Congratulations! We now have a functional MEMCM environment we can configure and customize.

Troubleshooting

If there are any obstacles during set up, we can try some of these troubleshooting tips
  1. Firewall – If you cannot ping 8.8.8.8, we don’t have access to the internet. From CM1, try pinging DC1 at 10.0.0.6. If that works, try pinging the NAT gateway at 10.0.0.254. If that doesn’t work, try temporarily disabling the firewall as that might be blocking access.
    You may need to remove and redo the NAT networking as well, so run the following command in an elevated Powershell terminal:

     Remove-NetIPAddress -IPAddress 10.0.0.254
     Remove-NetNat
    
     New-NetIPAddress IPAddress 10.0.0.254 -PrefixLength 24 -InterfaceAlias "vEthernet (HYD-CorpNet)" 
     New-NetNat Name HYD-CorpNetNATNetwork InternalIPInterfaceAddressPrefix 10.0.0.0/24
    
  2. NAT – If you can ping 10.0.0.254 but STILL can’t ping 8.8.8.8, make sure HYD-GW1 is powered off. If it is, the issue is on the host system. From the host system, ping CM1 at 10.0.0.7 to confirm NAT is working. If NAT is working, from CM1 ping the host IP of the physical adapter.
  3. Subnet – The lab network is 10.0.0.0/24. If our home network is also on 10.0.0.0/24 we’ll have trouble getting out. We will either need to ditch the NAT and rely on GW1, or re-IP DC1 and CM1 and our NAT configuration on a different network. Just keep in mind in subsequent blog posts we’ll need to adjust networking respectively.
    For example if you wanted to change the lab from the default 10.0.0.0/24 network to a 10.11.12.0/24 network, change the CM1 IP to 10.11.12.7 and the DC1 IP to 10.11.12.6. Remove the NAT config and make a new one on that network like so:

     Remove-NetIPAddress -IPAddress 10.0.0.254
     Remove-NetNat
    
     New-NetIPAddress IPAddress 10.11.12.254 -PrefixLength 24 -InterfaceAlias "vEthernet (HYD-CorpNet)" 
     New-NetNat Name HYD-CorpNetNATNetwork InternalIPInterfaceAddressPrefix 10.11.12.0/24