Friday, August 26, 2011

VMware ESX 4 - Server 2003 BSOD

This is probably something obvious for VMware veterans, but I was running into problems installing Server 2003 in a VM using MDT. I had changed the Operating System setting in the VM from Server 2008 to Server 2003, but still wasn't having any luck.

The backstory is that I've been using a single VM to install and capture my operating systems for MDT, which have been 2008 and 2008 R2 up until this point. I kept getting a BSOD with the STOP 7B error code whenever I tried to install. Some Google detective work pointed to the SCSI controller for the VM. It was currently using the LSI Logic SAS controller, but the LSI Logic Parallel controller is recommended for Server 2003.

When you create a new VM and select Server 2003 it uses the Parallel controller. When you select 2008 or higher it uses the SAS controller. When you change the operating system on an existing VM, you need to also change the SCSI controller to the correct type manually.

Wednesday, August 24, 2011

VMware Tools Powershell Script

At work we are using WDS and MDT to deploy server operating systems, and most of those deployments are virtual.

I've been working on scripts to help automate the configuration of a newly deployed OS, and installing and configuring VMware Tools is one of them.

Below is a Powershell script I wrote that  does the following:
  • Checks the WMI Manufacturer to make sure it is VMware.
  • Checks WMI and installs VMware Tools if it is not already.
  • Enables time sync with the host and disables Windows Time service.
  • Prompt for reboot if VMware Tools was installed.

Wednesday, August 17, 2011

Filesystem Permissions While UAC is Enabled

My coworker Dave gave me a nice tip when dealing with UAC. He pointed out that it is a nice security feature, and we should try to leave it enabled if possible.

I had disabled UAC on a 2008 R2 server because an application running under a network account was unable to write to a directory during a scheduled job (internal to the program, not through Task Scheduler).
 Even though the user was listed in the local adminitrator group, the process doesn't have elevated privilages, as you would expect with UAC enabled.

What I didn't know, is that if you explicitly define NTFS permissions for that user, then they will be able to write to that directory, even while UAC is enabled. After assigning the permissions I was able to turn UAC back on.

It would be interesting to see if the same thing applies to the registry. I'll have to test it out with some Powershell scripts that write to the registry.

Tuesday, July 19, 2011

Drive Configuration Powershell Script

I've been working on a lot of server deployments lately, and came up with this nice script to setup new drives.

Thursday, July 14, 2011

Determine a Property for MSI Installation

To figure out a property I want to pass into an msi, usually I install it manually with /lvx on the end. Ex: 
msiexec.exe /i LMAgentx64.msi /lvx LMAgent.log

Then I look through the log file and search for the value I entered. For example, I entered fqdn of the patchlink server in the setup, so I search for that in the log and find this line:
MSI (c) (B8:84) [16:22:48:091]: PROPERTY CHANGE: Adding SERVERIPADDRESS property. Its value is ''.

Now I know that the property I want is SERVERIPADDRESS, so I just tack it on the end of the MSI install string in the MDT application:
msiexec.exe /qb /i LMAgentx64.msi

You can pass in multiple parameters by seperating them with a comma, but if there gets to be more than a few I will usually create an MST with InstEd.

Monday, June 13, 2011

Adding 32 bit drivers to a 64 bit print server

Found this link on the web for how to add the 32 bit drivers to a 64 bit print server: 

The directions are for SBS 2008, but I tested them on Server 2008 R2 and they work fine.

Basically you have to do it from a client machine and "push" the drivers up to the server.

Update: One gotcha is that the driver name for the x86 and the x64 drivers must match exactly. Sometimes the vendor (HP, Dell, etc...) might not name them the same, and you will have to edit the .inf file so they match. A side effect of this is that the driver will no longer be signed.

Thursday, May 5, 2011

MDT 2010 - Troubleshooting Driver Injection

My co-worker and I recently had an issue adding NIC drivers for a new Intel motherboard (DH67BL) to the LiteTouchPE_x86.wim in the Microsoft Deployment Toolkit (MDT). The drivers were captured with Double Driver and then imported into the MDT Deployment Workbench.

After the Deployment Share was updated, the wim was added to Windows Deployment Services (WDS), and then the PC was booted from the network. Unfortunately it said it was still unable to find a driver for the NIC.