UEFI, Generation 2 VM, Windows 7 SP1 and Hyper-V Server 2012 R2 (or Windows 8.1)

Posted on by
6

With the new features of Hyper-V in Server 2012 R2 one of those is the Generation 2 VM. There is a lot to be said on this topic but here is a caveat when using Gen2 VM’s for systems older then Windows 8 or Server 2012.

Let’s start with a spoiler:

It doesn’t work for Windows 7 SP1!

If you create a VM the first question will be: a Generation 1 or Generation 2 VM

As you can see it cannot be changed…well it can 😉 (see http://blogs.technet.com/b/jhoward/archive/2013/11/06/hyper-v-generation-2-virtual-machines-part-8.aspx and http://blogs.technet.com/b/jhoward/archive/2013/11/14/hyper-v-generation-2-virtual-machines-part-10.aspx)

So you create a Gen2 VM and want to install Windows 7. Well oké, the installation is going fine. UEFI gets recognized. Everything is good. Then comes the restart

Hmm not so good. But this is to be expected. Windows 7 does not support Secure Boot! This will be turned off:

Now we try again and see this:

And here is stays, forever.

In the Hyper-V management console we see a lot of CPU Usage so it is doing something 😉

So WHY is this? Windows 7 DOES support UEFI boot. After a search I found this:

Q: Why doesn’t Microsoft support 64-bit Windows 7 or Windows Server 2008 R2 as a guest operating system in generation 2 virtual machines?


A: Certainly it is true that Windows 7 support UEFI, the first requirement for generation 2 virtual machines. However, Windows 7 has a hardware dependency on a Programmable Interrupt Controller (PIC) which is not present in generation 2 virtual machines. Even if Secure Boot is disabled, an attempt to install Windows 7 will result in an apparent hang at “Starting Windows” shortly after boot, consuming high CPU utilization. A similar effect to this will be seen if attempting a network install from a WDS server which has a Windows 7 era boot PE image – network boot will appear to hang as well. For that reason (along with the keyboard issue in Windows 8 PE) I strongly recommend any WDS server are upgraded to the Windows 8.1 PE boot image.

That is pretty clear, NO Windows 7 Generation 2 VM in Hyper-V!

P.S. DO try this with Windows 8.1 – it is incredibly FAST J

Windows Server 2012 R2 / Windows 8.1 KMS Service Activation

Posted on by
Reply

This is an update from another post I did https://wibier.me/windows-server-2012-kms-service-activation/

In that post I describe how to add support for Server 2012 and Windows 8. Now we are at the point where we want to add support for Server 2012 R2 and Windows 8.1! And that is possible.

So when you activate a Server 2012 R2 KMS key you will still get the same error:

Or when you add the KMS key itself:

Error: 0xC004F050 The Software Licensing Service reported that the product key is invalid

To resolve:

Download and install the following update: KB2885698 (Update adds support for Windows 8.1 and Windows Server 2012 R2 clients to Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 KMS hosts).

Installation instructions

If you have a KMS host that is running Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, or Windows Server 2012, follow these steps to perform an upgrade:

  • Install the update (update 2885698).
  • Restart the computer when you are prompted to do so.
  • To install a new KMS host key for Windows 8.1 activation or for Windows Server 2012 R2 activation, run the following command:
cscript %windir%\system32\slmgr.vbs /ipk <KMS host key>

Note In this command, “<KMS host key>” is a placeholder for the new KMS host key for Windows 8.1 activation or for Windows Server 2012 R2 activation.

Important Every KMS host key is associated with a group of Windows editions. Additionally, a KMS host key that is associated with Windows client operating systems cannot be installed on Windows server operating systems, and vice-versa. This is true for all Windows operating systems except for Windows Server 2003. If you install a KMS host key on a Windows operating system that is not associated with that host key, you receive the following error message:

0xc004f015: The Software Licensing Service reported that the license is not installed.
SL_E_PRODUCT_SKU_NOT_INSTALLED


For example, you may receive this error message in the following situations:

  • You try to install a Windows 7 KMS host key (CSVLK) on a Windows Server 2008 R2 KMS host.
  • You try to install a Windows 8 KMS host key (CSVLK) on a Windows Server 2008 R2 KMS host or a Windows Server 2012 KMS host.
  • You try to install a Windows 8.1 KMS host key (CSVLK) on a Windows Server 2008 R2 KMS host or a Windows Server 2012 KMS host or a Windows Server 2012R2 KMS host.
  • To activate the new KMS host key on the host computer, run the following command:
cscript %windir%\system32\slmgr.vbs /ato
  • On an existing Windows Vista or Windows Server 2008 KMS host, restart the service by running the following command:
net stop slsvc && net start slsvc

Configuration Manager 2012 – Software Updates That Require Multiple Reboots may Cause Task Sequence Failure

Posted on by
2

Oke so sometimes your OSD Task Sequence in ConfigMgr 2012 (or even 2007..) fails on you? Tried all the usual troubleshoot steps..

Well maybe not all, check your Windows Updates!

Yes, Microsoft has confirmed that there are updates out there that will break your Task Sequence.

This is the KB about that:

KB2894518 – Software Updates That Require Multiple Reboots may Cause Task Sequence Failure within Configuration Manager (http://support.microsoft.com/kb/2894518)

If a Configuration Manager (ConfigMgr 2007 or ConfigMgr 2012) Task Sequence that leverages the Install Software Updates step installs a software update that triggers multiple reboots, the task sequence may fail to complete successfully. This occurs because the first reboot initiated by the software update is properly controlled by the Task Sequence, however the second reboot request is initiated by a Windows component (typically Component-Based Servicing) and therefore not controlled by the Task Sequence.

In short the following updates are affecting your OSD Task Sequence:

  • 2862330 MS13-081: Description of the security update for 2862330: October 8, 2013
  • 2771431 A servicing stack update is available for Windows 8 and Windows Server 2012
  • 2871777 A servicing stack update is available for Windows RT, Windows 8, and Windows Server 2012: September 2013
  • 2821895 A servicing stack update is available for Windows RT and Windows 8: June 2013
  • 2545698 Text in some core fonts appears blurred in Internet Explorer 9 on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
  • 2529073 Binary files in some USB drivers are not updated after you install Windows 7 SP1 or Windows Server 2008 R2 SP1
  • 2871690 Microsoft security advisory: Update to revoke noncompliant UEFI boot loader modules

Especially the 2862330 has the statement in the description 😉

After you install security update 2862330 on a computer that is running Windows 7 or Windows Server 2008 R2, your computer may restart two times. The additional restart is required to make sure that the security update is completely installed. Installation of this update may leave the system in a partly updated and therefore vulnerable state. To address this issue, the update performs an additional step to update the computer. This additional step may require an additional restart of the computer.

Note Task sequence could fail in System Center Configuration Manager if the task sequence uses an “Install Software Updates” step to install a software updates that require multiple restarts.

WSUS Error 2149842967

Posted on by
Reply

When installing patches and hotfixes silently (wusa.exe <some_patch_or_hotfix.msu /quiet /norestart) it is advisable to check the Setup eventlog.

It is possible that you find some error there:

Windows update could not be installed because of error 2149842967

Actually what Windows is saying:

The update is not applicable to your computer.

Well oke that could also be in normal English 😉

Microsoft Application Virtualization 4.6 SP3 is now supported on System Center Configuration Manager

Posted on by
Reply

System Center Configuration Manager 2007 SP2 and System Center 2012 Configuration Manager SP1 now support Microsoft Application Virtualization (App-V) 4.6 SP3 Desktop Client and Application Virtualization Client for Remote Desktop Services. This client release enables support for Windows 8.1 and Windows Server 2012 R2.

No software updates are required.

As per Microsoft source: http://blogs.technet.com/b/configmgrteam/archive/2014/01/24/microsoft-appv-4.6-sp3-is-now-supported-on-system-center-config-mgr.aspx

Can’t connect to C$, ADMIN$ or any administrative share on workstations

Posted on by
20

If you are attempting to access a Windows 7, Windows 8, Vista or Server 2008 (R2), Server 2012 (R2) computer you may get  the” Access Denied – Failed to connect to ADMIN$ share” error , even when supplying the appropriate local user credentials that have Administrator access. If the target computer is not a member of a Windows 2003 or later Domain then this is most likely because the target system has Remote UAC enabled. Remote UAC prevents local administrative accounts from accessing ADMIN$. (more appropriately Remote UAC prevents local accounts from running in an elevated mode when connecting from the network) If you need to be able to access the ADMIN$ using a local account then you will need to disable Remote UAC. You can accomplish this by editing the registry.

Assuming you have all your other ducks in a row (Firewall exceptions, appropriate credentials of local administrative user, etc) then you just need to add a quick entry in the registry of the target computer. In the registry, navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

Create a DWORD value called LocalAccountTokenFilterPolicy and assign it a value of 1.

You then can restart the Server service (but a reboot would be ideal ;-)).

cant't connect to admin$ or administrative share

LocalAccountTokenFilterPolicy

* By default, when local credentials are used to access a Windows Vista (or later) system that is a member of a Windows Domain this problem does not exist. Your Windows domain may still disable Remote UAC.

** By default Remote administrative access is denied to local accounts when a Windows Vista (or later OS) is NOT a member of a Windows 2003 or later domain.

Microsoft info:

http://support.microsoft.com/kb/942817

http://support.microsoft.com/kb/951016

The task sequence has failed with the error 0x80070570 – ConfigMgr 2012

Posted on by
2

I was in the process of deploying an OS with ConfigMgr 2012 R2 when I saw this error:

The task sequence has failed with the error 0x80070570

Hmm, well oké what is this then?

Task sequence starts, disk gets partitioned, image is downloaded and then this.

So after a little search I found

0570 = 1392 = “The file or directory is corrupted and unreadable.”

This could be issues or corrupt data on Distribution Points. This was not the error in my case. It also could be that the downloaded image was getting corrupt during the download. Also not the issue!

Then I tried to wipe the disk in WinPE with DiskPart:

 

Then I started the deployment again et voila! Everything started working again J

So with a 0x80070570 Error always check your disk partitioning.

Configuration Manager 2012 R2 Hotfixes

Posted on by
Reply

SCCM 2012 R2 has some hotfixes you might need:

2905002

An update is available for the “Operating System Deployment” feature of System Center 2012 R2 Configuration Manager

This update resolves the following issues in Microsoft System Center 2012 R2 Configuration Manager.

Issue 1

After you enable the PXE Service Point role (http://msdn.microsoft.com/en-us/library/jj217832.aspx) on an instance of a specific distribution point, or you select the Deploy this boot image from the PXE-enabled distribution point property of a boot image, the Windows Deployment Service (WDS) stops running. Additionally, entries that resemble the following are logged in the Windows Application log:

Faulting application name: svchost.exe_WDSServer, version: 6.3.9600.16384, time stamp: 0x5215dfe3

Faulting module name: MSVCR100.dll, version: 10.0.40219.1, time stamp: 0x4d5f034a

Exception code: 0xc0000005

Fault offset: 0x000000000005f61a

Faulting process id: 0xae4

Faulting application start time: 0x01cec5d767184634

Faulting application path: C:\Windows\system32\svchost.exe

Faulting module path: C:\Program Files\Microsoft Configuration Manager\bin\x64\MSVCR100.dll

Note This problem affects only distribution points that are installed on site servers.

Issue 2

When operating system image files are downloaded to Configuration Manager 2012 R2 clients, you may find that the download takes longer than it did in previous versions of Configuration Manager 2012 clients. You may see this behavior when the target client is running Windows PE or a full Windows operating system.

2907591

Per-computer variables for imported computers are not read in System Center 2012 R2 Configuration Manager

Per-computer task sequence variables that are defined for imported computers are filtered out of client policies. This prevents the variables from being read during task sequence execution. This problem does not affect per-computer variables that are defined for existing clients.

2907566

November 2013 anti-malware platform update for Endpoint Protection clients

This anti-malware platform update contains the following improvements:

  • Adds anti-tampering functionality to reduce the risk that malware will disable or bypass anti-malware scanning.  For example, access to files and folders that are used by the anti-malware platform can be changed only by trusted system processes or by the anti-malware platform itself.
  • Improves overall performance of the anti-malware platform. Anti-malware performance is improved compared to that of previous platform versions. Improvements were made to scan functionality. These changes involve no configurable effects.
  • Ongoing improvements to Microsoft Active Protection Service (http://technet.microsoft.com/en-us/library/ff823779.aspx) (MAPS) and Dynamic Signature Service (http://technet.microsoft.com/en-us/library/ff823908.aspx) (DSS). These make real-time cloud-based protection easier. Scale and performance improvements were made to the MAPS and DSS systems. Make sure that you opt-in to at least Basic or Advanced MAPS to make sure that you are benefitting from cloud-based protection.

Configmgr 2012 R2 Toolkit

Posted on by
Reply

We all know that sometimes the good old SCCM toolkit can help up troubleshoot problems. Well Microsoft has released the updated version for SCCM 2012 R2.

It can be found here: ConfigMgr 2012R2 Toolkit

For the site this information is found:

The Microsoft System Center 2012 R2 Configuration Manager Toolkit contains fifteen downloadable tools to help you manage and troubleshoot Microsoft System Center 2012 R2 Configuration Manager. The following list provides specific information about each tool in the toolkit.

Note: Items with an * are new in the R2 Toolkit and require Microsoft System Center 2012 R2 Configuration Manager for full functionality.

Server Based Tools

  • * DP Job Manager – A tool that helps troubleshoot and manage ongoing content distribution jobs to Configuration Manager distribution points.
  • * Collection Evaluation Viewer – A tool that assists in troubleshooting collection evaluation related issues by viewing collection evaluation details.
  • * Content Library Explorer – A tool that assists in troubleshooting issues with and viewing the contents of the content library.
  • Security Configuration Wizard Template for Microsoft System Center 2012 R2 Configuration Manager – The Security Configuration Wizard (SCW) is an attack-surface reduction tool for the Microsoft Windows Server 2008 R2 operating system. Security Configuration Wizard determines the minimum functionality required for a server’s role or roles, and disables functionality that is not required.
  • Content Library Transfer – A tool that transfers content from one disk drive to another.
  • Content Ownership Tool – A tool that changes ownership of orphaned packages (packages without an owner site server).
  • Role-based Administration Modeling and Auditing Tool – This tool helps administrators to model and audit RBA configurations.
  • Run Metering Summarization Tool – The purpose of this tool is to run the metering summarization task to analyze raw metering data

Client Based Tools

  • Client Spy – A tool that helps you troubleshoot issues related to software distribution, inventory, and software metering on System Center 2012 Configuration Manager clients.
  • Configuration Manager Trace Log Viewer – A tool used to view log files created by Configuration Manager components and agents.
  • Deployment Monitoring Tool – The Deployment Monitoring Tool is a graphical user interface designed help troubleshoot Applications, Updates, and Baseline deployments on System Center 2012 Configuration Manager clients.
  • Policy Spy – A policy viewer that helps you review and troubleshoot the policy system on System Center 2012 Configuration Manager clients.
  • Power Viewer Tool – A tool to view the status of power management feature on System Center 2012 Configuration Manager clients.
  • Send Schedule Tool – A tool used to trigger a schedule on a client or trigger the evaluation of a specified DCM Baseline. You can trigger a schedule either locally or remotely.
  • Wakeup Spy – A tool that provides a view of the power state of Configuration Manager client computers and which operate as managers or manages.

App-V 4.6 SP3 and App-V 5.0 SP2 Released

Posted on by
2

As of 2nd December 2013 Microsoft has released SP3 for App-V 4.6 and SP2 for App-V 5.0

All the info can be found here: http://blogs.windows.com/windows/b/springboard/archive/2013/12/02/announcing-mdop-2013-r2.aspx

In these releases the major difference are:

  • support for Windows 8.1
  • Office 2013 virtualization support

Also lots of enhancements were made in the App-V 5.0 SP2 release:

  • Support for Windows 8 and 8.1
  • Office 2013 virtualization support
  • Shell extension support, enriching the user experience
  • Sequencing enhancements, simplifying the virtual application creation process.

For all of you who have worked with App-V 5.0 (SP1) the major pain was with application publishing.

Application publishing:

Before SP2, shortcuts in the programs menu and desktop were refreshed after each application that was added by the publishing refresh. This means that if a user would have access to 30 applications and logging on to a freshly provisioned environment (E.g. stateless VDI) shortcuts would be refreshed 30 times, which can in turn cause a lot of flickering and when such a refresh would occur while you are ‘browsing’ your programs menu it would collapse. With SP2 a refresh of newly added shortcuts occurs after each fifth application that was successfully published.

Office 2013 support:

Supported
Office Version		 Supported
App-V Version		 Package Creation Supported Licensing Supported Deployments
Office 2007 4.6, 5.0 Sequencing Volume Licensing Desktop
Personal VDI
Pooled VDI
RDS
Office 2010 4.6, 5.0 Sequencing
Package Accelerator
Office Deployment Kit		 Volume Licensing Desktop
Personal VDI
RDS
Office 2013 ProPlus App-V Package 5.0 SP2 Office Deployment Tool Subscription Desktop
Personal VDI
Office 2013 Professional Plus App-V Package 5.0 SP2 Office Deployment Tool Volume Licensing  

 

Shell extension support:

By building on App-V 5.0 investments which delivered you the ability to virtualize highly integrated applications, App-V 5.0 SP2 is providing support for a frequently requested extension point into the operating system, shell extensions. For example if you virtualize a compression program or a backup program that integrated with the Windows shell, you will now see the contextual options that these apps have like send to zip or backup to archive. Essentially this enables the virtual application to behave more like if it was installed locally on your device.

Sequencing enhancements:

Powerful and flexible management is a key component of Microsoft’s application virtualization solution, allowing IT to deploy, track and service virtual applications. Continuing the approach, we have made improvements to the sequencer enabling it to automatically detect with the option to include, run time dependencies like MSXML and Visual C++ libraries in the App-V package during the sequencing process.