OS

Add Windows 10 (1607/14393) boot files to WDS on Windows Server 2012 R2

I’m testing to add the boot.wim files from Windows 10 1607 (10.0.14393) installation discs to Windows Deployment Services on Windows Server 2012 R2.

Test 1: Add x86 and x64 boot files to WDS
Passed.

Test 2: Add drivers to boot files.
Failed with WDS client on Windows Server 2012 R2.
Succeeded with WDS client on Windows Server 2016 TP5 connected to the target WDS.

Test 3: Create discover images.
Passed but failed in Test 6.

Test 4: Create x64 capture image.
Passed.

Test 5: Boot from boot files.
Passed.

Test 6: Boot from discover images embedded in ISO files.
Failed with error: WdsClient: There was a problem initializing WDS Mode.
Try to use other images created from WDS clients of Windows Server 2016 TP5: failed in the same way.

Test 7: Boot from x64 capture image.
Passed.

Test 8: Capture an instance of Windows 10.0.14393.
Instance for test: Windows 10.0.14393.10 x86 with up-to-date Office 2016.
Passed.

Test 9: Deploy an instance of Windows 10.0.14393 through WDS.
Passed.

Office 2013/2016 Activation Issue with Windows 7 deployed by captured images

To make deployment more convenient, we use Windows Deployment Services in our company. All images related is not the originals. Usually, we install Office products into a clean Windows instance before capturing. That’s is really a good way to save lots of time in every deployment.

The problem found is: if Office 2013/2016 is installed with Windows 7, even after sysprep run, the captured image is still not working well. If this image is deployed on another hardware, not the same one which is used to create this image, Office cannot be activated by KMS located in our company and error is 0x4004F00D.

To avoid that: At the very end before capturing, sysprep audit mode for example, run OSPPREARM.exe from Office folder to remove all data related to activation. This file can be found in “Program Files\Microsoft Office\OfficeXX”. Of course, if Office 32bit is loved in 64bit OS, “Program Files (x86)” should be a good replacement.
After OSPPREARM run, you may want to run “cscript ospp.vbs /dcmid” from the same folder to check the result. “Not Found” displayed is predicted.

BTW, if Windows 10 is used instead, this step is not necessary at all.

Removing preinstalled apps in Windows 10

In Windows 10 releases, lots of apps are pre-installed. Different than in Windows 8/8.1, most of these apps cannot be uninstalled by GUI.
If you want to remove them, you still can do that by using powershell.

Steps:
1 Start powershell with administrator privilege.

2 Enter these 2 commands to prepare the workspace.

Import-Module Appx
Import-Module Dism

3 Enter this command to show all installed package.

Get-AppxPackage -AllUser | Where PublisherId -eq 8wekyb3d8bbwe | Format-List -Property PackageFullName,PackageUserInformation

You will see some apps listed. The packages with status Installed are ready for your further removal.

4 Use this command to remove one app.

Remove-AppxPackage -Package packagefullname

The packagefullname is the text listed by step 3. Usually, it starts with Microsoft and end with 8wekyb3d8bbwe.
You need to repeat the step 4 for each app you want to remove.

Not all apps, Microsoft Edge for example, can be removed but most can.

Strange problem: VMware Inventory Service cannot start due to Microsoft Update (July 2016)

In one datacenter of my company, there was a strange problem last month of VMware vSphere.

Here is our structure:
SqlServer instance for vSphere is installed dedicated on cluster server. SqlServer version is 2012 Enterprise and Windows is 2012R2 Standard
vCenter is installed on another server.

After we applied July patches from Microsoft and restart the vCenter server, nearly all services from VMware cannot start. In event viewer, one event said:

The VMware Inventory Service service terminated with the following service-specific error:
Incorrect function.

As the request from VMware support, I uninstalled all updates related and reboot but it won’t help. I thought there may be some error related to the database connection. I ran the connection test from ODBC setup window, test finished succeeded. So I collected and submitted the log file generated from vCenter server command line. You know it’s really huge.

2 weeks later, I got an email from the high level engineers of VMware. By digging the log, they found that the vCenter cannot connect to SqlServer and the tcp service port is specified. At that moment, thanks to documentation I wrote :), I found that tcp service port is different than it should be. When I checked the SqlServer, I found the reason really weird: the TCP port of this instances is modified, automatically and silently. Due to I really used vSphere client just before upgrading Windows, I’m quite sure this issue is related to at least one of the patch which applied on the database cluster, launched by Microsoft in July 2016. And after a search, there is another instance of SqlServer which has the port changed. Due to the port changed and our firewall policy is set based tcp port, the client, vCenter in this issue, cannot connect to this SqlServer instance. After the port setting changed back and instance restarted, vCenter is back to normal.

Don’t ask me why ODBC test passed without any problem. If you know the answer, I’m listening as well.

Build a USB Stick for Windows Installation

After the ISO file of Windows installation disc downloaded, it’s possible to build a USB stick instead of burning a DVD disc.

To do that, you need a USB stick not less than 8GB as well as a working Windows. During the process, all data on this USB stick will be removed.

 

Phase 1: Preparing the USB stick

  1. From Windows client, run DiskPart as administrator. A console will be shown with the prompt “DISKPART> ” (without quotes, the same below).
  2. Enter “list disk” and press Enter. All disks will be shown with a number.
  3. Enter “select disk x” and press Enter. Replacing x with the number of disk shown in the step 2. If you run the step 2 again, you can see a star before the disk you selected.
  4. Enter “clean” and press Enter to clean the drive.
  5. Enter “create partition primary” and press Enter to create a partition filled this drive.
  6. Enter “format fs=fat32 quick” and press Enter to format this partition quickly with FAT32.
  7. Enter “active” and press Enter to mark this partition as active.
  8. Enter “assign” and press Enter to assign a letter to this drive.
  9. Enter “exit” and press Enter to quit DiskPart.

 

Phase 2: Copy files into this drive.

You just need to copy all files within the ISO file into this drive, making the root of this drive the same as the ISO file system. Do not put these files into any sub folder.

 

Phase 3: Optional, only if the Install.wim larger than 4GB.

If Install.wim is larger than 4GB, you cannot put it into this drive because no file larger than 4GB can be put into a FAT32 based partition beyond the limitation. You have to split it into smaller files. All other files should be copied as described in Phase 2.

To do that, you need to run this command:

DISM /Split-Image /ImageFile:d:\sources\install.wim /SWMFile:e:\sources\install.swm /FileSize:4096

It will split the install.wim from drive D into the USB stick drive E. Change these paths in your case.

 

Now you can use this USB stick to boot your computer and start the installation process like from the disc.

The sad thing is if you had to prepared this stick through Phase 3, the installation will be slower due to merging process, but nothing will be different in your installed system.

Increase WSUS downloading speed

The downloading of updates in Windows Server Update Services (WSUS) is based on Background Intelligent Transfer Service (BITS). BITS is designed to download big files using idle bandwidth only. If you need to speed up the downloading process, you may change it to use a foreground mode.

 

To do that, you need a SQL Management Studio to connect the database used by WSUS. The database name is SUSDB. You can run this command in that database specified:

update susdb.dbo.tbConfigurationC set BitsDownloadPriorityForeground=1

For reversion, run it again with replacing the 1 to 0.

 

Mixed Windows Authentication in IIS 8.5 (ASP.Net)

Update:

Actually, this not works. It looks OK because of the cache of client. There is no way to do this as I know.


Original:

 

I got a case recently to build a site in IIS 8.5:

  • When the visitor is logged on to the desktop with domain account, use this account for this website.
  • When the visitor is not using domain account, do not pop up a login window asking for domain account, redirecting to a version for anonymous instead.

I thought it’s simple in IIS setting but I was wrong. The anonymous cannot work parallelly with Windows authentication.

After some digging in Google, I started my test:

  1. Deploy the site by using anonymous authentication.
  2. Select the login page for detecting domain user and change that page to Windows authentication instead of anonymous model.
  3. Add a custom page for this page on error 401. Model is set to “Execute a URL on this site”.

It works good but…

When the login page opened, it should contain a Url as parameter for returning back to the original page. So I have to deal it in the customized 401 page. I turned that page to an ashx with the command context.Response.Redirect. The URL for returning can be cut from context.Request.RawUrl.

After that, it went wrong. Form the same server which has the IIS installed, it still works well. But when I try this page on another computer, it will always redirect to the anonymous version page no matter it’s from the desktop logged with domain account or not. I’m sure that the site is added as Intranet zone and automatically logon is set in this zone.

Checked by network monitor, the browser will not get the 401 response in this scenario. As the ashx file request, only the 302 code is returned. That’s the reason why the browser won’t be notified to logon with the current user.

The solution is: if you want to use ashx with redirect function as a customized 401 page still, do not use context.Response.Redirect. Instead, try to do that with an HTML function with the 401 code in HTTP response.

context.Response.Status = "401 Unauthorized";
context.Response.StatusCode = 401;
context.Response.ContentType = "text/html";
context.Response.Write(@"<html>
<head>
<title>Redirecting</title>
<meta http-equiv=""refresh"" content=""0; url=" + redirectUrl + @""" />
");

It works like a charm.

I guess (yes, guess) when the browser get a 401 response first time, it will retry to the previous submitting/navigation with the domain account for login. If it’s failed again, it will pop up a login window after the html page is displayed. So as I required in HTML code, after it navigate to another page, the browser has no chance to display the login window. That’s the deal.

All I’m sure is it really works well. Hope it useful to you.