anyweb

hi Kevin, don't be sorry, i'm happy to see you using it, can you please attach your smsts*.logs for me, you can scrub data from them first if you want

Introduction I had the task to figure out how to install Windows 10 with a blocksize of 16k in order to align with the deduplication of data on a HPE 3PAR Thin Technologies when used with VMWare ESXi 6.5 Update 2. Note: You can use the info here to also modify Windows Server installs to avail of 64k blocksizes by adjusting the script. You can see some information about performance of VMWare virtual machines with different settings here. A quick look at the formatting steps in a default (or even an MDT based) task sequence did not offer any option for configuring block size. By default, Windows will be installed with a 4k block size, and you can determine the blocksize with the following PowerShell. Get-CimInstance -classname Win32_Volume | Select-Object Label, Blocksize | Format-Table -AutoSize You can clearly see the 4k blocksize (4096 bytes) listed below on a default Windows 10 installation. Step 1. Import the drivers into SCCM Note: This blogpost assumes you want to deploy Windows with custom blocksizes on ESXi 6.5 Update 2, if you are using different hardware, use the suppliers drivers as appropriate. After downloading, extracting the necessary drivers from here, create a driver package in SCCM and distribute it to your distribution points. Step 2. Add drivers to the boot image Next I needed to import storage and network drivers into my SCCM boot image namely VMXNET3 Ethernet Adapter PVSCSI Controller The other two Mouse vmware drivers are optional (but recommended). Note: I won’t go into detail about importing drivers into a boot image as that is not the focus of this blog post. You can obtain these drivers from the VMWare Tools iso on the ESXi or via here. Step 3. Edit a task sequence Edit an already created task sequence, locate the Initialization Group and add the following Group (before the Partition if necessary Group) called: Prepare variables for VMWare ParaVirtual On the Options tab of the new group, set it to run with the following Query. SELECT * FROM Win32_ComputerSystem WHERE model like "VMWare%" Create a new Set Task Sequence variable step where the variables name is OSDISK and the value is 😄 Create another Set Task Sequence Variable step where the variables name is BlockSize and the value is 16K In the Partition if necessary Group, create a new sub-group called Format custom BlockSize VMWare ParaVirtual On the Options tab of the new group, set it to run with the following Query. SELECT * FROM Win32_ComputerSystem WHERE model like "VMWare%" Next create a Run Command Line step called Create custom diskpart script and paste the following code into it, set the timeout to 1 minute. cmd.exe /c echo select disk 0 > x:\diskpart.txt & cmd.exe /c echo clean >> x:\diskpart.txt & cmd.exe /c echo convert gpt >> x:\diskpart.txt & cmd.exe /c echo create partition primary size=2048 >> x:\diskpart.txt & cmd.exe /c echo format quick fs=ntfs label="Windows RE Tools" >> x:\diskpart.txt & cmd.exe /c echo assign letter="T" >> x:\diskpart.txt & cmd.exe /c echo set id="de94bba4-06d1-4d40-a16a-bfd50179d6ac" >> x:\diskpart.txt & cmd.exe /c echo gpt attributes=0x8000000000000001 >> x:\diskpart.txt & cmd.exe /c echo create partition efi size=1024 >> x:\diskpart.txt & cmd.exe /c echo format quick fs=fat32 label="System" >> x:\diskpart.txt & cmd.exe /c echo assign letter="S" >> x:\diskpart.txt & cmd.exe /c echo create partition msr size=128 >> x:\diskpart.txt & cmd.exe /c echo create partition primary >> x:\diskpart.txt & cmd.exe /c echo format quick fs=ntfs label="OSDisk" unit=%BlockSize% >> x:\diskpart.txt & cmd.exe /c echo assign letter=%OSDISK% >> x:\diskpart.txt & cmd.exe /c echo list volume >> x:\diskpart.txt & cmd.exe /c echo exit >> x:\diskpart.txt This basically creates a txt file on x:\ called diskpart.txt which contains the info needed to format our chosen partition (in this case OSDISK) with a 16K BlockSize. You can modify the script as you wish to use say, a 64K size for Windows Server OS and change the desired partition structure. Next, create another Run Command Line step to do the following command cmd.exe /c diskpart /s x:\diskpart.txt Finally, add an if none of the conditions is true option on all the following Format groups (such as Script exists and non-NTFS partitions and Script does not exist or no partitions….) which is like so… and… Save the changes and close the task sequence editor. Step 4. PXE boot a VMWare Virtual machine running on your ESXi 6.5 host After PXE booting a VMWare virtual machine, select the task sequence above and verify that it creates the x:\diskpart.txt file as shown below. If you look at the highlighted line in the diskpart script, you can see unit=16K, which is the custom BlockSize variable defined earlier. Once the machine has finished deploying, you can verify the blocksize using the PowerShell commands at the start of this blogpost. Job done ! Note: If you find that your virtual machines are BSOD’ing during deployment with a Driver PNP Watchdog blue screen error, then power them off, and remove any snapshots. This appears to be a known bug with VMWare ParaVirtual and Windows 10.

WannaCry was a disaster that could have been prevented if people took notice. If you didn’t hear about it you must have been asleep, here is a refresher. After WannaCry, most businesses took notice and updated their operating systems, patched them and took measures to avoid a further outbreak. But today, May 14th, 2019, Microsoft has released information that warns of yet another WannaCry-like worm. Note: If you are using Windows 10, you are OK, you are not vulnerable to this CVE. If not, and if you are still on Windows 7 then start upgrading to Windows 10 by using the Inplace Upgrade Task Sequence I explain about here or if you cannot upgrade immediately, then patch Windows 7 to protect it from this vulnerability. Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected. Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705. If however you are running Windows XP, yes…. that old unsupported operating system then take warning ! Today, Microsoft has warned against the wormable capabilities from this CVE (critical Remote Code Execution vulnerability) and they blogged about what to do to avoid it happening to you. Read that blog post here: https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ It’s very clear from their text that this is all about protecting customers from the next worm, so pay attention and if you have old operating systems that are in support and affected, then update immediately. Note: This is so serious that even Windows XP and Windows Server 2003 are getting updates from Microsoft for this vulnerability. You can download those updates from Microsoft Catalog here. https://support.microsoft.com/en-ca/help/4500705/customer-guidance-for-cve-2019-0708

Altaro launches new solution incorporating secure storage and centralized backup management: Altaro Office 365 Backup Altaro Office 365 Backup enables customers to back up and restore all their company's Office 365 mailboxes on an annual subscription. It automatically backs up Office 365 mailboxes to a secure cloud backup location on Altaro's Microsoft Azure infrastructure and enables users to centrally manage and monitor their backups through a cloud-based management console. Altaro successfully entered the Office 365 backup market a few months ago with its solution that enables managed service providers (MSPs) to provide their customers with Office 365 backup, recovery and mailbox backup storage services. The channel-focused company is now also extending this offering for use by businesses and organizations who do not wish to subscribe to an MSP model, and to the IT consultants and resellers that service them. A central component of data protection strategies As part of their data protection strategy, it is crucial that businesses back up their Office 365 mailboxes: Microsoft does not back up Office 365 subscriber data, so companies risk losing critical data due to malicious or accidental incidents, such as mailbox deletion and malware attacks. Altaro's latest solution meets this need by providing customers with reliable and constant backup and recovery services for Office 365 mailboxes – emails, attachments, contacts and calendars – coupled with automatic storage to Altaro's Azure infrastructure. Convenient, fuss-free Office 365 backup and recovery For one all-inclusive annual or multi-year fee, Altaro Office 365 Backup customers receive backup and recovery services, backup storage services, access to the cloud console for centralized backups management, and outstanding 24/7 support from a team of experts. This means customers can avoid the headache and expense of setting up local storage infrastructure or software to save backups to. Additionally, thanks to the product automatically backing up the mailboxes several times per day, customers can literally set it and forget it. Combating Office 365 data loss risks "Many Office 365 subscribers wrongly assume that their data is backed up as part of the Microsoft package – but this is not the case, as Office 365 was not intended to be a data protection tool. This means several organizations out there are currently vulnerable to data loss risks," said David Vella, Altaro CEO. "This is where Altaro Office 365 Backup comes in, providing robust backup, recovery, and backup storage and management services that customers can rely on," he explained. "We've built on our backup expertise and proven track record in the industry to help set Office 365 subscribers' minds at rest." Free trial Resellers, consultants and organizations wishing to try the solution can do so for free and with no commitment for 30 days, by registering here.

how can we suggest if it's a right design without knowing more about what you intend to do with this SCCM setup, how many clients will it manage, what type of clients, what locations, what operating systems...

hi Dave_23, thanks ! it works fine, you must be a logged on user of windows-noob.com to download the scripts, please try again.

what version of SCCM, what version of MDT ? if you look at the boot image properties, is the option still checked ? have you tried redistributing the boot image to the dp's after the change also, are you 100% sure that this boot image is the one you were working on, you should see the package id when booting...

have you looked at your client agent settings ? i would imagine that any setting configured in there is what makes the registry keys get set, perhaps you have some settings being applied which are not correct for these clients

it should only apply drivers from the package that windows deems necessary based on hardware found, you can verify this in the dism logs generated during windows setup

great to hear it !

check this out https://social.technet.microsoft.com/wiki/contents/articles/3081.ad-cs-error-the-directory-name-is-invalid-0x8007010b-win32http-267.aspx

also, can you guys post screenshots of your issue(s) so we can try and figure out what the issue really is

odd, i've just checked my current PKI lab and although my certs were expired (it's a lab and was shut down since march), using certutil -crl on the IssuingCA republished my certs and all is ok now. I've tested the PKI lab guides 3 separate times (I built 3 completely unique labs based on my own guides, eg: Lab #9, Lab #10, Lab #11) and all suceeded 100% as you can see below in my #11 lab... I would suggest you guys try again and verify each and every step as you go, also, take checkpoints (snapshots) between each part so that you can always go back if you make a mistake, lastly, the pki.windows-noob.com webserver URL, will of course be your 'own' url, and it must be reachable by the issuing CA and others or pkiview.msc will list a bunch of errors/failures. Troubleshooting Tip: in PKIview.msc, highlight an entry and click on the Refresh button in the ribbon, it should re-verify the highlighted item.

they do but you still need to know if it's win7 or win10.... if you get time over teamviewer later i'd like to spend ten minutes with this to have a look

can you please attach your cmupdate.log and configmgrprereq.log