Jump to content




anyweb

How can I deploy Windows 8.1 x64 to the Microsoft Surface Pro 3 using System Center 2012 R2 Configuration Manager ?



Recommended Posts

Introduction

 

Now that the awesome Microsoft Surface Pro 3 is readily available and getting plenty of good press, customers are buying it and re-imaging the default Windows 8.1 Professional installation with their own corporate install.

 

en-INTL-L-Surface-128GB-MQ2-00001-mnco.jpg

 

In this post I'll show you how to install Windows 8.1 X64 Enterprise using UEFI network boot via System Center 2012 R2 Configuration Manager.

 

Step 1. Get the drivers

Download the Microsoft Surface Pro 3 drivers from the following link.

 

http://www.microsoft.com/en-us/download/details.aspx?id=38826

 

I'd recommend you choose whatever are the latest zipped drivers for the product, in my case that was those from August, namely Surface Pro 3 - August 19, 2014.zip. Extract the zip file to somewhere useful like

\\server\sources\os\drivers\Windows 8.1 x64\Microsoft\Surface Pro 3\ 

as shown in the screenshot below

 

extracted surface pro 3 drivers.png

 

Step 2. Import the drivers into Configuration Manager

 

In the Configuration Manager console, expand Software Library and select the Operating System node, next select Drivers. Right click and choose Import Driver as in the screenshot below

 

Import Driver.png

 

select Import all drivers in the following network path and use the Driver path that we specified above in Step 1, eg:

\\server\sources\os\drivers\Windows 8.1 x64\Microsoft\Surface Pro 3\ 

as shown below

 

Import new driver wizard locate driver.png

 

As these are new drivers for a new product, we want to categorize them for searching later, so click on Categories

 

categories.png

 

click on Create and enter Microsoft Surface Pro 3 - Windows 8.1 X64 as the category name as shown below

 

create category.png

 

click on Ok so it shows like the screenshot below

 

administrative category created.png

 

for the Add drivers to package screen, click on New Package and fill in the package details as shown below, for Path, make sure that you've pre-created a suitably named empty folder for your driver package to be stored such as the example below:-

\\server\sources\os\driver packages\Windows 8.1 x64\Microsoft\Surface Pro 3\

add drivers to packages.png

 

before continuing, remove the check mark from Update Distribution Points when finished as we still need to distribute this new package to one or more distribution points

 

remove checkmark from update distribution points.png

 

and we will not be adding these drivers to the boot image so do not select any boot image, we will add the network driver to the boot image later in this guide. With boot images you only want to add the bare minimum drivers and only if needed.

 

do not select any boot image.png

 

Click next and the driver import begins,

 

importing drivers.png

 

Tip: You can monitor DriverCatalog.log in CMtrace on the site server to view details about device drivers that are been imported into the driver catalog.

 

drivercatalog log file in cmtrace.png

 

if all went well after a few minutes you'll get a completion message,

 

driver import done successfully.png

 

Tip: If there were any problems with duplicate drivers you might want to try Jason Sandy's duplicate drivers helper script here. If you'd like to automate the above with a PowerShell script then try this one from Kent Agerlund or use the PowerShell script I've provided below.

 

Note: the script below works fine in CM12 R2 CU3 but does not work correctly without modification in CU4 due to the cmdlet changing...

#==========================================================================================================
# Import Drivers and Create a Driver Package – SCCM 2012
# (c) windows-noob.com 2014/11/21
# Original script via http://model-technology.com/importing-drivers-creating-driver-packages-using-powershell/
# 
# Modified by Niall Brady to include Make and cleaned up some bug fixes.
# Customized for Microsoft Surface Pro 3 
# The order should be OS/MAKE/MODEL
#==========================================================================================================
#
# Set variables
#
clear
CD C: # get-childitem will fail otherwise if you re-run
$sitecode = "P01:"

#== Example: "Dell Optiplex 7010" or "Dell Latitude E6540"
$Make = "Microsoft"
$Model = "Surface Pro 3"

#== Example: "Win7" or "Win8"
$DriverOS = "Windows 8.1"

#== Options are "x86" or "x64"
$DriverArchitecture = "x64"

#== Driver root source dir
$DriverRootSource = "\\sccm\sources\os\Drivers"
$DriverPkgRootSource = "\\sccm\sources\os\DriverPackages"

#==============================================================
# Begin
#==============================================================

#Put together variables based on model, os, and architecture
$DriverPackageName = $DriverOS + " " + $DriverArchitecture + " - " + $Make + " " + $Model
Write-Host "DriverPackageName = " $DriverPackageName
$DriverSource = $DriverRootSource + "\" + $DriverOS + " "+ $DriverArchitecture + "\" + $Make + "\" + $Model
Write-Host "DriverSource = " $DriverSource
$DriverPkgSource = $DriverPkgRootSource + "\" + $DriverOS + " " + $DriverArchitecture + "\" + $Make + "\" + $Model
Write-Host "DriverPkgSource = " $DriverPkgSource

# Verify Driver Source exists.
If (Get-Item "$DriverSource" -ErrorAction SilentlyContinue)
{
# Get driver files
#Write-host "Importing the following drivers.." $Drivers

$Drivers = Get-childitem -path $DriverSource -Recurse -Filter "*.inf"
}
else
{
Write-Warning "Driver Source not found. Cannot continue"
Break
}

# Create Driver package source if not exists
If (Get-Item $DriverPkgSource -ErrorAction SilentlyContinue)
{
Write-Host "$DriverPkgSource already exists… "
}
else
{
Write-Host "Creating Driver package source directory $DriverPkgSource"
New-Item -ItemType directory $DriverPkgSource
}

# Import SCCM module
Import-Module "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"
CD $sitecode

If (Get-CMDriverPackage -Name $DriverPackageName -ErrorAction SilentlyContinue)
{
Write-Warning "$DriverPackageName Already exists. Exiting"
Break
}
else
{
Write-Host "Creating new Driver Package: " $DriverPackageName
New-CMDriverPackage -Name "$DriverPackageName" -Path "$DriverPkgSource" -PackageSourceType StorageDirect

$DriverPackage = Get-CMDriverPackage -Name $DriverPackageName
New-CMCategory -CategoryType DriverCategories -Name $DriverPackageName -ErrorAction SilentlyContinue
$DriverCategory = Get-CMCategory -Name $DriverPackageName

foreach($item in $Drivers)
{
$DriverPackage = Get-CMDriverPackage -Name $DriverPackageName
Import-CMDriver -UncFileLocation $item.FullName -ImportDuplicateDriverOption AppendCategory -EnableAndAllowInstall $True -DriverPackage $DriverPackage -AdministrativeCategory $DriverCategory -UpdateDistributionPointsforDriverPackage $False
}

}

# distribute it !

Start-CMContentDistribution –DriverPackageName "$DriverPackageName" –DistributionPointName "sccm.server2008r2.lab.local"

Write-Host "Operations are complete !, exiting."

CD C:

If there are other ssues with importing drivers please refer to the SMSProv.log for details of what failed and why. You can search that file for the name of the driver that failed to import.

 

 

 

Step 3. Distribute the Surface Pro 3 Driver Package

 

Now that our drivers are imported and a driver package created, we need to make them available to our computers to install, and to do that we need to distribute the driver package to one or more distribution points.

 

Select Driver Packages, you'll see the new Microsoft Surface Pro 3 - Windows 8.1 X64 driver package, select it and right click, choose Distribute Content as shown below

 

Distribute Content.png

 

click next at the Review selected content screen

 

general.png

 

Select Add and from the drop down choose Distribution Point then select one or more distribution points from the list,

 

Tip: When testing new drivers it's a good idea to distribute them to one distribution point only until you've fully tested them and are happy with the driver package, once you are happy, distribute the driver package to the remaining distribution points.

 

add distribution point.png

 

and complete that wizard

 

driver package distributed.png

 

Once done, if the driver package size show's as 0 KB, then right click on your driver package and choose Update Distribution Points so that the source version of the driver package is at least 2. the source version increments by 1 every time you update the driver package to your distribution points (when adding or removing drivers for example).

 

Update Distribution Points.png

 

answer ok when prompted to update the distribution points

 

ok to update dp.png

 

you can monitor the updating and distribution of the driver package in distmgr.log using cmtrace.

 

distmgr log file.png

 

or via the Monitoring Node, select distribution status and then content status and search for Surface Pro 3 as shown below

 

monitoring node distribution status content status.png

 

Tip: The PowerShell script above automatically distributes the driver package above. Edit it to point to your distribution points. Below is the PowerShell line to distribute the driver package, note that you have to define the $DriverPackageName variable first if not using the whole script.

# (c) windows-noob.com 2014/11/21
Start-CMContentDistribution –DriverPackageName "$DriverPackageName" –DistributionPointName "sccm.server2008r2.lab.local"

Step 4. Add the network driver to our X64 boot wim

 

As we will UEFI network boot we need the nic driver added to our X64 boot wim. Select the X64 boot wim and right click, choose Properties

 

properties of x64 boot image.png

 

select the drivers tab and then click on the Yellow startburst to add a new driver to the boot wim

 

add new driver to boot wim.png

 

Search for Surface Ethernet Adapter as shown below

 

Surface Ethernet Adapter.png

 

The driver shown above (msu64w8.inf) is the 100mbit driver (download the Surface Ethernet Adapter 100mbit driver from here for model 1552), the other driver (msu30x64w8.inf) is for gigabit (model 1663).

 

Click ok and then click on Apply, answer Yes to the update distribution points question as shown below

 

yes to update dps.png

 

Once done you'll see this

 

driver added to boot wim.png

 

if you also added the 100mbit driver you'll see it listed twice, one is the 100mbit driver, the other is gigabit

 

surface ethernet adapter twice.png

 

Tip: To add the driver above with PowerShell use the script below. Note that the DriverID is the Column setting labelled as CI ID in the screenshot below.

# add driver to boot image by driver name
# (c) windows-noob.com 2014/11/21, updated 2015/4/6 to get the CI_ID dynamically and to update the boot wim to your dp.
# Import module

Import-Module 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'

# Set Location to your site code

Set-Location P01:\

# add driver to boot image using driver ID, there are two drivers, each with their own unique CI-ID (DriverID)
$DriverName = "Surface Ethernet Adapter"
$DriversToSearch = (Get-CMDriver -name $DriverName).CI_ID
$BootImageName = "Boot Image (x64)"
# look for drivers matching the DriverName
foreach($DriverId in $DriversToSearch)
{
Write-Host "Importing the following driver: '$DriverName' with CI_ID:" $DriverId
Set-CMDriverBootImage -SetDriveBootImageAction AddDriverToBootImage -DriverId $DriverId -BootImageName $BootImageName
}
Write-Host "Updating boot image: '$BootImageName' to distribution points"
Update-CMDistributionPoint -BootImageName $BootImageName
Write-Host "Completed."

ci id.png

 

Step 5. Edit and then deploy a Windows 8.1 task sequence

 

For the purpose of keeping this guide concise i'll assume you already have a Deploy Windows 8.1 X64 task sequence ready made, if not then please follow this guide and return here when done.

 

Right click the task sequence, choose Properties and select the advanced tab, make sure the boot image is 64 bit and that it's the boot image you added the drivers to in step 4. Click Ok when done.

 

Next, right click the task sequence and choose Edit, locate the Apply Network settings step and click it, next choose the Add drop down and select Drivers, select Apply Driver Package option as shown in the screenshot below

 

add drivers add apply driver package.png

 

name the step Microsoft Surface Pro 3 - Windows 8.1 X64 and click on browse to select the driver package we created earlier as shown below

 

apply driver package step.png

 

next click on the Options tab and select WMI Query from the drop down options, paste in the following code

SELECT * FROM Win32_ComputerSystem WHERE Model Like "%Surface Pro 3%"

and make sure to test the query as shown below before applying.

 

test wmi query.png

 

here's the finished options step

 

apply driver package step options done.png

 

Once you are done with your edits, Deploy the task sequence to a collection that you've added a membership query for the computername/mac address of your Surface Pro 3 dongle. For the purpose of simplicity i'm not going into those details, you can review how to import that info into configuration manager in this post.

 

 

Step 6. Start UEFI network boot and enjoy the show !

 

Once all the above is done you are ready to watch the deployment, so connect the Surface Pro 3 to your wired network and shut it down before continuing.

 

Tip: To power it off, you can hold the power button on the top left for 13 seconds or so to force it off, or boot into Windows and choose Shutdown from the Start screen.

 

Once the device is properly powered off (and not restarted) press and hold volume down (left side) and then press the power button briefly, this will tell the device to boot from UEFI network boot (if a usb dongle or docked nic is attached) or USB media.

 

Below are a few photos of the UEFI network boot (sorry the iPhone takes less than optimal photos).

 

photo 1.JPG

 

photo 4.JPG

 

photo 5.JPG

 

Note: if your device takes forever to download the boot wim, please read this post for a solution.

 

Job done !

 

Summary

 

Imaging UEFI based computers with Windows 8.1 X64 is exciting, challenging and fun even if the technology has been around for a while. As more and more cool hardware like the Microsoft Surface Pro 3 are made available, being able to image them successfully with System Center 2012 R2 Configuration Manager is a dream come true.

 

Related reading

Downloads

 

You can download a Microsoft Word copy of this guide here. How can I deploy Windows 8.1 X64 to the Microsoft Surface Pro 3 using Configuration Manager 2012 R2.zip

Share this post


Link to post
Share on other sites


no you don't need Server 2012 for PXE boot to work, I've tested it just fine using Server 2008R2, what you do need is Configuration Manager 2012 R2, (or at least sp1).

 

cheers

niall

Share this post


Link to post
Share on other sites

Thanks, I just wanted a sanity check before I did much more on this.

 

PXE is working now and we nearly have a full SCCM build for the Surface 3.

 

Did you go as far as encryption? It encrypts with TPM / PIN and stores the recovery key in AD but when I enter the PIN at start-up I get the message "Too many PIN entry attempts" on the first attempt and have to use the recovery key to get in. I sense a Premier Support call coming.......

Share this post


Link to post
Share on other sites

Thanks, I just wanted a sanity check before I did much more on this.

 

PXE is working now and we nearly have a full SCCM build for the Surface 3.

 

Did you go as far as encryption? It encrypts with TPM / PIN and stores the recovery key in AD but when I enter the PIN at start-up I get the message "Too many PIN entry attempts" on the first attempt and have to use the recovery key to get in. I sense a Premier Support call coming.......

 

look at the recommended reading at the bottom of the post, i've a bitlocker section there

Share this post


Link to post
Share on other sites

Thanks. I do have the pre boot keyboard reg fix in place. It works and the drive is encrypted it just won't take the PIN. It only gives one attempt then offers recovery mode. If I clear the TPM it then accepts the pin, which is odd and I can then enter a wrong PIN as many times as I like and it doesn't lock out. Manage-bde status says it's all good.

 

My understanding was that if you clear the TPM the drive is no longer encrypted with those keys so it shouldn't offer the PIN prompt after a TPM clear.

Share this post


Link to post
Share on other sites

i'm working on imaging dell venue Pros 5130s. I believe I have everything set up correctly (i'm imaging on a dock) . I get the Checking Media... ipv4 screen that goes past to the ipv6 screen and hangs. i'm on sccm 2012 r2. can u point me to some logs to check? or have advice?

 

thanks

Share this post


Link to post
Share on other sites

as long as that hardware is 64bit (i don't know, do check with support.dell.com) double check that you've got a 64bit boot image attached to your task sequence and that it's the boot image that is being downloaded, also check that you've distributed same to your distribution points

Share this post


Link to post
Share on other sites

I created bootable using the Create Task Sequence Media Wizard. When I boot the Microsoft Surface Pro 3 from the USB drive I eventually receiving the following error message.

 

"Your PC ran into a problem and needs to restart. We're just collecting some error info, and the we'll restart for you."

 

Any ideas?

Share this post


Link to post
Share on other sites

is the bootable media formatted as fat32 ? it should be, also, are you using a 64bit boot wim, if not you should be,lastly power the machine off by holding the power button for 13 seconds, then try again.

Share this post


Link to post
Share on other sites

Thanks for a great job. I frequently read your guides and they always help me and so far I never need to reply but today I found a problem at the end which I can not solve so far.

 

I just did all the steps described here and than when I tried to boot my Surface Pro 3 from PXE I got a Bios message "Invalid signature detected. Check secure boot policy in setup" seconds after PXE IPv4 message shows up.

I'm using Surface Pro 3 (I just installed the latest HW upgrades offered but this was happening before the FW upgrade too).

I'm using a Surface Pro 3 docking station with Ethernet port and I also tried to boot with and USB adapter (100 mbit Model 1552).

I always get this bios message and than that its over with PXE boot.

My PXE boot was Ok on all other computers so far but I was only deploying Windows 7 so far. I must admit I know very little about UEFI at this point in time and so far we survived without it (or at least without noticing it).

Do you have an Idea what to try next?

Do I need the Gigabit USB adapter?

My PXE is configured via DHCP.

I have SCCM v 5.00.7958.1000 CU1 installed.

 

 

 

Share this post


Link to post
Share on other sites

The bootable media is formatted as fat32. I'm using 64bit boot image and unfortunately the power suggestion didn't work. Very strange.

Share this post


Link to post
Share on other sites

The bootable media is formatted as fat32. I'm using 64bit boot image and unfortunately the power suggestion didn't work. Very strange.

 

if it fails to boot from USB the first time, try again, and again, and again, if it eventually fails to the bios screen, let it. then press the power off button briefly, then power on again while holding down the volume down button.

Share this post


Link to post
Share on other sites

Thanks for a great job. I frequently read your guides and they always help me and so far I never need to reply but today I found a problem at the end which I can not solve so far.

I'm using a Surface Pro 3 docking station with Ethernet port and I also tried to boot with and USB adapter (100 mbit Model 1552).

My PXE is configured via DHCP.

I have SCCM v 5.00.7958.1000 CU1 installed.

 

 

 

as it's UEFI you'll need to remove the DCP settings and configure ip helpers instead, OR boot from bootable media (usb media)

 

can you try that ? also i've not tested with a dock, dont have one. Try connecting the USB dongle directly and see what happens

Share this post


Link to post
Share on other sites

If you are using the dock make sure the latest firmware is installed for the Surface.

 

Also there is also an issue where the Surface comes shipped with an incorrect time. Log into command prompt and change it to the correct time. We see this on about half of the ones we receive.

 

Edit, we are booting these all with the boot media at this time.

Share this post


Link to post
Share on other sites

I have a Surface Pro 3 with a docking station. When I want to install Windows 8.1 Enterprise for building an image I get, when I want to boot from PXE (start PXE over IPv4), the (error) message

"Secure boot Violation - Invalid signature detected. Check Secure Boot Policy in Setup". When I enter OK it boots further with "start PXE over IPv6". This takes a while and then start the default OS.

 

I have updated to the latest firmware but no luck so far, anyone?

Share this post


Link to post
Share on other sites

Does the Surface Pro 3 still have the original factory installed image on it ? have you tried network booting it using a Microsoft USB network card, does that work or not ?

 

do any of your devices succeed in UEFI network booting (as this requires UEFI network boot, not PXE/legacy boot...)

 

you say you've updated to the latest firmware, how did you do that

 

cheers

niall

Share this post


Link to post
Share on other sites

hey,

 

can i use the dock for imaging more than 1 device or will it make problems because of the MAC of the Dock beeing used?

 

Also other question

I used the WMI filter you posted above with "SELECT * FROM Win32_ComputerSystem WHERE Model Like "%Surface Pro 3%" it bypasses the step, becuase condition was evaluated to be false, may it be that you need to swith that to "Surface with windows 8 Pro" ?

  • Like 1

Share this post


Link to post
Share on other sites

Also other question

I used the WMI filter you posted above with "SELECT * FROM Win32_ComputerSystem WHERE Model Like "%Surface Pro 3%" it bypasses the step, becuase condition was evaluated to be false, may it be that you need to swith that to "Surface with windows 8 Pro" ?

 

 

are you running this on the Surface Pro 3 or some other model, the guide was specifically for the Surface Pro 3, hence that WMI query.

Share this post


Link to post
Share on other sites

Hi Anyweb, have you had any problems with drivers loading once the image is successfully deployed?

 

I had built my image on my sp3 and captured it, had some hiccups with bit locker and the windows apps but it went through fine.

 

Built the drivers package as per your article, but things like the front camera, keyboard, firmware were missing and werent re deployed to the tablet. Im just re sending the image to the SP3 again now to judge what it does.

 

I have noticed on the SP2 and SP3 now that it doesnt like deploying the SCCM Client for me. I have to hand install it from a bat script after deployment. Any ideas on that one too ?

 

Thanks

Share this post


Link to post
Share on other sites

 

are you running this on the Surface Pro 3 or some other model, the guide was specifically for the Surface Pro 3, hence that WMI query.

 

I removed the TS step and added it again with the same now it works... :o#

Yes its a Pro3.

 

 

Anythoughts on the other questions? I mean this should also be applying to the Ethernet Adapter?! SCCM does tag the Object with the MACAdress right, so how does it work if i want to deploy multiple surface machines through one adapter/Docking Station, do you have any clue about that?

 

Thanks & BR,

Chris

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×