MSI files to install software too. I have a problem. After create a VM of our template, during the installation the computer name is not take over. What ist the problem. It sounds like the customization is not being executed. Meaning, that when you deploy from the template you created, that it deploys with no customization. Did you create the customization? There is some info in the article about troubleshooting. Make sure your customizaton is built and used during the deploy. Also, you could also call VMware for support if you have bought your licenses and still have support.
Hi Michael. Thank You! I used two disks on a lsi sas adapter and multiple disks on virtual NVMe controllers. You are not missing sysprep. You do not see it, but it is working under the covers. You will not have any problems due to not seeing it. Great work as usual. I understand people use to sysprep to create an unattended file to leveraging the CopyProfile option but with Defprof any point of syspreping anymore? No, I do not use sysprep manually. That is covered by the VMware guest customization.
If VMware was not involved then yes, I would use sysprep. Great thank you for the reply and clarification.
Do you recommend placing the page file on a separate disk sizing it appropriately? Hi Mike, very interesting blog. But i have one question: how does an update from the user profile work? I have not see the icon issue you mention. Can you provide more details?
Are you saying that there is no more need of running sysprep because VMware will doing during the convert process? Hello Michael. Changing the SID is different from running sysprep. Sysprep is the only Microsoft supported way to create an image. I advise to add the step with sysprep just before the shutdown the sysprep will shutdown the computer and before creation of the template. My words were not chosen well. Do not run sysprep when you are working on a vSphere template.
What VMware does when it does the customization is something that works and is supported. The end result will be on a domain — if you want — and it will be healthy and proper. It is entirely possible that behind the scenes sysprep is used. Me again. It is running since almost 2 hours. What should I do? The command to clear the Event Log does not work for me. Hello, great article.
One question, i might be missing something, but in esxi 6. In the customizaiton wizard, the very last step is where you can disable or enable the generation of the SID.
As I mentioned earlier, I still believe the new SID option is -not- supported by Microsoft, as it is not the same as sysprep. Sysprep will also delete a lot of stuff and the last action is shutdown the computer so then your image is ready to deploy or use in an template. I explained where the SID option is, and it is supported, and it does work.
I have built many servers over the many years from this and other templates and Microsoft has helped me a few times and made no complaints or negative comments on my template articles. And I have shown them to MS people before.
This is not a new SID option but one that has been around for a long time. The wizard does build a sysprep file and you can use your own sysprep files too. Must be missing it. Hi Alex, I will update my article today with a screenshot to help and hopefully no one will miss it in the future. I will also include a link to a simple little tool to change the sid.
Way more easier to use if necessary. I realized the issue for you might be is that you create the template, but when you deploy from it you do not use a custom spec. You must do that, and when you do you will see the option I mentioned.
Thanks exactly what I was going to say. There is allot of talk about SIDS when its not that big of a deal. As i stated in a post above, the only time i ran into an issue is with WSUS and computers checking in and getting updates. Thanks for the great articles Mike. Very helpful. My question is on Windows Activation. Used to be you had three days or something to setup and try out Windows Server with full features. But what do you do after deployment of the template to get it to use the KMS server for activation?
Is that a RunOnce you add, or a part of your deployment process after joining the domain? Glad the article is helpful. There are a few answers for how the licenses can work.
I consider my templates valuable so I license them. I use a legit MSDN license as part of the provision from template. After the deploy and some sort of time, they activate themselves.
Sometimes if I see an activate I push it. This works good in my lab. Outside of the lab, like at a customer site with KMS and it happens automatically — meaning you provision with no specified key.
I hope that this makes sense? A lot of windows updates and system configurations built about past updates. If you remove them you can have issues later down the road when you install updates or when you try and add additional roles and features. I tested this thoroughly after I started getting strange errors when trying to install additional roles. I even went as far as building a new server template exactly the same as you outlined and left out the script and everything worked great.
Built the template again and included the script and again started having problems. Thanks for sharing this. Sounds like you tested it very well. While I have not run into problems myself, I will add a note about this to my article. I get errors on that command. Any ideas? I did it at cmd run as admin, on Win2K Thanks for removing the DISM section.
I was also bitten by DISM but was lucky enough to have made several snapshots during the process of creating the new image. Dism is fine. Just restart afterwards. Instead, shut down, and convert to template. Thanks for this. Much appreciated. Do you have the link to the MS instructions? That you think are good info?
Everything in your article worked perfect for me today and greatly sped up the deployment process. Used the customization spec too. We are starting to use the windows MSA and gMSA accounts that require the active directory module to be installed on the Windows Servers to improve password security. Great blog! Had to use this. Have you had the chance to look at Server ? Any plans on doing another excellent template white paper post?
I will certainly do one on Win2K I look forward to it. Not sure when but as soon as I can. Thanks for reminding me. I even have some interesting edits for the Win2K16 one too. My experience is to not change the tuning settings for VMXNet3 unless VMware support suggests it for solving a particular issue.
I suggest you do not change the config of it without a very good reason. You can use the CD and specify the path, or you can use the steps written below to set the path to for example a network location. Open the Specify settings for optional component installation and component repair Group Policy setting, and then select Enabled.
First, using these instructions allows the foolproof installation of. Net 3. We keep getting the error that the RPC server is unavailable. However it works fine with machines that are sysprepped and use SCCM for image deployment. I do not have a CA, and of the many people I have talked with about my template articles none have mentioned if they have one or not. I am surprised that this template might impact the process of recieving a cert.
Not sure when I will be able to test this but one day I will. Good comprehensive blog on how to create a golden image. The only issue I had was DefProf. I know it sounds picky but if your image is being pentested for a CIS level 1 baseline then it will be flagged.
I decided to redo the image and skip the profile customization step. Thanks for the rest of the instructions, it helped me greatly. Regards, Gilbert. Hello Gilbert, thanks for sharing this. Next time I do a serious update of my template article I will see if there is an updated to DefProf, or if I can find info from them on this. All in all, customization never runs, and deployment ultimately fails.
My guess is that you might have an issue with the scripts. Trying doing a deploy where your customization has no run once scripts assigned and see how it goes. I would also suggest that if you used the vSphere Web Client — like I do — you should re — enter the passwords for the admin account and joining of domain account password using the vSphere C client.
If you figure things out please let me know what the issue was! Why do you defrag a VM? I do a defrag for efficiency and as a past habit. I asked others who do this and they agree that the do it, and that it might expand things, but it can help performance.
I will add a note about this next update to my process. Have you guys seen any issues with DefProf and tiles being broken? I do not use the tiles often so I had to go and look to see. But no, I do not have any examples of odd issues with tiles. I will be updating my template soon and will watch for this. Currently I have no idea on what to suggest. Does anybody clear their WSUS id? I have had problems in the past with other Windows versions where machines deployed from template would retain the WSUS id and so only one of them would appear in WSUS at any one time.
Thanks very much for this info Paul. I was not aware of this. But it seems like a good idea to me! I import a registry key to set the WSUS server. The template machine can then update itself using the internal server. I deployed from template in ESXi 5. Thanks for this. I will look into that when I next update the article. Good info so thanks for sharing.
Thank you for this great article! You are right, I quite have trouble with Then and Than. I am working to get it right. Sorry for the hassle of reading what has bad English in it. I will keep working on it. By default, since vSphere 4. To bypass this, shutdown the VM, edit advanced configuration and add these 2 rows:.
Name Value isolation. Very good info. Not sure if I want to make this change on the template so that all virtual machines get it. Maybe yes, maybe not. But a very good reminder for everyone! Whenever I deploy from template I get a windows boot error screen or a corrupt disk error. I have never deployed a DC from a template. I always do the dcpromo after deployment. If you change the template to a VM, and start it does that work? If you could try that, and have it restart twice that would be good.
Then try the deployment again. The vm template had no roles installed. Also changing the template back to a vm works without issue. I like to do some tweaks, and things like BGinfo, and I want to make sure that those program icons, or program links, are available to the new user logging in. I was able to make some tweaks to my own templates with ideas from your guide. The default profile copy info was particularly helpful.
Thanks for the guide, this will be really helpful. I think there is a utility available via google called newsid. But the customization spec is easy to use, and it does take care of providing new SIDs so you will not have an issue. I believe this is what you should use. I have not seen this issue for some time. I think it was an old problem that was fixed. I would also suggest that you should confirm that your template is on the right network and can use the network before you turn it into a template.
I would also suggest you try and update. While vSphere 6 might be too far out for you 5. And I tested my stuff on it and know it works as advertised. So I seem to be having trouble using the Defprof tool. I did all of my customizations on the Administrator profile pretty much just bginfo and then created a temp account to perform the copy profile since Defprof warned me about copying the profile while it was logged in.
I need to try things out and see. Will test. It does work for me but will see if I can break it! Sorry, I work at a startup and have a heavy workload.
I have started on this a few times but have not gotten further then confirming he issue. I have someone to assist on this so hopefully in the next few days.
This has gotten werid. I was able to reproduce this. But today with two of us ready to solve it, there was no more issue. Will be working on this more tomorrow. Sorry no answer. So I can consistently repeat this bad behavior. But if I run Windows update, and restart, now I can click on those icons and start those apps.
This does not explain the why or the what, and i apologize for that, but at least it works. Do you guys actually make all these changes to production servers? Workstation images are a different story.. Yes, in fact I do make these changes to production servers, and I have for years. It makes sense to me to add in troubleshooting, or consistency. Even some help for security related stuff. Where are the customization files stored, we just built a new VC 5.
But how can I move the customization specs to the new VC? Hi Tony, You should use the option to export when editing the files — it will not export the passwords in a usable state so you will need to update that. Having an issue recently with pushing out server R2 from vm template. I am able to activate windows with no issues from within the template. When I push out a server from the template using an answer file I created in vcenter the resulting server will not activate.
The key is correct in the customization file. I have been pushing out vms for years here and have never run into this. And my Win2K12 is still working fine. I gave up and have reached out to VMware. Think maybe you should. Sorry not more help,. Hi there, thanks for keeping track of things and contributing. I did not know Microsoft suggested keeping IPv6. The reasons are funny in that they suggest that they might start using it.
Which is odd as think of what would need to be changed in our sites to support that. But I will update the article to reflect their suggestion. As for Ee you can find that as of vSphere 5. I am building out another Win2K12 tempalte and I will confirm things.
Should only take a day or two. Great article! Hi Mike, sorry for late response. Was on PTO. I am still an amateur GPO guy. But yes, there is some GPO config that will stay after you remove a server from the domain but not much and I do not know exactly what. What do you think about the following template handling? In that case you do not need to convert it back to Virtual Machine all times when you need to update the template. Hi Richard, sorry for late response.
Been on PTO. What you describe will work. But I think of my template as a permanent thing. Plus I have a good audit trail.
But, if it works better for you then good! Hello Michael, And thank you for all your insights and guides throughout the years. It is really appreciated. So software that will be used by most users like — anti — malware, Acrobat Reader, maybe some helpdesk or troubleshooting tools should be installed..
Note : For things like Chrome and Acrobat they will install fine since they have installers and they can be found on the Desktop as you might expect. For things like BgInfo and Autoruns which have no installer it is more complex.
Use the info in the BgInfo article to help. Basically you will create a Utilities program group for them and install them manually. Note2 : For the things that are not programs like Reader or Chrome, but rather things like Bginfo, or Autoruns, they were not seen in the Utilities folder when selected under the Start menu. It took time, like 20 minutes and two restart before they were seen there. No idea WTF but at least they are there. In Win2K12 it was right away. In a VM deployed from this template they were seen right away.
We are ready to make this virtual machine a template now. I suspect everyone knows how to deploy from this new template? I can confirm that passwords put into the custom specification with the Web Client works fine now at 6.
I also suggest using the following commands in the Run Once part of the customization specification. I have seen a lot of different things done via Run Once. Notify me of new comments via email. Notify me of new posts via email. Want to become an IT Freelancer? Search for:. Like this: Like Loading Hi there, The post describes which settings you should review when publishing a new template.
Leave a Reply Cancel reply Enter your comment here
0コメント