Wednesday, August 13, 2014

MDT sourced WIM and SUP

Overview

As previously mentioned, like many, I generate a prepatched WIM via a Build and Capture TS in ConfigMgr on a quarterly basis. I have to fight the Install Software Updates step(s) from time to time so I recently moved to using MDT to do the B&C and importing into SCCM. Johan Arwidmark and others are suggesting this path now. While doing some WSUS cleanup I noticed there were several hundred systems in it console. It should have a couple at most. from the B&C TS ran against it.

Issue

The MDT server has the usual suspects to support MDT like WSUS, ADK, etc, so its built to handle a VERY small usage base. The issue is a simple one. MDT will setup the HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\ WUServer and WUStattusServer strings to reflect the WSUS server its using during the B&C. The WindowsUpdate key is retained during deployment. What happens is during deployment, the Windows Update Service starts talking to the WSUS server configured by these strings. Later in the Task Sequence SCCM will update it for the Install Software Updates step(s) so it fixes itself. Being the purist I want to correct it earlier.

Resolution

This is corrected very easily by deleting the WindowsUpdate key so it reverts back to factory.

 REG.EXE DELETE "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /f  

Additionally I stop the Windows Update service (wuauserv) as it reads these settings at service startup. It will get new settings after the next restart as I have several during the deployment TS. You could start it back up or even set all the settings for SUP.

 NET STOP wuauserv  

There are two places to resolve this. Permanently via the MDT B&C TS, Put the delete command step AFTER your done using the WSUS server via the two 'Windows Update' steps. There isn't really a need to stop the service. For an already deployed WIM in ConfigMgr, just put them both after the 'Setup Windows and Configuration Manager' step as the deployment will have switched from the PE instance to the deploying instance. Once a new B&C is imported, you can remove the steps from the deployment TS.

-Kevin


1 comment:

  1. Similar to your comments for reasons to not use ConfigMgr for a build and capture because of what Johan and others are suggesting, I compiled a list of 10 things that can help ConfigMgr be more successful during a b&c. To me, MDT still has way more drawbacks. Anyhow, here is my post on the tips: http://t3chn1ck.wordpress.com/2014/08/16/10-tips-for-a-more-successful-windows-image-build-capture/

    ReplyDelete