Overview
To build, configure and test a PC for a site there is a three stage process:
1. Build the PC using the Offline Build USB stick
2. Copy the software packages from the Nomad Cache drive to the PC and ‘pre-seed’ them
3. Build another PC to confirm the packages came from the Nomad PC and not over the WAN
Stage 1: Offline Build
Stage 1 consists of plugging in the Offline Build USB stick and booting the PC from it. There are very few steps that require interaction but the following should be noted:
1. No provisioning is required within SCCM or AD for this PC. It will add itself automatically to both.
2. Workstations (HP 8200/8300’s and Z600/Z620’s) are configured to treat USB devices as the default boot device if they are available. It is necessary for the BIOS boot order to be changed to place the Hard Drive above USB devices to enable the PC to build properly and without supervision.
3. The PC name needs to be entered manually during the build and if entered incorrectly will in most cases require the PC to be built again.
4. Although the stick is named ‘Offline Build’ the PC should be connected to the network otherwise it will not join the LR domain.
Troubleshooting Stage 1
· If a message “Failed to Run Task Sequence” is reported then the PC has not managed to boot from the Offline USB stick and it is attempting to boot from its internal hard drive.
· If the PC keeps rebooting back to restart the build then the BIOS has not been configured as per the instructions.
· If at the final screen the display doesn’t show ‘Press Ctrl+Alt+Del to logon’ and instead shows account icons for the Depeng and Pclocaladmin accounts then it failed to join the domain (possibly due to no network lead being plugged in, a non-functional network lead or the site connects to the LR network via VPN).
· If the machine has not appeared in Active Directory and the ‘Press Ctrl+Alt+Del to logon’ message is displayed it is likely the OC did not name the PC correctly. To check, search SCCM for the MAC address of the PC to see if it’s known. If it is either:
1. Delete the incorrect name from both SCCM and Active Directory and then rebuild the PC (recommended).
2. Delete the correct computer name from Active Directory, wait 15 mins for replication and then rename the PC via Remote Desktop. Wait for replication again.
· If the Task Sequence reports a failure, attempt a second installation. If the error code 0x80070570 is shown then corrupt media is suspected (either the USB stick or the PCs internal hard drive). Perform a BIOS Hard Drive diagnostic test to confirm if the internal hard drive is the problem.
Stage 1.5: Configuration
Before the OC can run the jobs mentioned within the ‘Step by Step’ guide for Stage 2, the Nomad team should perform the following configuration steps:
· Set the PC power settings to never hibernate (see the Nomad Hibernation Settings v1.1 guide)
· Update the Nomad Inhibited Site registry settings
· Reboot the PC
· Add the PC to the Nomad Workstation collection within SCCM
The original design was to ‘Inhibit’ Nomad (stop it from operating) wherever a SCCM DP existed and this was done using a registry entry that defined the Active Directory sites. However, it was discovered that the LR AD sites were not all geographically correct so a mix of sites and subnets are now used. The Offline Build was created before this change was made to the Production build so now must be done manually.
The registry values at time of writing should now be:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\1E\NomadBranch]
"NomadInhibitedADSites"="ASD,WEB,QWE,AZS,FRE,PQE"
"NomadInhibitedSubnets"="10.165.8.0/24,10.165.9.0/24,10.165.4.0/24,10.165.5.0/24,10.57.1.0/24,10.57.2.0/24,10.57.3.0/24,10.64.17.0/24,10.64.22.0/24,10.92.30.0/24,10.200.65.0/24,10.28.65.0/24,10.28.66.0/24,10.28.67.0/24,10.28.68.0/24,10.28.70.0/24,10.28.71.0/24,10.28.72.0/24,10.28.73.0/24,10.129.1.0,10.129.2.0/24,10.129.3.0/24,10.129.8.0/24,10.129.9.0/24,10.124.33.0/24,10.84.81.0/24,10.84.82.0/24,10.5.0.0/16"
Copy the above to a text file called ‘Nomad-Restricted-Subnets.reg’ and run the following from a Command Prompt with elevated privileges (Run as administrator):
Regedit /s Nomad-Restricted-Subnets.reg
Finally, the PC should be added to the Nomad Workstation collection within SCCM. Due to the way the Offline Build works, the PC will create itself a new record within SCCM regardless of whether an entry is provisioned for it. Therefore it can only be added to the collection after it has been built.
Once added to the Nomad Workstation collection the PC will receive the following three programs from SCCM under ‘Run Advertised Programs’ which will need to be run manually for Stage 2:
Stage 2: Pre-seed
The three jobs that are run from ‘Run Advertised Programs’ perform the following:
1. Increase the local SCCM cache size from 30Gb to 92Gb
2. Copy the packages from the USB drive to the local hard drive Nomad share NomadShr$ (specifically C:\ProgramData\1E\NomadBranch)
3. Run a Nomad ‘pre-stage’ command that validates the package information with SCCM to make sure the packages are the correct version and update them if they are not.
These jobs should be run in order and not started until the one before it has completed. Note that completion is assumed when all Command windows that are generated disappear as the scripts do not display any ‘script finished’ messages.
The first job should take less than a minute to run but the others will take at least 3 hours plus if they complete correctly. The 3rd job is especially dependent on the network bandwidth between the site and the London based SCCM primary server as it will download any updates to the packages that have been copied to its hard drive by the 2nd job.
The jobs may display a status of ‘Failed’ when they complete but this should be ignored. This is due to the run times mentioned above being in excess of the SCCM default maximum of 2 hours.
Troubleshooting Stage 2
Historically steps 2 & 3 were originally combined (use the Nomad ‘pre-stage’ command to copy a package from the USB disk and then validate that package before proceeding to the next) but this led to run times in excess of 24 hours.
However, the quicker method is not without risk. If the 1E NomadBranch service should stop/start unexpectedly or the PC reboots then Nomad will scan the directory and delete any packages that have not been validated (known as ‘zombie’ packages). The screenshot below shows this with package directory names having the .Deleting suffix added.
If this happens then the following steps should be followed:
1. Reboot the PC (to make sure the ‘pre-stage’ job is terminated)
2. Log in to the PC and copy the following scripts from \\Nomadsrvdsl$\Pre-Seed to the Documents folder:
· Getpackages.vbs
· Refreshpackagever.vbs
3. Open a ‘Command prompt’ window with elevated privileges (Run as administrator)
4. Run the following command to clear out the Nomad cache:
\Program Files (x86)\1E\NomadBranch\CacheCleaner.exe –DeleteAll –Force=9
5. Once the command has finished (some errors may be reported), use Windows Explorer to check the contents of C:\ProgramData\1E\NomadBranch. Delete all remaining directories that have a .Deleting suffix.
6. Continuing with Windows Explorer, from within C:\ProgramData\1E\NomadBranch\Logfiles delete all files ending with _copy.txt and the log files package_copy.log and Refresh_version.log
7. From the elevated Command Prompt window, change the directory to the document folder:
cd c:\users\<username>\Documents
8. Confirm the USB drive containing the SCCM packages is plugged into the PC and then run the following command:
getpackages.vbs -allpackages –source=usb –target=pc
This command will take approximately three hours to complete and will open a command window per package as the packages get copied over to the hard drive.
9. Once the command has completed, use Windows Explorer to confirm the number of directories (packages) that have been copied into C:\ProgramData\1E\NomadBranch (at time of writing there should be no fewer than 632 directories).
10. Run the following command from the elevated Command Prompt:
Refreshpackagever.vbs -allpackages –source=pc
This command can take a long time to complete depending on how up-to-date the packages on the USB hard drive are as they are compared with the packages that exist within SCCM and will download any updates to them. As per the previous script, a command window is opened per package during execution.
11. Once the command has completed, use Windows Explorer to confirm the C:\ProgramData\1E\NomadBranch directory now contains a number of .LsZ or .LsT files that closely match the number of packages (at time of writing there would be at least 621 files as 11 packages had been superseded/deleted from SCCM).
12. Reboot the PC (to get unnecessary packages deleted from the Nomad cache that no longer exist within SCCM)
The other scenario that may be encountered is where the 1E Nomad Branch service has crashed, sometimes repeatedly in the case of unreliable network connections, after validating a large number of packages.
In these circumstances the following steps should be followed:
1. Do not restart the 1E Nomad Branch service or reboot the machine.
2. Using Windows Explorer, go to C:\ProgramData\1E\NomadBranch and identify which package directories do not have a corresponding .LsZ or .LsT file. Move (not copy) these directories to the directory above (C:\ProgramData\1E).
3. Restart the 1E Nomad Branch service.
4. Open a ‘Command prompt’ window with elevated privileges (Run as administrator)
5. From the elevated Command Prompt window, change the directory to the document folder:
cd c:\users\<username>\Documents
6. Now run the following command to create a text file list of all the packages that were moved:
dir C:\ProgramData\1E\*_cache /b > packages.txt
7. Edit the packages.txt file that has just been created in the Documents folder and remove the _Cache extensions from all of the package names to leave a list of package ID’s. For example, WE10017C_Cache should become just WE10017C. Save the file and exit the editor.
8. Move the directories that were moved in step 2 back into the C:\ProgramData\1E\NomadBranch folder.
9. Log in to the PC and copy the following scripts from \\\Nomadsrvdsl$\dsl$\Pre-Seed to the Documents folder:
· Getpackages.vbs
· Refreshpackagever.vbs
13. Run the following command from the elevated Command Prompt:
Refreshpackagever.vbs –packagelist=packages.txt –source=pc
NOTE: The Getpackages.vbs script also can use the –packagelist=<textfile> option to copy only specific packages from the USB hard drive if required.
14. Once the command has completed, confirm the 1E Nomad Branch service is still running and that the C:\ProgramData\1E\NomadBranch directory now contains a number of .LsZ or .LsT files that closely match the number of packages. If not, return to step 1.
15. Reboot the PC (to get unnecessary packages deleted from the Nomad cache that no longer exist on the SCCM Primary)
Finally, check the .LsZ or .LsT file names. The format used is:
<PackageID>_<SCCM_Package_Version>.LsZ (or .LsT)
For example: WE1000EC_3.LsZ
If there are a lot of files with _0.LsZ or _0.LsT version numbers then this may cause issues in future as the Nomad agent installed during the ‘WinPE stage’ at the beginning of the build is not as advanced as the Windows 7 version installed later. It depends on the version numbers being correct to avoid downloading the driver packages over the WAN.
The packages that this currently applies to are listed in Appendix A.
Stage 3: Test Build
To confirm the Nomad workstation has been built correctly, a test build of a PC on the same subnet is performed.
The prerequisites to run the test are:
· The Nomad workstation must be powered up and connected to the network
· The Nomad workstation hibernation settings confirmed as being set to ‘Never’
· The PC to be built should have the LR factory image installed on the hard drive and should be connected to the network
· No other Nomad enabled PC should be on the local network
Perform a standard build over the network. A successful build at time of writing should take between 45 and 90 minutes depending on the model of PC and WAN speed.
If the build completes, connect to the nomadshr$\LogFiles directory on the machine that was built. If it doesn’t, go to the troubleshooting tips for stage 3 below.
Using Trace32.exe log viewer from the Microsoft SCCM 2007 Toolkit v2 (available for download at http://www.microsoft.com/en-gb/download/details.aspx?id=9257), open the two files NomadBranch.log and NomadBranch.lo_
From the Tools menu, select Filter. Check the ‘Filter when the Entry Text’ checkbox, select ‘contains’ from the dropdown menu and enter ‘bytes from’ in the filter (see screenshot below).
If the Nomad installation performed properly, the log file should display numerous lines starting with ‘Bytes from Peer =‘ followed by a number and 100% in brackets (see below).
If the log file displays nothing but ‘Bytes from DP =’ then the build has been performed over the WAN and the Nomad workstation has failed the test (see the troubleshooting tips for stage 3 below).
Assuming that the log files look OK then another filter should be applied but this time looking for lines that contain ‘winner is’.
This will reveal the name of the PC which served the packages for the build and this should be the Nomad workstation. If the Nomad workstation name is not found in either of the log files then the test should be considered a failure. Conversely, if other workstation names are mentioned as well as the Nomad workstation then this is OK as this is how Nomad should work if there are multiple machines on the same subnet.
The final test to confirm the build was successful is to open the two files NomadBranch.log and NomadBranch.lo_ from the nomadshr$\LogFiles directory on the Nomad workstation itself.
Using Trace32.exe again, filter the log files for lines containing ‘Sending PkgStatus’.
If the log file contains something similar to the screenshot below, and the IP addresses shown match the IP address of the machine built, then the early stage of the build retrieved the packages listed in Appendix A from the Nomad workstation correctly.
Troubleshooting Stage 3
If the build failed to complete then this indicates the Nomad workstation was not utilised during the build as its likely the PC lost connection to the SCCM server over the WAN.
Problems that have been encountered:
· Confirm that the Nomad workstation was actually on and connected to the network. If it was, confirm the hibernation settings were set correctly so it didn’t ‘suspend’ during the build.
· Check the 1E Nomad Branch service is actually running on the Nomad workstation.
· Check the registry settings for the Inhibited Sites have been set correctly on the Nomad workstation (detailed in Stage 1.5: Configuration). If this is suspected then connect to the nomadshr$\LogFiles directory on the Nomad workstation and open the NomadBranch.log file. Search for ‘P2Pinhibited’ and ‘P2Penabled not set’ and if found in recent entries then this is confirmed.
· Connect to the nomadshr$\LogFiles directory on the Nomad workstation and open the NomadBranch.log file. Search for ‘P2PEnabled’ and if recent entries show ‘P2Penabled==0’ then a reboot is required (possibly due to the reboot not being performed after the registry change for Inhibited Sites).
· Check that the subnet being used is registered as an Active Directory Site as SCCM will not work otherwise.
· Although no site so far has this configuration, check if the site has multiple subnets as the Nomad workstation default setup does not support this. There are two options:
o Follow the guidelines in the Nomad Implementation Guide v1.3 section 1.2.4 and change the required registry settings to enable Multicast.
o Configure a Nomad machine per subnet
List of packages downloaded by WinPE at the early stage of the Lloyds Register Production Build v1.2.
The version numbers for the Nomad .LsZ/.LsT files that correspond to these packages must be correct otherwise they will not be considered valid to a machine that is being built.
| Package ID | Description | Size |
| WE100010 | ConfigMgr client upgrade | 112 Mb |
| WE100044 | 1E Nomad Branch | 9 Mb |
| WE10008B | 2560 x86 drivers | 374 Mb |
| WE10008C | 8200 x86 drivers | 212 Mb |
| WE10008E | 8460 x86 drivers | 202 Mb |
| WE100090 | Z600 x86 drivers | 313 Mb |
| WE100092 | 2560 x64 drivers | 237 Mb |
| WE100093 | 8460 x64 drivers | 137 Mb |
| WE100094 | Z600 x64 drivers | 294 Mb |
| WE100095 | 8200 x64 drivers | 48 Mb |
| WE10009E | Syn Touchpad driver | 63 Mb |
| WE100255 | 8560 x64 drivers | 794 Mb |
| WE10025E | Notebook xx70/xx75 x64 drivers | 1.1 Gb |
| WE100263 | 8300 SFF x64 drivers | 1 Gb |
| WE10026A | Z620 x64 drivers | 822 Mb |
| WE1002A9 | WIM image for Windows 7 | 6.3 Gb |
| WE1002AD | 8300 SFF x86 drivers | 586 Mb |
| WE1002AE | Z620 x86 drivers | 718 Mb |
| WE1002AF | Notebook xx70_xx75 x86 drivers | 974 Mb |
| WE1002B0 | Notebook xx60_xx65 x86 drivers | 687 Mb |
| WE1002BA | MDT 2012 Update 1 | 52 Mb |
| WE1002F7 | Unattend 1.1 | 16 Kb |
No comments:
Post a Comment