clodhoppers18

The only change I make is disabling the firewall on the client. The MAK Proxy activation does not require the client have access to the internet in order to activate. The computer with the VAMT must have access to the microsoft sites without the proxy in the way. The proxy isn't the issue at this point because as soon as I disable the Windows Firewall on the client computer, the MAK Proxy Activation is successful. Also, the web filtering that we use isn't robust enough to detect the OU that the computer is in and apply policies that way. We can only use IP address or username based filtering.

I disable the windows firewall on the client. (The computer that needs to be activated but cannot because it's IP address requires credentials to access the internet)

Even when I am initiating the activation from the Windows Deployment Server using the Volume Activation Management Tool? I can get to the web with no problem and I can ping the computer with no problem but when I try to do the MAK Proxy activation, it acts like it can't see the client.

Yes, unfortunately we can only allow the primary domain name to not require authentication. so for http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl we would have to allow www.microsoft.com to go through without authentication. This will allow all users to get to www.microsoft.com Unfortunately, this is not an option for our security folks. Right now we are using MAKproxy activation which allows the server IP to go through the proxy without authentication. This allows it to conduct the activation and pass the confirmation ID back to the client. The windows firewall on the client is preventing the server from connecting and activating the client. Hopefully this clarifies the issue.

Issue: I am running into an issue with an image I have that is preventing me from efficiently activating the PCs that I have after deployment of a custom image. Whenever I attempt to do a MAK Proxy Activation, I have to disable the Windows Firewall on the client PC in order for the activation to take place. Prior to disabling it, I have been able to ping between the two computers without any problem. Scenario: Attempting to do MAK proxy activation on a Windows 7 Professional image with a Windows Server 2008 that has MDT 2010 and WDS using the Volume Activation Management Tool. The image is nearly perfect with the exception of two minor things, but aside from this and a password issue, it is golden. Research: I have done some research on line and it looks that WMI must be enabled and allowed through the Windows Firewall on the client in order for the MAK activation to occur. I am in the process of checking this right now, but I wanted to confirm that you do need WMI enabled and permitted before rattling my mind on what is preventing the access. Optimal Solution: One that doesn't require me to re-do the entire image. If at all possible, I would like to avoid re-doing the image just because I need to change one thing. Is it possible to insert the rule that may be needed using registry edits? I have found where I can add certain ports to the firewall profiles through netsh advfirewall command, but I'm not only unsure of what ports are needed, but also the scope and any other necessary parameters for this. I thank you all in advance. Just so it's clear, I have done some research all over the net on this but haven't found anyone with my issue. Also, I have looked through both the firewall addition and the WMI requirement prior to posting this. If I overlooked something, please let me know. Thanks! --Dustin

Our deployment is set to automatically connect using supplied credentials, so we don't get prompted for that. Is there a log I could pull up within WinPE to see what point it got to when it couldn't "read the media"?

Yes to the ping, no to the Wireless connection. On gigabit switches, even tried hooking up to the same switch that the deployment server is on and still nothing. For the ping thing, the CD has been used on the same model before without any issues so I don't suspect a driver problem.

We are using MS Deployment Toolkit (who knows what it's called now, the name changes every 6 months) with WinPE 2.0. We have a CD that we use for booting into the deployment Wizard (Lite Touch PE ISO from the server that has the deployment toolkit installed) We have several CDs and they all work on our desktops and have been used on many of our laptops and netbooks. However about a week ago, we started having a problem where the laptops would start to boot from the disk, would get loaded into WinPE with the 2 command boxes up then we would get a "Media Not Found. Please reinsert the media (CD, DVD, or USB) needed to complete the deployment." message. We can remove and reinsert the CD as many times as we want but it goes no further in WinPE. We are getting an IP address through WinPE and can ping the deployment server. We know 100% that these disks (3 different ones) have been used on the exact model of notebooks and netbooks. We have tried switching out the CD/DVD modular drives in the affected notebooks, as well as using several different external drives with no success in getting past this message. After receiving this message on the notebooks, we used them on a desktop and they are able to pull up the deployment wizard and deploy the images, etc. We have tried re-burning the ISO, after doing the "update" on the deployment point and it still doesn't get past the message on the note/netbooks. What boggles my mind is that it works on the desktops; it is obviously able to read the disk because it boots most of the way through; and the disk worked previously on this model laptop. Please advise in any way you can, I appreciate the assistance.