Tripredacus

I got it working, but first a couple explanations about the differences in the traces. First, the W2K3 server uses a stand-alone DHCP server, which is why you see the PXE Server IP and bootfile name being broadcast in that example. With the 2008, it is running DHCP and PXE on the same box. I set up the 2003 that way because I couldn't get DHCP and PXE working on the same box... which is covered in some old thread on this forum. Alright the things I changed that did not resolve the issue: - remove localhost (127.0.0.1) from DNS and WINS/NBNS in the DHCP server options. - change the domain name from WDS.local to WDS What did work: - remove the WINS/NBNS server option altogether I was not sure why router was showing up because the Router and Remote Access Service is disabled, and there was no DHCP Server Option for anything relating to that. Atm it still just has PXEClient, DNS Hostname and DNS Server options. I didn't have to add the boot filename because I have WDS automatically load the same bootfile for x86 and x64 environments, even tho PXE always reports the architecture based on the hardware environment, and not which software we wish to install (how could it lol). Also, our WDS/2008 setup documentation from our Microsoft Rep had the instructions to add WINS into the config. I didn't set up the base settings for DHCP, only WDS. The other guy I work with put that in there so I didn't know it was there until you pointed it out. Also, can you explain "SMB Activity"? We tried looking it up but couldn't find a good explanation... and found WAY to many uses of SMB = Small/Medium Business.

Also, right now we are experiencing a lag issue but can't seem to trace it. The server is operating with 2 teamed (Team 0) gigabit NICs using Cat 6 cable on a gigabit switch. When we are deploying an image, network utilization is average 95%. When capturing an image, util is 2% or less, with spikes up to 40%. Doing a comparitive study, this means on a capture the 2008 is getting an average of 87Mbps from a client on a gigabit network. Compared to my 2003 server which gets an average of 58Mbps on a capture on a 100Mbps network. While 2008 network util is 0.40% to 2%, the 2003 gets 43% to 76%. But these numbers lie. Both servers are experiencing approximately the same capture speed, but experience different deploy speeds. What could be causing this limit on the capture (aka data-in) speed?

OK I did two tests. Environment 1: no error 192.168.0.5 = UNCLESOCKS (DC, WDS, DNS, PXE) Server 2003 Standard 192.168.0.6 = GHOSTSERVER (DHCP) Server 2003 Standard 192.168.0.10 = SIXSHOT (packet sniffer) Windows XP Pro SP2 192.168.0.11 = MININTxxxxx (booted into the PE via PXE) WinPE 2.0 Domain name = SHARK.attacksyou Environment 2: error 1231 172.0.1.87 = MININTxxxxx (booted into the PE via PXE) WinPE 2.0 172.0.1.2 = WDSSERVER Team 0 (DC, WDS, DNS, DHCP, PXE) Server 2008 Enterprise 172.0.1.3 = same as above but Team 1 Domain name = WDS.local We use the same winpe.wim to boot into on both servers. The 2008 gets an error, and the 2003 does not. The 2008 WDS settings are the same as the 2003 for WDS. The 2008 has two teamed NICs, while Team 1 does show up in a broadcast, it isn't actually connected to the network. There are no other computers connected to these two environments, with exception for SIXSHOT was in environment 2, but didn't show up in the trace like it did in environment 1. Also, both servers have a default gateway assigned that does not exist. So there are a lot of "where is x.x.x.1" messages in there because of this.

I've been doing a bit of work with our new 2k8 server, as the guy it was assigned to doesnt know how to use WDS. Anyways, we just upgraded it to 16GB of RAM so it runs real nice. We also are running a 1.7TB RAID 10 for storage, and some smaller capacity mirror for the OS. Right now we are battling this issue: http://www.msfn.org/board/System-Error-123...ve-t120006.html

I've experienced this behaviour only once before. But it was not from a broken install, it was when I worked at college and the computer had gotten a virus. The virus used a wrapper for all files to open through notepad instead of its designated application handler, in an effort to not allow you to clean the system. We ended up reimaging that computer in order to fix it.

The PE does have a time limit, although the newest version (from OPK 1.1) has 24 hours... This isn't always true however, since I had a machine in the PE for more than 3 days. I didn't do it on purpose, but I just didn't get around to working on that machine until then. Also, the PE doesn't load explorer, so you don't have a start menu. Some people have successfully gotten explorer to be the shell for PE, but you'll just have to browse the forum for those.

Well there is no start menu either. You could use a batch file with a menu, a script (like autoit or kixtart), or perhaps create your own HTA to launch the program from. Or, until you figure out how to do either of those two, you can just run the app from the command prompt, as I am currently doing as a workaround.

Yes. Mount your image, then use PEIMG to install the drivers into it. Iceman's ImageX tutorial may have some information you can use.

Hmm... We downloaded a new driver and it now survives a generalize... except its software seems to have gone missing. When it reboots now, it says it needs to install software for the device...

Sorry, my original problem was due to attempting to run a generalized sysprep more than 3 times on one image, which evidently kills the image and the ReArm. My current issue is that when I sysprep a machine with a Creative X-FI Xtreme PCI soundcard and WHQL signed drivers, and either go through the welcome or reboot into Audit mode, the driver is removed from the system. What steps can I do in order to stop Sysprep from removing this driver?

How shall I go about getting a network trace from just the startnet.cmd? I cannot use the instructions as provided to me in this posting: http://www.msfn.org/board/index.php?s=&amp...st&p=776402 LMK.

I have an image of a clean install with SP1, without any drivers installed except the NIC. If I get to it (i've been busy lately) I will drop it an export to see how big it is on Monday.

OK so today I got to do the first real test of our Server 2008 WDS. As I reported before, I wasn't the guy who was handling it, so I figured it would be all ready to go. Except it wasn't. So I set it all up pretty quick, but I am encountering a problem. I created a new user and assigned it to the administrators group. This user has a password that is acceptable by the complexity rules. I created a folder, and shared it on the network. By default, administrators get full control. So I boot a PC to the network, everything all loads up fine. This PC is booting into the WinPE, with some additions including GImageX HTA. Basically, its the same WinPE.wim that my 2003 server uses, so I know it functions properly. I mounted the PE and changed the startnet.cmd to map to the new server name and using the new creds. However, when the PE loads, it can't map the network drive, and returns System Error 1231, basically that the network resource is unavailable or not found. Now, if I open the CMD and manually type in the command, it maps without a problem. I have compared what I typed and what is in the startnet.cmd and it is exactly the same. For some reason there seems to be a delay after networking is enabled and the ability to use it. I KNOW that this is a problem with our Server 2008 and not the PE for reasons I have already stated. We have also tried disabling the firewall but to no avail. The NICs in the server are teamed if that helps at all. All configuration besides WDS are at their defaults. The other cfg we changed was making WDS use 1GB instead of 100 for its LAN profile. OH, I wanted to also post that I am currently using a workaround to resolve the issue, but I would prefer not having to do that. The following is an AutoIT script I wrote that we run from x:\windows\system32. ; Program to workaround GImageX getting System Error 1231 RunWait( @ComSpec & " /c net use z: \\wdsserver\images Password1 /user:remote" ) Sleep( 1000 ) ProcessClose( "mshta.exe" ) Run( "mshta x:\windows\system32\ImageX.hta" )

So it isn't blitzing the setting for the wallpaper or overriding it with a GPO, and if Explorer is killed the wallpaper reappears (or more correctly, the strange grey sheet in front of it is removed).As soon as explorer.exe is relaunched, the grey screen returns? Happens at all resolutions and colour depths? Happens for all users who log on? Changing the wallpaper has no effect? What colour is the desktop set to, when no wallpaper is in use? Take a hang mode ADPlus dump of explorer.exe and upload it somewhere, I can take a look if there is anything quirky going on in the running threads (but it may be something that has "been and gone"). http://www.microsoft.com/whdc/devtools/deb...ng/default.mspx ADPlus command line (ideally run after killing & relaunching explorer.exe without opening anything else): adplus -hang -ctcf -pn explorer.exe -o c:\dumps I'll get to retest it sometime in the future, just because this is so weird. The image was rebuilt this morning before I came in so we aren't experiencing this issue anymore. For the record, here are your answers: - The gray screen returns after relaunching explorer.exe. - This happens at all resolutions and color depths (including when no video drivers are installed) - You cannot change the wallpaper - It is possible to change the background color, but the only difference you see is the background color for text under icons. - Happens for all users. However I was not able to test a limited user. There was only the administrator account, and when I went to make a new account for testing, I could only make another administrator account. The option for creating a limited account was unavailable. Also, this also happened with the Guest account. I don't know how long it will be before I can test this again, but I did save the image.

So we got a new drive image in today. It is Windows XP SP2 with IE7. The installed apps are some games, DirectX and Trend Micro client. I had to approve the usage of the image and run a sid change on it. There were no scheduled tasks so that was good. So I ran the sid change, rebooted and checked out the event viewer. All clear, no problems so I approved it and we started dropping the image on a few PCs. Well this is where things got weird. We run the sid changer on the new PCs and it does something different. And it does this on all (we did 6) of them. After the desktop loads up after the reboot (any reboot/logoff) the wallpaper (bliss) is visible, but maybe 5 seconds after that, the wallpaper disappears and we have a gray background. OK i thought the wallpaper just became broken, so I open up the display properties, and I realise that everything EXCEPT "Color" is unavailable (grayed out) on the Desktop tab. You can click everything else on the other tabs. I had another guy look at one of the machines and we tried all sorts of stuff. He discovered that the wallpaper actually doesn't get changed, because you can see it if you reboot, or if you kill the explorer.exe process. I even set the IE home page to an htm file, then enabled Active Desktop. What happened was that this gray "background" sits between the wallpaper and the Active Desktop layer. We also tried the following: - reinstall the video card drivers - run a repair install - boot into Safe Mode - disable all startup apps with msconfig and set all Trend services to manual - run the System File Checker, which didn't fix it either but it made Windows BSOD instead. - add filemon to Run in the registry to capture events at bootup, which ironically led me to find Trend isn't working properly but I'm not concerned with that. - verified there are no active GPOs applied via GPRESULT and the GPOE. - verify desktop/shell registry settings - checked all suspect log and INI files searching for security apps. - killed 95% of handles and processes with Process Explorer. OK so if the eval PC did this, i would think it is fine. But it didn't. In fact, we dug out that drive and booted it up to use as reference. I worked on this for maybe 3 hours today, and the other guy worked on it for about an hour. We are just drawing up blanks. Anyone have an idea about this behaviour?

OK I will once we get another PC in... I shipped the last one.

Hmm that is indeed annoying. Is it too much to remove them all and just add back the ones you want?

This seems to be backwards. The actual setup.exe on the install disc doesn't use the WAIK. The WAIK is just one method of doing the same thing. The install DVD would likely use other libraries when it installs. In other words, Microsoft didn't make their install DVDs with the WAIK, they used the WAIK to mimic their install DVDs.

Honestly - a large portion of that is user error. I've been running all of my Windows machines (ranging from XP Home to Vista Business, and just about everything inbetween) without additional security software for close to two years now. The reason why you can give a "n00b" a mac and not have to deal with malware is because nobody targets them... although that's starting to change. Computer security ultimately comes down to the user. Most modern operating systems are "secure enough" by default, and as long as the system is kept up to date with the operating system patches (forget about AV definitions), most users should be fine. I agree with Zxian. I haven't run additional security (unless you count hardware firewalls) with Windows since... um... 1996 when I used a McAfee AV floppy on a Windows FW 3.11 server... Only have gotten 2 viruses since then, and in both cases (different computers) they were there because I put them there in order for me to learn how to remove them.

Have you looked into using an HTA? Technically there is no desktop in the PE, since its default shell is the command prompt. You see wallpaper of course, but the explorer doesn't run. Is yours set up to use explorer as the shell?

after you mount your image, try peimg /list to see a list of installed packages. The name your package has might differ than what you are typing in.

All ip traffic appears to be normal. traces are basically pointless because there is only 1 hop to be had. These segments do not have access to the internet. I ran a 1k ping to the file server and average time was 1ms, mean time was 2.5ms (actual range 1-4). While running this ping (using ping ip -t -l 1000) I had an XP machine ping the file server, which got <1ms, as well as ping the Vista which was also <1ms. I am not sure what else I can run on it... I mentioned this behaviour to our network admin and he's drawing up a blank on it as well. I have tried connecting using the \\IP instead of \\UNC and the same thing. I try pinging while waiting for the share to open, and all 1ms. Now I get the same stastictics on the other segment but the actual visual response time is faster. The transfer speeds (as reflected by the info box) always shows a <1MBps speed on the slow segment, and a ~10MBps+ on the fast segment. ping times during these obvious slow times are normal. Also, when I traverse folders, as an example. I open a folder on the share. It waits about 20 seconds, then opens the folder but all the icons are generic. There is a little green progress bar that moves slowly through the address bar. It takes maybe 60 seconds for it to make the entire address bar green. It then changes the icons to whatever they are supposed to be. Also during this time, on the explorer bar (folders) it will show the folder, but still collapsed, and have a magnifying glass on it that moves slowly. When it finally loads, it expands the folder as well. I am not sure if I have seen this properly, but on the slow segment, it always shows the "offline status" in the info bar on the bottom. I have not noticed this showing that info on the fast segment. All vista is doing this, but we use a single image, which is modified with Group Policy.

In disk management, what file system and disk type does it have for the volume?

A friend of mine once got three OSes running on a Mac at one time (without using virtual pc) but I haven't a clue how he did it. He only had photos of it where it had 3 monitors connected showing 3 different desktops.

I'm reopening this discussion because of my own experiences. I am getting mixed results with this result. For versions that allow it, I disable these mapper and i/o drivers with group policy. In other versions I disable it using the registry. Say for example, in Home Premium (which has no GP support) the discovery mapper is the only service that is enabled, and the i/o driver is disabled, while both services are set for manual AND enabled on the NIC itself. However, our current LAN is set up in two segments or IP ranges. All vista machines on one range work properly once my settings are applied. But all machines on the other range do not! They operate as if the i/o and mapper are enabled, even if I were to manually unselect them. I can also confirm that the policy is active and have forced a gpupdate. Now these machines are communicating with a 2003 Std server, and say the next station to the vista on this "slow" range has XP. the XP has no problem accessing network resources. As an example, a Vista business PC has taken over an hour to install Realtek Sound drivers off the network, and the XP machine next to it took 3 minutes. And a Business PC on the other range takes 3 minutes. Since it would appear that perhaps there is a cfg problem with one of our segments, what could possibly cause Vista PCs to be slow on it and XP to be not? I can also verify that if I take the "slow" Vista PC off the "slow" segment and connect it to the other one, network shares open very fast and network speed is normal.