I recently was asked to help migrate my company off an old Norton Ghost imaging solution to a more modern and flexible solution that worked with newer hardware. Having previous experience with Windows Deployment Services, that is the route we elected to go. However, we did take it one step further and integrated Microsoft Deployment Toolkit into the mix as well.
I started with a new server build and only installed the Windows Deployment Services Role. I do not run DHCP on my deployment servers. In my case I created a new virtual server deployment in our VMWare ESXi environment using Microsoft Server 2016 Datacenter edition. Im making the assumption that you are already familiar with setting up a Windows Server environment and know how to install server roles.
- Server 2016 Datacenter
- 64 bit
- vCPU: 1 virtual socket, 2 cores per socket
- RAM: 4Gb
- Hard Disk 1 for the OS: 50Gb, Hard Disk 2 for the Deployment Share: 250Gb
- VM Version 11
- Running on an ESXi v6 Update 2 host
The RAM and vCPU will be bumped up once we are out of the testing and implementation phase as we will be doing more than 1 deployment at a time.
Once the server is created and the roles are installed, go through your natural progression of getting the server environment configured to your standards, windows updates, power settings, etc. Once I was done with that I installed the Microsoft Deployment Toolkit from: https://www.microsoft.com/en-us/download/details.aspx?id=54259
I used all the defaults during the installation process for MDT.
Once MDT is installed you can begin your network and server configurations. Its easiest to start with configuring the Windows Deployment Services first.
To start the WDS configurations you must be logged into the server as a Domain Admin as it will be configured with Active Directory integration rather than standalone.
To start the configuration launch Server Manager > Tools > Windows Deployment Services. This will launch the Windows Deployment Services MMC Snap-In.
In the Windows Deployment Services screen, expand the servers section. You should see a server listed with your server name and a yellow warning. Right click on the server and click configure server. You will be greeted with a before you begin/requirements page. Click next to proceed.
Since our server is in a domain and we dont want to install DHCP on this deployment server, we will select Integrated with Active Directory and click next.
Our remote install location is on our 250Gb secondary disk drive on our server. We have ours marked as E. Your drive letter assignment may vary. Our location is E:\RemoteInstall. Click next.
You will be asked which machines you want your deployment server to respond to. In most cases you will want to respond to all machines. In some cases you may be required to restrict this even more, which you can do, but it does introduce additional steps required to image a machine. For my environment it is perfectly acceptable to respond to all clients (known and unknown).
Clicking next will configure the RemoteInstall directory and start the WDS services. At this point you will be asked to add images. You can simply uncheck the box and click finish. Once this is done your server should have a green icon on it in place of the yellow warning symbol. There are a few options that arent configured during the setup wizard so you will want to right click on the server again and go to properties this time.
You will want to go to the Multicast tab and check the radio button to obtain IP address from DHCP. You will also want to click on the TFTP tab and configure the maximum block size. Set this to 8192. And lastly you will want to enable logging for troubleshooting if the need arises. To do this click on the Client tab and check the box to enable client logging. In my case I log all errors, warnings, and informational messages.
Next we move on to the installation of MDT (the link is above). The MDT installation is straight forward. Once downloaded, its pretty much just next, next, next, accepting defaults the entire way.
Once MDT is installed you will want to launch the Deployment Workbench. This is the screen that we do most of our MDT configurations in.
Once you open the Deployment Workbench, right click on Deployment Shares and select New Deployment Share. It will ask for a location to create the deployment share. In my case I am using the same E drive as above so my location is: E:\RemoteInstall. Once the location is set, click next. Keep the defaults for Share and Descriptive Name, unless you want them to be something else.
When you get to the options tab select all check boxes. You can disable options here later if you need to, but it is easier to start with everything enabled and narrow down what you dont need. The rest of the setup is just defaults until it is done setting up.
While that is finishing up, take a moment and download CMTrace. It is the only application that can be used to read error logs from MDT with any kind of efficiency. Its a single 32 bit and 64 bit file. I have taken the liberty to extract them from the All In One Toolkit for you and have them available in a zip file for download. Everything in the zip is exactly as it needs to be in terms of folder structure and .exe locations. Extract the ExtraFile folder and place it at C:\. We will be using this location later to add CMTrace to the LiteTouch MDT boot images.CMTrace.zip (152 downloads)
After the ExtraFile folder is in place on the server, we can finish the configuration of MDT. To get started launch the Deployment Workbench again. This time expand the Deployment Shares drop down and right click on your deployment share. Select properties. On the General page check the box for platforms supported. Make sure both x86 and x64 are supported. Also be sure to check the box to enable multicast.
Next go to the monitoring tab and enable monitoring for this deployment share. You can leave ports as the default. This will automatically add lines to the rules tab to allow MDT to monitor the status of each deployment happening.
Next, we go to the Windows PE tab. This tab can be confusing at first. There are 2 different windows inside this tab. They can be selected by changing the platform drop down at the top of the page from x86 to x64. We will be using both.
Lets start with the x86 general tab as that is what the tab defaults to and for the most part the settings between both tabs will be identical, with the exception of the Extra Directory to add field. This field is where we will instruct MDT to put CMTrace into the WinPE environment.
I personally uncheck the boxes to generate a lite touch bootable ISO and the generic Windows PE WIM file as they just consume space and I have found a valid use for them. I also leave the custom background bitmap file as default. I leave the feature tab as default as well. On the drivers and patches tab, I select the radio button to include only drivers of the following types and select network drivers and mass storage drivers. When it is all said and done, your x86 General tab should look as follows:
Make note of the extra directory to add. This points to the CMTrace folder that was extracted before. On the x64 platform page, the extra directory field will read: C:\ExtraFiles\x64. That is the only difference between x86 and x64 in our configuration.
Once you are done configuring those click Ok to close out of the properties. Next up we need to generate our Windows boot files. To do this expand the Deployment Shares from the Deployment Workbench. Right click on the share and select Update Deployment Share. Select the option to Completely regenerate the boot images and click next. This will take about 5-10 minutes depending on the type of storage you are using. This process creates the LiteTouchPE environments used for MDT. The LiteTouchPE images are how we capture and deployment images to machines. In the example I am using, the files will be stored at: E:\DeploymentShare\Boot. You may have a different drive letter, but the folder structure after the drive letter should be the same.
Copy the LiteTouchPE_x64 to the RemoteInstall folder that was initially configured when WDS was setup. In my example, the RemoteInstall folder was set to be on my E drive. The folder location to copy the LiteTouchPE file to is: E:\RemoteInstall\Boot\x64\Images. Do the same thing with the LiteTouchPE_x86 file. Copy the x86 version to: E:\RemoteInstall\Boot\x86\Images
Now we need to configure our boot images for when a PXE boot is requested. For the next steps we need to go back to the Windows Deployment Services. Once in WDS, expand servers, and right click on your deployment server, and select properties. Navigate to the boot tab. Find the section that shows x86 architecture and x64 architecture. Click the select button next to x86 architecture. If the previous step was done correctly, you should only have 1 option here that is LiteTouchPE_x86.wim. Then go to the x64 architecture. Again if the previous step was done correctly, you should have 2 options here. Your 2 options will be LiteTouchPE_x86.wim and LiteTouchPE_x64.wim. Make sure you select LiteTouchPE_x64.wim and click ok.
The last piece of this puzzle is in DHCP. It involves configuring DHCP option 066 and 067. This was the part that I personally had the most trouble with. Our corporate network is fairly complex and has hundreds of VLAN’s as we have 18 locations. Getting DHCP options to work across all 18 locations and getting devices to PXE boot properly was the biggest issue.
If you arent a networking person you may want to get help from your server/network administrator. The basic point here is that we are setting Option 066 to the host name of the server. I use the FQDN and make sure that I have a DNS entry to that FQDN configured.
Option 067 is to the boot file name. This needs to point to a valid NBP. NBP stands for Network Boot Protocol. The available NBP’s are captured below:
The other caveat here is do not use the full location of the boot file you want to boot to. For example, we are using the wdsnbp.com for our environment as it is the most flexible without an extra intervention required by our end users. If you remember from previous steps, our RemoteInstall folder is located at E:\RemoteInstall. However, our Option 067 setting is set to \boot\x86\wdsnbp.com as this setting is relative to the RemoteInstall folder. The full location of the boot file is E:\RemoteInstall\boot\x86\wdsnbp.com Another thing to note here as well is x86 can boot and deploy images to x86 and x64 machines where as x64 can only boot and deploy x64 machines.
Once all of these configurations are in place, you can test PXE booting by grabbing a machine, boot it up, and pressing F12 during the boot process. Remember, you will need to press F12 twice. Once to PXE boot, and another to confirm that you do infact want to PXE boot to your deployment server.
I hope you enjoyed this article and hopefully my DHCP option and MDT installation pains have saved you from wasted time and pains on your end.