If you want to use EUFI Boot with MDT 2013 Update X.
Don’t use DHCP Option 60/66/67!!!
DC01 = Windows Server 2008 R2 SP1
DC02 = Windows Server 2012
MDT01 = Windows Server 2012 R2
UEFI Client: Dell Laptop E5450
BIOS Client: HyperV Virtual machine with Legacy network adapert
DC1; MDT01 and DHCPServer all in Subnet1.
(IP Helper is set for DHCPServer for DHCP and for DC01 & MDT01 for DHCP and BootP – I checked serveral times if everything is right here)
UEFI Client and BIOS Client in Subnet2.
Situation1 — Using no DHCP Options and WDS running (IP HELPER-ADDRESS):
UEFI Client – Boots perfectly (contacting Server MDT01)
BIOS Client – Boots perfectly (contacting Server MDT01)
Situaion2 — Using no DHCP Options and WDS just running on MDT01:
UEFI Client – Does not boot (no error information is provided)
BIOS Client – Does not boot (no Bootfilename recieved)
Situation3 — Using DHCP Options(Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
UEFI Client – Does not boot (no error information is provided)
BIOS Client – Boots perfectly (contacting Server DP1)
Situation4 — Using DHCP Options(Option 60=”PXEClient” Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
UEFI Client – Boots perfectly (contacting Server DP1)
BIOS Client – Does not boot (taking hours to recieve dhcp options..)
On most switches you can configure ip helper-addresses. This is most time al ready configured for the use of DHCP.
Add the IP of the MDT server als ip helper-address:
description GEBRUIKERS VLAN
ip address 192.168.101.254 255.255.254.0 show
ip helper-address 192.168.25.6 (DC01)
ip helper-address 192.168.25.7 (DC02)
ip helper-address 192.168.25.30 (MDT01)
This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section.
The update addresses the bypass by adding an additional authentication check that will run prior to a password change. For more information about the vulnerability, see theVulnerability Information section.
For more information about this update, see Microsoft Knowledge Base Article 3105256.
When you create a reference Image it will in most cases it will be updated with patches. That will make the image bigger and bigger and there fore the deployment of that image will take longer and consume more network resources & unneeded disk space. That can be corrected by getting rid of superseded patches, junk, temp files and much more.
Since MDT is the preferred method to create reference images you can download the script, import it as an application and then run the application just before the Sysprep and Capture step. The Script works for the following versions of Windows:
- Windows 7 SP1
- Windows 8
- Windows 8.1 Update
- Windows Server 2008 2 SP1
- Windows Server 2012
- Windows Server 2012 R2
To make this work in Windows 7 and Windows Server 2008 R2 you need to add a hotfix to Packages in MDT. http://support.microsoft.com/kb/2852386
Download the script
Download the script from here: Mirror Mirror 2
Created a Group Clean.
Add install a application –> Action-CleanUpBeforeSysprep
Restart Computer (Very Important) without it will not work
New Features in Microsoft Virtual Machine Converter 3.0
The 3.0 release of MVMC adds the ability to convert a physical computer running Windows Server 2008 or above server operating systems or Windows Vista or above client operating systems to a virtual machine running on Hyper-V host.
Standard stuff is:
- Converts virtual disks that are attached to a VMware virtual machine to virtual hard disks (VHDs) that can be uploaded to Microsoft Azure.
- Provides native Windows PowerShell capability that enables scripting and integration into IT automation workflows.
Note The command-line interface (CLI) in MVMC 1.0 has been replaced by Windows PowerShell in MVMC 2.0.
- Supports conversion and provisioning of Linux-based guest operating systems from VMware hosts to Hyper-V hosts.
- Supports conversion of offline virtual machines.
- Supports the new virtual hard disk format (VHDX) when converting and provisioning in Hyper-V in Windows Server® 2012 R2 and Windows Server 2012.
- Supports conversion of virtual machines from VMware vSphere 5.5, VMware vSphere 5.1, and VMware vSphere 4.1 hosts Hyper-V virtual machines.
- Supports Windows Server® 2012 R2, Windows Server® 2012, and Windows® 8 as guest operating systems that you can select for conversion.
- Converts and deploys virtual machines from VMware hosts to Hyper-V hosts on any of the following operating systems:
- Windows Server® 2012 R2
- Windows Server® 2012
- Windows Server 2008 R2 SP1
- Converts VMware virtual machines, virtual disks, and configurations for memory, virtual processor, and other virtual computing resources from the source to Hyper-V.
- Adds virtual network interface cards (NICs) to the converted virtual machine on Hyper-V.
- Supports conversion of virtual machines from VMware vSphere 5.5, VMware vSphere 5.0, and VMware vSphere 4.1 hosts to Hyper-V.
- Has a wizard-driven GUI, which simplifies performing virtual machine conversions.
- Uninstalls VMware Tools before online conversion (online only) to provide a clean way to migrate VMware-based virtual machines to Hyper-V.
Important MVMC takes a snapshot of the virtual machine that you are converting before you uninstall VMware Tools, and then shuts down the source machine to preserve state during conversion. The virtual machine is restored to its previous state after the source disks that are attached to the virtual machine are successfully copied to the machine where the conversion process is run. At that point, the source machine in VMware can be turned on, if required.
Important MVMC does not uninstall VMware Tools in an offline conversion. Instead, it disables VMware services, drivers, and programs only for Windows Server guest operating systems. For file conversions with Linux guest operating systems, VMware Tools are not disabled or uninstalled. We highly recommend that you manually uninstall VMware Tools when you convert an offline virtual machine.
- Supports Windows Server and Linux guest operating system conversion. For more details, see the section “Supported Configurations for Virtual Machine Conversion” in this guide.
- Includes Windows PowerShell capability for offline conversions of VMware-based virtual hard disks (VMDK) to a Hyper-V–based virtual hard disk file format (.vhd file).
Note The offline disk conversion does not include driver fixes.
Microsoft released a new KB article about a performance issue with Exchange 2013
When you connect to a Microsoft Exchange Server 2013 server that is installed in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 in which Microsoft .NET Framework 4.5 is included, you may experience delays to access email messages or disconnections to the Exchange server. When this issue occurs, the CPU or memory usage on the server is high for some services that include one or more of the W3wp.exe processes.
This issue occurs because too many objects are pinned on the .NET Framework 4.5 garbage collector heap. It causes heap fragmentation in addition to an increase in CPU and memory usage by the garbage collector.
Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
For Exchange Server 2013 that is installed in Windows Server 2012
Apply hotfix 2803755 that needs a restart, and then use one of the following methods to enable the hotfix:
Then, restart the computer.
For Exchange Server 2013 that is installed in Windows Server 2012 R2
Create a DWORDvalue of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to1:
Then, restart the computer.
For Exchange Server 2013 that is installed in Windows Server 2008 R2 or Windows Server 2008
Apply hotfix 2803754 that needs a restart, and then use one of the following methods to enable the hotfix:
Additional pre-reqs needed above and beyond Exchange requirements
.NET Framework 4.5.1 deployed on all Exchange servers with CAS role
If .NET Framework 4.5.1 cannot be installed, a hotfix for .NET Framework 4.5 is required
KB2745583 – Windows Server 2012 Download
KB2745582 – Windows Server 2008 R2 Download
Decreases CPU spent in .NET garbage collector
Benefits Mailbox & multi-role
Enable by installing hotfix and setting regkey:
HKLM\Software\Microsoft\.NETFramework\DisableRetStructPinning (REG_DWORD) = 1
A hotfix is now available for Windows Server 2012
Adds two control codes to determine which node owns the GUM lock and which node(s) is/are stuck
There is a known issue which causes some PCs updated with the Windows 8.1 Update (KB 2919355) to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2.
The problem is specific to the following scenario when all of the following are true
- Client PC has installed Windows 8.1 Update KB 2919355
- Windows 8.1 with Windows 8.1 Update KB 2919355 attempts to scan against WSUS 3.2 running on any affected platform:
- Windows Server 2003 SP2, or
- Windows Server 2003 R2 SP2, or
- Windows Server 2008 SP2, or
- Windows Server 2008 R2 SP1
- HTTPS and Secure Sockets Layer (SSL) are enabled on the WSUS server
- TLS 1.2 is not enabled on the server
Only users who have enabled HTTPS and have not enabled TLS 1.2 on their WSUS 3.2 servers and who are also using these WSUS 3.2 servers to manage PCs running the Windows 8.1 Update KB 2919355 are affected by this issue. Please note, while we do recommend the use of HTTPS on WSUS servers, HTTPS and TLS 1.2 are not enabled by default.
If you are using WSUS 3.2 on Windows Server 2008 R2, you may perform either of the following steps to restore the scan functionality if you have deployed the Windows 8.1 Update KB2919355.
- Enable TLS 1.2 (follow the instructions under More Information > SCHANNEL\Protocols subkey), or
- Disable HTTPS on WSUS
If you are using WSUS 3.2 on an operating system other than Windows Server 2008 R2, you may perform the following step to restore the scan functionality.
When Microsoft releases an update that resolves the issue, you may re-enable HTTPS on WSUS.
Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.
You may still obtain the Windows 8.1 Update (KB 2919355) from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue. You may also find the workarounds discussed in this article to be useful for testing this Windows 8.1 Update for your organization. Thank you for your patience during this time.
The Windows ADK 8.1 update (for Windows 8.1 Update) is available for download:
Windows ADK 8.1 update (direct download only: http://www.microsoft.com/en-us/download/details.aspx?id=39982
You still run adksetup.exe to install or download the updated ADK, but you do see that the new ADK is slightly bigger than the previous kit. The Patches folder content also have a higher version number. The October 18, 2013 release of Windows 8.1 ADK had a folder named 8.100.26020, but the April 2, 2014 release of Windows 8.1 ADK have 8.100.26629.
New features in ADK 8.1 are the WIMBoot option, updates to dism, updates to WinRE and a new WinPE version (5.1). There are also fixes for USMT.
DISM: Does not support Windows Vista or Windows Server 2008 images.
More info about the changes here: http://msdn.microsoft.com/en-us/library/windows/hardware/dn247001.aspx
Info on updating WinPE 5.0 to WinPE 5.1: http://technet.microsoft.com/en-us/library/dn613859.aspx