I had a frustrating issue with Packer, specifically with VMware Tools installation.
During the Packer install, I load up a script and have VMware Tools 12.1.5 installed. It seems to install successfully, But I noticed that the VMTools service is not running. I have to re-run setup64.exe via the GUI and do a repair, then I see the service exist and runs, and Packer can discover the IP address of the VM to finish it.
The Solution
I used a older autounattend.xml which i never checked the time zone.
Setting the correcting time zone the trick:
These products are not compatible with vSphere 6.7 at this time:
VMware NSX
VMware Integrated OpenStack (VIO)
VMware vSphere Integrated Containers (VIC)
VMware Horizon
Environments with these products should not be upgraded to vSphere 6.7 at this time. This article and the VMware Product Interoperability Matrixes will be updated when a compatible release is available.
Upgrade Considerations
Before upgrading your environment to vSphere 6.7, review these critical articles to ensure a successful upgrade For vSphere
It is not possible to upgrade directly from vSphere 5.5 to vSphere 6.7.
Upgrades to vSphere 6.7 are only possible from vSphere 6.0 or vSphere 6.5. If you are currently running vSphere 5.5, you must first upgrade to either vSphere 6.0 or vSphere 6.5 before upgrading to vSphere 6.7.
Version 3.10 (February, 2018)
– Upgraded RVTools solution to Visual Studio 2017
– Upgraded RVTools to .Net Framework version 4.6.1
– Upgraded Log4net to version 2.0.8, Waffle.AD to version 1.8.3
and NPOI to version 2.3.0
– Connection error when TLSv1.0 and TLSv1.1 are disabled and only TLSv1.2 is
enabled is solved by using .Net Framework 4.6.1
– vInfo tab page new columns: The latency-sensitivity setting of the virtual
machine, Change Block Tracking (CBT) and disk.EnableUUID values
– vDisk tab page new columns: SCSI label, unit number and sharedBus
– vHost tab page new columns: Assigned License(s), ATS heartbeat, ATS locking
values. 0 = disabled 1 = enabled, Host Power Policy shortname, CPU Power
Management current policy and CPU power hardware support
– When Export to xlsx is executed a metadata worksheet with version number of
RVTools and date time stamp is added to the output xlsx file
– All columns in the RVTools export xlsx file(s) now have a filter
– When export to csv newline characters are replaced by spaces
– When started from cli and login fails an error message and login box was
displayed. Now RVTools will exit with exit code -1, without showing the error
message and login form.
– Added an example PowerShell script with which you can merge RVTools export
xlsx files
– Added a example PowerShell script to start Export all to xlsx for multiple vCenters
– vDatastore tab page: For NFS datastores the address column is now filled with
remote host and path info
– vDatastore tab page new columns: Datastore Cluster Name, Cluster capacity and
Cluster free space
– The upper limit on the Health check for number of VMs on a datastore is now
9999
– vHealth tab page: new column “message type” which can be used as a filter in
Excel
– vHealth tab page: hbrdisk.RDID files are no longer reported as possible zombie
files
– vHealth tab page: low disk space messages no also show the free space in MB.
– All tab pages: Refresh or auto-refresh will respect your sort order
– CLI export2xls parameters changed to export2xlsx (old parameter will still work)
– Bug Fix: invalid “Horizontal Alignment” value in xlsx style sheet.
– Bug Fix: Calculation of total snapshot size was not always correct
– Bug Fix: Child snapshot hierarchy was not always correct
– Default installation directory is changed to C:\Program Files
(x86)\RobWare\RVTools without the version number
PowerShell: Beginner. Step up your IT pro game with foundational knowledge of PowerShell. Learn to use the command line to solve an issue, automate your infrastructure, and more.
PowerShell: Advanced. Go beyond the basics with scripting, reusable tools, and cmdlets—all taught by the architect and inventor of PowerShell, Jeffrey Snover.
Security for IT Pros. Beef up your security know-how with practical tips and tricks from the Microsoft security team.
DevOps for IT Pros. Your devs need you! Learn more about application performance and support monitoring with Microsoft Azure.
Introduction to Windows Server 2012 R2. Command this leading-edge server with tutorials on installation, roles, Microsoft Active Directory, storage, performance management, and maintenance.
Windows Server 2012 R2 Compute. Discover everything you need to know about virtualization and storage with courses on IP address management, server networking, Microsoft Hyper-V, and more.
Last week marks the end of support for the legacy synchronization tools which are used to connect on-premises Active Directory to Office 365 and Azure AD. Specifically Windows Azure Active Directory Sync (DirSync) and Azure AD Sync are the tools which are transitioning out of support at this time. Note also that version 1.0 of Azure Active Directory (AAD Connect) is also transitioning of support. The tools were previously marked as depreciated in April 2016.
The replacement for the older synchronization tools is Azure Active Directory Connect 1.1. Customers must have this version of AAD Connect deployed. This is the tool which is being actively maintained, and receives updates and fixes.
Azure AD will no longer accept communications from the unsupported tools as of December 31st 2017.
If you do need to upgrade, the relevant documentation is below:
#For Windows Internal Database, use $WSUSDB = ‘\\.\pipe\MICROSOFT##WID\tsql\query’ #For SQL Express, use $WSUSDB = ‘\\.\pipe\MSSQL$SQLEXPRESS\sql\query’
We run each step sepratly, however, you can change that and run everything in one line…
Cleanup the DB
Last part runs sqlcmd using a .SQL file from MSFT Gallery, and yes, you can download and install the PowerShell tools for SQL and use that instead. Most of your customers dont have thoose tools installed, so sqlcmd.exe it is
This will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password.
To configure your environment for BitLocker, you will need to do the following:
Configure Active Directory for BitLocker.
Download the various BitLocker scripts and tools.
Configure the rules (CustomSettings.ini) for BitLocker.
Configure Active Directory for BitLocker
To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we are running Windows Server 2012 R2, so you do not need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory.
Note
Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory.
In Windows Server 2012 R2 (as well as in Windows Server 2008 R2 and Windows Server 2012), you have access to the BitLocker Drive Encryption Administration Utilities features, which will help you manage BitLocker. When you install the features, the BitLocker Active Directory Recovery Password Viewer is included, and it extends Active Directory Users and Computers with BitLocker Recovery information.
Figure 2. The BitLocker Recovery information on a computer object in the contoso.com domain.
Add the BitLocker Drive Encryption Administration Utilities
The BitLocker Drive Encryption Administration Utilities are added as features via Server Manager (or Windows PowerShell):
On DC01, log on as CONTOSO\Administrator, and, using Server Manager, click Add roles and features.
On the Before you begin page, click Next.
On the Select installation type page, select Role-based or feature-based installation, and click Next.
On the Select destination server page, select DC01.contoso.com and click Next.
On the Select server roles page, click Next.
On the Select features page, expand Remote Server Administration Tools, expand Feature Administration Tools, select the following features, and then click Next:
On the Confirm installation selections page, click Install and then click Close.
Figure 3. Selecting the BitLocker Drive Encryption Administration Utilities.
Create the BitLocker Group Policy
Following these steps, you enable the backup of BitLocker and TPM recovery information to Active Directory. You also enable the policy for the TPM validation profile.
On DC01, using Group Policy Management, right-click the Contoso organizational unit (OU), and select Create a GPO in this domain, and Link it here.
Assign the name BitLocker Policy to the new Group Policy.
Expand the Contoso OU, right-click the BitLocker Policy, and select Edit. Configure the following policy settings:
Computer Configuration / Policies / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives
Enable the Choose how BitLocker-protected operating system drives can be recovered policy, and configure the following settings:
Allow data recovery agent (default)
Save BitLocker recovery information to Active Directory Domain Services (default)
Do not enable BitLocker until recovery information is stored in AD DS for operating system drives (Do Not Enable This )
Enable the Configure TPM platform validation profile for BIOS-based firmware configurations policy.
Enable the Configure TPM platform validation profile for native UEFI firmware configurations policy.
Enable the Turn on TPM backup to Active Directory Domain Services policy.
(Don’t forget to disable Secure Boot & Enable the secure boot again after deployment is succes vol!!)
Set permissions in Active Directory for BitLocker
In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the Add-TPMSelfWriteACE.vbs script from Microsoft to C:\Setup\Scripts on DC01.
On DC01, start an elevated PowerShell prompt (run as Administrator).
Configure the permissions by running the following command:
cscript C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs
Figure 4. Running the Add-TPMSelfWriteACE.vbs script on DC01.
Add BIOS configuration tools from Dell, HP, and Lenovo
If you want to automate enabling the TPM chip as part of the deployment process, you need to download the vendor tools and add them to your task sequences, either directly or in a script wrapper.
Add tools from Dell
The Dell tools are available via the Dell Client Configuration Toolkit (CCTK). The executable file from Dell is named cctk.exe. Here is a sample command to enable TPM and set a BIOS password using the cctk.exe tool:
cctk.exe --tpm=on --valsetuppwd=Password1234
Add tools from HP
The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
And the sample content of the TPMEnable.REPSET file:
English
Activate Embedded Security On Next Boot
*Enable
Embedded Security Activation Policy
*No prompts
F1 to Boot
Allow user to reject
Embedded Security Device Availability
*Available
Add tools from Lenovo
The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here is a sample command to enable TPM using the Lenovo tools: