Announcement

Collapse
No announcement yet.

Imaging and BITS problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Imaging and BITS problem

    We're using XP Pro SP2 and have various models of Dell that we're supporting. We've been creating Windows disk images lately and have noticed that after pulling an image to a new PC, the BITS (and sometimes the Automatic Updates) service(s) don't start.

    We often see error 0x80004015 in the event log after trying to start BITS (for which we have a GPO to start it automatically). My process goes like this:

    1. Install Windows
    2. install Windows updates
    3. Join PC to the domain
    4. Install other software (and sometimes more Windows updates)
    5. Remove PC from the domain
    6. Run sysprep (-reseal -mini)
    7. Capture the disk image

    When the updating failes, we open a command prompt and run the following two lines, then the service(s) startup just fine:
    sc sdset wuauserv "DA;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRS DRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPD TLOCRRC;;;PU)"
    sc sdset bits "DA;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRS DRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPD TLOCRRC;;;PU)"

    We're certainly not the only one creating master computer images so what are we doing wrong?

    Thanks.

  • #2
    Re: Imaging and BITS problem

    Never seen BITS and WSUS client fail after deploying an image, but it may be down to the capture process itself. I don't think joining a PC to a domain before you capture is the best way to do that, removing it first or not. Joining the domain sets Group Policy security, and simply leaving the domain does NOT reset absolutely everything back to the original WORKGROUP settings.

    If you have a domain, what system are you using to update the clients with OS patches, etc.? Domain control assumes GPO practice is available, so you could assign your apps and automatically update new clients to the current standard when using RIS (old) or WDS (preferred) as a central deployment scheme, before making the machine available to a user.

    We use the WinPE tools with WDS to creat and capture a hardware-specific image (and all we use are Dell, have done for 5 years), and then make scripts to run inside the deployment for unique security software, etc., which can't be done with GPO. Once the image is deployed (and domain join is automatic), we reboot the PC to start the managed app loads, and then run through WSUS updates until the PC is up to spec. Then the users gets it and GPO manages control from there on out.

    I've just today rebuilt 2 PCs. The initial login screen is available less than 20 minutes after selecting the image I want, and reboots apply GPOs so managed apps are pushed, then I chase a few cycles of WSUS updates and all is well. Less than 2 hours start to finish (most doing something else while waiting for s/w to install) and you've got a solid, complete build.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: Imaging and BITS problem

      I don't believe there is anything in our domain GPO that'd cause the security descriptor to get messed up. In fact, the domain GPO disables the firewall and sets the two previously mentioned services to auto. So idk.

      I doubt it is significant, but we're using Ghost to deploy the image.

      Comment


      • #4
        Re: Imaging and BITS problem

        I don't think it's anything to do with the imaging but rather with the GPO you have to start the BITS service.
        Error 1079: The account specified for this service is different than the account specified for other services running in the same process. (0x80004015)

        If you receive this error message, follow these steps:
        1. Click Start, click Run, type services.msc, and then click OK
        2. Double-click Background Intelligent Transfer Service.
        3. Click the Log On tab.
        4. Click Local System account, and then click OK.
        5. Right-click Background Intelligent Transfer Service, and then click Start.
        http://support.microsoft.com/kb/910337
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Imaging and BITS problem

          Whether the PC is joined to the domain, removed again or never joined to the domain is irrelevant here. Sysprep will remove all uniqe information, including domain membership from the image. I would tend to agree with L4ndy that this is a GPO rather than an imaging issue.

          Have to ask why you're using Ghost rather than WDS though. WDS is free, and much easier to use in my experience.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Re: Imaging and BITS problem

            sysprep doesn't properly work with WSUS, despite the fact it's meant to. I've had this problem repeatedly with my XP image using Ghost.
            Took me ages to figure out why I'd rebuild a machine with a new ghost image, and give it a new name, yet it would report itself as an old machine..

            You need to use the reauthorization switch.

            I think it's wuauclt /resetauthorization /detectnow or similar.

            What you'll find is machines being confused about what patches they may or may not have... I went through reinstalls of wsus, and messing with it at the database level etc to try and fix it before I found this out.
            Last edited by tehcamel; 15th June 2010, 20:30.
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: Imaging and BITS problem

              This actually happens when the machines haven't been syspreped properly. That'll result in dublicate AU client IDs which will only appear once in the WSUS admin console (although all the clients will still update).
              There are a few other manual steps inolved in resetting the dublicate id (As well as available scripts)
              a. Run regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate
              b. Delete the PingID, SUSClientID and the AccountDomainSID values
              c. Stop and start the Wuauserv Service
              d. From the command prompt run: wuauclt /resetauthorization /detectnow


              Ref: http://www.wsuswiki.com/ClientFAQ
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Imaging and BITS problem

                Interesting, but we don't use WSUS for our desktop clients. Additionally, we sysprep all of our images (sysprep.exe -reseal -mini).

                Comment


                • #9
                  Re: Imaging and BITS problem

                  Sorry Mhashemi as this is veered a bit off topic.

                  I was actually referring to Tehcamel's post (The quote should've come in handy though, I know).
                  In regards to your issue. did you read my previous post? and can you also specify what GPO setting are you using to configure the BITS service and how?
                  Caesar's cipher - 3

                  ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                  SFX JNRS FC U6 MNGR

                  Comment


                  • #10
                    Re: Imaging and BITS problem

                    Originally posted by mhashemi View Post
                    We often see error 0x80004015 in the event log after trying to start BITS (for which we have a GPO to start it automatically).
                    Install the Group Policy Management Console (GPMC) on a Windows XP computer.
                    Open the GPO and navigate to Computer Configuration\Windows Settings\Security Settings\System Services

                    Open Automatic Updates
                    \\\
                    Select the service start mode: Automatic
                    \\\
                    Click the [Edit Security] button and configure exactly as shown below:
                    * Set System to "Read" + "Start, Stop and Pause"
                    * Set Administrators (local) to "Full Control"
                    * Set Authenticated Users to "Read"
                    * Set Power Users (local) to "Read" + "Start, Stop and Pause"

                    Then,

                    Open Background Intelligent Transfer Service (BITS)
                    \\\
                    Select the service start mode: Manual (!)
                    \\\
                    Click the [Edit Security] button and configure exactly as shown below:
                    * Set System to "Read" + "Start, Stop and Pause"
                    * Set Administrators (local) to "Full Control"
                    * Set Authenticated Users to "Read"
                    * Set Power Users (local) to "Read" + "Start, Stop and Pause"


                    Refresh the group policy on the machines (gpupdate /force)
                    Then check the security descriptors on some of the machines:
                    Code:
                    cmd /k SC sdshow bits && SC qc bits
                    cmd /k SC sdshow wuauserv && SC qc wuauserv
                    please post the output.


                    \Rems
                    Last edited by Rems; 7th July 2010, 00:29.

                    This posting is provided "AS IS" with no warranties, and confers no rights.

                    __________________

                    ** Remember to give credit where credit's due **
                    and leave Reputation Points for meaningful posts

                    Comment

                    Working...
                    X