Technical

How to delay the Windows 10 Spring Creators Update

As we edge ever nearer to the release of the Windows 10 Spring Creators Update, we must pause and think about what could possibly break in the process.  That said, it’s a good practice to allow yourself time to test these things before deploying out to your company.

Here are steps you can take locally – or via Active Directory Domain Services (ADDS) – Group Policy to defer the updates until a later time.

Requirement:  A version of Windows supporting the ability to defer feature updates

  • Windows 10 Pro
  • Windows 10 Enterprise 
  • Windows 10 Education

 

Steps:

  1. Open the Group Policy Editor (Local Windows) or Group Policy Management (for ADDS)
  2. Navigate to the following folder: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates
  3. Double-click on “Select when Feature Updates are received” to open the policy setting. First thing you need to do is set the policy to enabled. This activates the options that are provided.
  4. Click on Enable
  5. Select the branch readiness level for the feature updates you want to receive – Current Branch
  6. Choose the number of days to defer receiving the updates.  – 90 days works for me

Ref: https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb

 

VMware, Windows 10 Customization Specification Not Completing

Here are details of my setup – in fact, I started over from scratch to document my steps.
This seems to be a new problem occurring with Windows 10, version 1709

 

Install of new VMware guest for the purpose of being a template

  1. Create new VM, named it windows_10_enterprise_version_1703
  2. Remove floppy drive
  3. Uncheck networking (for install)
  4. Mount ISO and enable, click OK to save settings

Install of OS on the guest virtual machine

  1. Boot newly created VM (windows_10_enterprise_version_1703)
  2. Step through the installation until completion
  3. Complete language settings to arrive at Windows desktop
  4. Enable the ‘Administrator’ account as its disabled by default
  5. Log out of installation user (the account I named ‘install’)
  6. Log into the ‘Administrator’ account
  7. Enter control panel, user and delete the ‘install’ user account.
  8. Install VMWare tools, Reboot once
  9. Shutdown

 

Prepare VM to be a template

  1. Edit the VM settings
  2. Connect networking
  3. Disconnect CD Drive
  4. Click OK
  5. Convert VM to a Template

 

Customization Specification Setup

  1. Create new specification, (I named mine Windows Desktop – DHCP)
  2. Applied registration information
  3. Computer Name – Use the virtual machine name
  4. Windows License – Left this blank (unchecked include server licensing information)
  5. Administrator Password – Set password, choose the option to automatically login as Administrator
  6. Time Zone – Set my desired time zone
  7. Run Once – Left this blank (blank for now, later intend on applying KMS details)
  8. Network – Use standard network setting (DHCP)
  9. Workgroup or Domain – For now just Workgroup and left workgroup name as ‘WORKGROUP’
  10. Operating System Options – Generate New Security ID (SID)
  11. Ready to complete – Clicked OK

Deploying template

  1. Right-click on the template – New VM from the template
  2. Gave a simple name – TEST01
  3. Selected Datacenter, Selected Cluster
  4. Selected Storage
  5. Selected Options (Customize VM) and (Power on the virtual machine after creation)
  6. Selected ‘Windows Desktop – DHCP’ from customized guest OS options
  7. Clicked Next, then Finish and wait …

 

Where things get stuck

  1. After the first boot, the guest gets an IP address from the network
  2. Customization starts in the background and system reboots
  3. When the system resumes I arrive at the following screen
  4. The system customization never completes, and I find my VM’s stuck at the “Let’s start with region …” screen

And, I’ll update this as soon as I find a solution, but for now…  I’m stuck

Log Shared via Pastebin:  https://pastebin.com/ETpuLX3U

 

Update: March 18, 2018

I’ve had others also test this using the latest ISO for Windows 10 – en_windows_10_enterprise_version_1703_updated_march_2017_x86_dvd, they too now encounter this same issue.  So the problem seems to be with the build of Windows 10 that was released.

I am going to download another build from MSDN and see if there is a change.

 

Update: March 19, 2018

I was able to get this working by way of reinstalling Windows 10 using the following ISO build: en_windows_10_multi-edition_vl_version_1709_updated_sept_2017_x64_dvd

Was even able to apply Windows updates and redeploy without error.

 

Hyper-V, and Automatic Virtual Machine Activation in Windows Server 2016

Windows Server 2012 R2 introduced a feature called “Automatic Virtual Machine Activation” (AVMA), and now in Windows Server 2016, this feature has been carried forward. This feature was primarily designed for Web Hosters but found usefulness in internal Hyper-V server for testing lab machines.

What is Automatic Virtual Machine Activation (AVMA)?

Automatic Virtual Machine Activation is a feature that handles the activation process for an instance of Windows Server inside a Hyper-V virtual machine so it does not need to directly contact any other system to activate the Windows Server instance.

AVMA is engineered to digitally facilitate the guest virtualization rights allowance of the Windows Server Datacenter license. If the physical host is properly licensed to run Windows Server Datacenter, then any number of virtual instances running the same or a lower edition and the same or earlier version of Windows Server is included.

Requirements for Automatic Virtual Machine Activation?

You must have a Datacenter Edition of Windows Server 2012 R2 or Windows 2016 installed as the management operating system with the Hyper-V role enabled. AVMA is a feature of the operating system, not Hyper-V itself.

How to Configure a Virtual Machine for AVMA?

When prompted for a license key, you simply give it the key that matches the operating system of the virtual machine.

Guest Operating System’s and Keys

Windows Server 2012 R2 Essentials
K2XGM-NMBT3-2R6Q8-WF2FK-P36R2

Windows Server 2012 R2 Standard
DBGBW-NPF86-BJVTX-K3WKJ-MTB6V

Windows Server 2012 R2 Datacenter
Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW

Windows Server 2016 Essentials
B4YNW-62DX9-W8V6M-82649-MHBKQ

Windows Server 2016 Standard
C3RCX-M6NRP-6CXC9-TW2F2-4RHYD

Windows Server 2016 Datacenter
TMJ3Y-NTRTM-FJYXT-T22BY-CWG3J

These keys will be accepted by any operating system but if AVMA is not detected they will move into an unlicensed mode.

Ref: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn303421(v=ws.11)

 

Tech News: VMware PowerCLI 10.0.0! Released

VMware just released PowerCLI 10.0.0. and before you ask; I thought they were just on version 6?  I wondered the same and here is the answer: The decision to move to version ten was a marketing choice as the PowerCLI project recently celebrated its 10th birthday.

Let’s get into the how to install or update to the latest

Requirments:

The only pre-requisite is to have PowerShell Core 6.0 installed. This adds support for Mac OS and Linux.

Installation Steps:

  1. Get yourself to a powershell prompt with administrative privileges
    In my case, I am on Windows 10 and prefer to use PowerShellISE
  2. Enter the following: Install-Module -Name VMware.PowerCLI -Scope CurrentUser
    This will initiate the install of the latest PowerCLI modules.

    If you receive a warning, use the -Force comamnd:

    “WARNING: Version ‘6.5.1.5377412’ of module ‘VMware.PowerCLI’ is already installed at ‘C:\Users\sysadmin\Documents\WindowsPowerShell\Modules\VMware.PowerCLI\6.5.1.5377412’. To install version ‘10.0.0.7895300’, run Install-Module and add the -Force parameter, this command will install version ‘10.0.0.7895300’ in side-by-side with version ‘6.5.1.5377412’.”

  3. Next enter: Set-PowerCLIConfiguration -InvalidCertificateAction Ignore

    This version of PowerCLI changes the way certificates are handled when connecting to a vCenter server or ESXi host with the Connect-VIServer cmdlet. If your connection endpoint is using an invalid certificate (self-signed or otherwise), PowerCLI would previously return back a warning. The handling has been updated to be more secure and now return back an error.If you are using an invalid certificate, you can correct the error with the ‘Set-PowerCLIConfiguration’ cmdlet. The parameter needing to be configured is ‘InvalidCertificateAction’ and the available settings are Fail, Warn, Ignore, Prompt, and Unset.

For more info ref: https://blogs.vmware.com/PowerCLI

 

 

Windows Server 2016 Core: Active Directory Domain Services

To lower my memory footprint in my home lab I decided to move from into Windows Server 2016 Core.  That said running Active Directory Domain Service seems to be the perfect candidate to start with my new architectured lab environment.

There are several prerequisites required for enabling ADDS, but I am not going to get into those here as if your reading this, there is a good chance you already know what those are.

We will be installing what is commonly referred to as a new forest/domain.

Step 1: Validate your hostname, IP address, and DNS settings

  1. Log into the console of your Windows Server 2016 Core System
    You need to log in as an administrator and should arrive at a command prompt
  2. Enter the command Sconfig and press enter
    The Server Configuration tool interface should be displayed
  3. Use the setting options to validate your host’s configuration

 

Step 2:  Installing Domain Services 

  1. From the Windows Server 2016 Core command prompt type: powershell then press enter.
    This will change your shell mode to PowerShell allowing you to use additional commands.
  2. Type Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
    This will install the ADDS roles on the Windows Server 2016 Core System
  3. When completed type: Install-ADDSForest -DomainName yourdomain.tld
    Here is where you choose the name of your domain to be installed.
  4. You will be required to provide a recovery password, please enter one and take note of it
  5. Next, you will be asked to confirm the pending changes and allow the server host to be restarted
    Click yes to continue
  6. Your server will be restarted and return as a Domain Controller

 

Step 3: Validate DC Services

  1. From the Windows Server 2016 Core command prompt type: powershell then press enter.
    This will change your shell mode to PowerShell allowing you to use additional commands.
  2. Issue the following command line: Get-Service adws,kdc,netlogon,dns
    This will return details on the installed services 
  3. Issue the command Get-SmbShare
    This returns details about available shares, specifically the systvol and netlogon shares
  4. Use the get-eventlog command to review logs
    Example: get-eventlog “Directory Service” | select entrytype, source, eventid, message