Optimizing Windows PXE provisioning

Contributor content

This topic was created by a BMC Contributor and has not been approved. More information.

This page discusses the steps that you can take to optimize HP G7 BL460c bare metal provisioning, based on actual field experience. Use these guidelines to achieve provisioning of the operating system and all the patches in about 60 minutes. The task necessary to achieve an improved provisioning timescale are discussed in the following sections:

Preparing driver support for the Network Cards used in the servers

The HP G7 BL460c blades have an onboard network adapter that requires additional drivers both in the WINPE image and the installation media used for the provisioning.

The WINPE image is a self-contained image that contains a light weight version of windows, a number of BMC scripts and executables along with any drivers that are required for the platform that is being provisioned. Drivers are included within the WINPE image, through the process of driver injection.  To inject drivers into the WINPE image, perform the following steps.

  1. Identify the correct drivers for the WINPE operating system.
     Usually manufacturers produce a set of drivers for PXE boot or WINPE. Alternatively, select the most relevant driver or drivers that are available and, through a process of trial and error, identify the set that works with the given hardware. In the case of the G7 systems, it was necessary to use both the WINPE/RIS drivers and the windows 2008 x64 drivers to produce a WINPE image that worked for 64 bit provisioning. It might be necessary to create two WINPE images, one for 32 bit provisioning and the other for 64 bit provisioning.

  2. Copy all the drivers to suitable drivers folders on the PXE server.

    E:\bladelogic\drivers

    For example, the folder with the WINPE/RIS drivers for the NC553i 10Gb 2-port FlexFabric Adapter:

    E:\bladelogic\drivers\sp49994
  3. Create the WINPE image through BladeLogic. To do this, perform the following steps:
    1. Select Configuration > Provisioning Image Creation.
    2. In the wizard, set the following values:

      • On the first panel:

        Item

        Description

        Value

        Image Host Toolkit

        server with the WAIK toolkit installed on it

        <servername>

        Image Type

        PXE/ISO/UFD image

        PXE Image

        Architecture

        select correct architecture – drivers must be consistent with architecture

        x64 or x86

        Win AIK Directory Path

        location of the WAIK

        d:\Apps\WAIK

        CreateWinPE Script Directory Path

        location of the provisioning files provided by BMC

        e:\bladelogic\provisioning-files\winpe

        Boot Image Target Directory

        where the image should be created

        //<servername>/E/bladelogic/datastore/tftproot/TEST

        The leaf directory in the Boot Image Target Directory path will be considered the boot image name. In this case, that would translate in to a boot image called TEST.

      • On the second panel:

        Item

        Description

        Value

        Open Driver.txt file

        Path to a file containing a set of drivers

        The Driver.txt file allows for the creation of a trusted set of drivers that could be used as a base for building the WINPE images.

         

        Add driver file paths

        Path to the driver folder and selected drivers

        e:/bladelogic/drivers/sp49994/

        Save Driver.txt file

        Path to a file to write the list of drivers to

         

      • On the third panel: No changes necessary.

      • On the fourth panel:

        Item

        Description

        Value

        Network Details

        Path to the network.ini file

        Not used in DHCP environment

        Application Server IP Address

        Specifies the Application Server IP Address

        Not used as this is retrieved from DHCP

        Application Server Port

        Specifies the Application Server Port

        Not used as this is retrieved from DHCP

        BMIWIN.EXE path

        Path to BMIWIN.exe

        e:\bladelogic\datastore\pxestore

        RSCD Installer path

        Path to RSCD installation package

        Obtained from system package type

        OS Drivers Path

        Path to the directory with the drivers in for the OS install

        Obtained from the system package

    3. Click Finish to start the image creation process.
       The image is created in the specified directory with the name of the leaf directory in the path. If the files in this leaf directory are moved, then they will still point back to this leaf directory, within the three files that are created, references to this leaf directory still exist.
      The three files that are created are;
      • BCD
      • boot.sdi
      • WinPE.wim

  4. After a new boot file has been created, this file needs to be associated with an Image file so that it can be used. Select Configurations > Provisioning Configurations > Image Files. Then add a new image with the following settings:

    Item

    Description

    Value

    Image Type

    WinPE 2.0 and above

     

    Image File

    TEST

    Name of the image file created above

    Description

    Test Image file

    Suitable description

    Image Path

    TEST

    leaf directory in tftproot

    64 bit image

    NO

    Is this a 64 bit image

    Set as default image

    NO

    If this will be the default image for x86 of x64 provisioning set here

    Now that the image has been associated with an image type, it can be tested by creating a provisioning job and choosing this provisioning image as the boot image for that job. It is important that a suitable system package job is chosen (for example, Windows 32 bit with 32 bit boot image), as the provisioning can fail if the wrong boot image architecture is selected.

Another task that you must perform is to make the drivers available to the operating system image installation process so that once the switch from the WINPE image to the OS image occurs, the system can still use the network adapters. This is performed in the system package, with slight differences between Windows 2003 and Windows 2008. 

  • For windows 2008 copy the drivers to a folder within the pxestore. For example:

    pxestore\Drivers\sp49994
    \cp015793

    When the system package is created or updated, in the Computer Setting Panel, under driver setup select the path to the required drivers. Multiple drivers can be selected at this time.

    You can choose to have the Datastore embedded in the system package at this time to link the Datastore with the device driver location.

  • Windows 2003 requires the drivers to be placed in the $OEM$ directory located in the following location:
    • i386\$OEM$\$1 folder for both 32 and 64 bit installations. The structure of this folder should be as follows;
    • i386\$OEM$\$1\Drivers\sp49994
    • i386\$OEM$\$1\Drivers\cp016006

      In the system package, on the Computer Settings panel, the path to this location should be specified, and the PnP Driver Paths then selected.

      For the win2k3x86-slipstream system package, the Path to the $OEM$ Directory is media\win2k3x86-slipstream\i386. The PnP driver paths do not contain either the $OEM$ or the $1.

The system package can now be tested to check that it now contains the drivers folders and they are installed correctly.

Slipstreaming of patches into the operating system

Slipstreaming is the process of including hotfixes and patches within the installation package or system package such that there are no additional tasks that need to be performed to install these packages after the installation has completed. The slipstreaming of the hotfixes can significantly improve the deployment time for the operating system.

Slipstreaming Windows 2003 x64

Slipstreaming can be used to incorporate patches within an operating system image to speed up the provisioning process, instead of provisioning and running a patching job, the OS is provisioned and the patches are applied during the provision of the OS.

Copy the BLPackages for the patches down to a server

Create a patch audit and remediation job and run against a cleanly provisioned server (this system package will be used as the basis for the slipstreamed Operating System).

Once the patches have been copied down to the server, stage 5 completed, copy the folder from c:\temp\stage to the PXE server where we will be performing the slipstreaming.

Directory Structure

Create a suitable directory structure.

c:\temp\w2k3-slip \98djwidiw......... [BLPackage folders]
\deploy
\win2k3-x86 [install media source]

Copy the install media source from the pxestore to a suitable directory – see above.

Determining the Patch order

It is important that the patches are deployed in the order that is contained in the BLPackage, to find the order open the bldeploy.xml file and look for the folder IDs for the depot items, for example 5678.1

Slipstreaming the Patch

This is a two-step process, the first step is to integrate the patch with the media source and the second is to copy across extracted files to the media.

  1. To integrate the patch run the following command

    <path to patch>\Windows-Patch.exe /integrate:<path to media source>
    c:\temp\w2k3-slip\<blpackage-id>\<depot-id>\Windows-patch.exe /integrate:c:\temp\win2k3-slip\win2k3-x86

    The path to the media source should be the path to where the i386 and AMD folders are not to those folders.

    If the patch is integrated successfully then a message will appear to state it has been integrated ok.

  2. Extract the packages using the following command

    <path to patch>\Windows-Patch.exe /x:<path to deploy folder>

    c:\temp\w2k3-slip\<blpackage-id>\<depot-id>\Windows-patch.exe /integrate:c:\temp\win2k3-slip\deploy

    The deploy folder is just an empty folder used to hold the extracted files, it could contain the following:

    ..\deploy\SP2GDR [General release]

    ..\deploy\SP2QFE [Quick fix for engineering]

    Use the GDR version for the Service pack you are slipstreaming. Copy the contents of this folder to the media source as follows:

    ..\deploy\SP2GDR ------> ..\AMD

    ..\deploy\SP2GDR\wow --------> ..\AMD\wow

    When copying the files over check that in the destination folder there is not a xx_ file for the new package copied over. If there is delete this xx_ file.

    Sometimes there are no files to be copied across.

Carry out these steps for each patch in turn, due to the possibility of corrupting the media source this could be done for say 25 patches at a time.

Testing the slipstreamed patch

Copy the install media to the datastore location or create a new location and a new system package and install in to a test VM, check that the patches have been installed in windows by looking at the installed programs ( include patches option checked).

Rerun the TrueSight Server Automation patch audit to see what is installed.

After the patches have been all included – rerun the patch analysis and remediation to iterate through any patches that need to be re-slipstreamed.

Slipstreaming Windows 2003 x86

The process of slipstreaming Windows 2003 x86 is similar to that used for Windows 2003 x64, with the exception of the copy stage where the target directory is the i386 folder and not the amd64 folder.

Slipstreaming Windows 2008

The following tasks are necessary for slipstreaming Windows 2008.

Windows 2008 media

The entire win2k8 media was copied over to the PXE store. If a 32 bit Operating System is going to be slipstreamed, then the process needs to be carried out on a 32 bit system; for a 64 bit system there is no such architectural limitation.

media\win2k8-x64\boot
\efi
\sources
\support
\upgrade

In the sources directory there is the install.wim image. This image is about 2.5GB and is the image that the install is performed from. It will have several versions of the operating system, such as standard, enterprise, and enterprise_core.

  1. Create a white list of patches to be installed.
  2. Install these on a test server, provision a new server and run a patch analysis and remediation against this server. While the patches have been staged and are being committed, copy the contents of the BLPackage to a suitable location on the PXE server.

  3. Create a directory on the pxeserver and copy the media source and patches into this directory

    c:\temp\win2k8R2\
    \win2k8-x64 (wim file )
    \bxxxxxxxxxxxxxxxxxxxxxx (patches)
    \mountpoint (mount install.wim here)
    \upgrades (expand cabs here)
  4. Copy the install.wim file from the system package on the PXE server to a suitable location – as above. You may also need to copy the catalog file to this location as well.

  5. Extract the cab files from the msu files.
    We copied the payloads from the BLPackages into a single directory

    expand --F:*<source.msu> <destination folder>

    expand --F:* c:\temp\win2k8r2\A_msu*.msu c:\temp\win2k8r2\upgrade

    This will give a number of files, usually 4 per msu file. For example, for WSUSCAN.cab:

    Windows6.1-KBXXXXXX-x64.cab

    Windows6.1-KBXXXXXX-x64.xml

    Windows6.1-KBXXXXXX-x64-pkgproperties.txt

    We are only really interested in the KB cab file and the xml file.

    This gave me 55 CABs and XMLs, which I copied to a singe sub directory, I don't need the WSUSCAN.cab.

  6. Create an unattended.xml file with Windows System Image Management tool. This is installed as part of the WAIK and should be an option under start program, WAIK.
    1. Run WSIM
    2. Create new and select the install.wim image being used.
    3. Add the packages to answer file and then save it to a suitable location, such as answer.xml.

  7. Start a WAIK Development Tools Command Prompt with admin rights ( start run à .....)
     The wim file can contain several images, to inject the patches into the correct image run the following command (all on one line)to find the correct index*

    dism /get-wiminfo

    /wimfile:c:\temp\win2k8r2\win2k8-x64\install.wim

  8. Mount the install image from the source referring to the correct index for the version you want to modify.

    Dism.exe /mount-wim

    /wimfile:C:\temp\win2k8r2\win2k8-x64\install.wim

    /index:3

    /mountdir:C:\temp\win2k8R2\mountpoint

    If the command is correctly formatted and a valid file is given then it will show a progress bar when mounting the image.

  9. Check that the image has been mounted correctly

    dism /get-mountedwiminfo

  10. Install the package expanded earlier in to the image:

    dism.exe /image:c:\temp\win2k8R2\mountpoint

    /Add-Package

    /PackagePath:C:\temp\win2k8r2\upgrade\xml\<package name>

    This should show an installation progress bar
     For multiple files I created a bat file with the start /wait at the beginning of the DISM command to sequentially add the files to the image.

  11. Check that the packages have been added:

    dism /image:c:\temp\win2k8r2\mountpoint /get-packages

  12. Apply the unattended.xml file to the system image that you created earlier.

    dism /image:c:\temp\win2k8r2\mountpount /Apply-Unattend:c:\temp\win2k8r2\upgrade\answer.xml

  13. unmount the image if successful and close all windows explorer sessions.

    dism /unmount-wim

    /mountdir:c:\temp\win2k8r2\mountpoint /commit

    If the DISM image complains that it cannot be unmount this might be because windows explorer is open – close it and run the /unmount command.

  14. Copy the saved install.wim back to the media directory or create a new system package with this.
  15. Once the install.wim has been updated – the associated catalog should also be updated. I did this by starting the WSIM tool and it prompted me to create a new catalog.  The up to date catalog will allow additional packages to be added.
  16. Run the image via a provisioning process and iterate as necessary

Creating a Windows Image Format file for the provisioning of Windows 2003

During the installation of a Windows 2003 system, there is a copy process that takes up a significant period of time. This is due to the time it takes to copy a large number files, not the size of the files. To reduce this copy period, a WIM file can be created that contains the image in one single file, as happens in Windows 2008 installations.

  1. Create a system that you want to sysprep from using bladelogic
    1. this should have all the drivers needed to support the operating system on the platform of choice (if possible). 
    2. copy the sysprep executeable for windows 2003 ( correct architecture ) to the server.

    3. remove the bladelogic rscd agent and all its directories. 

      windows\rsc
      bllic

  2. Reseal the operating system using sysprep.

    sysprep /mini /reseal

    Windows will shutdown after this command has been run.

  3. Start the provisioning process that created the image – as soon as the wpeinit process has started break in to the install and stop it. (ctrl+c)

  4. Start the diskpart utility and use the following commands to verify the disk configuration. Note the drive that you want to image in the output.

    diskpart

    select disk 0

    list volume

    exit

  5. Mount the datastore as a destination for the WIM image file

    net use k: \\servername\pxestore /user:pxeuser password

  6. Copy the imagex file from the WAIK to a temp folder on the network mapped drive.
    You will need to copy the correct version of the imagex for the architecture.

    Note

    The ImageX command-line tool is deprecated in Windows 8. Use the DISM command-line tool.

    For more information, see the following articles:

    imagex /capture <drive to capture> <destination drive and name> "WIM Image Name"

    imagex /capture c: k:\WimImages\Win2k3ENTx86.wim "Windows 2003 Enterprise"

Using the Wim Image to provision a server

  1. Copy the WimImages to a suitable location in the pxestore, we are keeping them in the WimImages folder, where they are created.
  2. In provisioning configuraitions point the WIM system package types to these images.
     There are built in system package types for Windows 2003 and 2008, these were configured to use the G7 WIM that was created
  3. Create a system package using these WIM system package types.
  4. Provision via a job

Producing an optimised WINPE image for the first stages of the provisioning process

The following steps were performed to reduce the size of the WINPE image, to optimise it for the provisioning of windows servers on G7 hardware.

Note

The change to the winpe image carried out here prevented the windows 2003 setup process from running. Therefore, the old winpe should be kept, to allow for the recreation of the WIM file. Alternatively a second WINPE image could be created for that. Currently I have WINPE-shrunk and a WINPE-pre-shrunk images that I can use in the same boot folder.

In this example I have copied the WINPE.wim file from the tftproot\boot_2_0_G7 folder to a temporary folder.

e:\bladelogic\winpe\winpe.wim

e:\bladelogic\winpe-tmp

The second folder is the temporary folder that I am using to mount the WINPE image into.

These commands should be run using the Deployment Tools Command Prompt.

  1. Mount the WIM image

    dism /Mount-Wim /Wimfile: e:\bladelogic\winpe\winpe.wim /index:1 /mountdir: e:\bladelogic\winpe-tmp

  2. Enable profiling in the winpe image, this is done by adding WMI support from the WAIK to the wimpe image. This will increase the size of the image but over all we will see a reduction. You will need to add the correct tools for the architecture you are running.

    dism /image:e:\bladelogic\winpe-tmp /add-package /packagepath:"d:\Apps\WAIK\Tools\PETools\x86\WinPE_FPs\winpe-wmi.cab"

    dism /image:e:\bladelogic\winpe-tmp /add-package /packagepath:"d:\Apps\WAIK\Tools\PETools\x86\WinPE_FPs\en-us\winpe-wmi_en-us.cab"

    dism /image:e:\bladelogic\winpe-tmp /Enable-Profiling

  3. Commit the changes to the WINPE image

    dism /unmount-wim /mountdir:e:\bladelogic\winpe-tmp /commit

  4. Copy this winpe.wim image into the folder within the tftproot and modify the provisioning job to prompt after each step, the aim here is to run the provisioning and then stop it before the reboot after the unattend step. At this point we will collect the profile information ( which files have been used ) and store them on the pxeserver.

    wpeutil saveprofile k:\temp\win2k3-profile.txt "windows 2003 x86 profile"
  5. To create the optimized winpe.wim file:

    1. Remount the wimpe image to apply the modifications

      dism /Mount-Wim /Wimfile: e:\bladelogic\winpe\winpe.wim /index:1 /mountdir: e:\bladelogic\winpe-tmp

    2. Apply the results of the profiling, multiple files can be applied if necessary, for example if a single winpe.wim image is to be created for both WIM provisioning and standard provisioning of windows 2003 then multiple profiling steps should be taken.

      dism /image:e:\bladelogic\winpe-tmp /Apply-profiles:e:\bladelogic\win2k3x86_profile.txt

    3. Save the image as before.

      dism /unmount-wim /mountdir:e:\bladelogic\winpe-tmp /commit

  6. Strip out the imagex and dism references using the imagex command.

    imagex /export e:\bladelogic\winpe\winpe.wim 1 e:\bladelogic\wimpe\wimpe-x86-shrunk.wim
  7. Copy this image back in to the original boot folder in the tftproot. I tend to keep a copy of the old image so that I can go back to it if I run in to issues with the boot with the new image.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*