ConfigMgr Setup and the SQL RMO error

Introduction

My test rig was in need of a rebuild and being somewhat adventurous I decided to build it with Windows Server 2025 (Eval) and the technical preview ConfigMgr version 2411.  I did install the usual prerequisites such as WAIK, SQL 2022, SSMS, WinPe etc.  I proceeded to run the ConfigMgr setup and received the following error immediately: Error: Setup missing critical SQL prerequisite.  Install the latest Microsoft ODBC driver for SQL.

I did therefore install version 18 (x64) of this driver from the following location:

Download ODBC Driver for SQL Server - ODBC Driver for SQL Server | Microsoft Learn

After starting the ConfigMgr setup again, and passing the prerequisite checker, I was then faced with another error: Setup could not install SQL RMO

The Fix

I clicked on View Log and discovered the failure was on the installation of msoledbsql.msi.  This file gets downloaded as part of the Prerequisites Download page of the installation wizard.

So I then tried installing this file by double clicking on it - this then provided more information about the issue. The failure is occurring because it is trying to install ODBC driver version 18 but I had already installed this version. 

I then went into Control Panel\Programs and Features and removed the existing versions of  Microsoft ODBC driver for SQL Server.  I rebooted the server and then installed version 17 of the ODBC driver for SQL Server.  I only installed the x64 installer of version 17 - this can be found a bit further down the downloads page at:

Download ODBC Driver for SQL Server - ODBC Driver for SQL Server | Microsoft Learn

Once more I tried to manually install the version of msoledbsql.msi from the prerequisites download source and received a further error: This application requires Microsoft Visual C++ Redistributable for Visual Studio 2022.....

I then downloaded and installed both x86 and x64 versions of the Microsoft Visual C++ Redistributable for Visual Studio 2022 from the following location.

Latest supported Visual C++ Redistributable downloads | Microsoft Learn

I was then able to complete the installation of Configuration Manager Technical Preview 2411 on my Windows Server 2025 Eval installation.

Conclusion

Sometimes we are thrown a curve ball and it can take some deep digging to resolve the issue.  To avoid this particular issue you can do the following, before running the ConfigMgr setup wizard.

1) Uninstall existing versions of the Microsoft ODBC driver for SQL

2) Install Microsoft ODBC driver for SQL version 17 (not 18)

3) Install Microsoft Visual C++ Redistributable for Visual Studio 2022 (x86 version)

4) Install Microsoft Visual C++ Redistributable for Visual Studio 2022 (x64 version)

5) Reboot server.

6) Run the ConfigMgr setup wizard.

I hope you have enjoyed this little blog and I wish you similar success in your own installation of the latest version of Configuration Manager.

Tattoo Task Sequence Data in WMI

Introduction

In the OS provisioning build world we do like to stamp a newly built device with some information.  This may be the task sequence name and the build version as well as other useful information.  And it is common to place this information in the registry and collect it with MECM by extending the hardware inventory collection data.  With my latest project I decided to write this information to the WMI repository using a PowerShell script.  One advantage of branding in this way is that extending the Hardware Inventory is much easier. 

In addition, I decided to include data that would be useful for troubleshooting issues.  For instance, by including the models supported by the task sequence, a helpdesk technician can easily determine if an incorrect Task Sequence had been deployed to the device when viewing the data in the Resource Explorer in MECM.

There are three steps required to complete this task

1) Populate the PowerShell script with the data to be collected.

2) Create a Task Sequence step to run the PowerShell script.

3) Extend the MECM hardware inventory classes to collect this information from the provisioned device.

Populate the PowerShell script with the data to be collected

The first part of the PowerShell script is the VARIABLE DECLARATION section.  Fill it in as required.  The $WMIClassName variable defines the name of the class under which the instance, containing the data, will be created.  This name should remain the same whenever you update the build task sequence.

#VARIABLE DECLARATION

$WMIClassName="BuildInfo"

$BuildVersion="1.0"

$ProjectName="ENHANCEMENT"

$TSName="Install Windows 10 22H2"

$SupportedModels="HP Pro SFF 400 G9,Lifebook u7410"

$ChangesMade="Removed Internet Explorer.  Added drivers for HP Pr SFF 400 G9.  Removed Windows Store App"

The second part of the script creates the WMI class.  The third part of the script deletes any instances under the class name, if they exist, and then creates the instance with the information as defined in the VARIABLE DECLARATION section.  Here is the script complete with the above information defined.

#VARIABLE DECLARATION

$WMIClassName="BuildInfo"

$BuildVersion="1.0"

$ProjectName="ENHANCEMENT"

$TSName="Install Windows 10 22H2"

$SupportedModels="HP Pro SFF 400 G9,Lifebook u7410"

$ChangesMade="Removed Internet Explorer.  Added drivers for HP Pr SFF 400 G9.  Removed Windows Store App"

#CREATE THE WMI CLASS

$newClass = New-Object System.Management.ManagementClass("root\cimv2", [String]::Empty, $null); 

$newClass["__CLASS"] = $WMIClassName; 

$newClass.Qualifiers.Add("Static", $true)

$newClass.Properties.Add("BuildVersion",[System.Management.CimType]::String, $false)

$newClass.Properties["BuildVersion"].Qualifiers.Add("Key", $true)

$newClass.Properties.Add("ProjectName",[System.Management.CimType]::String, $false)

$newClass.Properties.Add("TSName",[System.Management.CimType]::String, $false)

$newClass.Properties.Add("SupportedModels",[System.Management.CimType]::String, $false)

$newClass.Properties.Add("ChangesMade",[System.Management.CimType]::String, $false)

$newClass.Properties.Add("InvalidExtensions",[System.Management.CimType]::String, $false)

#$newClass.Properties["InvalidExtensions"].Qualifiers.Add("Values",$true)

$newClass.Put()

#REMOVE EXISTING INSTANCES

$Inst=get-wmiobject -query "select * from $WMIClassName"

$Inst|remove-wmiobject

#CREATE THE NEW INSTANCE

set-wmiinstance -Class $WMIClassName -Arguments @{BuildVersion="$BuildVersion";ProjectName="$ProjectName";TSName="$TSName";SupportedModels="$SupportedModels";ChangesMade="$ChangesMade"}

This script should be tested on a device to ensure the class is created and the instance is populated.  Test it on a device that also has the MECM console installed.

After the script is run, type in wbemtest.  Click on Connect and then Connect again.  Click on Query and type select * from <name of class>.  In this case it would be select * from BuildInfo.

Click on Apply and then double click on the BuildInfo.BuildVersion instance.  Ensure that all the data is filled in as expected.

Create a Task Sequence step to run the PowerShell script

Open the MECM console and navigate to Software Library\Overview\Operating Systems\Task sequences.

Right Click on your task sequence and click Edit.  Click on a step after the Setup Windows and Configuration Manager step in the Setup Operating System group.  From the top click on Add and then General and then Run PowerShell Script.  Enter in a name such as Create Build Tattoo.  Click on the Enter a PowerShell script option and then select Add Script .  Paste the script into the script area.

Click on Ok.  Ensure that the correct PowerShell execution policy level is selected and then click on OK again.

Extend the MECM hardware inventory classes

Firstly, as suggested above, you should run the script on a device with the MECM console installed.  This will create your WMI class along with an instance containing the data.  This data will be reported back to the MECM database when the Hardware Inventory cycle completes on your device.

Open the MECM console and navigate to  Administration\Overview\Client Settings.  Right click and select Properties on the required Client Settings object in the right hand pane.  In this example we use the Default Client Settings object.

The Client Settings window appears.  Highlight the Hardware Inventory setting.

Click on Set Classes.  The Hardware Inventory Classes window appears.

Click on Add and then Connect and then Connect again.  The Add Hardware Inventory Classes window appears.  Locate your newly created class and select your newly created class.  Click on OK

The Hardware Inventory Classes window reappears.  Select your newly created class and deselect the Invalid Extensions property.

Click on OK and then OK again.

You can now use Resource Explorer, within MECM, to view the build details pertaining to the device. This will appear after the next hardware inventory cycle completes on your clients.

Conclusion

The build tattoo is often overlooked but is really essential.  It is vital for ensuring that you can bring all your built devices to the same level.  If support orientated data is included, such as supported models, it can be of great assistance to the helpdesk.  I hope you have enjoyed reading this article and I wish you every success in developing your own build versioning tattoo in your environment.

Deploy Windows 11 with MDT - Supported

 Introduction

The Microsoft Deployment Toolkit (MDT)  has been used by many companies for the provisioning of operating systems.  It does have a mature and powerful task sequencing engine.  And while not really scalable to enterprise level environments, and being a firmly lite touch rather than a zero touch solution - it does have one major benefit.  It is free.

Many thousands, if not millions of Windows operating systems will have been provisioned in build rooms throughout the world using MDT.  Unfortunately the last client OS to be supported was Windows 10.  Windows 11 is not supported, and in fact you cannot import the Windows 11 Operating system into the Deployment Share.  Nevertheless Windows 11 can be deployed using MDT and in such a way as to be fully supported.  Here is how it is done.

1) Create a task sequence to deploy Windows 10, or use your existing MDT Windows 10 task sequence.  Configure the TS with your applications and settings.

2) Configure the TS to copy the Windows 11 source files to a location on the device being built.

3) Create a TS step to configure a Scheduled Task to run a Windows 10 to Windows 11 upgrade a few minutes after the completion of the Windows 10 Task sequence.

4) Autologon to the device and wait for the Windows 11 upgrade to complete.

The Windows 10 to Windows 11 upgrade is completed after the completion of the Windows 10 task sequence, and because it is started by a task scheduler job, and not MDT; it is a fully supported solution.

This article will cover steps 2,3 and 4.

Copy the Windows 11 Files

You w‎ill need to create a share on your network to contain the Windows 11 source files.  For our purposes we shall call it \\mdtserver\software.

Under this share create a directory called Windows11Files and under this create a directory called Source.  So we have:

\\mdtserver\software\Windows11Files\Source

Copy your Windows 11 source files into this directory.

You will then need to decide on where you will be copying these files on the device itself.  In my case I will be copying these files to c:\support\Windows11.  

Thus I create two task sequence steps to create this path.  The first TS step runs the following command:

cmd.exe /c mkdir c:\support

The second TS step runs the following: 

cmd.exe /c mkdir c:\support\Windows11

The next TS step will need to copy the Windows 11 files to the provisioning device.  The command line I have used to achieve this is as follows:

cmd.exe /c robocopy \\<mdtserver>\software\Windows11Files c:\support\Windows11 /e

Note1:  you may have to select the Run this step as the following account option and then supply an AD account with adequate permissions to access the software share.

Note2: All three of the above task sequence steps are of the type Run Command Line.

Note3: All TS steps detailed in this article should be positioned towards the end of the task sequence, and definitely after the Post Install group.

Create a Scheduled Task to upgrade to Windows 11

Now that we have configured the TS so that the Windows 11 Source files are available locally on the provisioned device, we need to create a Scheduled Task job to perform the upgrade itself.  The script provided here will create a scheduled task to start five minutes after the time the script is executed.  Therefore it should be configured to run as a Run Command Line TS step towards the end of your task sequence so that the task schedular job does not start while the TS is still running.

In this case I call the script win11ug.ps1 and I copy it to the MDT DeploymentShare's script directory, that is: \\<mdtserver>\DeploymentShare$\Scripts.

The Run Command Line TS step contains the following:

powershell.exe -executionpolicy bypass -file "%SCRIPTROOT%\win11ug.ps1"

In addition the Run Command Line step is configured to run under a Domain Admin account.

Here is the script:

#Get ST start time and ensure time format will work with schtasks syntax

$execdate=(get-date).addminutes(5)

$exectime=($execdate).timeofday

$hourchk=[string]$exectime.hours

$minutechk=[string]$exectime.minutes

if ($minutechk.length -lt 2) {

$minute="0"+$minutechk

}

else {

$minute=$minutechk

}

if ($hourchk.length -lt 2) {

$hour="0"+$hourchk

}

else {

$hour=$hourchk

}

$time=$hour+":"+$minute

#Run the schtasks command to create the task schedular job

schtasks /create /tn "Win10Upgrade" /tr "C:\support\windows11\source\setup.exe /Auto Upgrade /EULA accept" /ST $time /RL Highest /ru interactive /sc once

Autologon to the device 

The last Run Command Line TS step is required to run a script that will perform an autologon.  The command line that worked for my scenario was as follows:

Powershell.exe -executionpolicy bypass -noprofile -file "%SCRIPTROOT%\AutoLogon.ps1"

And here is the script itself.  Obviously replace credentials accordingly.

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v AutoAdminLogon /d 1 /f

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultPassword /d <password> /f

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultUserName /d <local admin account name> /f

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_DWORD /v AutoLogonCount /d 1 /f

This script needs to be copied to a file called Autologon.ps1 and then copied to the DeploymentShare's script directory: that is,  \\<mdtserver>\DeploymentShare$\Scripts.

The last step in your TS will be to perform a reboot.  A few minutes after the reboot completes, and after the autologon completes, the upgrade to Windows 11 will commence.

To help you position each of the steps covered in this article, in the correct order, I have included a capture of the steps towards the end of my task sequence. 

Now after your task sequence completes, and within five minutes, the Windows 10 to Windows 11 upgrade will commence and there will be no requirement for any user input.

Conclusion

It might be that your client is not in a position to install an OSD solution that will deploy Windows 11 - in which case this solution may help you. It is a Heath Robinson type workaround to MDT's limitation.  It works well but you will have to decide if an upgrade solution, rather than a pure baremetal to Windows 11 solution, is something your organisation can accept.

I hope you have enjoyed reading this little blog.

Win 11 Let's Connect you to a Network - After OSD Task Sequence completes

Introduction

Recently I put together an MECM task sequence to install Windows 11 Enterprise.  The task sequence would run through and complete all the steps successfully.  After completion the "Let's connect you to a network" window would appear.  The engineer then had to click on "I don't have internet access" and then on "Continue with a Limited setup" in that order, to arrive at the sign in page.  Yes this is only two mouse clicks but I did want to bypass this in an automated way and arrive at the sign in page without this manual input.

The Fix - Part 1

The key to bypassing this "Let's Connect you to a network" screen was to kill the oobenetworkconnectionflow.exe process using the taskkill.exe tool.  If run from a command prompt, the line would be as follows:

taskkill /F /IM oobenetworkconnectionflow.exe

The Problem

Initially I thought that creating a task sequence step to run this command at the end of the Task Sequence would do the trick, however it did not.  This is because the Network Connect page only appeared after the task sequence completed.

My next idea was to run the command as a value for the SMSTSPostAction task sequence variable.  This variable allows you to specify a command to run after the task sequence completes, but before exiting the task sequence - which sounds a bit contradictory.  This approach did not work either - probably because the Network Connect page had not started at the point in time at which the SMSTSPostAction command executed.

The Fix - Part 2

The taskkill command had to be run at a time that I was sure the oobenetworkconnnection.exe 

process was actuated - that is, at a time in which the Let's connect to a network was really displaying on the screen.  This occurred 30-60 seconds after the completion of the task sequence.  Thus I created a PowerShell script that would create a task schedular job to run two minutes after the time the script was run.  The script would be run as the last step in the build task sequence.

This is the PowerShell script:

$execdate=(get-date).addminutes(2)

$exectime=($execdate).timeofday

$hour=[string]$exectime.hours

$minute=[string]$exectime.minutes

$time=$hour+":"+$minute

$sta=new-scheduledtaskaction -execute "taskkill" -argument "/F /IM oobenetworkconnectionflow.exe"

$stt=new-scheduledtasktrigger -once -at $time

register-scheduledtask CancelNetworkFlow -action $sta -trigger $stt -runlevel highest -user "NT AUTHORITY\SYSTEM"

I saved this script as stopncf.ps1

The MECM Package

There are many different ways to run a PowerShell script in MECM - I got this one working by using the good old fashion legacy package.  I then plugged this as a last step in the OSD Windows 11 task sequence as an Install Package step.  The package contained a Program Command Line consisting of the following:

powershell.exe -executionpolicy unrestricted -file stopncf.ps1

The package content consisted of the above PowerShell script called stopncf.ps1.

I have included below the various screenshots of the package settings, in the case that you would like to follow a similar solution.  The package name is StopNWC.

The Task Sequence Step

As already mentioned this package was added as the last step of the Window 11 OSD task sequence.

And here are the details of the sequence step.

C

Conclusion

This issue is normally seen during the task sequence installation itself - but as can be seen it may occur after the task sequence completes.   We can use the solution presented here to remove this unwanted screen, using the task schedular service and a little bit of PowerShell. For those who like to have the entire process automated, I hope you have benefited from this little blog.

VMWare Horizon Client on HP ThinPro Thin Client - Allow connection via an SSL Proxy

Introduction

I wanted to set the security for the Horizon Client, on my HP ThinPro Thin client device, so that it would never connect to untrusted servers.  

Certificates were correctly installed on both the thin client and the Horizon Connection server.  

The demand was that the Horizon client must refuse insecure connections.  

This is the safest configuration and in this particular setup I was able to get this working - however I did have to ensure that the Allow Connection Via an SSL Proxy setting was enabled as a preference on the Horizon connecting client.

Without this particular setting enabled, I would receive the following error whenever I tried to connect to the Horizon connection broker: The tunnel server presented a certificate that doesn't match the expected certificate.

The Problem

Having an acceptable workaround was great but deploying this workaround, in an automated fashion, was a challenge.  Typically with these sort of settings I could:

1) Manually enable the setting on the Thin Client itself.

2) Use the HPDM console to capture a profile of the HP ThinPro client.

3) Deploy the captured profile to all HP ThinPro clients using the HPDM console.

This did not work - the setting did not get captured as part of the HPDM profile capture operation.

The Solution

I could not find any VMWare documentation in relation to the HP ThinPro Horizon client, to assist me with this task.  I did however find a VMWare article about the Linux Horizon client.

Configuring the Certificate Checking Mode for End Users (vmware.com)

Now the HP ThinPro operating system is Linux based, and so I thought it might work - and it did.  All I had to do was create a HPDM deployment task to deploy the solution.  Here is how I did it.

1) On the HPDM server create a file, using notepad, called view-mandatory-config.  Ensure the file has no extension such as .txt

2) Populate this file with the following two entries and save the file.

view.allowAllowSslProxy="True"

view.allowSslProxy="True"

3) After saving the file, open the HP Device Manager console.

4) Click on Templates & Rules and then click on Add a Rule.

5) Provide a rule name - in this case I type in Deploy view-mandatory-config.  Click on Next.

6) On the Target page click on Next.

7) On the Constraints page click on Next.

8) On the When page specify when you would like your file deployed and click on Next.

9) On the Action page double click on _File and Registry.  The Template editor appears.

10) Click on Add and then click on Deploy Files and then on OK.

11) The Deploy Files window appears.  Click on Add from local and select your view-mandatory-config file.

12) Under the Path On Device column type in /etc/vmware/ and hit Enter and click on OK and OK again.

13) Back at the Action page click on Next.

14) On the Task Parameters window click on Next.

15) At the summary window click on Run Now if desired and then click on Finish.

16) The Package Description Editor window appears.  Click on Generate.

17) The new rule appears under Scheduled Rules.  Again you can right click on the rule, if desired, and select Run Now.

Conclusion

When this rule has run on the HP Thin Pro client,  the Allow connection via an SSL proxy option will be selected.  As long as you have the Never Connect to Untrusted option selected, you can then be sure that you have a secured connection to your Horizon Connection Broker.  I hope you have enjoyed this article.

Recover your corrupted Linux HP ThinPro Thin Client Device

Introduction

While testing some functionality in my HP  T530 Thin Client's Linux based ThinPro 8 operating system, I found myself with a corrupted partition.  I was testing the BIOS password removal process using the inbuilt hptc-bios-cfg tool.  After running the tool and initiating a reboot, the ThinPro operating system refused to load, leaving me in an initramfs shell.  Now I am not a Linux expert but I did try a few things, even finding myself in a grub shell where I could list and search each partition for the expected operating system files.  I couldn't find the expected partition with the expected files.  How was I to recover this thin client's ThinPro operating system with my limited Linux know how?  I did find a way out of this mess, which I will write about in this blog.  It might work for you as well.

How I recovered my T530 Thin Client

In summary I was able to restore my TC by:

1) Booting the TC device into the Windows PE environment from a bootable USB key

2) Deleting all partitions on the TC's drive, and creating a new partition.

3) Booting the device into the HP ThinPro PC Converter Tool's environment from a bootable USB key created using the HP ThinPro PC Converter Deployment Tool application.

4) Applying the ThinPro 8 operating system to the TC's drive.

To fix your failing ThinPro operating system you will need to install the following applications on a Windows 10 or Windows 11 device:

• HP ThinPro PC Converter Deployment Tool (HP_ThinPro_PC_Converter_Deployment_Tool_N44254-002.msi) -  get an evaluation license and the installer here: h30670.www3.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPTPPCCT

• Windows Assessment and Deployment Toolkit (adksetup.exe) -available here: https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install#download-the-adk-101253981-september-2023

• Windows PE add on for Windows Assessment and Deployment Toolkit (adkwinpesetup.exe) - available here: https://go.microsoft.com/fwlink/?linkid=2243391

Install the above applications using the default installation options.  Ensure you have two USB keys.  These will be wiped clean so make sure you backup any important data on them.

Create a WinPe bootable USB key

• Connect a USB key to your Windows device, after installing the above applications - make a note of the drive assigned to the key; this is usually d:
• Right click on the Deployment and Imaging Tools Environment from the Start menu and select More and then Run as Administrator.

• Extract the WinPE files by running this command: copype amd64 C:\WinPE_amd64
• Create the USB WinPE bootable device with the following command MakeWinPEMedia /UFD C:\WinPE_amd64 <drive of USB Key>.  For instance: MakeWinPEMedia /UFD c:\WinPE_amd64 d:
• Press Y to agree to losing any data on the USB key.

You now have your bootable WinPE USB key.  Remove it from your device.

Create a HP  ThinPro PC Converter USB key

Insert your second USB key and follow these steps to create the HP ThinPro PC Converter USB key.

• From the Start menu run the HP ThinPro PC Converter Deployment Tool.  Browse to your license file or click to Get a Trial License.  Click on Next.

• Click the second option - Installer USB Flash Drive

• If this is the first time you have run the tool you can click to Download v8.0.0, otherwise browse to select the desired image if the image box is not already populated.

• Click on Create and then Exit when the converter key has been created.

Clear your Thin Client's Partitions using WinPE

Insert the WinPE bootable USB key into a slot on your Thin Client and boot to this disk (usually by pressing F9 or ESC).  You will be presented with the cmd.exe shell.

• Type diskpart and Enter and then list disk.  This will display the Thin Client's disks as well as the USB key.  Make a note of the TC's main disk - usually disk 0

• Type select disk <TC's main disk - usually disk 0).  In this case I type select disk 0 and press enter,
• Warning this command will wipe your main disk.  Type clean and enter.
• type create partition primary and press enter.
• Type Active and press enter
• Type Exit and then press enter

You have now reset your primary disk to accept the ThinPro operating system restoration.

Restore the ThinPro Operating System

Remove the WinPE bootable USB key and insert the HP ThinPro PC converter bootable USB key.

• In the WinPE cmd.exe shell type exit.  The TC will reboot.  Pressing ESC or F9 boot into the ThinPro converter USB key

• The ThinPro converter tool will carry out a compatibility Check

• Click on Install ThinPro to internal Storage.
• Click on OK to accept the disk wipe out warning.
• Click No if prompted to Preserve current ThinPro settings.
• The ThinPro OS installation commences.  

• The Running custom ThinState operation completes.  

• Click on OK and click on Details to view the completed events.

• Click on Close and remove the Converter USB key.
• The TC reboots and the ThinPro operating system loads.  After a few minutes you are presented with the HP ThinPro setup wizard.  Complete the setup as desired.

Congratulations you have recovered your corrupted HP ThinPro Operating System.