While setting a domain member server to automatically log on when it boots is generally not a good practice, sometimes you just need to do it.

It’s easy enough on a standalone workgroup server – just go to the Control Panel, User Accounts, uncheck the box for “Users must enter a user name and password to use this computer”, and click OK – whereupon it asks you to specify the username and password. This is encrypted and stored.

However, when you join a server to the domain, this option becomes unavailable.

So how do you get it back? A registry hack, of course!

Open Registry  Editor, go to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, and make a String Value (REG_SZ) called AutoAdminLogon. Set this to 1.

Here’s a CMD prompt version you can copy/paste:

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v AutoAdminLogon /t REG_SZ /d “1″ /f

Once you’ve done that, you can go back into the Control Panel, User Accounts, and the option will be available again. Make sure you use domain\user for the user account to specify the domain user. Of course, that user must be a local administrator on the server.

Tags: Autologon

Scenario: You are doing an SBS 2008 Migration from an SBS 2003 domain. You’ve created your answer file, you’ve gotten partway through setup, but it seems to sit forever at this screen:

Eventually, you get this pop-up dialog telling you at it is taking longer than expected, and asking if you want to keep waiting.

What now? Maybe you’ve clicked the yes button once or twice already and waited another 20 minutes with no positive results.

Well, this is what happened to me, and I’ll tell you what I found out about it. Your situation may be different, but check out what I found out, and look for it in yours. If it matches, you might want to give it a try. Hopefully you have a good backup.

After sitting at this screen for way too long, I decided to do some digging. I sent a ctrl-alt-del to the SBS 2008 server and brought up the Task Manager. From there, I opened a CMD prompt, and found my way to C:\Program Files\Windows Small Business Server\Logs. I copied the file to a UNC share on the source SBS server to read it (but you can just use the “type” command in the CMD window and read the last few lines if you want).

The last few lines looked like this:

[3212] 081225.202335.1592:
Task: There are 0 pending replication operations.
[3212] 081225.202335.2530:
Setup: Attempting LDAP bind.
[3212] 081225.202335.2530:
Setup: Bind failed with: A local error occurred.
[3212] 081225.202335.2530:
Task: Waiting for replication to finish

That sequence repeated a few times. Definitely the choking point. I googled the hell out of that, and only found one item that looked remotely relevant. That guy was having the same symptom. He solved his problem by throwing away his SBS2003 domain and starting from scratch.

After MUCH digging, rebooting, retrying, and other things that I will spare you the pain of, I typed “eventvwr” at the CMD prompt, and looked through the event logs. I found, among other things, this event:

Source; GroupPolicy
Event ID: 1006
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller (LDAP Bind function call failed).

Now we’re getting somewhere. I found numerous search results for that one, including a forum where some guys had this error, received a hotfix from Microsoft, and the problem went away. Apparently the problem is caused if you have ever done an authoritative restore on your 2003 domain. When that happens, the msDS-KeyVersionNumber property from the user object “krbtgt” is increased. Windows Server 2008 is not expecting this. Any 2008 DCs that are added to this domain have trouble binding to LDAP and authenticating to AD because of this.

There is a Microsoft KB article about a seemingly completely unrelated topic, with a hotfix link available for download. Microsoft PSS sent these guys this hotfix, and it made that problem go away. It needs to be installed on all Windows 2003 DCs.

I am doing this upgrade on a virtual server, I have a snapshot, so I figured “What the heck, let’s try it!” and downloaded the hotfix. I ran it on my SBS 2003 server, and said No to the reboot. Lo and Behold, my SBS 2008 migration is proceeding past the error point! It’s looking good!

Use this fix with caution. Your mileage may vary. Make sure you have backups and/or a snapshot before you do it. Best of luck!

Tags: Group Policy, Hotfix, LDAP, Migration, SBS 2008

I just spent some time wrestling with an HP Color Laserjet 2600N printer on SBS2008.
The workstation was XP Pro SP2 x32.
The driver was for Vista x64, downloaded from HP (closest I could get).

The symptom: The driver loaded fine on the server and workstation. Server could print OK. When workstation printed, the job would stick in the queue and not go to the printer, and could not be deleted except by stopping the spooler and deleting the files from the spooler folder. When I restarted the print spooler service without deleting the files, the job would then go to the printer.

The solution: Disable bi-directional support in the printer driver on the server.

Tags: Laserjet 2600N, Print Spooler, SBS 2008

 Special thanks to Drevlan for the heads-up on this.

These special product keys are provided by Microsoft for use in unattended answer files, or for switching your server from a MAK setup to a KMS setup, if you have either of those scenarios going on. More about that can be found here.

These Operating Systems provide functionality in the setup GUI to skip the product keys during setup, and provide it later. However, when you are doing an unattended setup, it will not allow you to skip the product key (whose idea was that?!).

You can use these keys during unattended setup, and then replace them later by clicking a link in Activation GUI, and entering your own keys at that time. Then you can activate against a KMS, or Microsoft, or whatever setup you’re using.

The “Windows Server 2008″ key can be used for SBS 2008 - specifically, in the OS-level answer file – not the one generated by SBSAFG. In conjunction with the SBS answer file, your SBS 2008 installation can be 100% unattended, “from Boot to Welcome“.

These keys are specifically mentioned for use with unattended setup answer files, although the ones above will probably do the job as well.

Tags: answer file, deployment, from boot to welcome, Product Keys, SBS 2008, unattended, vista

Yeah, it’s old news that SBS2008 setup can be done “unattended” with an answer file. Just run SBSAFG from the DVD, fill in the blanks, save the file to removable media, attach it to the target server, put the DVD in, turn it on, and…

Wait, what’s up with all of these prompts? I thought this was supposed to be unattended?

Well, yes, the SBS wizard portion is unattended, but you still have to go through the OS setup. You see, MS tried really hard to make the transition from OS install to SBS configuration seamless. What they really did, however, was remove the ability for us to make any fine adjustments after the OS load and before SBS installation. For example, partitioning and formatting additional disk volumes.

Anyway, the end result is that the SBSAFG generates an answer file that answers the SBS questions, but not the OS load questions.

Generating an answer file for the OS load is not nearly as simple as double-clicking an executable and filling out a structured form. It’s not even as simple as it was in 2003, where you could extract and run sysprep to generate an answer file, and then use a text editor to fill in the missing bits, with simple, easy to understand formatting.

Now, you need to download a huge program, install it, copy an even larger file from your installation media, catalog it, choose your OS version and type, start an answer file, add some things to various stages of setup, fill in the blanks, and then save the answer file. Some of those fields have tips to help you determine what needs to be typed in there. Others do not.

As if that was not confusing enough, most of the tutorials on this are focused on deploying Vista using Windows Deployment Services. On a small, disregarded, deeply buried web page, I found a note saying that to deploy Windows 2008 with an answer file, just follow the Vista instructions and use Win2008 media.

Ready? Here we go:

Download and install the Windows Automated Installation Kit (992 MB). I believe this must be installed on Vista or Server 2008. I used Server 2008.

Copy the install.wim file from the SBS2008 DVD to the hard disk of the computer you are running the IAK on. I am not sure if it can be run from the DVD directly, but I didn’t want to listen to the drive whine/click/whir longer than necessary, or be prompted for the file again later, so I just went ahead and copied it.

Run Windows System Image Manager. 

1. Right-click the Select a Windows Image, choose to select one, and browse to the WIM file.
   Choose the OS you want (in this case let’s go with ServerStandard, because we’ll be automating SBS2008 Standard).
2. Choose to create a catalog for that OS.
3. Right-click in the answer file section, and choose to create a new answer file.

Great! Now we have some components, and a framework of installation stages in the answer file. Now what?

You can have all kinds of fun with this, and here is a reference guide to help.

However, there is a small set of core pieces listed on this page that we need to put in there to make it unattended. Before you slam those in there, however, be aware that those pieces are required for a fully built, distributable instance of Vista, resealed and all. If you include all of those things, it will break your SBS2008 installation.

Below is a listing of what I put in there, the values I entered.
All of it goes into “1 windowsPE”.

Note: This is not XML-formatted text. Do not copy/paste this into an XML file, that will not work for you. Instead, look for these settings in the AIK. I am not planning to post a full XML file because your settings/requirements might be significantly different – so it is best if you build yours from scratch.

amd64_Microsoft-Windows-International-Core-WinPE_neutral
  InputLocale: 0409-000000409
  SystemLocale: en-us
  UILanguage: en-us
  UserLocale: en-us
\-> SetupUILanguage
      UILanguage: en-us
      WillShowUI: OnError
amd64_Microsoft-Windows-Setup_neutral
\-> DiskConfiguration
      WillShowUI: OnError
   \-> Disk[DiskID=”0”
         Action: AddListItem
         DiskID: 0
         WillWipeDisk: true
       \-> CreatePartitions
           \-> CreatePartition[Order=”1”]
                 Action: AddListItem
                 Extend: false
                 Order: 1
                 Size: 61500
                 Type: Primary
       \-> ModifyPartitions
           \-> ModifyPartition[Order=”1”]
                 Action: AddListItem
                 Active: true
                 Extend: false
                 Format: NTFS
                 Label: OS
                 Letter: C
                 Order: 1
                 PartitionID: 1
\-> ImageInstall
    \->OSImage
         WillShowUI: OnError
       \->InstallTo
            DiskID: 0
            PartitionID: 1
\-> UserData
      AcceptEula: true
      FullName: John Q. Public
      Organization: Your Company
    \->ProductKey
         Key: TM24T-X9RMF-VWXK6-X8JC9-BFGM2
         WillShowUI: OnError

Some notes about the above values:

The values in the first section assume US English installations. Check out the reference guide for your locale.

The disk configuration I specified wipes out any existing partitions and creates a single 65 GB partition at the start of the disk. Adjust as appropriate for your installation, and be careful not to wipe out an important partition on your server. I recommend duplicating your server’s disk structure on a white box and testing before you actually run this on your server.

The UserData section is unimportant, as it gets replaced later by the answers from the SBS answer file. These will get you through without requiring customization for each client.

The product key I used is a special key for unattended installations. It is not a “real” key, and you will need to replace it when it is time to activate. SBS2008 provides an easy mechanism in the activation UI for this.

Once you have inserted all of these items and typed in the values, it is time to save your answer file to removable media. I suggest also saving it to the same folder with the WIM file and the catalog, for later use.

A quick note about virtualization: When running SBS2008 setup on a Hyper-V platform, the display size goes to 1600×1200 pixels. I tried adding display settings in every stage of setup, to no avail. When done, I was still looking at a 1600×1200 desktop. If I figure this out later, I’ll post an update. This issue does not happen on ESXi.

So, now that we have the initial OS answer file, we need to create the SBS answer file. This step is fairly straightforward.

You can run the SBSAFG executable straight from the DVD, or copy it to a workstation somewhere and run it there. It does not like being run over the network, I have found, but it executes locally on Windows 2008, Windows 2003, and Windows XP without fuss. I did not try it with Vista, but I assume it would work there as well.

Fill out the form as you wish, and save the file to the same removable media you put your OS answer file on. Thankfully, they use different file names, so there will not be a conflict.

Now you’re ready to attach your removable device, insert your SBS2008 DVD, and build a system.

Good luck!

Tags: answer file, from boot to welcome, SBS 2008, SBSAFG, System Information Manager, unattended, Windows AIK