ZCM Imaging Windows 11 - no boot after restore

Hello,

We are trying to build a Windows 11 image using ZCM native Linux engine. We can create the image, restore the image but upon the first boot of the Windows 11 operation system the spinning circle stuck at the Manufacture "Lenovo" screen.

I have narrowed the issue down to a chkdsk issue. After the computer image is restored, computer does not boot, I can boot the computer with the Installation ISO key, go into recovery mode, go to command prompt, change drive to c: and run a chkdsk /f on c:. The process completes and I reboot. Windows 11 boots normal.

I made a Windows 10 Image, captured and restored the image and upon first boot of Windows 10 goes into a chkdsk, repairs itself and then boots.

Whats odd is that in both Windows 10 and Windows 11 ZCM image restores it appears there is a need for a chkdsk /f upon first boot in either OS. Windows 10 does a automatic checkdsk on first boot but Windows 11 just hangs. I checked the regkey to see if the autocheck disk was enabled for windows 11 OS and it is. I did a CHKDSK /f on both installs prior to capturing the image and ran a chkntfs to confirm the drive was not dirty.

ZENworks environment

##########################

ZENworks Configuration Management Version: 23.4.0.0
ZENworks Asset Management Version: 23.4.0.88
ZENworks Patch Management Version: 23.4.0.88
ZENworks EndPoint Security Management Version: 23.4.0.88
ZENworks Full Disk Encryption Version: 23.4.0.88
ZENworks Agent Version: 23.4.0.88
ZENworks Updater Service Last Contact Time: 8:55 AM
ZENworks Updater Service Version: 23.4.0.88

Windows Versions 

##########################

Windows 10 Education Version 22H2.19 64 bit

Windows 11 Education Version 23H2 Build (22631.3593) 64 bit

Windows 10/11 base Image creation process

##########################

1) Install Windows 11 from Iso

2) install Windows patches

3) Deploat OS with Windows10DebloaterGUI.ps1

4) Disable Hibernate with Powercfg /h off

5) Capture Image

6) Deploy image on same exact hardware (changed nothing) then we get boot issue in Windows 11.

Few things I have tried.

I have tried sysprep /oobe and non sysprep same results.

I have switched to using the Texera driver. This made no difference.

I have tried different hardware, same results. Windows 11 first boot stuck on Manufacture screen. Chkdsk /f in recovery mode fixes the issue.

I am wondering if the capture or restore process is causing the system partition to be in a dirty state.

Anyone experience this? does anyone know of a workaround?

Thanks,

Parents
  • 0  

    Is restoremask.xml on your image set to disable the Restore/Changing of the SID?

    https://www.novell.com/documentation/zenworks-23.4/zen_cm_preboot_imaging/data/bg4iu9s.html

    If not, the imaging restore process will try and alter the devices SID which is quite bad on WIndows 7, Really Bad on WIndows 10, and Really Really Bad on WIndows 11.

    The only place left that touches the SID is the Linux Imaging Boot Environment.  ZENworks WInPE has never done it, since that came along after touching SID became a real no-no and all ZENworks Agent code has been stripped of SID Touching.

    --

    Avoiding SID Change is likely sufficient.....

    If that does not help....I recommend creating a fresh image using the latest WIndows 11 Media but w/o any network connection to help ensure no updates are applied to the PC during the Image Creation as that can really mess with restored images as the identity updates itself as part of SYSPREP.  It's generally the store apps that cause the most issues.  If there are specific Windows Updates you want to apply such as the June Cumulative Update....that should be fine but I would download them and apply via a USB stick versus using Windows Update.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Created a new BASE Windows 11 23 H2 image

    Process:

    1) install Windows 11 EDU

    2) Wipe all partitions, then let windows installer create partitions

    3) unplugged ethernet cable

    4) No Microsoft updates installed, No hardware drives installed

    5) Ran cmd (administrator elevated) to disable hibernate powercfg /h off

    6) Power off computer, take image

    7) Restore image on same hardware, image process freezes at 7 seconds into the restore process on the following directory:

    c:\Program Files\WindowsApps\Microsoft.VP9VideoExtentions_1.0.50901.0_x64__8wekyb3d8bbwee\x86

  • 0   in reply to 

    "Yes, I forgot to mention that. Restoremask.xml is in the root of C: and when I finish retore an image I see the message "SIDchanger is disabled"

    With that method and the Restore Mask and message.....you SHOULD be good in regards to your issue with needing"CHKDSK".  The Sid Changing breaks the security settings on a number of files all across the computer since the permissions are set to the PCs SID.  Check disk goes through and fixes the invalid ones with the current SID.

    --

    In regards to the issue around VP9VideoExentions....I don't have any Good Suggestions other than the obvious LAME one....

    https://lazyadmin.nl/it/uninstall-microsoft-store-and-default-apps/

    Remove the VP9 Windows Store Apps from ALL USERS prior to taking the image.  

    I want to say something around making sure you are using the TUXERIA Driver....but that would be a total mess...since enabling it would be a major project.  You could test using WInPE on a one off basis.  There could be something in the file system with that app that the LInux NTFS Drivers are not liking.  But getting that fixed would be a Servicec Request and Dev work that will take a while.

    I know folks hate when I say it....But starting on WinPE will save you heart ache in the long run.   Far less Hardware Driver issues and it gives far more imaging options than just Disk Images.  How things work are basically the same with the same imaging commands....just done from a WIndows Boot OS instead of LInux.  When Setting up WinPE you can keep your current setup in place and just and a Boot Menu option to boot WinPE if you select it so you can test and play with it w/o impacting your current designs.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Please have a look in the BIOS and the Boot order. On some devices I have manually change the disk to first position.

    I also clear the entries of Boot devices in EUFI and set the command next boot to the harddisk.

    Also do a chkdsk c: /f /b /r before you  create the image file

    Here is a part of my Imagescript.txt:

    ________________________________________________

    efibootmgr -b 0000 -B
        efibootmgr -c  -L "Windows Boot Manager" -l "\EFI\Microsoft\Boot\BOOTMGFW.EFI" -d /dev/nvme0n1 -p 3
        efibootmgr -n 0000
        reboot -f

    _____________________________________________________________

    Please notice on this script that the "Windows C:Disk" is the htird partition !!!

  • 0 in reply to 

    Hi Adeckert2,

    I tried the efiboot commands, did not help.

    The system is booting, just stuck at the manufacturer login prompt. a simple checkdsk /f on the c: drive fixes the issue. I am not touching anything with the efi partition or boot order or bios.

    Something is going on with the linux driver making the image c: partition dirty. I am not sure if it's on the capture or the restore.

    Is it possible SIDchager is still operating even though the message on the ZENworks Image Engine indicates "SIDchager is disabled"

  • 0   in reply to 

    When SIDCHANGER Broke stuff and your Ran Checkdsk to fix it.....

    What it FOUND was "Invalid Security Identifier" or something along those lines.  

    AKA....Permissions to files and folders were assigned to some unknown SID which caused a circle of death at boot.

    If you look at the errors Checkdsk finds...are it those or something different???

    Are you using SYSPREP in your process?  I did not see it referenced.  Normally you would want too....but I was going to suggest the following....

    #1 - Grab PSGETSID from SYSINTERNALs.

    #2 - Run it to get the SID of a PC.

    #3 - Take an Image w/o using SYSPREP

    #4 - Restore it using LinuxPE as you are.

    #5 - After getting back into Windows after using FDISK to fix things.....Run PSGETSID again...Is it Different?

    --

    If it is different try this......

    Grab a Copy of ZISWIN.exe from a PC with the ZCM Agent and copy it to this PC. (The EXE is stand-alone does not need the agent.)

    Do a "RunAsAdmin" with ZISWIN.exe and use it to not restore stuff.  Maybe there is something off about the XML and the server is not really honoring it...Dunno....

    --

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0   in reply to 

    Did you run CHCKDSK before shutdown?

    You can also set CHCKDSK to run on 1st boot....if you issue command right before reboot.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to 

    I use 23.4. But it has always worked, no matter what ZCM Version i used. But you have always as last option to run chkdsk before you take the image. Also never modify the image file with the imaging explorer like adding a file. This will break the "Tuxera option".

  • 0 in reply to   

    Good Morning Craig,

    Yes I tested several different chkdsk commands.

    1) Ran Chkdsk /f, let it run chkdsk run on next reboot, shutdown gracefully, take image

    2) Ran Chkdsk /f /b /r, let it run chkdsk run on next reboot, shutdown gracefully, take image

    3) Ran Chkdsk /f /b /r, shutdown, take image. (deploy image on the same hardware the image was built on), I was expecting the computer to boot into a forced chkdsk and it was stuck at the same Manufacture logo. 

    In all the scenarios, the result was the same, stuck at manufacture logo (Lenovo) and had to boot into recovery mode.

  • 0 in reply to 

    Please change the boot order after pulling down the image to windows boot manager or to the hard disk, depending on the hardware model of the endpoint.

  • 0 in reply to 

    Thanks for the advice on the Image explorer.

    The last several images I made I did not use Image Explorer and still had the same issue with booting.

    I'm going to Out Line my Windows 11 install process again:

    1) Download Windows 11 (SW_DVD9_Win_Pro_11_23H2.5_64BIT_English_Pro_Ent_EDU_N_MLF_X23-73316)

    2) Use Rufus to create the ISO on a Thumb drive

    3) Boot hardware off Installation Media

    4) Chose Windows 11 Education version

    5) Chose custom Install, delete all partitions until I have Unallocated space, let Windows install setup the partitions

    6) Windows installs files, reboots

    7) Unplug the ethernet cable (Prevent Windows Updates)

    8) Copy the restoremask.xml file to c:\

    9) ** Stopped this while working out imaging bug - install Windows patches

    10) ** Stopped this while working out imaging bug - Deploat OS with Windows10DebloaterGUI.ps1

    11) Disable Hibernate with Powercfg /h off

    12) Take Image

    13) Deploy image on same hardware (changed nothing)

    14) Boot Issue

    A few notes:

    When I use the latest ISO for Windows 11, I can take an image with no problem. deploying the image ZEN imaging engine freezes on c:\windows\windowsapp\

    Is it the version of Windows I am using?

    Is it the USB key booting in Zenwork Imaging? (I used Bootcd_tntfs.iso)

    Is it my Windows image creation process?

    I'm stumped at this point. I have tried 3 different versions of Windows 11 installs and got the same results with booting. When I use the first release of Windows 11 Iso version SW_DVD9_Win_Pro_11_21H2_64BIT_English_Pro_Ent_EDU_N_MLF_-3_X22-89962.ISO I can take the image and deploy the image without it locking on the C:\program files\windowsapps\vp9... directory.

    I will be opening a case sometime today with support.

  • 0 in reply to 

    Please change the boot order after pulling down the image to windows boot manager or to the hard disk, depending on the hardware model of the endpoint.

    Have you triied to rewrite the master boot record on the disk?

    Remove the last partition (Recovery) from the imagefile with imageexplorer and restore the modified image file.

  • 0 in reply to 

    I think I found something..

    My ZCM 23.4 is installed on a Windows Server 2019. I found this on page372 of the Preboot_image manual:

    Check Disk might run on a device with Windows 2019
    Explanation: When you take and restore an image of a device with Windows 2019 using a
    Legacy NTFS Driver. After restoring the image, Check Disk might run before
    booting the operating system. However, the device boots to the operating
    system after performing the check disk.
    Action: Take and restore image of a device using Tuxera driver.

    How do I confirm the Tuxera Driver is working?

  • 0 in reply to 

    I'm testing a Windows 11 image right now. 

    I'm going to build a Windows 10 image right after this. I want to see If I still have the boot chkdsk issue in Windows 10 as described in the Manual. If this is the case then I think it would be something with the tuxera driver.

    I am in the process of my testing and will post in a few.

  • 0   in reply to 

    At this point.....I think we can eliminate the SID Change as your issue.  Also since it is booting to Chckdsk, the issue is not boot order or it would not get to chckdsk and that would not fix it.

    --

    Maybe try some of the various tools to remove all the junk Windows Store Apps.  Apparently, a few are now required so removing all is not recommended but clearing out much of that junk can give you a cleaner and faster system.  

    And I "WinPE" will be far less likely to give your NTFS issues and far less driver issues

    While it's a change, it is far simpler LInuxPE, especially for WIndows Admins.  Far less driver issues.  Does not interfere with ongoing LInuxPE.  The learning curve is so small for most, any time spent getting it going will be less than spent on a single LInuxPE issue which will always be far more prevalent than WinPE since Drivers come out for Windows First,

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to 

    Are you sure the tuxera driver is loaded? Have a look at the message-screen on  CTL+ALT+F4. There have to be a message like:  tfs_linux: tntfs taints kernel. Tuxera NTFS driver version...

    Otherwise the tuxera driver is not loadedand your iso file is not modified by downloading the tuxera driver.

Reply Children
  • 0 in reply to 

    I don't see the tfs_linux: tntfs taints message anywhere.

    I booted the USB key and got to the /# prompt type "modprobe tntfs" and I get the following error

    "Fatal: Module tntfs not found in directory /lib/modules/5.14.21-150500.53-default"

    I am not sure If I am running the correct command. I am trying to figure out if the TNTFS is running. I believe this is my main issue.

    I did use the bootcd_tntfs.iso file that was created after uploading the tuxera and after bother servers indicated "Available" on the status page of the Tuxera High Performance NTFS Driver Integration Settings.

  • 0 in reply to 

    I did the modprobe tntfs from the USB boot imaging key after it finished loading into maintenance mode.

  • 0 in reply to 

    Additionally, I ran find / -name tntfs.*    and found nothing. This is on the USB boot key.

    How can I definitively confirm what driver is running on the system?

    On my USB key I do see these files:

    1) \addfiles\x86\tntfs.ko    (File Size 620 KB dated 9/14/2022)

    2) \addfiles\x86_64\tfs_linux.ko      (File Size 46 KB    dated 9/6/2023)

    3) \addfiles\x86_64\tntfs.ko      (File Size 1,017 KB    dated 9/6/2023) 

     

  • 0 in reply to 

    Hi Joseph,

    modify your settings.txt:

    # Tuxera treiber laden
    insmod /mnt/addfiles/x86_64/tfs_linux.ko
    insmod /mnt/addfiles/x86_64/tntfs.ko

  • 0 in reply to 

    Working on adding these to the usb boot key. I noticed the USB drive is not mounted to /mnt, working on fixing that.

    I manually mounted /dev/sda1 (USB drive) and insmod the ko drivers. I did a new capture with the drivers and restored. Then I got a blue screen on boot. going to try the following

    efibootmgr -b 0000 -B
        efibootmgr -c  -L "Windows Boot Manager" -l "\EFI\Microsoft\Boot\BOOTMGFW.EFI" -d /dev/nvme0n1 -p 3
        efibootmgr -n 0000
        reboot -f

    I did get a few errors when trying to put the insmod in the settings file.

    I'm working on a few things, I'll post back in a bit.

  • 0 in reply to 

    I don't think the tuxera driver is loading properly. The ZENpreboot/imaging manual states adding files to the "Addfiles" directory will place the files in the root with the exception regarding RAM limitation. The files are not in the root "/" directory as stated in the manual.

    When the Tuxera driver was added in the ZCM console it created the Bootcd_Tntfs.iso file, it automatically put the files in the Addfiles directory.

    I tried manually adding the driver with the insmod commands, I don't think its working properly.

    I'm in the process of getting the client to boot via PXE.

    How do I make the USB work?

    ######## From the Manual #######

    4)Copy any other files or drivers that you want included on the CD, DVD or bootable USB to the
    addfiles directory in the temporary bootcd.iso image.

    Any files or subdirectories that you add under the /addfiles directory are placed at the root
    of the client when booting the CD, DVD or bootable USB.

    IMPORTANT: When booting from the CD, DVD or bootable USB, the imaging engine is read into
    RAM. Because the imaging engine uses some of the RAM that exists on the client device, the
    combined size of any files that you add under the addfiles directory cannot exceed the
    amount of remaining RAM.

  • 0 in reply to 

    Quick update:

    After switching from the USB to PXE boot, I can now take and deploy a Windows 11 computer without issue.

    Something is going on with the USB key, I think its related to "remaining RAM" the addfiles are not in the root / drive and as a result the tuxera driver is not loading properly.

    PXE boot works perfectly. 

    Thanks for the help.