The most common cause of a machine image failing in WDS is that the machine naming process is not configured correctly. You may get the dreaded ‘Windows could not parse or process unattend answer file’ error when you are 100% certain that your answer file is in fact valid and works on some machines but not others.
The most common cause of these problems is that you are trying to do an automated domain join and someone may have tried to then manually change a machine’s name.
If your attempted re-image does fail on the above error do the following (while the client has the error on screen) to find out why:
- Hold Shift and press F10, this should open a command prompt next to the error dialog box.
- Type Notepad
- Open the setuperr.log in C:\Windows\Panther
You should see something that mentions that the machine naming failed or that the computer account could not be reset.
If you do not intend to use PXE boot approval and are getting the ‘CreateOrResetMachineAccount: Error resetting machine account’ error – simply go to the PXE Response tab of your WDS server’s properties and untick the box that states ‘Require Administrator Approval’
You may then need to remove the machine from Active Directory Prestaged Devices in WDS (found in the setuperr.log) above, run the below command and restart the WDS service before imaging again:
Wdsutil.exe /delete-autoadddevices /devicetype:approveddevices
A quick warning that removing devices from Active Directory Prestaged Devices will remove it from Active Directory.
If you are intending to use Administrator PXE boot approval then you need to do the below.
In Active Directory Users and Computers:
- Right click on the OU your new computers will appear in (Normally “Computers”) and select Delegate Control
- On the first screen of the wizard, click Next
- Click Add and then click Object Types, select Computers and click OK
- Enter the name of the computer WDS is running on, followed by a dollar sign, e.g. WDS01$, and click Check Names
- Enter the user name of the account you have for WDS installations e.g. InstallUser, and click Check Names
- Click OK and Next
- Select Create a Custom task to delegate and click Next
- Select Only the following objects in the folder. Then select the Computer Objects check box, select Create selected objects in this folder, and click Next.
- In the Permissions box, select the Write all Properties check box, and click Next and Finish.
- On your WDS server, open regedit
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSPXE\Providers\BINLSVC\AutoApprove key
- Open the x64 subkey, and double click on User
- Change from Domain Admins to InstallUser
- Open the x86 subkey, and double click on User
- Change from Domain Admins to InstallUser
How does Prestaging and Administrator Approval work?
In order for WDS to use the Administrator Approval tab it needs to know about which machines have been approved/rejected. When a user approves a machine for imaging the machine is instantly created in Active Directory (even though the image hasn’t yet begun). This is the prestaging part as the account is created ahead of joining the machine to the domain.
Once the machine is imaged, the computer account is reset and the unattend file specifies its joining to the domain. It should then use this machine account and join the domain successfully. Any issues with this should be resolved by correcting the permissions as above or completely disabling administrator approval.
In 2012 R2, removing entries from WDS prestage does NOT remove them from AD, provided the install has reached a certain stage.
This is fortunate because when we image some machines that have no ethernet, but can be imaged with an ethernet adapter, we have to delete the prestage info once the machine is installed so that the USB stick can be reused.
(I am hoping adding the WDS m/c as delegate is going to fix our domain joining error. Testing tomorrow!)