Wednesday, July 23, 2014

MDT 2013 Task Sequence Stops After Reboot - MS Security Essentials

I was having quite the issue with one of my MDT images. The reference computer seemed to sysprep and capture fine. I got a wim file and no errors were thrown by MDT.

When I went to deploy this image it would push down to the disk just fine and initiate a reboot. It's here that things stopped.  No autologin.. no domain join... nothing. It simply sat at the logon window. I thought it might be a group policy enforcing the CTRL - ALT - DEL. Disabling this didn't help.

The last entry in the logs was simply a notice that a reboot was initiated.. all other messages indicated that the process was running fine.

It turns out in my case all of this was due to an unclean uninstall of Microsoft Security Essentials. We had it in the image at first but realized it was prompting users with a wizard after deployment so we decided to push it out later in our process. Uninstalling the program removed the program files but left behind a registry key telling sysprep to reference a .dll.  Poor clean up on Microsoft's part.

We ran a simple sysprep task sequence on the machine as opposed to the full process of sysprep and capture. After this process we we noticed the setuperr.log in C:\Windows\System32\sysprep\Panther folder has an entry similar to this: 

SYSPRP LaunchDll:Could not load DLL c:\Program Files\Microsoft Security Client\MSESysprep.dll

Indicating a fatal error and that sysprep was stopping. Sysprep was not completing, therefore OOBE would not run on the resulting deployed image and the run synchronous commands for an auto logon and LTIBootstrap.vbs would never get triggered... this all started to make sense now.

If you search the registry in this location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup

You will find a key that has a value referencing  c:\Program Files\Microsoft Security Client\MSESysprep.dll    as well as a few other security essential files.

Remove this key, you may need to alter permissions on the parent folder to do this as the system account has permissions but not the local administrator by default.

You should now be able to successfully sysprep your image, capture, and deploy it.