ZCM Imaging Windows 11 - no boot after restore

Hello,

We are trying to build a Windows 11 image using ZCM native Linux engine. We can create the image, restore the image but upon the first boot of the Windows 11 operation system the spinning circle stuck at the Manufacture "Lenovo" screen.

I have narrowed the issue down to a chkdsk issue. After the computer image is restored, computer does not boot, I can boot the computer with the Installation ISO key, go into recovery mode, go to command prompt, change drive to c: and run a chkdsk /f on c:. The process completes and I reboot. Windows 11 boots normal.

I made a Windows 10 Image, captured and restored the image and upon first boot of Windows 10 goes into a chkdsk, repairs itself and then boots.

Whats odd is that in both Windows 10 and Windows 11 ZCM image restores it appears there is a need for a chkdsk /f upon first boot in either OS. Windows 10 does a automatic checkdsk on first boot but Windows 11 just hangs. I checked the regkey to see if the autocheck disk was enabled for windows 11 OS and it is. I did a CHKDSK /f on both installs prior to capturing the image and ran a chkntfs to confirm the drive was not dirty.

ZENworks environment

##########################

ZENworks Configuration Management Version: 23.4.0.0
ZENworks Asset Management Version: 23.4.0.88
ZENworks Patch Management Version: 23.4.0.88
ZENworks EndPoint Security Management Version: 23.4.0.88
ZENworks Full Disk Encryption Version: 23.4.0.88
ZENworks Agent Version: 23.4.0.88
ZENworks Updater Service Last Contact Time: 8:55 AM
ZENworks Updater Service Version: 23.4.0.88

Windows Versions 

##########################

Windows 10 Education Version 22H2.19 64 bit

Windows 11 Education Version 23H2 Build (22631.3593) 64 bit

Windows 10/11 base Image creation process

##########################

1) Install Windows 11 from Iso

2) install Windows patches

3) Deploat OS with Windows10DebloaterGUI.ps1

4) Disable Hibernate with Powercfg /h off

5) Capture Image

6) Deploy image on same exact hardware (changed nothing) then we get boot issue in Windows 11.

Few things I have tried.

I have tried sysprep /oobe and non sysprep same results.

I have switched to using the Texera driver. This made no difference.

I have tried different hardware, same results. Windows 11 first boot stuck on Manufacture screen. Chkdsk /f in recovery mode fixes the issue.

I am wondering if the capture or restore process is causing the system partition to be in a dirty state.

Anyone experience this? does anyone know of a workaround?

Thanks,

Parents
  • 0  

    Is restoremask.xml on your image set to disable the Restore/Changing of the SID?

    https://www.novell.com/documentation/zenworks-23.4/zen_cm_preboot_imaging/data/bg4iu9s.html

    If not, the imaging restore process will try and alter the devices SID which is quite bad on WIndows 7, Really Bad on WIndows 10, and Really Really Bad on WIndows 11.

    The only place left that touches the SID is the Linux Imaging Boot Environment.  ZENworks WInPE has never done it, since that came along after touching SID became a real no-no and all ZENworks Agent code has been stripped of SID Touching.

    --

    Avoiding SID Change is likely sufficient.....

    If that does not help....I recommend creating a fresh image using the latest WIndows 11 Media but w/o any network connection to help ensure no updates are applied to the PC during the Image Creation as that can really mess with restored images as the identity updates itself as part of SYSPREP.  It's generally the store apps that cause the most issues.  If there are specific Windows Updates you want to apply such as the June Cumulative Update....that should be fine but I would download them and apply via a USB stick versus using Windows Update.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Created a new BASE Windows 11 23 H2 image

    Process:

    1) install Windows 11 EDU

    2) Wipe all partitions, then let windows installer create partitions

    3) unplugged ethernet cable

    4) No Microsoft updates installed, No hardware drives installed

    5) Ran cmd (administrator elevated) to disable hibernate powercfg /h off

    6) Power off computer, take image

    7) Restore image on same hardware, image process freezes at 7 seconds into the restore process on the following directory:

    c:\Program Files\WindowsApps\Microsoft.VP9VideoExtentions_1.0.50901.0_x64__8wekyb3d8bbwee\x86

  • 0   in reply to 

    "Yes, I forgot to mention that. Restoremask.xml is in the root of C: and when I finish retore an image I see the message "SIDchanger is disabled"

    With that method and the Restore Mask and message.....you SHOULD be good in regards to your issue with needing"CHKDSK".  The Sid Changing breaks the security settings on a number of files all across the computer since the permissions are set to the PCs SID.  Check disk goes through and fixes the invalid ones with the current SID.

    --

    In regards to the issue around VP9VideoExentions....I don't have any Good Suggestions other than the obvious LAME one....

    https://lazyadmin.nl/it/uninstall-microsoft-store-and-default-apps/

    Remove the VP9 Windows Store Apps from ALL USERS prior to taking the image.  

    I want to say something around making sure you are using the TUXERIA Driver....but that would be a total mess...since enabling it would be a major project.  You could test using WInPE on a one off basis.  There could be something in the file system with that app that the LInux NTFS Drivers are not liking.  But getting that fixed would be a Servicec Request and Dev work that will take a while.

    I know folks hate when I say it....But starting on WinPE will save you heart ache in the long run.   Far less Hardware Driver issues and it gives far more imaging options than just Disk Images.  How things work are basically the same with the same imaging commands....just done from a WIndows Boot OS instead of LInux.  When Setting up WinPE you can keep your current setup in place and just and a Boot Menu option to boot WinPE if you select it so you can test and play with it w/o impacting your current designs.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Please have a look in the BIOS and the Boot order. On some devices I have manually change the disk to first position.

    I also clear the entries of Boot devices in EUFI and set the command next boot to the harddisk.

    Also do a chkdsk c: /f /b /r before you  create the image file

    Here is a part of my Imagescript.txt:

    ________________________________________________

    efibootmgr -b 0000 -B
        efibootmgr -c  -L "Windows Boot Manager" -l "\EFI\Microsoft\Boot\BOOTMGFW.EFI" -d /dev/nvme0n1 -p 3
        efibootmgr -n 0000
        reboot -f

    _____________________________________________________________

    Please notice on this script that the "Windows C:Disk" is the htird partition !!!

  • 0 in reply to 

    Hi Adeckert2,

    I tried the efiboot commands, did not help.

    The system is booting, just stuck at the manufacturer login prompt. a simple checkdsk /f on the c: drive fixes the issue. I am not touching anything with the efi partition or boot order or bios.

    Something is going on with the linux driver making the image c: partition dirty. I am not sure if it's on the capture or the restore.

    Is it possible SIDchager is still operating even though the message on the ZENworks Image Engine indicates "SIDchager is disabled"

Reply
  • 0 in reply to 

    Hi Adeckert2,

    I tried the efiboot commands, did not help.

    The system is booting, just stuck at the manufacturer login prompt. a simple checkdsk /f on the c: drive fixes the issue. I am not touching anything with the efi partition or boot order or bios.

    Something is going on with the linux driver making the image c: partition dirty. I am not sure if it's on the capture or the restore.

    Is it possible SIDchager is still operating even though the message on the ZENworks Image Engine indicates "SIDchager is disabled"

Children
  • 0   in reply to 

    When SIDCHANGER Broke stuff and your Ran Checkdsk to fix it.....

    What it FOUND was "Invalid Security Identifier" or something along those lines.  

    AKA....Permissions to files and folders were assigned to some unknown SID which caused a circle of death at boot.

    If you look at the errors Checkdsk finds...are it those or something different???

    Are you using SYSPREP in your process?  I did not see it referenced.  Normally you would want too....but I was going to suggest the following....

    #1 - Grab PSGETSID from SYSINTERNALs.

    #2 - Run it to get the SID of a PC.

    #3 - Take an Image w/o using SYSPREP

    #4 - Restore it using LinuxPE as you are.

    #5 - After getting back into Windows after using FDISK to fix things.....Run PSGETSID again...Is it Different?

    --

    If it is different try this......

    Grab a Copy of ZISWIN.exe from a PC with the ZCM Agent and copy it to this PC. (The EXE is stand-alone does not need the agent.)

    Do a "RunAsAdmin" with ZISWIN.exe and use it to not restore stuff.  Maybe there is something off about the XML and the server is not really honoring it...Dunno....

    --

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Thanks Craig.

    I'll try these and get back to you in a bit.

  • 0 in reply to   

    I am not using sysprep in my process. I'm doing a BASE image test. Basiclly testing the imaging system.

    One of my tests I did try a SYSPREP /OOBE and still got the same issue with the boot. This test did have the retoremask.xml.

    Previously I was using zmgexp.bat tool to copy the restoremask.xml file after the image was created. I thought this might be messing up the .ZMG file. SO When I created the new images yesterday I had the restoremask.xml file on my flash key. I'm trying to take out as much variables as I can.

    I'm going to get the SID of the computer and determine if the restoremask.xml is actually working. 

    Does the restoremask.xml need to be in a specific directory? or is the root of c: sufficient?

  • 0   in reply to 

    At this point...I dont think it's SID or a process error.

    Maybe running CHECKDSK before will help.....

    If that does not....it may be an issue with the Linux NTFS Drivers not liking something in Windows 11.  (New to me and a theory.)

    So you might have better luck testing the creation using WInPE but just a guess.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    I checked the SID and they did not change. The retoremask.xml is working.

    I think the issue is in the c:\program files\windowsapps directory, this is based on the repair chkdsk is doing.

    I'm working on adjusting rights and then comparing the WindowsApps directory before an image and after an image to see if the cloning process is missing files.

    Additionally, I am trying to image with different versions of Windows 11 to see if things change.

    I'll post my results after I am done testing.

  • 0 in reply to 

    Adjusting the rights did not help. Same boot issue.

    I downloaded Windows 11 21H2 (November 2021 Update). I was able to take an image and restore it without having any issues with c:\program files\windowsApps directory. Still got the same result no boot. I jumped into recovery mode did a checkdsk on c: this time it did not fix the issue. To fix the issue I booted into recovery mode and ran the fix startup issues and that resolved the problem. The logs on the c: drive indicate a corrupt system drive. I tried the fix that  recommended and that did not work. I did confirm that my c:\ system was the partition #3.

    Additional notes, I have tried two different machine types with the same boot imaging issue. I also have secure boot turned off in the bios.

    Has anyone imaged Windows 11 using the ZenWorks image engine?

  • 0 in reply to 

    yes, hundreds of devices with W11 32H2. Do you have the latest Imaging Patch files?

  • 0 in reply to 

    Not sure.

    I ran the auto update to patch the ZCM server.

    Are there independent patch files for imaging? I'm going to check the website now.

  • 0 in reply to 

    I'm running ZCM 23.4

    ZCM : 23.4.0.0
    ZAM : 23.4.0.88
    ZPM : 23.4.0.88
    ZESM : 23.4.0.88
    ZFDE : 23.4.0.88

  • 0 in reply to 

    I downloaded the Tuxera driver, it shows "Available" on both ZCM servers and I am using the Bootcd_Tntfs.iso that was created after the Tuxera drivers were finished installing on the servers.

    Are yo using the Tuxera driver?