Windows 10 UEFI golden image hangs on installation

pauleb

Hey there and thanks for this great forum. It helped me a long way.

I managed to create a Win 10 golden image for legacy bios and to deploy it. Once I got it down it worked great.
Now I have to do it for UEFI since we got PCs without legacy / CSM as a boot option.

I’m using fog 1.5.10 (upgraded from 1.5.9)

I create the golden Win 10 22H2 Image from in a KVM VM on Ubuntu 22.04 with its firmware set to UEFI x86_64: /usr/share/OVMF/OVMF_CODE_4M.fd
Harddisk and network is set to virtio. So the virtio drivers are installed in the image. It is the same setup as for the legacy boot image.

After running sysprep I capture the Image.
My capturing settings are: Single Disk - Resizable; Everything; Partclone Uncompressed
I don’t think, that it matters, but Compression is set to 0.

When deploying I have two issues:

The first one, I could work around, is that I am not able to find the correct exit mode for the fog menu to allow booting from the first harddisk. I tried all of them:

When leaving it empty or using REFIND_EFI I get:
Could not boot: Permission denied (https://ipxe.org/0216ea8f) which hints at a incorrect certificate name.

GRUB, GRUB_FIRST_HDD, GRUB_FIRST_FOUND_WINDOWS: reentering fog menu

SANBOOT:
Boot from SAN device 0x80 failed: no such device https://ipxe.org/2c222087

I get this behaviour on different devices like the Acer TravelMate P614-51T-G2; Dell OptiPlex 3000 and a Lenovo ThinkCentre M81 from 2012 and even on the VMs when I use UEFI mode. The Lenovo works fine in auto or legacy mode but the other two machines miss this option.

Secure boot is disabled on all the machines.
I just swichted from ipxe.efi as bootfile to snponly.efi for uefi boot. Since my Problem is exiting and not booting up I think it makes no difference.

I think similar problems have already be reported.
For me, I could get around this whole issue by manually starting the network boot, but I wanted to address it nonetheless. Maybe the Error messages are useful and / or related to my core issue.

but the hard problem is:

When deploying the Win 10 Image it gets written on the disk, and on installation it hangs with “Einen Moment bitte …” (A moment please …) and sometimes shows the “Why did my PC reboot” screen. I’m sorry that I probably miss the english titles of the screens, I just did the german installation.

I used the same unattend.xml and the same software in the Image.
The Windows drivers get deployed via postdownloadscript as described in https://forums.fogproject.org/topic/7391/deploying-a-single-golden-image-to-different-hardware-with-fog

I thought I had to install one or two drivers directly to the Image for one of the legacy boot machines, but since the new computers are different, I would assume that they should not need this. Also I don’t remember what drivers they were. When comparing the installed drivers on the two pre - sysprep VMs with driverquery the only difference I could find was the version of the virtio - drivers.

This also happens when deploying to a VM with the same configuration as the one the image got captured.

I tried sysprepping and capturing again, but got the same result.

The only difference left other than the firmware to the legacy boot vm is, that I did not use the whole disk for Windows on the UEFI VM. I left some space for a future Linux dual boot setup.
I’ll try to create a new VM with just Windows on its hdd tomorrow.

Nonetheless I would really appreciate if anyone who had similar problems could point me in a direction.

Sorry for the wall of text, but it seems that I am not able to find the sweet spot between a thorough description of the problem(s) with possibly relevant information and a wall of text that nobody wants to read.

best regards,

Paul

george1421

@pauleb There is a lot of info in here to unpack so lets start with the easy stuff.

UEFI exit modes. There are only two. rEFInd and EXIT. All other modes are for BIOS computers.

So if you change the firmware to boot off the hard drive does it work correctly after imaging?

When deploying the Win 10 Image it gets written on the disk, and on installation it hangs with “Einen Moment bitte …” (A moment please …) and sometimes shows the “Why did my PC reboot” screen. I’m sorry that I probably miss the english titles of the screens, I just did the german installation.

I have seen bad drivers do this, OR leaving the fog client service enabled before you sysprep the computer. A bad driver install may cause the computer to spontaneous reboot before winsetup/oobe finishes. You will get that botched install message. OR if you leave the fog client service enabled, as soon as the fog service connects back to the fog server after imaging, it will start its tasks for renaming the computer, connecting to AD, or what ever else. You only want the FOG Client to do that after winsetup/oobe is finished. Typically you would disable the fog client service before sysprep and then reenable it in the setupcomplete. cmd batch file that is run at the end of winsetup and before the login screen is presented.

Flyer

@pauleb I recently went through this and used the script I posted in this thread to create the EFI entry for the windows boot.

The Image must be in GPT format, or at least I had no luck with MBR…

I never got to the Windows boot loader at all with CSM disabled until I used GPT and the script I posted at the link above. My machines would just hang at a black screen, and the drive was not seen in the EFI BIOS until I set the EFI entry as described using efibootmgr in that script. Though I have to say I am not sure I ever tried a GPT image without the script.

I made my image in VirtualBox set to EFI, though I had to turn off EFI to get Virtual Box to network boot and not fire up the golden image, ruining it due to it already being sysprepped, but that is a different story.

pauleb

Thanks for your feedback!

I recently went through this and used the script I posted in this thread to create the EFI entry for the windows boot.

Since the Windows installation is starting when booting to the harddrive I suppose the EFI entry exists.

The Image must be in GPT format, or at least I had no luck with MBR…

The drive was formatted during the Windows installation and I checked it now. It is GPT.

I never got to the Windows boot loader at all with CSM disabled until I used GPT and the script I posted at the link above. My machines would just hang at a black screen, and the drive was not seen in the EFI BIOS until I set the EFI entry as described using efibootmgr in that script. Though I have to say I am not sure I ever tried a GPT image without the script.

I had a similar problem before I recognized, that I had to use an UEFI machine to capture the image. But now I just get the two blue screens with "One moment please … " and the other one with “Why did my PC reboot”.

I made my image in VirtualBox set to EFI, though I had to turn off EFI to get Virtual Box to network boot and not fire up the golden image, ruining it due to it already being sysprepped, but that is a different story.

This works for me in KWM as expected. I am able to network boot either via boot menu or when set in the boot order.

pauleb

@george1421 said in Windows 10 UEFI golden image hangs on installation:

UEFI exit modes. There are only two. rEFInd and EXIT. All other modes are for BIOS computers.
So if you change the firmware to boot off the hard drive does it work correctly after imaging?

Thanks for the clarification. I was confused since all options are available in the BIOS and in the UEFI dropown.

I forgot to mention in my original post, that I also tried EXIT. The results were not conclusive to me. It seems I did not try it often enough on all devices.
I tried it again and now it seems to work on the Dell, but on the Acer after the first boot, going to the UEFI boot selection screen and booting Windows the boot order in the UEFI settings is reset to boot from the harddrive first. On KVM with EXIT I also get to the UEFI boot selection screen, but here (during system preparation) the default does not get reset to the Windows boot manager.

Changing the boot order and booting directly from the harddrive did work after imaging. Since I don’t plan to image that often the workaround to manually enter pxe boot is viable for me.

I have seen bad drivers do this, OR leaving the fog client service enabled before you sysprep the computer.

To prepare the golden image I added the necessary steps to a batch file to prevent forgetting one of them. It executes:

copy runonce.bat "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\"
del /s /q C:\customize\Win10
del /s /q C:\customize\Office_Deployment
cd c:\Windows\System32\Sysprep
net stop wmpnetworksvc
net stop fogservice
sc config FOGService start= disabled
sysprep.exe /generalize /oobe /shutdown /unattend:C:\customize\customize.xml

So the FOGService should be disabled and later reenabled via the setupcomplete - script after installing Windows. I did my original setup according to https://wiki.fogproject.org/wiki/index.php/FOG_Client .
Running sc config FOGService start= disabled in cmd seems to work also with Fog client 13 (I still have an older version in my BIOS golden image where everything works).
I’ll try running the commands one by one on my next try.

Concerning possible problematic drivers, I will create a new minimal viable golden Image without the virtio drivers (I used virtio-win-0.1.229.iso on my original UEFI image - just for reference) and report back.

Flyer

@pauleb Intriguing. So you didn’t need to create a EFI entry for the drive? I wonder if it was already there for that drive from the previous image or something.

I guess mine did not work because I first imaged my test machine with an MBR image, which made the EFI entry no longer show up.

Good luck, and thanks for the info.