Archive

Archive for August, 2015

Updating Windows at the source

Since the release of Windows Vista, Windows has been installed by using a compressed image file, known as a WIM file. This is what allows Microsoft to ship one disk containing the home and other versions of Windows, unlike the multiple disks of the XP era. What makes a WIM file even more useful is that it can be mounted inside a running copy of Windows and have patches and drivers injected directly into the image. This is extremely handy when you realise that Windows 7 has been out for almost 6 years now and has a couple of hundred patches out there. Anything that cuts down the wait for Updates to install is a good thing, as well as having a more secure system out the box.

There are a couple of limitations however:

  1. You can’t inject all the update patches offline. Certain updates can only be installed when Windows is running.
  2. NET Frameworks cannot be injected offline. These will need to be installed and patched after Windows is up and running.
  3. You can only inject patches if they are in CAB or MSU format. EXE files are not usable here.

To update Windows 7 (or 8 or Server editions for that matter) you will need the following:

  • Windows 7 media or ISO file. I don’t have access to OEM disks so cannot say if those can be updated. What you really need is the install.wim file, found in the \Sources directory on the disk. It’s the single biggest file on the disk.
  • Windows 7 Automated Installation Kit or the later Windows 8.1 Assessment and Deployment Kit. You need this for the DISM tools which services the WIM file.
  • Access to the updates for Windows 7. There are many ways to get these, but I have found that looking the C:\Windows\SoftwareDistribution\Download folder on a patched machine to be one of the better ways to get the updates. Other tools have had mixed success for me.
  • Hard drive space and patience. Injecting updates, committing the changes to the WIM file and optionally recreating the ISO file will take time.

Here’s my step by step guide on how to do this update procedure. A note before I begin however. My guide is a little longer than strictly speaking necessary. If you have access to ISO editing software, you could just replace the install.wim file and be done. However, I am going to include the steps to rebuild an ISO image, including the option to make it UEFI boot compatible.

Updating Windows

  1. Make 3 folders on a hard drive. For example C:\Win7, C:\Updates and C:\Mount.
  2. Copy the install.wim file from your ISO or DVD to C:\Win7.
  3. Install the Windows 7 AIK or Windows 8.1 ADK. Specifically, we are looking for the Deployment Tools option. We don’t need the rest for this process.
  4. Place all the updates for Windows 7 into the C:\Updates folder.
  5. Open up the “Deployment and Imaging Tools Environment” shortcut as an Administrator. The DISM commands will only run with Admin approval.
  6. Run the command dism /get-wiminfo /wimfile:C:\Win7\install.wim
    This will tell us about the various Windows editions present in the WIM file. Depending on the disk, it may include multiple editions or only 1. Take note of the index number which corresponds to the edition of Windows you want to update, we will use it in the next command.
  7. dism /mount-wim /wimfile:C:\Win7\install.wim /index:X /mountdir:C:\Mount (replace X with the number you want from step 6) DISM will mount the image edition at the C:\Mount folder
  8. dism /image:C:\Mount /add-package /packagepath:C:\Updates
    DISM will now start to add all the MSU and CAB files it finds in the C:\Updates directory and apply them to the mounted image. This will take some time, so feel free to take a break. Some updates may cause an error; these updates are only meant to be installed when Windows is running. You will need to find out what updates caused the error and remove them. Type dism /unmount-wim /mountdir:C:\Mount /discard to discard all the changes and follow steps 7 & 8 again until the process is error free.
  9. dism /unmount-wim /mountdir:C:\Mount /commit
    This will commit the changes, save and unmount the WIM file.
  10.   If you want to update another edition of Windows 7, go back to step 7 and use another index number. Go through steps 7-9 again for all editions you want to update.

Building the new ISO for Windows 7

If you are planning to use the updated WIM file with Microsoft Deployment Toolkit, you are good to go and can use the updated install.wim file in conjunction with the rest of the Windows setup files. Otherwise, you’ll need to create a new ISO image that can be used virtually, burned to DVD or used on a USB flash drive for install purposes.

Open up the “Deployment and Imaging Tools Environment” shortcut as an Administrator again. Run the following command to make the ISO file that can boot on traditional BIOS based systems or on UEFI systems. For the most modern UEFI systems, make sure Secure Boot is disabled before you install Windows 7, as it is not Secure Boot capable.

For this step, copy all the files from your Windows 7 DVD or ISO to the Win7 directory, but leave out the old install.wim file or you will have wasted your time.

oscdimg.exe -u2 -udfver102 -bootdata:2#p0,bC:\Win7\boot\etfsboot.com#pEF,ebC:\Win7\efi\microsoft\boot\efisys.bin -o –lVOLUME_LABEL C:\Win7 C:\Win7\Win7.iso

Replace VOLUME_LABEL with something of your choice.

You can now burn the ISO file to DVD, use it on a flash drive or as an ISO with any VM software.

I have not tried this procedure with Windows 8.x, but I believe it should work the same way as the file layout of the relevant files and folders are near identical.

The Windows 10 upgrade experience

On Wednesday 29 July 2015, a new chapter opened up in the history of Microsoft’s Windows. Windows 10 was unleashed on the world, Microsoft’s attempt to remedy the largely cool reaction to Windows 8, as well as stay relevant (at least in the eyes of a lot of tech bloggers) in the new app centric world. The return of the Start Menu, an unprecedented public participation process via the Windows Insider program, free upgrades for a year, DirectX 12 for gamers and many more features all combined to build up a hype that has not been seen for a long time in the Windows world.

Like millions of other people, I reserved my copy of the Windows 10 upgrade via the app in the system tray that appeared after a round of Windows Updates a few months back. The idea was that this application would trickle download Windows 10 in the background as soon as the system went RTM, so that on launch day you’d be ready to upgrade immediately. Only problem is that the trickle download process started 1-2 days before the launch of Windows 10, which meant that with my slow ADSL speed, it would be some time before I’d be ready to go, let alone the chance that I’d be in one of the later waves of the rollout. This is probably due to the fact that build 10240 only went RTM 2 weeks before the global rollout. Either way, I was impatient to get going.

Thankfully Microsoft thought clearly and made ISO images available for direct download or via the Windows 10 Media Creation Tool. I snagged a copy of the Media Creation Tool and used it to download a copy of Windows 10 at work, where I have access to a faster internet connection. Once the ISO file was built by the tool, I burned it to DVD for 3 other staff members who were interested. It’s legal to do this by the way, since each person would be having their own upgrade key made during the upgrade process. For myself, I used the excellent Rufus utility to burn the image to a flash drive. Although the Media Creation Tool can burn the image to flash drive, I’ve come to trust Rufus, especially thanks to its ability to create properly booting UEFI capable media.

Once at home, I simply inserted the flash drive, double clicked on setup.exe and let the upgrade process run. I had previously been running Windows 8.1 with all updates applied. The installation process ran smoothly and took about half an hour to move all my files, upgrade itself and get to the desktop. All of my software remained installed and I haven’t yet had any compatibility issues software wise. I did have some issues with my PC’s built in Bluetooth adapter, but a couple of hours after the upgrade, a driver had been installed in the background and the adapter was good to go again. After the upgrade, I did manually install Nvidia’s latest graphics driver, since I already had it downloaded and couldn’t wait on Windows Update to deliver the driver.

So far, I mostly like Windows 10. It’s been stable despite the upgrade, no blue screens or crashes. As mentioned, all my software has remained in working without issue. Speed wise it feels a little faster than Windows 8.1, but not much. The speed may be more impactful on users coming from Windows 7 or earlier. My biggest real gripe at the moment with Windows 10 is the severe regression in the OneDrive client, a very well moaned about topic on the net. Windows 8 and 8.1 spoiled me in that regards with placeholder sync that let me see the files that were on my OneDrive, without actually needing to download them. The Windows 10 version basically takes us back to the Windows 7 version of the client where you have to chose which folders and files to sync, which will then chew up space on your hard drive. I am not happy at all with this change, but I am holding out that the new client that should be here by the end of the year will offer a better experience.

One small note: my copy of Windows 10 wouldn’t activate until a day after the install. While I kept thinking that somehow it was related to my Windows 8.1 key, it was simply a case of the fact that the activation servers were getting hammered into oblivion. Over 14 million people upgraded in the first 24 hours, so I am not surprised that I struggled to activate. I am assuming that now, almost 2 weeks later, activation should be happening immediately as per normal again.

It’s been a common refrain that I’ve seen on the net from reviews that if there’s one thing Windows 10 needs, it’s that it needs more polish. Lots of little fit and finish issues keep cropping up older legacy parts of Windows are moved into the modern framework. Different right click menus, a System Settings App that isn’t quite Control Panel yet, out of place icons etc. all need some time and attention before Windows 10 becomes its own unique system. With the promise of Windows as a Service, it’s likely that many of these issues will go away with time as the system keeps being updated and improved. One thing is for sure, it’s going to be an interesting ride indeed.

The long hunt for a cure

At the end of March 2014, our school took ownership of a new Intel 2600GZ server to replace our previous HP ML350 G5 server which was the heart of our network. The HP had done a fantastic job over the years, but was rapidly starting to age and wasn’t officially supported by Windows Server 2012 R2. Our new server has 32GB of RAM, dual Xeon processers, dual power supplies, 4 network ports and a dedicated remote management card. Although a little pricier than what I had originally budgeted for, it matched what the HP had and would earn its keep over the next 5-7 years worth of service.

After racking and powering up the server, I installed firmware updates and then Server 2012 R2. Install was quicker than any other server I’ve done in the past, thanks to the SSD boot volume. After going through all the driver installs, Windows Updates and so on, the server was almost ready to start serving. One of the last actions I did was to bond all 4 network ports together to create a network team. My thinking was that having a 4Gb/s team would prevent any bottlenecks to the server when under heavy load, as well as provide redundancy should a cable or switch port go faulty. Good idea in theory, but in reality I’ve never had a cable or port in the server room go bad in 6+ years.

Looking back now, I’m not sure exactly why I bothered creating a team. While the server is heavily used as a domain controller, DHCP, DNS and file server, it never comes close to saturating 1Gb/s, let alone 4. Almost every computer in the school is still connected at 100Mb/s, so the server itself never really comes under too much strain.

Either way, once everything was set up, I proceeded to copy all the files across from the old HP to the new Intel server. I used Robocopy to bulk move files, and in some cases needed to let the process finish up over night since there were so many files, especially lots of small files. Data deduplication was turned on, shares were shared and everything looked good to go.

When school resumed after the holidays, the biggest problem came to light right on the first morning: users being unable to simultaneously access Office files. We have a PowerPoint slideshow that is run every morning in the register period that has all the daily notices for meetings, events, reminders, detention etc. Prior to the move, this system worked without fault for many years. After the move, the moment the 2nd or 3rd teacher tried to access the slideshow, they would get this result:

WP_20140409_001
Green bar of doom crawling across the navigation pane, while this odd Downloading box would appear and take forever to do anything and would tend to lock Explorer up. Complaints naturally came in thick and fast and the worst part is that I couldn’t pinpoint what the issue was, aside from my suspicion that the new SMB3 protocol was to blame. I had hoped that the big Update 1 update that shipped for Windows 8.1 and Server would help, but it didn’t. Disabling SMB signing didn’t help either. At one point, my colleague and I even installed Windows 8.1 and Office 2013 on some test machines to try and rule out that possibility, but they ended up doing the same thing. As a stop gap measure, I made a dedicated Notices drive on the old HP, which was still running Server 2008, which ran fine with concurrent access to the same file. Online forums weren’t any real help and none of the other admins in Cape Town I spoke to had encountered the problem either.

In the last school holidays just gone by, we finally had a decent gap between other jobs to experiment on the new server and see if we could correct the problem. I broke the network team, unplugged 3 of the 4 cables and disabled the LACP protocol on the switch. After reassigning the correct IP to the now single network port, we did some tests on opening up files on 2 and then 3 computers at the same time. We opened up 15MB Word documents, 5MB complicated Excel files, 200MB video files and more. The downloading box never showed up once. Unfortunately, without heavier real world testing by the staff, I don’t know if the problem has been resolved once and for all. I am intending to move the Notices drive during the next school holiday and we will see what happens after that.

Chalk one up for strange issues that are almost impossible to hunt down.