EDIT: 2011/04/14 – I’m working on another method of doing this since it appears that this only works sporadically or no longer works as written. I will update this post if I can figure out where the disconnect / issues are.
I’ve been experimenting with creating a good Windows Server 2008 R2 template for VMware vSphere 4 and wondered just how many times Microsoft would allow an activation on the same MSDN license key (Multiple Activation) for the OS. I often deploy multiple servers at a time and am always fearful of activating since I don’t want the key to be shut off. Typically I only run these servers for short periods of time so not activating is no big deal, however in longer running projects I often have no choice but to either activate or destroy and redeploy. With information that I’ve come across on the Internet, I’ve managed to consolidate a method that does not break the Windows Server 2008 activation, while still sysprep’ing and generating a new SID.
This process can be used for other virtualized environments as well I’m sure, but in this case I created it for VMware vSphere.
[ad#Google Adsense-1]
Create and Activate a Windows Server 2008 R2 VM.
Download the WAIK (Windows Automated Installation Kit) from Microsoft. This is a pretty good sized download (almost 2 GB if I remember correctly) so go and grab a cup of coffee or something, or watch the Jack Bauer Power Hour (also known as ‘24’), or something to pass the time while downloading. You’ll also need a copy of the Windows Server 2008 R2 DVD, so if you don’t have that handy, log into your MSDN account and pull it down as well.
After downloading the WAIK, install it on your workstation. You do not need to run it from the target machine. I configured this on my Win 7 development box. We’re going to create an unattend.xml file to be used with Sysprep to configure the template.
After the WAIK install, run Windows System Image Manager (WSIM) (located in Start > Programs > Microsoft Windows AIK > Windows System Image Manager by default). Insert your Windows Server 2008 R2 DVD into your local drive, or mount the image. You’ll need files from it.
Choose File > Select Windows Image…
Navigate to your server CD/DVD in the Select a Windows Image browser. Inside the ‘Sources’ directory, choose the version of Windows Server that you want to create the unattend file for.
This should add the Catalog information to the lower left hand area of WSIM as seen below.
Create or Open an Answer File in the ‘Answer File’ area of WSIM.
Expand Components and drag and drop to the ‘Answer File’ area as pictured and described:
- Under 3 Generalize
- amd64_Microsoft-Windows-OutOfBoxExperience_neutral
- amd64_Microsoft-Windows-Security-SPP_neutral
- amd64_Microsoft-Windows-ServerManager-SvrMgrNc_Neutral
- Under 4 Specialize
- amd64_Microsoft-Windows-IE-InternetExplorer_neutral
- amd64_Microsoft-Windows-Shell-Setup_neutral
- Under 7 oobeSystem
- amd64_Microsoft-Windows-International-Core_neutral
- amd64_Microsoft-Windows-Shell-Setup_neutral
In case you’re like me and wondered if amd64 meant that it was for amd processors, the amd64_… items are for all 64 bit platforms whether Intel or AMD.
Keep in mind that 99% of these settings are personal choice for my template. The ONE that really matters is coming up very shortly.
Clicking on the items in the middle ‘Answer File’, I made the following adjustments using the area on the right ‘… properties’. The item in bold below (amd_64_Microsoft-Windows-Security-SPP_neutral: SkipRearm = 1) setting is the setting that will keep Windows from needing to reactivate after Sysprep has been run.
- 3 generalize
- amd64_Microsoft-Windows-OutOfBoxExperience_neutral
- DoNotOpenInitialConfigurationTasksAtLogon = true
- amd64_Microsoft-Windows-Security-SPP_neutral
- SkipRearm = 1
- amd64_Microsoft-Windows-ServerManager-SvrMgrNc_neutral
- DoNotOpenServerManagerAtLogon = true
- amd64_Microsoft-Windows-OutOfBoxExperience_neutral
- 4 specialize
- amd64_Microsoft-Windows-IE-InternetExplorer_neutral
- DisableAccelerators = true
- DisableFirstRunWizard = true (this one really drives me nuts)
- Home_Page = about:blank
- ShowCompatibilityViewButton = true
- TrustedSites = [any sites that you want to automatically be trusted by the browser – separated by semi-colons]
- amd64_Microsoft-Windows-Shell-Setup_neutral
- ProductKey = [your product key… can’t have mine. 😉 ]
- RegisteredOrganization = [your company name]
- RegisteredOwner = [your name]
- TimeZone = [your time zone – Mountain Standard Time]
- amd64_Microsoft-Windows-IE-InternetExplorer_neutral
- 7 oobeSystem
- amd64_Microsoft-Windows-International-Core_neutral
- InputLocale = [your localization info ie. en-US]
- SystemLocale = [your localization info ie. en-US]
- UILanguage = [your localization info ie. en-US]
- UserLocale = [your localization info ie. en-US]
- amd64_Microsoft-Windows-Shell-Setup_neutral
- (click the plus sign to get to these) Display > Color Depth = 32
- Display > HorizontalResolution = [your preferred width – ie. 1024]
- Display > VerticalResolution = [your preferred height – ie. 768]
- OOBE > HideEULAPage = true
- UserAccounts > AdministratorPassword = [your local admin password]
- amd64_Microsoft-Windows-International-Core_neutral
You can check out the documentation and continue customizing until your heart is content. Once again, the important flag to set is SkipRearm = 1. This will prevent you from having to reactivate Windows.
When your customization is complete, go to File > Save Answer File. I named mine ‘unattend.xml’.
[ad#Google Adsense-1]
In your Windows Server 2008 R2 virtual machine, copy the unattend.xml file into the following path:
c:windowssystem32sysprep
Create the following path if it doesn’t exist:
c:windowssetupscripts
Inside the ‘scripts’ directory, create a text file with the following line inside:
del /Q /F c:windowssystem32sysprepunattend.xml
This will delete the unattend.xml file that you have stored after sysprep completes, otherwise the file will still be there. Name the file ‘SetupComplete.cmd’. It is VERY important to make sure that you give this file the .cmd extension and not allow it to keep the .txt extension. Make sure that ‘hide file extensions for known file types’ is unchecked inside the folder view options. You should see an icon similar to the one below, instead of the typical text file icon.
You’re almost ready to Sysprep the environment now.
I cloned the VM at this point so that I would have a clean environment in which to go back and make changes to, like running Windows Updates, etc., for when I need to generate a new template or an updated template.
Read the following paragraphs in their entirety before doing anything further. You can lose your template if you reboot a sysprep’ed VM.
If you’ve made all the changes / installations / etc. to the OS and have your unattend file configuration completed, on the server, from the command prompt (you should run the command prompt as Administrator), run the following commands.
cd c:windowssystem32sysprep
sysprep /generalize /oobe /shutdown /unattend:unattend.xml
This ‘sysprep’ command tells sysprep to use configuration information from the ‘generalize’ node and ‘oobe’ node of the xml file. The ‘specialize’ section will run automatically and does not need to be included as a parameter. The ‘shutdown’ switch tells the system to shutdown after sysprep completes, in case you were wondering. 😉
After sysprep finishes running and the system shuts down, it is VERY IMPORTANT that you DO NOT START THE SERVER (as in reboot). Upon reboot, sysprep will run it’s commands and you will have a new system. If you do this, you just lost your template, though I guess nothing would stop you from simply sysprep’ing your system again.
In vCenter, immediately right-click this virtual machine and select ‘Template’ > ‘Clone to Template’ or ‘Convert to Template’ based on what you want to do with the original.
When deploying a virtual machine from this template, make sure to choose ‘Do Not Customize’ in the Deploy Template wizard > Guest Customization screen. Your customizations are already baked into the OS thanks to Microsoft. When you boot the new VM, you will see sysprep configuring the OS.
Thanks to all the bloggers out there whose information helped me to consolidate this post. Also, thanks Microsoft for including this feature and providing such thorough documentation.
Read The Effin' Blog 
Worked like a charm, brother! Great post! The only thing I had to do different was to modify the syntax to sysprep the machine. It needed the parameter before the file name. (/unattend:)
sysprep /generalize /oobe /shutdown /unattend:unattend.xml
Thanks for the note Frank! Updated the blog to reflect that.
This didn’t seem to work for me. I’m running x86. The name of one of the options didn’t exist but i have Microsoft-Windows-Security-Licensing-SLC, and I set SkipRearm = 1 on that one.
Here is what I did that even more disturbing is that it’s loosing activating just by doing a simple clone (even before sysprep). I activated the copy, shut it down, cloned it to a new one (not customizing anything — basically making a copy) and then starting up the copy. Everything is technically still the same (with the exception of the underlying VMWare UUID and the MAC address). At that point in time it still complains that it has 3 days to activate. Running the original in another window and it’s still activated.
It’s not really a super issue as I have several keys but we’ve alreay run into issues with keys in the past moving VM’s to different hardware, and having to reactivate it again.
Great Article! One thing you can also do though, you can just import the xml file into the vCenter customization specifications, and then you don’t have to sysprep every time you make a change, you can continue to work with your template as normal, shut it down, and vSphere will deploy the customization during the template deployment process.
@Gary: What OS were you doing this on? I’ve only tested it on R2, which is 64-bit.
@Justin: Thanks for the update Justin! That’s a great point I didn’t even consider.
The AIK you link to is the 2003 / XP one (which hasn’t worked so far for me) – surely it should be the 2008 R2 / Win7 one?
http://www.microsoft.com/downloads/details.aspx?FamilyID=696dd665-9f76-4177-a811-39c26d3b3b34&displaylang=en
@Simon: Thanks for the heads-up on the AIK link. I’ve updated the blog post to reflect the 2008R2 and Win7 AIK.
Thanks for a great article, this helped me track down a couple of small details that were messing up my sysprep process. I am curious about somthing though… I’m Running VMWare ESX 3.5U3, machines hosted on NFS storage volumes. I’ve created a 2008R2 Standard template, activated it, and prepped it as indicated in your article. When deploying an image from the template, a new VMWare UUID/biosID is created for the resulting machine. This seems to break the activation of my machine every time. I’m confident that the SkipRearm parameter is being applied, because the resulting machine still has 3 available rearms after cloning (verified using slmgr.vbs /dlv) Has anyone else seen this behavior, or know of a way to circumvent it? I’ve tested with a MSDN MAK we have available as well as an “unlimited” SPLA key and both give the same results.
@Drew: Unfortunately I haven’t played around with ESX 3.5 and a 2008R2 template so I don’t have any info on that. If I get a chance to stand it up in a lab I’ll do so and post back comments here, but it will likely not be anytime soon. Good luck and I hope you’re able to find a solution. Please let us know if you do.
@clement: Thanks for the response. I know the answer here is probably “get current” on the VMWare side, and that project is in the pipeline, so I’ll certainly let you all know if it resolves my issues. I have done a little more testing and can now say without a doubt that a base clone (even without using syprep to re-sid/rename) will cause a new UUID to be created and break the windows activation of the R2 machine. I have a few other things to try but I think it may be a lost cause on 3.5. Thanks again.
@Drew: Best of luck with it. I hope something works out for you before the upgrade since the pipeline may be a ways off. If I come across anything that matches your needs in my Internet travels, lab experimentation, or client work, I’ll be sure to post it back here, and send you an email to let you know.
By the way, you might want to also consider a Microsoft license server on your local network. I don’t know the exact specifications for it, but you can set up a remote activation system that will allow you/your organization to manage the licenses without the need for Internet activation. This is how users can install activation based software on secure / private networks without the need to pick up the phone and call MS with every activation. I know it’s only a patch, but may help you in the interim between now and your upgrade.
I’m looking to add this under the following tag
vim.vm.customization.SysprepText
into a VMware generated customisation script XML
Everytime I try to import the value I get an invalid XML import, if someones managed to do this successfully please include it in the comments.
Found this guide, and followed it to the letter (Win2k8R2). Deployed to an ESXi4.1 host, but the final VM still requested re-authentication. I definately included SkipRearm and included our MAK key in the unattend.xml file.
I have a couple of questions about this;
Do you enter the product key in the same format as a manual activation? e.g. xxxxx(dash)xxxxx(dash)xxx etc
If there are any errors in the unattend.xml file, will the whole file be rejected, or just the line with errors?
I added the time zone as (in my case); GMT. Is this acceptable, or does it need to be set to the full text?
@Tony, I’ll answer what I can…
On the product key: Yes, I entered the product key with the dashes included.
Errors in the unattend file: I’m not sure about this. I would assume that an error would only error out that line, but with the way things are thrown together sometimes, it is entirely possible that a single error will corrupt the sysprep or at least corrupt that section of the sysprep.
Time Zones: The time zones require an exact string format. “GMT” will not work. For GMT, use the text “GMT Standard Time”. To look up the time formats, you can use: “tzutil /l”. TZUTIL (time zone utility) is available under windows 7 installations, and likely server 2008 R2 though I haven’t confirmed this. The switch is an ‘L’ as in List.
Hope this helps. Let me know how this works out for you.
Good luck.
Thanks Clement, I really appreciate your time. I’ll make some changes to my unattend.xml file to reflect this. I have some more information on this now.
My testing involves the following;
Taking the .OVA template (built and exported from an ESXi 4.1 host), and importing this on a vSphere 4.0 cluster. Once imported, I ‘clone to template’, then start the resulting VM. I have confirmed that this works ok, and the resulting 2008R2 VM shows as activated. The cluster and ESXi4.1 host have full Internet connectivity.
I also have another totally standalone network, with an ESXi 4.1 host. This is the network I really need to be able to deploy the pre-activated 2008R2 VM’s on, but on this network, when I start the VM, 2008R2 shows as needing re-activation. I’m using exactly the same template, but as stated, this network has no Internet connectivity.
If I try the template on another (Internet connected) ESXi 4.1 host, this template works fine.
Any ideas?
Also tried this (http://www.mydigitallife.info/2009/09/24/how-to-backup-and-restore-windows-7-and-server-2008-r2-activation-status-activate-offline-on-reinstall/) as a possible workaround, taking the files from an auto-activated VM that worked ok using your method, but still no joy.
Just to get this VM activated, I went through MS’s automated phone activation system, which did work for the standalone VM.
@Tony: Not sure why you’re encountering what you’re encountering. Is it the VM that needs Internet connectivity, or the host itself? Can you try deploying the template to a host that has Internet connectivity but the VM is not connected to a vSwitch that has Internet connectivity?
Hi Clement, Thank you for documenting this process.
Would you have any idea what the best process for troubleshooting a failure that occurs after the “Power On” of a newly created vm post the successful build of a vm via “deploy from template”?
The new vm starts, but then hangs with the error:
———————————————————————
Install Windows (X)
———————————————————————
Windows could not finish configuring the system. To attempt to resume configuration, restart the system.
———————————————————————-
I click ok, it reboots and then hangs in same place with same error in a loop sequence – forever.
If I “power off” and the “power on” and perhaps a “reset” or two I can get the vm to boot into the gui. The activation and key are still correct and the name has been generalized. The SID changes so some of the sysprep must be working…
Any thoughts on the best log files to review or suggestions on fixing this type of issue?
Do you use the vmxnet3 driver or the e1000 on your nic? (just curious if it is a nic issue on w2008r2)
/suntzu
@suntzu: Can’t say I’ve run into the issue that you’re having. My guess would be that something was messed up in the actual VM that was being sysprepped and not your deployed VM, but again I’m not sure. This all worked right out of the box with no issues for me.
I’m using the E1000 driver. Which are you using?
The only log files that might show some data are the Windows log files, but I’m guessing you looked at those and didn’t find the problem?
Have you tried re-sysprepping to basically start with a fresh template?
Hi Clement, Thanks for the response. I am using the vmxnet3 and I am wondering if this may be the issue? I am not sure… As I indicated “everything” seems to be working providing I dork around with some reboots, which kind of sucks, but better then building from scratch 😉
Again thanks for the blog post on this topic.
/suntzu
@suntzu: May be the OS having issues with the driver or the virtual hardware. If I get a chance, though it probably won’t be soon, I’ll try to create a template with the vmxnet3 driver and see if I can reproduce the problems that you’re having. That would prove it outright. I’ll respond again and maybe pop you an email after I get a chance to play with it.
@suntzu: Did you include the license key in the unattend file? Check out this post on RTFM Education: http://www.rtfm-ed.co.uk/2010/07/30/a-funny-experience-with-windows-7-sysprep-and-view-4-5/
This may apply to server 2k8 as well?
Please let me know if this works out for you.
@suntzu Probably a bit late now, but I ran into the same problem with 2008r2…
Was seeing a general failure during service start, even the error logs in the panther folder were vague.
Stumbled on to this blog post though: http://shaulov.blogspot.com/2010/04/windows-7-wim-and-sysprep-failing-with.html
While the VM wasn’t running Kaspersky, the flavour of AV that it was using was causing the same problem.
To fix, I simply booted into a PE3 disc with the vmware drivers installed, mounted the SYSTEM hive and looked for all relevant services, then set them to disabled (Start = 0x4). Unmount the hive + rebooted, all was good.
This worked perfectly first time, the only thing I had to do was first figure out the exact name for the Time Zone which was a simple Google search away to here: http://technet.microsoft.com/en-us/library/cc749073(WS.10).aspx
Thanks for doing all the hard work for the rest of us lazy folk!
@Richard: Glad this worked! Love hearing that this info has helped someone.
Clement,
I’ve got VM images that were built with MSDN license keys. Due to license changes with MS we need to use a SPLA license. Do you know if the MSDN key can be replaced by a SPLA key without rebuilding the image (we have several of them)? Could you, or someone you point me to, consult in making the conversion?
Conrad
@Conrad: If these are running Windows Server 2008 R2 or Win 7, you can right-click on Computer > Properties. In the properties window, at the bottom under the Windows Activation heading, there is a link to change product key. Does that help you out?
For a sysprepped image, the best bet would likely be to deploy the image, then re-sysprep it with the new key in the answer file.
Hmm — I hate asking this, but …
For the product ID, is that the true product ID we enter during initial activation, or the Product ID displayed AFTER activation is successful.
Bottom line — I can’t get this to work and I am soooo frustrated. I know I am missing something obvious — arghh
Thanks, S
Just to be clear (since I really wasn’t before)..
Product Key or the Product ID that displays after activation — I obviously have tried both, to no success.
Also – I have removed All from the Unattended file except for the following:
•3 generalize
•amd64_Microsoft-Windows-OutOfBoxExperience_neutral
•DoNotOpenInitialConfigurationTasksAtLogon = true
•amd64_Microsoft-Windows-Security-SPP_neutral
•SkipRearm = 1
•amd64_Microsoft-Windows-ServerManager-SvrMgrNc_neutral
•DoNotOpenServerManagerAtLogon = true
•4 specialize
•amd64_Microsoft-Windows-Shell-Setup_neutral
•ProductKey = ProductKey & Product ID and my birthday
•7 oobeSystem
•amd64_Microsoft-Windows-International-Core_neutral
•OOBE > HideEULAPage = true
•UserAccounts > AdministratorPassword = [your local admin password]
No joy, no joy at all. :<
S
@Sean: That’s very strange. Which version of Win7 are you trying to do this with? And what product key? Did you use the WAIK package? If you let me know your specifics, maybe we can come up with something. And it is the product key, not the PID.
Ok .. just to finish this off —
all is well now!
It did require me building an entirely new image (still not really sure why I had to), but that seemed to do the trick.
Used the same unattend.xml file, but totally worked.
One of lifes little mysteryies I guess.
Thanks — see ya on the other side!
I did everything you said, and it didn´t work for me.
Found this in Microsoft (http://technet.microsoft.com/en-us/library/dd744512(WS.10).aspx)
“You cannot make an image of an activated Windows installation and duplicate that image to another computer. If you do, Windows fails to recognize the activation and forces the end user to reactivate the installation manually.”
Any advice?
I’m starting to have mixed results with it Eduardo. When using a single host, I had no issues whatsoever with multiple deployments. When using a farm, it appears to be random as to whether it works successfully or not. So far I have not been able to determine why either, I’ve had mixed success no matter which host I deploy the template to. I’ll keep experimenting and see if I can come up with a reason why, but the only thing I can think of is somehow the hardware IDs that Windows keys in on to know whether it should stay activated or force a reactivation are changing at random, having the effect of sometimes requiring a reactivation, sometimes not. I believe in the latest VMware patch, the CPU ids have been normalized, but the rest of the hardware is still variable. I remember reading something like that somewhere… release notes maybe.
Hi Clement,
I’ve just built my 2008 r2 template again (after accidentally wiping my lab datacenter) however this time, any new deployment of the template requires activation. The original machine that the template was made from is still activated though (even after it has been booted up and run sysprep itself).
I’ve even used the original unattend.xml that I used first time round with no joy. The only difference is that my vmware cluster is now running esx 4.1 U1 on one host, and esxi 4.1 U1 on the other. Previously both were esx 3.5 U5. Also, SP1 has been released for 2008 R2 in the meantime, which has also been applied to the VM before I created the template.
I’m sooo annoyed as this was a fantastic method to be able to create and then destroy activated 2008 R2 lab machines at will.
Now I rock gently back and forth in the corner, crying like a baby.
Any help greatly appreciated.
Nick
@Nick, I’m with you on that one. The same template that I was deploying from is now requesting activation. I’m not sure of the issue, whether it’s a change within ESX, which I imagine that it is, but I can’t seem to get it steady either. As I continue to experiment, I’ll update this post with any successes I come across.
Sad… 😦
@ Nick
Your issue is probably related to virtual machine version.
I may be wrong, but as far as i remember 3.5 uses virtual machine version 4 while 4.x uses version 7.
Windows 7 and 2008 do not loose their activation if built on version 4.
The customization process for version 7 seems to be different (it officially supports Windows 7 and 2008 R2).
I’m currently trying to avoid resetting the machine configuration and activation by LabManager for Windows 7 and 2008 R2 templates and the solution may be just replace/edit sysprep files on LabManager server.
Any ideas on how to deal with Win 7 ?
@nonsens3 – thanks for the reply – I have since tried to build a new template and selected VM version 4 (compatible with ESX3.5) instead of 7 and still the same issue. Clement is using his original template that was once deployable as activated, but now deploys as needing activation, however I am not sure which VM version was chosen for the template.
I have just had a thought though – my original setup was esx3.5 U5 with Vcenter2.5 U3 running on a Windows XP guest, which deployed my windows 2008R2 template correctly.
Now Vsphere4.1 U1 is running on a Windows2008R2 guest i am unable to deploy an activated template.
@Celement, what was your original vcenter version, and did the template die after upgrading somewhere? I am thinking that the Vcenter update might have something to do with it…
Nick
Ok, this is now getting quite confusing. VM’s that I have created using this template that show as requiring activation have mysteriously now activated themselves… Sometimes it takes a good few days though, and several reboots, and I have absolutely no idea how.
Anyone else seeing this?
Nick
@Nick- I believe I was up on vSphere 4, not U1. I cannot remember for sure though. I may try redeploying one and letting it sit to see if I can duplicate what you’re seeing. I wonder if the OS is activating on its own? In many cases, IIRC, Windows will attempt to activate itself after 3 days.
Hi, So I have just come across this article and its very interesting. I have been up to now just using vCenter to deploy and apply the customization to the VM what does the sysprep. The VM would be part of the domain, once this is all done I would manually set things up the way I wanted, background, icons….etc etc
So I followed your instructions and I was able to apply the settings to the new VM(When I say a new VM; it has software installed VMTools etc and is the Windows 2008 R2 template is use for all my VM’s)
The problem I have is that I lose the use of customizing the VM from vCenter, the server name is random and it’s not added to the domain. Am I expecting too much of this? Or should I be able to apply my customization and the vCenter customization? Sorry to sound clueless…but I am 🙂
Thanks!
@Karl. Not clueless at all :). Great questions. Your assumption is correct in that you lose the ability to customize the VM when you use sysprep because you’re baking in customizations.
Thanks for the quick responce, is there a way to make a default “look” to the VM; then use the vCenter customization to deploy the name etc to the new VM’s?
I am having similar activation issues as well. I followed this process months ago with no problem. Now with U1, I can create a template fine, sysprep it, but when I go to deploy it, the new servers are asking for activation. When I power on the template just to check if something went wrong with the sysprep, everything is fine. No need to activate. Any ideas? Maybe using a different set of hardware, e1000 vs vmxnet, etc? I haven’t tried it yet, but will do so tomorrow. Just wanted to see if anyone had any more ideas.
I don’t know anything about how the msdn licensing works, but have you tried setting up a VAMT server with KMS keys for the activation?
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ec7156d2-2864-49ee-bfcb-777b898ad582&displaylang=en
When you run a VAMT server, the activation(s) get done solely within your environment; there is no communication with Microsoft (other than the initial activation of the KMS key itself). Hope this helps someone…
wally
Hi Clement,
Did you ever come up with a fix for this? We are looking at creating templated Windows machines on VMWare ESXi and would like a nice, simple step-by-step guide like that shown above…
Ben
@Ben, actually I have another theory or two to try that I haven’t had the opportunity to do yet. WIll likely give it another go this week. If it works out I will definitely let you know. My only fear with it is that it’ll change as soon as vSphere 5 is released, but I guess that’s the name of the game.
Thank you for the nice article. This method works for me only if I simple copy the VM (not cloning via VCenter!) and then running sysprep. As soon as I clone the VM, the activation is gone. I think the problem is therefore a Vmware thing since the machine looses activation even when being cloned without running sysprep (and deploying a VM from a template is a cloning process).
I have ESXi 4.1 with a working, fully activated guest OS of Windows 2008 Standard Server R2. I have cloned it using a CLI command and have created a new VM with this clone. Windows is not activated. Are the solutions provided in this thread viable in my situation? Will I be able to clone, sysprep and then use the clone and have Windows fully activated like the original? Help! Thanks.
@Gina, unfortunately I haven’t been able to consistently make it work. According to both VMware and Microsoft, that functionality is not supported anymore even though it was definitely, consistently working at one time. When I have time to experiment with it more, I’ll post any updates to this thread. Good luck, and let us know if you come up with something as well please. 🙂
Thanks, this works great with a few minor changes to suit our environment. I’m not deploying templates like nobody’s business. 🙂
/generalize and /oobe options by sysprep.exe have other meanings as mentioned in an article:
http://technet.microsoft.com/en-us/library/cc721973(WS.10).aspx
nice one, Clement.
Any other work done too this on great article? I’m basically trying to setup a VMware workstation lab with sysprep’d W2k8R2 templates so I can quickly get an activated copy of Windows for my labs.
@Dan, I haven’t had the chance to do any more experimenting with it lately. May pick it back up again in the near future, but if you come across anything, please post info here. 🙂 I’ll do the same.
See these articles from MS Technet Blogs discussing if a KMS server is present. Using skiprearm will cause issues with duplicate CMID. Also you may also run into the issue where the build simply image fails at some unknown point in time.
http://blogs.technet.com/b/askcore/archive/2009/10/16/kms-host-client-count-not-increasing-due-to-duplicate-cmid-s.aspx
and
http://blogs.technet.com/b/askcore/archive/2011/05/11/sysprep-skiprearm-and-image-build-best-practices.aspx
The re-arm count is also an issue in vCloud and multiple cataloguing and redeploy of the catalogued servers for Windows 2008 and Windows 7. A chicken/egg scenario when the rearm count is reduced. When and where can you insert the slmgr /ato to keep the re-arm count equal to 1. Also check out the vertical wall poster, lower right hand corner of the pdf “volume licensing”. It explains how the sysprep and re-arm counts work.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9893f83e-c8a5-4475-b025-66c6b38b46e3&displaylang=en
I’m wasn’t been able to get skiprearm to work the last few times that I have tried it so the point may be moot now. There’s still some experimenting to be done, but unfortunately, it can be very time consuming. … and actually having a KMS server would negate the need to set skiprearm on a template.
The second article referenced by In_The_Clouds may also be moot when it comes skiprearm. Can someone confirm this: When you have a sysprep’d VM template and you deploy a virtual machine from the template, the VM is first cloned, then run. If this is accurate, you’re always working with the original base image so you’re not incrementing the rearm count more than once per deployment. Once a VM is converted to a template, changes are not written back to it. So unless someone is running sysprep again on the actual deployed VM, there should be no problem with rearm count. Again, this is how I understand it. Can someone confirm/reject this assertion?
Hi,
Using vCloud 1.5 currently:
– build a vApp for Windows 2008R2; catlog it.
– deploy from that catlog. Make some changes (whatever that maybe in a development shop) to that server it works. Now you want to freeze that server in time.
– You catalog that working base to re-visit at a later point in time.
– Now you try to deploy from catalog, with “Enable Guest OS Customaiztion”, you will run into the situation where sysprep will fail and guest os customization will fail becasue the re-arm=0
This did not happen in Windows 2003 and XP; it does not have that limitation.
@In_The_Clouds: AH. Makes more sense now. The method that I’ve discussed above is for true deployment templates. I’ve got vCloud Director up and running but haven’t deployed any Windows boxes as of yet. At least not in that fashion.
It sounds like the issue has to do with how vSphere handles customization of 2008R2. This is theory: When using the guest customization wizard, VMware runs a sysprep against the VM and applies your changes, which causes the rearm to increment/decrement.
The only solution I can see here would be to do a fresh install of Server 2k8R2, customize it, then sysprep it yourself and not use the guest customization wizard for deployment. When it deploys via copy/clone, the sysprep will run thereby leaving you with a template that is still intact with no count.
Unfortunately with this method, when you need to update the baseline, it should be done, once again, from a fresh install and brought up to baseline. Then once again, sysprep’d and used to replace the old image in the catalog.
This procedure unfortunatelly do not work for me. Everytime windows (2008 r2 sp1) after cloning want to activate. I think I checked every option (trying last two days) including cloning with/without customization, copying file etc. Every time Windows want to activate. I think it’s because significant hardware change (with is uuid.bios in this case). Or maybe because of my windows licence () or because of sp1. How do you think? Did you use MAC or KMS while microsoft activation?
@Labiol, It appears that there have been some changes since this last functioned that caused it to break. Probably deliberately by the software vendors to prevent this exact situation. I did not use MAC or KMS while this was working but I haven’t been able to crack this egg for several versions of ESX now.
Depending on the role you need to use your servers for – e.g. non Domain Controllers or TMG servers, you do not need to sysprep. See: http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
We used to run NewSID over our 2003 servers and create 60 Citrix XenApp virtual machines in 600 minutes. No sysprep. Been working since 2004 until now perfectly. We performed WSUS id reset using reg key changes and restart of the service to ensure it’s different. Script uninstall and reinstall SEP (Symantec before/after). We have run registry scripts to rename the comp, join the domain, join the citrix farm. All automated. 40 apps installed per XenApp server so no way we can build them from scratch everytime we want to update 1 app.
With no NewSID available for 2008 R2 we have no need to look into changing to sysprep and bottom line, in line with this article, we have no reactivation issues on cloning our VMs. Sure build a DC from scratch or TMG box, web server ect, but 60 Citrix XenApp servers rebuilt every 3-6 months, no way, they’re all the same. If you still feel the need, as Clements hints, use KMS. Regards, Leigh.