VMware Cloud Community
SteFau
Contributor
Contributor
‎09-17-2019 10:56 AM

Issues with SCCM task sequence "phoning home" in vRA

Good afternoon community!

I'm reaching out in hopes that I can get help with an issue we are having. Now, before we go too deep, I would like to simply mention that I'm not a vRA/VMWare SME in my enterprise. I'm working with my colleague who wears that hat. Smiley Happy For my part, I would be the SCCM SME. So, safe to say that we are working very very closely to get this whole thing working.

Now, before we implemented vRA, we would basically install our servers from scratch using SCCM's built in OSD feature.

We are trying to eliminate all the manual effort we need to do before and after that with vRA.

So... We are able to provision a virtual machine and the network boot is successfully picked up by SCCM. Reading all the documentation we could find on the matter, we:

  1. Downloaded the 64 bit "Guest Agent Installers" from our https://hostnameFQDN/software/index.html
  2. Extracted the EXE locally on the SCCM
  3. In SCCM, imported the package from definition file, pointed to the "SCCMPackageDefinitionFile.sms" we created the package
  4. We distributed the package to the appropriate DP
  5. Added the program that was created with the package in step 3 as the last step in our Server task sequence

From there, we provision a VM from the appropriate Catalog. The VM gets created. The Task sequence starts and actually, even finishes without any errors. Validation in the SMSTS.log file does indeed indicate that the action completed with a success code 0.

But.... the vRealize Automation console seems to stay "In progress..." and eventually times out and deletes the Virtual Machine.

Where do I start looking? I can't seem to find any logs spefically to the vCAC Guest agent vbs. Should I be passing any variables in my Task Sequence? One piece of pertinent information I would say is that when the computer object is created in SCCM, there is 2 variables that are created "Vrm.ProxyAgent.Uri" and "VrmProxyAgentUri" both with the same URL.

Anyway! Any help you can toss my way would be greatly appreciated!!!

Thanks!!!

Steph

Reply
0 Kudos
7 Replies
darrenoid
Enthusiast
Enthusiast
‎09-18-2019 10:36 AM

We do not use SCCM, so take this with a grain of salt, but we do use MDT. Our approach is a little different. We use MDT to create a VM template which is then used in vRA to deploy more VMs. Once we have the VM template with the vRA guest agent installed we add it to a vRA blueprint using the linked clone workflow. This way we don't have to run a full task sequence for every deployment, but only once to create the template. We then periodically update that template and the blueprint with the latest Windows patches or vRA guest agent, vmware tools, etc.

When we are creating our template we do automate the installation of the guest agent. MDT does not use application packaging like you are describing, but the process must be similar as described here:

Install the Guest Agent on a Windows Reference Machine

Basically, extract the agent files and place them on the destination VM in C:\VRMGuestAgent. Then register the agent with the vRA manager service "winservice -i -h Manager_Service_Hostname_fdqn:portnumber -p ssl". Are you running that command as part of your task sequence?

For logs look at the destination VM in the file C:\VRMGuestAgent\GuestAgent.txt file. If all is well you should see communication between the manager service and the agent in the logs and if not, perhaps an error message.

One more gotcha that I found was nothing would work unless we also placed the certificate from the manager service into the C:\VRMGuestAgent folder. We got the certificate from the IaaS url in a browser. It had to be imported and then exported as base64 and then extension changed to .pem. I am having a hard time finding any good tutorials on this. Vmware mentions needing this file, but does not say how to get it:

Configuring the Guest Agent to Trust a Server

Anyway, I hope this helps.

Darren

Reply
0 Kudos
SteFau
Contributor
Contributor
‎09-18-2019 11:27 AM

Hey Darrenoid!

Thanks for the reply. I really feel like we are nearing a solution.

So to answer your questions, yes I am running that command line, except without the port.

Here's the exact command line:

cmd.exe /c xcopy .\* C:\VRMGuestAgent /E /I /H /R /Y && cmd.exe /c "C:\VRMGuestAgent\winservice.exe" -i -h MYFQDN -p ssl

Now following your recommendation, I did find that log file you were mentionning. Here's what it says:

09/18/2019, 14:11:19

    WinService entry

09/18/2019, 14:11:19

    FixScript exit

09/18/2019, 14:11:19

    ServiceMainProc entry

09/18/2019, 14:11:19

    ServiceMainProc Install

09/18/2019, 14:11:19

    Agent must be unzipped into c:\VRMGuestAgent folder09/18/2019, 14:11:19

    ServiceMainProc Exit

Which is kind of weird since you see with my command line that I copy the files locally in "C:\VRMGuestAgent".

Oh... and yeah, I also copied the cert.pem in the folder also!

Any other clues?

Reply
0 Kudos
darrenoid
Enthusiast
Enthusiast
‎09-18-2019 11:36 AM

After that command runs, what does the contents of C:\VRMGuestAgent on the VM look like? Can you send a screenshot of this folder opened in Windows Explorer?

Reply
0 Kudos
SteFau
Contributor
Contributor
‎09-18-2019 11:59 AM

Sure thing!

Here's what I see after it's done running:

2019-09-18_14h58_12.png

Reply
0 Kudos
darrenoid
Enthusiast
Enthusiast
‎09-18-2019 01:37 PM

Strange, it looks like all the files are there. The log file you are looking at is for the winservice installer. So the service is not installing correctly. That explains why there is no GuestAgent.txt file as the guest agent service never even starts.

A few more suggestions:

1. Make sure there are also files in the subdirectories to verify the copy command worked recursively

2. Open the properties of some of the files in the VRMGuestAgent directory to make sure they were not blocked when they were extracted StorageGumbo: vCAC Windows Deployment Stuck at CustomizeOS State

3. Try changing to the C:\VRMGuestAgent directory before running the winservice command

4. Try running the commands manually on a fresh VM. This will help show you if the issue is with the way the command is being passed through SCCM.

VMware Knowledge Base

Cheers,

Darren

Reply
0 Kudos
SteFau
Contributor
Contributor
‎09-19-2019 05:45 AM

Good morning!

Ok so... Progress!!!

Based on your post Darrenoid...

1. Make sure there are also files in the subdirectories to verify the copy command worked recursively

2. Open the properties of some of the files in the VRMGuestAgent directory to make sure they were not blocked when they were extracted StorageGumbo: vCAC Windows Deployment Stuck at CustomizeOS State

3. Try changing to the C:\VRMGuestAgent directory before running the winservice command

4. Try running the commands manually on a fresh VM. This will help show you if the issue is with the way the command is being passed through SCCM.

1. :smileycheck:

2. :smileycheck:

4. :smileycheck:

Now... Step number 3 intrigued me.... I was wondering if for some reason, the application would be "stupid" enough not to work the way I had initially invoked it, ie: "C:\VRMGuestAgent\WinService.exe". So instead.... I tried the following:

2019-09-19_08h39_47.png

- Fill in the "Start In" folder (1)

- Not put the full path in the command line, but just straight up the exe file (2)

Now...

The vCACGuestAgentService notes:

2019-09-19_08h43_33.png

And sure enough... I see the service in the Services List. Automatic. But not started.

Is this normal? Should I add another command line after this one my Task Sequence to simply start it? Will that "break" anything since the VCAC Service wouldn't technically be the "last" step anymore...

Reply
0 Kudos
darrenoid
Enthusiast
Enthusiast
‎09-19-2019 02:23 PM

Hey SteFau,

After reading some of the docs for SCCM with vRA, am not sure if your copy steps and agent installation command line are necessary. The documentation does not say to do anything other than import the package file in SCCM and run it at the end of the task sequence. Looking at the package file, I see a commandline property with the value "GuestAgent.vbs". I am starting to think that SCCM deployments are handled a lot differently. Here is the opening comment of that vbs file:

"This script's job is simply to run guest agent at end of sccm provisioning Because sccm sticks agent executable etc. in a location of sccm's choosing, script has to go around and fix file paths in various places"

To me it looks like sccm deployments do not use the windows service for the guest agent, but rather just runs the agent executable directly at the end of the task sequence.

https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.prepare.use.doc/GUID-5D31B6BD-72AB...

https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.prepare.use.doc/GUID-B5BDDE7F-D59C...

https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.prepare.use.doc/GUID-F845CB7B-2D43...

I am hoping someone with SCCM deployment experience can jump in here and confirm, but I don't want to lead you down the wrong path.

Reply
0 Kudos