VMware Cloud Community
magander
Enthusiast
Enthusiast
Jump to solution

Guest OS Customization script help.

Hi,
i'm trying to execute a script in a VM after deploying a vApp. The script will set the autologon to enable because we need that function to perform some other actions before we join the domain.
I have enabled the vApp VM Guest OS Customization ("Enable Guest Customization", "Change SID", "Password Reset") and i have used William Lams script provided here, http://blogs.vmware.com/vsphere/2012/06/using-a-guest-customization-script-to-tell-when-vappvm-is-re... in the Guest OS Customization script section as the base.

I have tried both:

@echo off

if "%1%" == "precustomization" (echo Do precustomization tasks ) else if "%1%" == "postcustomization" ( c:\script\script.bat)

and

@echo off
if "%1%" == "precustomization" ( echo Do precustomization tasks ) else if "%1%" == "postcustomization" ( cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d "1" /f
cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "Administrator" /f
cmd /d reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d "localhost" /f
shutdown /r)

The first example points to a file, c:\script\script.bat, locally on the VM. If i use Williams script without modification the vm-is-ready file is created.

The customscript.bat is created in one folder under C:\Windows\Temp\ on the Windows VM with the content as described above but it seems like it is never being executed

Any help appreciated.
Thanks

Reply
0 Kudos
1 Solution

Accepted Solutions
aneverov
VMware Employee
VMware Employee
Jump to solution

We debugged this offline, so just to summarize findings so far:

Theory:

There are several things here.

The first one is regarding unattend.xml required by sysprep. The way it's used is the following:
- VCD uses "baseline" version from guestcustomization/windows/unattend.xml
- that one gets cached into guestcustomization/windows_deployment_package_sidgen.cab during the very first request to customize Vista+ or any other Windows VM in case "Change SID == false"
- based on the above, I believe it's possible to use "baseline" unattend.xml to "extend" what VCD provides out-of-the-box. Just remember that any time you do that, you need to manually backup/delete guestcustomization/windows_deployment_package_sidgen.cab. Then system should take care of automatically regenerating it using latest version of unattend.xml
- I believe it's not the right way to go in this particular situation. This approach would highly limit flexibility due to need to specify password for the autologon. So you would have to live with one hard-coded password which is very insecure. But it works fine for "static" things like "company name".
- I believe changing unattend.xml inside the VM (probably you refer to \Windows\Panther) is not going to work in any way. I don't know exactly the purpose of that file, but I believe it's generated by sysprep itself during its work
- I'm working on some improvements for the next release and have bug tracking adding this feature. Basically I'm going to dynamically update unattend.xml based on the password set in VCD
The second one is regarding executing post-customization. The way it currently works (for the case "Change SID == true") is that we rely on Windows Task Scheduler. We basically schedule post-customization script to be run after reboot at the very last point inside the sysprep's mini-setup phase. So the warning you see is probably from the scheduler and I believe it's harmless. This also implies that post-customization will be the very last thing which is run on your VM. So no sysprep after that and I wouldn't expect anything to delete your registry values or reboot either.
Now I suspect that those keys are simply not added due to some issue either with the keys themselves or (as you correctly pointed out) it could be permissions issue.
Practice:
We went with the first approach which is good enough compromise for this particular customer:
0) be careful with updating cell's filesystem while logged in as "root" via ssh, since most of the files (if not all) are owned by vcloud:vcloud
1) to add:
<UserAccounts>
        <AdministratorPassword>
          <Value>XXX</Value>
          <PlainText>true</PlainText>
        </AdministratorPassword>
</UserAccounts>
<AutoLogon>
        <Password>
          <Value>XXX</Value>
          <PlainText>true</PlainText>
        </Password>
        <Domain>localhost</Domain>
        <Enabled>true</Enabled>
        <LogonCount>8</LogonCount>
        <Username>Administrator</Username>
</AutoLogon>
to $VCD_HOME/guestcustomization/windows/unattend.xml
2) to delete $VCD_HOME/guestcustomization/windows_deployment_package_sidgen.cab which caches unattend.xml. System should regenerate it. If it doesn't do something like:
su - vcloud
cd /opt/vmware/vcloud-director/deploymentPackageCreator
export LD_LIBRARY_PATH=/opt/vmware/vcloud-director/deploymentPackageCreator
./deploymentPackageCreator ../guestcustomization/windows ../guestcustomization/windows_deployment_package_sidgen.cab "customize-guest.exe" 1
3) be aware that on some templates sysprep automatically disables Administrator's account. It was not an issue on customer's template, but for me it doesn't work on any of my templates in the lab. The workaround is to create some other account in Administrators group and use that for autologon. I'm working on the fix.

4) while debugging this kind of stuff always start from doing it manually on a clean VM (run sysprep.exe from command-line, run registry update commands) and check that it succeeds before trying to mess with VCD

5) we didn't debug registry updating issue, I'll put that on my TODO list

//Andrii

/* Please remember to mark answer as 'helpful' or 'correct' such that other users know it can be used and people focusing on ‘unanswered’ questions can skip it. */

View solution in original post

Reply
0 Kudos
4 Replies
magander
Enthusiast
Enthusiast
Jump to solution

when running the below script from the script section in the vAPP VM Guest OS Customization section:

if "%1%" == "precustomization" (

echo %TIM% > c:\windows\temp\pre.txt
)
if "%1%" == "postcustomization" (
cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d "1" /f
cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "Administrator" /f
cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d "localhost" /f
)
I can see the following in the sysprep log file:
12/05/2012 21:46:06 About to run pre-customization...
12/05/2012 21:46:06 Extracting customization script ...
12/05/2012 21:46:06 Extracting customization script has successfully finished.
12/05/2012 21:46:06 Executing command=cmd /c C:\Windows\TEMP\vmw5705.tmp\customscript.bat precustomization
12/05/2012 21:46:06 Command execution succeeded, command output:
C:\Windows\TEMP\vmw5705.tmp>if "precustomization" == "precustomization" (echo   1>c:\windows\temp\pre.txt )
C:\Windows\TEMP\vmw5705.tmp>if "precustomization" == "postcustomization" (
cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d "1" /f
cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "Administrator" /f
cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d "localhost" /f
)

The file c:\windows\temp\pre.txt  is created.

Just because i haven't turned off the echo it will echo everything in the file to the log file

echo. Further down in the log file i see:

12/05/2012 21:49:57 Executing command=cmd /c C:\Windows\TEMP\vmw54F2.tmp\customscript.bat postcustomization

12/05/2012 21:49:57 Command execution succeeded, command output:

C:\Windows\TEMP\vmw54F2.tmp>if "postcustomization" == "precustomization" (echo   1>c:\windows\temp\pre.txt )

C:\Windows\TEMP\vmw54F2.tmp>if "postcustomization" == "postcustomization" (

cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d "1" /f

cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "Administrator" /f

cmd /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d "localhost" /f

)

The operation completed successfully.

The operation completed successfully.

The operation completed successfully.

The above last three lines indicates that the registry entries was successfully added to the registry but they are not present.

If i run the cmd /d reg add command the registry is updated as expected.

I can also see the messages in the "sysprep.tiff" file during the sysprep customization. Is that something to be worried about?

No error or warning messages in the sysprep log.

Anyone?

Reply
0 Kudos
guitzer
Contributor
Contributor
Jump to solution

Dear Sender:

Thank you for your email.

I will be on training by Wednesday, Thursday and Friday afternoons. During this specific time frames i will have limitedd access to phone and email, please expect a brief delay in my reponding.

Regards

GR

Reply
0 Kudos
magander
Enthusiast
Enthusiast
Jump to solution

i also updated the unattended.xml file in the vCloud Director VM as shown below:

<settings pass="oobeSystem">

        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="PROCESSOR_ARCHITECTURE" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>2</ProtectYourPC>
                <SkipMachineOOBE>true</SkipMachineOOBE>
                <SkipUserOOBE>true</SkipUserOOBE>
            </OOBE>
        <UserAccounts>
        <AdministratorPassword>
          <Value>XXXX</Value>
          <PlainText>true</PlainText>
        </AdministratorPassword>
        </UserAccounts>
      <AutoLogon>
        <Password>
          <Value>XXXX</Value>
          <PlainText>true</PlainText>
        </Password>
        <Domain>WORKGROUP</Domain>
        <Enabled>true</Enabled>
        <LogonCount>8</LogonCount>
        <Username>Administrator</Username>
      </AutoLogon>
        </component>
    </settings>

The bold text is added to the file.

In the vApp VM Guest OS Customization i have activated the "Enable guest customization", "Change SID" and "Password Reset". For the "Password Reset" configuration i specified the same password as in the unattended.xml file.

The registry entry is not present this time either and autologon still does not work.

Reply
0 Kudos
aneverov
VMware Employee
VMware Employee
Jump to solution

We debugged this offline, so just to summarize findings so far:

Theory:

There are several things here.

The first one is regarding unattend.xml required by sysprep. The way it's used is the following:
- VCD uses "baseline" version from guestcustomization/windows/unattend.xml
- that one gets cached into guestcustomization/windows_deployment_package_sidgen.cab during the very first request to customize Vista+ or any other Windows VM in case "Change SID == false"
- based on the above, I believe it's possible to use "baseline" unattend.xml to "extend" what VCD provides out-of-the-box. Just remember that any time you do that, you need to manually backup/delete guestcustomization/windows_deployment_package_sidgen.cab. Then system should take care of automatically regenerating it using latest version of unattend.xml
- I believe it's not the right way to go in this particular situation. This approach would highly limit flexibility due to need to specify password for the autologon. So you would have to live with one hard-coded password which is very insecure. But it works fine for "static" things like "company name".
- I believe changing unattend.xml inside the VM (probably you refer to \Windows\Panther) is not going to work in any way. I don't know exactly the purpose of that file, but I believe it's generated by sysprep itself during its work
- I'm working on some improvements for the next release and have bug tracking adding this feature. Basically I'm going to dynamically update unattend.xml based on the password set in VCD
The second one is regarding executing post-customization. The way it currently works (for the case "Change SID == true") is that we rely on Windows Task Scheduler. We basically schedule post-customization script to be run after reboot at the very last point inside the sysprep's mini-setup phase. So the warning you see is probably from the scheduler and I believe it's harmless. This also implies that post-customization will be the very last thing which is run on your VM. So no sysprep after that and I wouldn't expect anything to delete your registry values or reboot either.
Now I suspect that those keys are simply not added due to some issue either with the keys themselves or (as you correctly pointed out) it could be permissions issue.
Practice:
We went with the first approach which is good enough compromise for this particular customer:
0) be careful with updating cell's filesystem while logged in as "root" via ssh, since most of the files (if not all) are owned by vcloud:vcloud
1) to add:
<UserAccounts>
        <AdministratorPassword>
          <Value>XXX</Value>
          <PlainText>true</PlainText>
        </AdministratorPassword>
</UserAccounts>
<AutoLogon>
        <Password>
          <Value>XXX</Value>
          <PlainText>true</PlainText>
        </Password>
        <Domain>localhost</Domain>
        <Enabled>true</Enabled>
        <LogonCount>8</LogonCount>
        <Username>Administrator</Username>
</AutoLogon>
to $VCD_HOME/guestcustomization/windows/unattend.xml
2) to delete $VCD_HOME/guestcustomization/windows_deployment_package_sidgen.cab which caches unattend.xml. System should regenerate it. If it doesn't do something like:
su - vcloud
cd /opt/vmware/vcloud-director/deploymentPackageCreator
export LD_LIBRARY_PATH=/opt/vmware/vcloud-director/deploymentPackageCreator
./deploymentPackageCreator ../guestcustomization/windows ../guestcustomization/windows_deployment_package_sidgen.cab "customize-guest.exe" 1
3) be aware that on some templates sysprep automatically disables Administrator's account. It was not an issue on customer's template, but for me it doesn't work on any of my templates in the lab. The workaround is to create some other account in Administrators group and use that for autologon. I'm working on the fix.

4) while debugging this kind of stuff always start from doing it manually on a clean VM (run sysprep.exe from command-line, run registry update commands) and check that it succeeds before trying to mess with VCD

5) we didn't debug registry updating issue, I'll put that on my TODO list

//Andrii

/* Please remember to mark answer as 'helpful' or 'correct' such that other users know it can be used and people focusing on ‘unanswered’ questions can skip it. */
Reply
0 Kudos