Customizing the OEM Appliance OOBE in Windows Server 2012

9/11 Update:  The ICT configuration guide is now located here: http://technet.microsoft.com/en-us/library/jj643306 

Inside Windows Server 2012 there is a new feature called the OEM Appliance OOBE that enables OEMs and enterprise IT to rapidly deploy standalone servers or 2-node failover clusters. One of the design goals was to complete an entire deployment of a failover cluster in less than 30 minutes. The feature is integrated with the entire “out-of-box-experience” (OOBE) in Windows Server and adds an additional Windows Presentation Foundation (WPF)-based application, called Initial Configuration Tasks (ICT) that is a launch-pad full of tools that guide IT professionals through the tasks required to quickly deploy servers.

Here is what a 2-node Windows Storage Server cluster configuration might look like when deployed into a mixed environment: 

The ICT application is customizable by using an XML file (OEMOOBE.XML), and anyone could create an XML with the exact set of tools required to deploy a particular configuration. The OEM Appliance OOBE feature was first released in Windows Storage Server and now makes its debut in Windows Server 2012. It is included in Windows Server 2012 Standard and Windows Server 2012 Datacenter, and in both editions of Windows Storage Server 2012 (Standard and Workgroup). At the end of this blog I have included a script that I use to set up a basic installation of the OEM Appliance OOBE.

To install the new feature, you can run the following dism.exe command at an elevated command prompt (cmd.exe):   

dism /online /enable-feature /featurename:OEM-Appliance-OOBE

This will install the binaries into the \Windows\System32\OEMOOBE directory and set the application to start after first boot.

To build a customized operating system (OS) image using the OEMOOBE, you need these items:

1. Installation of all the relevant roles for the deployment (Clustering, Hyper-V, File and Storage Services, Data Deduplication or whatever features are required)
   
2. An unattended.xml file that includes:
• An admin password and a login count = 1
• A first-logon command that runs a network adapter-renaming Windows PowerShell command (renamenetworkconnection.ps1) that stamps the network adapter with friendly names based on PCI bus location. Customers enjoy seeing the port labels match the UI in the system. I recommend using a workload/color coding schema that matches the outside of the server; for example, I like using “Green – Public Network” inside the OS and having a green port on the back of the server. This makes it easy for users to quickly understand how to wire it together.
• A NIC.config file that identifies the network adapters to be stamped by using the rename script mentioned above. The NIC.Config file looks something like the following. Note how I have identified the network adapter by PCI bus location and made user-friendly names for each interface. These strings will appear in the Windows networking control panel. Also notice how you can localize the entries for different markets by using different language ID tags:
         
  
  
3. A customized OEMOOBE.xml file to define the ICT task list for a particular deployment: (example of the xml file follows)
• Add custom tasks or remove un-needed ones
• Add branding and deployment-specific software
• Insert prescriptive content guidance for the specific storage configuration and wizards needed
• Or create an entire appliance-specific section (known as a “Task Group”)
• Links to configuration manuals and product information
• Opportunities to purchase more storage
• Links to OEM customer support
  
4. Resource files (.resx) will need to be updated if you are adding custom text. There are localizable versions available for all 19 languages that Windows Server 2012 supports.

After the OS image is installed, you can run Sysprep.exe /generalize to generalize the installation so that the image can be used on different servers. Immediately following the shutdown, you boot the reference computer by using a WinPE DVD image and capture the OS partition into an image file (creating a .WIM file) using dism.exe. After you have the image file, you can deploy the image by booting into WinPE on another similar system and use dism.exe to lay down the files on the boot volume. Alternatively, you could create a DVD image that can be installed by using setup.exe from the original OS media by making a copy of the media and replacing the install.wim file (located in the \Sources folder). OEMs usually license and use WinRE for their Windows recovery image, which is WinPE plus additional recovery tools.

After the image is deployed to a target system, it is ready to ship. The end user will open the box, “rack it and stack it,” and then boot the system(s).

The first set of questions include a handful of screens called “Windows Welcome”

• Product Key (if one was not specified in the unattend.xml)
• Region and language preferences
• Keyboard layout
• EULA acceptance (which could include both Microsoft and an OEM-specific EULA)
• The settings are pushed down to the other node, and after the system boots into Windows, the configuration application appears.

The Initial Configuration Task (ICT) application guides users to perform these tasks

1. Activate Windows (OEMs usually pre-activate server appliances and remove this task).
2. Set the time zone and current time
3. Configure network interfaces and IP addresses
• When in a cluster profile, the ICT will display the networking adapters and configuration UI for both systems.
4. Domain Join Wizard:
• Create the cluster management name (if using the cluster profile)
• Set computer name(s). In a cluster profile the default adds “-N1” and “-N2” to the cluster management name
• Join the domain
• Change the local administrator password(s)
• Add domain user(s) to the administrators group
5. Enable Automatic Updates
6. Turn on Windows Error Reporting
7. Join the Customer Experience Improvement Program
8. Storage Provisioning:   There are 4 different links that can be used to streamline storage provisioning. OEM OOBE deployment designers should select only the tools they need and hide the other tasks.
   
1. Create iSCSI connections by using the built-in iSCSI Initiator. These tasks are enabled by default in the cluster profile. This is for deployments that have an iSCSI Target for the backend storage.
2. The Create a Storage Pool Wizard enables storage arrays that support SMP or SMI-S, or a simple JBOD can be used to create a virtualized storage layer by using the new Storage Spaces feature.
3. The Create Virtual Disks and Volumes Wizard walks users through virtual disk creation and immediately goes into partitioning and formatting volumes. This wizard should only be used if you have a storage subsystem that supports creating storage pools in Windows as outlined above.
4. The Create Volumes Wizard goes directly into volume creation and formatting. This wizard entry point is especially useful if you are using traditional RAID and not an SMP/SMI-S or Storage Spaces pool.
   
9. Cluster validation and creation:
• This task will verify that you have an appropriate shared storage volume to be used as a disk witness for quorum voting.
• The cluster is correctly cabled, and the shared storage supports persistent reservations and can survive a failover event.
• The wizard will create the cluster and configure both nodes.
  
10. Cluster Aware Updating (CAU) enables a new cluster patching service that keeps the cluster updated without ever letting it go down by intelligently patching systems and monitoring progress while orchestrating the update process for all nodes.

 

Two-node clusters

Following is an example of a customized ICT experience for a two-node cluster that uses an SMP or SMI-S provider that supports RAID 6 and thin provisioning in the storage array. Note the following customizations:

• Contoso logo at the top and Contoso NAS in the header text
• Customized Contoso section with registration, links to make storage purchases and product documentation
• Custom storage provisioning section with prescriptive guidance for how to configure the storage.
• I removed the iSCSI Initiator links because I am not using an iSCSI array in this example.

Customization sample

To create the customized section included in the preceding picture named “Contoso NAS Registration and Product Information,” I added a little bit of XML to two files to include a new task group and three tasks in the group:

 

Now you know how easy it is to customize the XML to create special sections in the OEM Appliance OOBE. If you are doing a localized deployment, you would add localized strings to each of the locale-specific XML files, such as OEMOOBE.zh-CN.resx if you want to support Chinese Traditional.

How it works for the customer

When identical images are loaded into two systems that will be used for a cluster, the OEM Appliance OOBE sets up the machines so that either system can be used as the ‘first node.’ After the user starts the process of configuring the first node, you can configure all the settings from that console and you never have to visit the second node.

When both nodes of the cluster first power up:

1. The boot loader makes a call into the normal OOBE, which is intercepted by the OEM Appliance OOBE, and the networking stack is enabled so that the servers can communicate. The regular Windows Welcome screen is then displayed on both systems.
2. After a node is selected by the user, they choose region, language, and keyboard layouts and accept the EULA as part of the Windows Welcome UI stage. We use automation to capture all the settings to an XML file and copy it to the other node of the cluster.
3. The OOBE then launches a discovery operation to find the IP address of the second node over the internal network that was identified by using the NIC.Config file where the interface has the isClusterPrivate="true" tag attached to the network adapter that will be used for node to node communications.
4. After the IP address is identified, the selections made by the user are pushed down to the second node and registry keys are set so the nodes remember where they are in the setup process.
5. After the other node of the cluster is found and set up, the systems boot into Windows and the ICT is displayed on both nodes:
• Node 1: The ICT indicates that the cluster nodes are connected and ready to be configured.
• Node 2: The ICT tells the user to go back to the first node to finish configuring the cluster.

During the ICT we use several technologies to make it all work:

1. When you configure the networking adapters or iSCSI initiators, we use RemoteApp technology to open the iSCSI initiator UI or the networking control panel (ncpa.cpl) directly on the second node.
2. When changing the time zone or other global settings, we use Windows PowerShell remoting to synchronize both nodes.
3. When launching storage provisioning wizards, both system names are passed into the wizards so they can see and create shared storage for use by the cluster.
4. When launching the cluster validation wizard, we add an additional verification that there is a quorum disk setup so that the two-node cluster is configured to use a witness disk.

Sample script I use to configure a two-node cluster setup by using the OEM Appliance OOBE feature:
This script can be used as a template to start the process for new deployments. After you customize the preceding files, add them to the installation before your final sysprep command.

InstallOOBE.BAT

REM (Enable OEMOOBE and setup a 2-node cluster profile)

REM ****enable WinRM

powershell.exe;powershell.exe -command {Set-WSManQuickConfig -Force}

REM ****enable powershell remoting

powershell.exe;powershell.exe -command {Set-ExecutionPolicy RemoteSigned}

REM ****Install failover clustering****

powershell.exe;powershell.exe -command {;Add-WindowsFeature Failover-Clustering -IncludeManagementTools}

echo %errorlevel%

echo Failover clustering feature install complete

REM ****Install File Services****

powershell.exe;powershell.exe -command {Add-WindowsFeature File-Services}

echo %errorlevel%

echo File-Services feature install complete

REM **** Set registry keys for automatic discovery: Password must match the password used in the unattend file.

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OEMOOBE" /V RunDiscovery /t REG_SZ /d 1

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OEMOOBE" /V Password /t REG_SZ /d abc_123!

REM ****Suppress HA File Server à Removes the automatic creation of an HA file-server and hides the check-box in the wizard.

REM reg add "HKLM\Software\Microsoft\OEMOOBE" /v SuppressHAFileServer /t REG_SZ /d 1 /f

REM ****Install Remote Desktop and enable remote management from any version of Windows

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

reg add "HKLM\System\ControlSet001\Control\Terminal Server\WinStations\RDP-TCP" /v UserAuthentication /t REG_DWORD /d 0 /f

REM ****Install the OEM-Appliance-OOBE feature

dism /online /enable-feature /featurename:OEM-Appliance-OOBE

REM ****Copy in custom unattend file.

copy d:\unattend.xml c:\windows\system32\sysprep

REM ****Sysprep

%windir%\System32\Sysprep\sysprep.exe /oobe /generalize /reboot /unattend:c:\windows\system32\sysprep\unattend.xml

Exit /b

 

Cheers,
Scott M. Johnson
Program Manager
Windows File Server Team