Tech Off Thread

9 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Urgent: Unattended Win 2003 install & Certificate Services

Back to Forum: Tech Off
  • User profile image
    ZippyV

    Hello,
    I made a winnt.sif file that installs Windows Server 2003 Enterprise Edition together with IIS and Certificate services.
    After the installation of the OS, I go to Software -> Windows Components Setup -> Select Certificate Services -> Configure. Clicking the Configure button should normally install and configure this service but it doesn't, it looks like it just removes everything. When I open the windows components dialog, I see that the cert services is cleared (this wasn't cleared before I pressed configure).
    The only solution is reïnstalling it via this dialog but this isn't the right solution.
    I guess there is a problem with the winnt.sif file. Can someone help me out?

    Winnt.sif:
    [Data]
        AutoPartition=1
        MsDosInitiated="0"
        UnattendedInstall="Yes"

    [Unattended]
     DUDisable = No
    ; AutoActivate = Yes
     Repartition = Yes
     UnattendMode=FullUnattended
     OemSkipEula=Yes
     OemPreinstall=No
     TargetPath=\WINDOWS
     Hibernation = Yes
     WaitForReboot = No

    [GuiUnattended]
        AdminPassword=blablabla
        EncryptedAdminPassword=Yes
        OEMSkipRegional=1
        TimeZone=105
        OemSkipWelcome=1

    [UserData]
        ProductKey=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (copy b!tch protected)
        FullName="Steve"
        OrgName="6INF-GIP"
        ComputerName=gip-server

    [Display]
        BitsPerPel=32
        Xresolution=1024
        YResolution=768

    [LicenseFilePrintData]
        AutoMode=PerSeat

    [RegionalSettings]
        LanguageGroup=1
        SystemLocale=00000813
        UserLocale=00000813
        InputLocale=0813:00000813

    [Identification]
        JoinWorkgroup=werkgroep

    [Networking]
        InstallDefaultComponents=No

    [NetAdapters]
        Adapter1=params.Adapter1

    [params.Adapter1]
        INFID=*

    [NetClients]
        MS_MSClient=params.MS_MSClient

    [NetProtocols]
        MS_TCPIP=params.MS_TCPIP

    [params.MS_TCPIP]
        DNS=Yes
        UseDomainNameDevolution=No
        EnableLMHosts=Yes
        AdapterSections=params.MS_TCPIP.Adapter1

    [params.MS_TCPIP.Adapter1]
        SpecificTo=Adapter1
        DHCP=Yes
        WINS=No
        NetBIOSOptions=2

    [TapiLocation]
        CountryCode=32
        Dialing=Tone

    [Components]
     AccessOpt = Off
     Appsrv_console = On
     Aspnet = On
     AutoUpdate = On
     BitsServerExtensionsISAPI = Off
     BitsServerExtensionsManager = Off
     Calc = On
    ;------------------
     Certsrv = On
     Certsrv_client = On
     Certsrv_server = On
    ;------------------
     Charmap = Off
     Chat = Off
     Clipbook = Off
     Complusnetwork = Off
     Deskpaper = Off
     Dialer = Off
     Dtcnetwork = On
     Fp_extensions = On
     Fp_vdir_deploy = Off
     Hypertrm = Off
     Iis_asp = On
     Iis_common = On
     Iis_ftp = Off
     Iis_inetmgr = On
     Iis_internetdataconnector = On
     Iis_nntp = Off
     Iis_serversideincludes = On
     Iis_smtp = On
     Iis_webadmin = On
     Iis_webdav = On
     Iis_www = On
     Iis_www_vdir_scripts = Off
     Indexsrv_system = Off
     Inetprint = Off
     Licenseserver = Off
     Media_clips = Off
     Media_utopia = Off
     Mousepoint = Off
     Msmq_ADIntegrated = Off
     Msmq_Core = Off
     Msmq_HTTPSupport = Off
     Msmq_LocalStorage = Off
     Msmq_MQDSService = Off
     Msmq_RoutingSupport = Off
     Msmq_TriggersService = Off
     Mswordpad = On
     Netcis = Off
     Netoc = Off
     Objectpkg = Off
     Paint = On
     Pop3Admin = Off
     Pop3Service = Off
     Pop3Srv = Off
     Rec = Off
     Reminst = Off
     Rootautoupdate = On
     Rstorage = Off
     Templates = Off
     TerminalServer = Off
     TSWebClient = Off
     Vol = Off
     WBEMSNMP = On
     Wms = Off
     Wms_admin_asp = Off
     Wms_admin_mmc = Off
     Wms_isapi = Off
     Wms_server = Off

    [InternetServer]
     DisableWebServiceOnUpgrade = False
     PathWWWRoot = C:\Inetpub\Wwwroot

    [CertSrv_Server]
     CAType = StandaloneRoot
     HashAlgorithm = SHA1
     KeyLength = 128
     Name = CAGIP
     SharedFolder = %SYSTEMDRIVE%\CAConfig
     UseSharedFolder = Yes
     ValidityPeriod = 6
     ValidityPeriodUnits = Years

    [Homenet]
     InternetConnectionFirewall = params.Adapter1

    [PCHealth]
     ER_Display_UI = 1
     ER_Enable_Applications = All
     ER_Enable_Kernel_Error = 1
     ER_Enable_Reporting = 1
     ER_Enable_Windows_Components = 1
     ER_Exclude_EXE1 = notepad.exe
     ER_Force_Queue_Mode = 1
     ER_Include_MSApps = 1
     ER_Include_Shutdown_Errs = 1
     RA_AllowFullControl = 1
     RA_AllowToGetHelp = 1
     RA_AllowUnsolicited = 0
     RA_MaxTicketExpiry = 600

    [URL]
     Home_Page = http://localhost/mandrashee/

  • User profile image
    prog_dotnet

    The computer saves any entries that you specify in the CertSrv_Server section, and processes them only after you restart to configure Certificate Services. They do not process during the Windows setup process

  • User profile image
    ZippyV

    After the graphical setup, the computer reboots automatically, but doesn't start configuring certificate services. An extra reboot also didn't help.

  • User profile image
    prog_dotnet

    Wel, the root cert is supposed to be created during the install of certificate services, so I assume that some of the parameters need to be configured prior to the install using the CAPolicy.inf file

    like:

    [Version]
    Signature= "$Windows NT$"

    [Certsrv_Server]
    RenewalKeyLength=2048
    RenewalValidityPeriod=Years
    RenewalValidityPeriodUnits=16

    [CRLDistributionPoint]
    Empty=true

    [AuthorityInformationAccess]
    Empty=true

  • User profile image
    ZippyV

    Strange, the documentation doesn't mention anything of the CAPolicy.inf file and most of the information about the root certificate is already in my winnt.sif file.

    I did notice that after I install Cert Serv manually, in the "My Server" dialog it shows now "File Server". With the possibility of managing shared folders. Could that be problem? The sharing folders and file server stuff that is not yet installed?

    BTW: you switched Period and PeriodUnits in your inf. I've looked it up and Period is a numerical value,  PeriodUnits is Years, Months, Weeks, Days.

  • User profile image
    prog_dotnet

    ZippyV wrote:

    BTW: you switched Period and PeriodUnits in your inf. I've looked it up and Period is a numerical value,  PeriodUnits is Years, Months, Weeks, Days.

    Sorry about that..thanks for correcting me...

    I have a faint memory of a message box asking to temporary stop the iis service during install of cert services. 
    Your winnt.sif doesnt take that under account, hence the failed install 

    SippyV wrote:


    I did notice that after I install Cert Serv manually, in the "My Server" dialog it shows now "File Server". With the possibility of managing shared folders. Could that be problem? The sharing folders and file server stuff that is not yet installed?


    I cant explain that one...but it sounds like a faulty install. have you tried to replicate this "abnormality"?
     
    Some words about the documentation...I find it difficult getting some good info on unattended install of the cert service. tried the normal search procedures with no luck..

    I would recomend removing all cert service entries in the sif, and install the box with IIS first, and then add cert services manually later.....
    I know, that is not what you wanted to do, but a working box is better than an non functioning,

    by the way... World Wide Web Service  are required if you want the CA Web enrollment stuff to function correctly.

  • User profile image
    ZippyV

    [I got an error while posting this message, but it seems like it was posted correctly. See original version below.]

  • User profile image
    ZippyV

    Let me clarify the Manage this Server dialog situation:
    Before installation of cert services I get to see:
       - Application server (logical as IIS and ASP.NET is required in my winnt.sif)

    After the installation of cert services I get an extra 'server':
       - Application server,
       - File Server (cert serv needs shared folders).

    Could it be that I have to enable a component in the [components] section that will install the shared folders?
    If not I assume this problem is a bug. But what do I have to do then?

    I just tried pressing that config button again in the server dialog while watching the time and event, this is what happened in the same minute that I pressed the button:
       Source:     ESENT
       Type:       Information
       Event-id:   101
       Description: svchost (924) The database-engine has stopped.
       FileName:   ESENT.dll
       FileVersion:5.2.3790.0

    When I click on the link to get more info, the support center says there is no info available.
       

  • User profile image
    ZippyV

    bump

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.