Operating System Deployment Logs in SCCM 2007 Integrated with MDT 2010

Many times when deploying an operating system using SCCM, the task sequence fails on the client.  Most of the time, the error presented on the screen does not provide sufficient information to determine what’s failing.  This is when you need to look at the logs created by the deployment.

If you have enabled command support on your boot image, you can press F8 if the task sequence failed while in Windows PE to gain access to a command prompt.  You enable command support in the Windows PE tab of the boot image properties.

Once at the command prompt, you can look for log files.  Their location may be tricky as they move around as the deployment progresses.  For example, the smsts.log file is

  • At x:\windows\temp\smstslog in Windows PE before the hard disk is formatted (x: is a RAM drive)
  • At x:\smstslog after the disk is formatted
  • At c:\_SMSTaskSequence\Logs\SMStslog after the disk is formatted

Another important log to analyze is the bdd.log.  This log contains a summarized view of all other MDT log files.  If it is difficult in your particular scenario to have access to the target machine to press F8 and gain access to a command prompt while in Windows PE, the machine will restart and the logs will be gone.  Although it is possible to configure your deployment so the log files are copied to a network share when the task sequence completes, sometimes a failure may prevent the task sequence from reaching the step at the end with instructions to copy the files.  The following entry in your CustomSettings.ini file will copy the logs to the specified share.

SLShare=\\<serverName>\<shareName>\%OSDComputerName%

In this case, the logs will be copied to a folder in the share named after the target computer name.

When working a difficult issue with your deployment, it may be necessary to enable real time logging over the network.  If you add the instruction below to your CustomSettings.ini file, real time logging is performed on the bdd.log file on the specified share location, in addition of logging on the target computer locally.  If you open the file with the Configuration Manager Toolkit utility trace32.exe, you can view the entries being added to the log.

SLShareDynamicLogging=\\<serverName>\<shareName>\%OSDComputerName%

Once you have fixed your challenging issue, disable this dynamic logging over the network.  There’s a substantial amount of network traffic generated as every line logged requires the file to be open, the line to be written to it, and the file to be closed.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
WME Cybersecurity Briefings No. 008
Cyber Security

WME Security Briefing 03 May 2024

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack Overview The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=