4

I have been working on configuring a network bootable virus removal suite, and I am using the Windows Defender WinPE iso generated from using this 64-bit tool. The tool downloads and creates an ISO for you. I extract the ISO in order to get the source boot.wim file and I make the following edits with the DISM tool:

  • Mount the WIM file locally using DISM
  • Remove bootfix.bin file (Removes "Press Any Key to Boot from CD/DVD.." message)
  • Drop two files, mpam-fex64.exe & FilesList64.dll into the root of the wim file (Most current definitions at time of downloading)
  • Add generic networking drivers to allow older machines to get a DHCP address
  • Commit changes to WIM file and unmount it

Once all that is done, I transfer the boot.wim file to my Windows Deployment Server and add it as a boot image. Clients are now able to boot into the environment, here is the process:

Client Network Boot > DHCP Request > PXE Boot Screen > Windows Deployment Services > Virus Removal Environment

Once the client machine is booted into this environment, you can scan your computer or update the virus definitions, but any time I try to update the definitions, it fails due to a network error and gives me the error code 0x80004005.

Things I have tried:

  • Putting Client machine on an outside VLAN (results in 0x80072ee7 error code)
  • Using ipconfig /release & ipconfig /renew while in the environment
  • Disabling the firewall via command line while in the environment
  • Giving the program / user accounts involved write access to the WDS Server
  • I wrote a script that automatically downloaded new updates, injected them into the image, and re-uploaded it to the server. But for whatever reason, each time this would occur it would fatten the WinSxS folder by ~80mb, so this quickly grew to an unreasonable size.

Any research of the two error codes given has been somewhat unsuccessful, they seem to be more of general windows update / networking errors. Unless someone is seeing something I didn't.

So with all of that given information, my question is: Why is my Network Bootable WDO environment not able to update?

Any insight is appreciated, let me know if you need additional information

Callen L
  • 83
  • 9
  • Are network drivers installed in that environment? – Canadian Luke Dec 15 '13 at 01:16
  • @CanadianLuke, Yes, network drivers were injected into the environment, and I can verify that the machine is receiving a valid DHCP address through the command prompt available – Callen L Dec 16 '13 at 14:04
  • Does it still grow by 80mb per update if you export-image to a new wim container (leaving behind replaced or removed files). `Dism /Export-Image /SourceImageFile:install.wim /SourceIndex:1 /DestinationImageFile:install2.wim` – Knuckle-Dragger Dec 24 '13 at 20:56
  • My guess is it's the definitions, since mine worked and yours didn't. Perhaps it thinks you want to use those (read-only?) definitions no matter what? – Katherine Villyard Jan 01 '14 at 16:06

1 Answers1

2

This was such an AWESOME idea that I had to try it myself. What I did was:

  1. Open the iso to get the boot.wim file.
  2. Mount the wim locally.
  3. Inject a bunch of drivers offline for my environment. (Not just older drivers, all of them.)
  4. Drop the mpam-fex64.exe file into the top level of the wim.
  5. Unmount the wim.
  6. Add it to the WDS boot options.

Mine works flawlessly, successfully updating the definitions and auto-running Windows Defender without making me press a key. I'm going to guess that either you're missing a network card driver or that something else got mangled while you were adding and removing files, as those are the only things we did differently.

Katherine Villyard
  • 18,550
  • 4
  • 37
  • 59