Using VMware's clone option is half the battle
Ok, so I called customer "GL" the other day to check on how his VMware ESX farm was doing and he said "great, but I'm having a problem using the OS templates". Of course I asked, how so and thus began the adventure. Now, I'm not a Windows OS expert by any means so if I mis-speak on some of this give me some latitude, ok. Here's the scenario - VMware, via VirtualCenter, gives you the option to set up an OS template with all of your usual utilities installed (antivirus, backup agent, etc.) and then "clone" that template to make rolling out a new virtual server much faster. Well, "GL" had set up the template OS, cloned it, and then used Microsoft's NewSID utility to create a new ID for the server. He did this for seven new virtual servers he was rolling out. All was fine until he went to check the new virtual servers into his Microsoft Windows Server Update Services (WSUS) server. The first server checked in just fine, but each subsequent server replaced the former, always appearing to be the same server OS instance, but remember there are seven of them. Hmmm - odd. So, I did what any good, self-professed non-expert would do - I called a guy who I knew would have the answer. My good buddy and Microsoft Windows OS guru Jeff was on a customer site so he called me back the next day. I explained the problem to him and he provided the answer in short order. I'll spare you the technical browbeating I got from Jeff and just give you the meat of the solution. Jeff's response: "You're using the wrong tool. No, not the VMware tool, that works just fine - the wrong Microsoft tool". And then he was nice enough to explain it to "GL" and I and even sent an email with the solution (for a small price). Jeff's solution: "GL" should have been using SysPrep, not NewSID. Since there was more than just a base-OS in the template, there were other programs that needed new identities as well as the base OS and NewSID didn't do that. So here's an excerpt from Jeff's email:
=====================================================================
To be clear, before you ran Sysprep on the source workstation, you
cleared the AccountDomainSid, PingID, and SusClientId keys (if they all
exist) within the Registry as well as clicked 'Reseal' within the
Sysprep utility?
Here is a script you can run on the source workstation prior to running
Sysprep to test again.
<- CUT HERE ->
NET STOP wuauserv
REG DELETE
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v
AccountDomainSid /f
REG DELETE
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID
/f
REG DELETE
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v
SusClientId /f
NET STOP wuauserv
<- CUT HERE ->
=================================================================
Like I said - Jeff's a guru when it comes to all things Microsoft OS related and that's why my first call was to him. So, lesson learned. VMware templates are a GREAT way to roll out new Microsoft Windows Server OS based virtual servers quickly, just know that there's a little more work to be done before you push the new image into production (and add it to WSUS).
Another great day of fine customer service...
