We are in the process of provisioning new Hyper-V hosts in our SCVMM 2019 environment. WDS is in place. The boot image is created with this script:
$mountdir = "c:\mount" $winpeimage = "\\wdsserver\c$\RemoteInstall\DCMgr\Boot\Windows\Images\boot.wim" $winpeimagetemp = $winpeimage + ".tmp" $path = "\\fileserver\vmm-library\HPE\ProLiant\Drivers\storage\" mkdir "c:\mount" copy $winpeimage $winpeimagetemp dism /mount-wim /wimfile:$winpeimagetemp /index:1 /mountdir:$mountdir dism /image:$mountdir /add-driver /driver:$path /Recurse Dism /Unmount-Wim /MountDir:$mountdir /Commit publish-scwindowspe -path $winpeimagetemp -verbose del $winpeimagetemp
De baremetal deployment starts the deep discovery, the machine starts via PXE the WinPE boot image. When the step to register the host to VMM is initiated, the installation halts with this error:
In the vmmAgentPE.exe.log we see:
0B00.0B40::11/26-13:42:01.936#00:DeepDiscoveryDataReader.cpp(888): <--CDeepDiscoveryDataReader::GetDeepDiscoveryData0B00.0B40::11/26-13:42:01.936#00:RegUtils.cpp(272): RegGetVariantValue [Software\Microsoft\Microsoft System Center Virtual Machine Manager Agent\Settings]\[BareMetalRegistrationService]
0B00.0B40::11/26-13:42:01.936#00:NativeWSChannel.cpp(20): ==>WSUtility::NativeWebServiceChannel::NativeWebServiceChannel
0B00.0B40::11/26-13:42:01.936#00:NativeWSChannel.cpp(20): <--WSUtility::NativeWebServiceChannel::NativeWebServiceChannel
0B00.0B40::11/26-13:42:01.936#00:NativeWSChannel.cpp(133): ==>WSUtility::NativeWebServiceChannel::RegisterClient
0B00.0B40::11/26-13:42:01.936#00:NativeWSChannel.cpp(376): ==>WSUtility::NativeWebServiceChannel::CreateCertTokenMessageSecurityBinding
0B00.0B40::11/26-13:42:01.983#00:NativeWSChannel.cpp(376): <--WSUtility::NativeWebServiceChannel::CreateCertTokenMessageSecurityBinding
0B00.0B40::11/26-13:42:01.983#00:NativeWSChannel.cpp(543): ==>WSUtility::NativeWebServiceChannel::CreateSSLTransportSecurityBinding
0B00.0B40::11/26-13:42:01.983#00:NativeWSChannel.cpp(543): <--WSUtility::NativeWebServiceChannel::CreateSSLTransportSecurityBinding
0B00.0B40::11/26-13:42:17.073#00:NativeWSChannel.cpp(207)[000000433447EE: ThrowOnFailure : 803d000a. Operation attempted WSHttpBinding_IPhysicalMachineRegistrationService_RegisterPhysicalMachine( get(m_wsProxy), identifier, data, get(m_wsHeap), 0, 0, 0, get(m_wsError))
0B00.0B40::11/26-13:42:17.073#00:exceptions.cpp(97)[000000433447EE: CarmineException::CarmineException: CarmineError: 1051488, hr: 0x803d000a
0B00.0B40::11/26-13:42:17.073#00:NativeWSChannel.cpp(580): Failure: errorCode=0x803d000a
0B00.0B40::11/26-13:42:17.073#00:NativeWSChannel.cpp(601): An unsecured fault was received on a secure channel.
0B00.0B40::11/26-13:42:17.073#00:NativeWSChannel.cpp(601): A security header with local name 'Security' and namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was required, but was not present in the message. The sender may not have been configured with message security.
0B00.0B40::11/26-13:42:17.073#00:NativeWSChannel.cpp(133): <--WSUtility::NativeWebServiceChannel::RegisterClient
On the VMM server, we see (via wireshark) that traffic is initiated from the WinPE on the to-be-HyperV server to the VMM server over tcp 8103 (time sync) :
POST /DataCenter/BareMetalDeployment HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
User-Agent: MS-WebServices/1.0
SOAPAction: "http://Microsoft.EnterpriseManagement.DataCenterManager/IPhysicalMachineTimeSyncService/GetServerUTCFileTime"
Content-Length: 181
Host: vmmserver.domain.local:8103
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetServerUTCFileTime xmlns="http://Microsoft.EnterpriseManagement.DataCenterManager"/></s:Body></s:Envelope>HTTP/1.1 200 OK
Content-Length: 294
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 26 Nov 2019 13:41:57 GMT
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetServerUTCFileTimeResponse xmlns="http://Microsoft.EnterpriseManagement.DataCenterManager"><GetServerUTCFileTimeResult>132192493178480559</GetServerUTCFileTimeResult></GetServerUTCFileTimeResponse></s:Body></s:Envelope>
and then some traffic over TCP 8101 (SSL scrambled, 10 client pkts, 3 server pkts, 5 turns, 12kb data in total).
What can be the cause of this issue? After troubleshooting already for some days, the only thing I can think of that is not correct is the time within the WinPE boot session (exact 7 hours offset). I already tried injecting the correct timezone in the image but it doesn't help.
What can I do to further troubleshoot this? Thanks for your replies!
You know you're an engineer when you have no life and can prove it mathematically