ImagePathcher.ps1: You cannot call a method on a null-valued expression

In my environments, I use MDT and/or WDS in many cases. Here is always the problem of updating images, because it takes a lot of time. For this reason, I was looking for a script, which would do the same work as I, but without losing my time.
Imagepatcher PowerShell script from CodePlex (http://imagepatcher.codeplex.com) was the perfect solution for me, but not in the last months. I think that the problem occurred after I upgraded my environment to Windows Server 2012, but I am not sure. Anyway, when I tried to execute the script, I received the error that there is something wrong with the saving of downloaded files. I analyzed the script and found that something is not working properly when combining the name from few variables.
I repaired the issue and you can download the new imagepatcher.ps1 from here.

imagepatcher.zip (36.63 kb).

Replacing OS image in MDT 2012

Days ago I had a problem on one of MDT”s. There were installed OS images for some Windows 7 systems without SP1. Because I use the ImagePatcher PowerShell script to offline update all images, and there is no way to install SP1 with offline updating, I tried to delete the images and update new ones directly from DVD.
In that moment I had a problem with task sequences, because they lose OS images to install.
This problem can be solved very easy, with few clicks. You must open the desire task sequence and go to the tab Task sequence. You can find there the task “Install operating system”. In this task you have just to browse the right system you want to install.

 

.

How to enable the DaRT functionality in the MDT 2012

In the MDT version 2012 is possible to integrate the DaRT in boot images, created in MDT. This functionality is native, but some additional steps must be done.
For the first thing you have to download the Microsoft Desktop Optimization Pack 2011 R2 from Microsoft TechNet and install the DaRT on your computer. Of course you need a x32 and x64 computer if you want to use both versions, 32 and 64bit version. When you will install the DaRT, you will install also the DaRT Remote Connection Viewer and you can use it for later connections to other computers.

The second step is to copy the file Tools.cab from the folder C:Program FilesMicrosoft DaRT 7v7 to  the server folder Deploytoolsx64 or (and) x86, where Deploy stands for Deployment Share path. I’ve attached both tools.cab files if you don’t want to install the DaRT on your computer, or you don’t have 32 and 64 bit versions of OS. You just rename both tools32.cab and tools64.cab to tools.cab, after copying them on the server.
At this point most is done. You have to restart the MDT console if it is open,then you must go to deployment share properties,and check the DaRT integration on WinPE tab.

Be sure, that you enable the checkbox on both versions.

The last thing to do is rebuild the boot images and import them into WDS and other boot devices.

Tools32.cab (3.24 mb)

Tools64.cab (3.64 mb)

.

Upgrade from MDT 2010 to MDT 2012

Now is available a new version of MDT and of course there are new functionalities and new options. For this reason it is normal to upgrade it. There is no support to direct upgrade, but is very easy to upgrade it.
For the first thing, you have to uninstall the old version. You can uninstall it with default options, but be careful with deployment shares. You will need them in the future.
The second thing is a normal installation of MDT 2012. Then you have to start it. There you will see (or you will be able to import) all deployment shares, but they are not yet functional. They need to be upgraded.
Right click to any share and select the option upgrade. The share will be now present normally to the MDT and you will probably think that everything is OK, but if you try to use it, you will have problems. This is because you are still using the old boot image and this is the last step you have to do. You must rebuild all boot images and change them in WDS and other boot devices. I suggest, that in this step you select “Completely regenerate image”. You must have in mind that the version of MDT is changed and there are possible a lot of differences in the boot images.
That’s all. Make it a good use..

How to configure SSTP VPN on SBS 2011

Many times, in small companies, we need connectivity to internal network from anywhere. The easiest way to establish that connectivity is VPN network via SSTP protocol. In this case, we only need to open the port 443 (which is already open in SBS) and public a trusted certificate. There is a difference with PPTP VPN, because this type of VPN connection requires the port 1723, which is not always open (I mean airports, hotels, …).
Now we know why we can choose the SSTP connection. Let’s see what are special requirements for SSTP:

  • it is supported only by Windows Vista SP1 or newer OS,
  • a public trusted certificate for HTTPS traffic must be installed on SBS (it exists also a workaround with self-sign,but I don’t recommend it).

This type of VPN is not native supported to be configured from the SBS console. We must do this  with few more steps, but is not so difficulty and I think everyone can do it:

  • For the first thing, we have to enable the VPN connections in the SBS console. Of course here we will configure the PPTP VPN, as this is the only scenario supported in the SBS console.For the same reason we will receive a warning, that we must open the port 1723 on router, but this is not necessary if we want to use only the SSTP VPN. You can ignore the router configuration.
  • We have to continue the configuration in Routing and Remote Access, where we must enable the desired number of ports. We enable this by clicking the right button on Ports and we select Properties.At this point we will see a window, where we have to select WAN Miniport (SSTP) and click Configure. Here we must enable Remote Access connectionand setup the desired number of SSTP connections.In most cases you have to do this step twice. For an unknown reason to me, after you click OK, the check mark on Remote access connections will disappear. The final view must be like this one (depends on the number of connections).
  • From now we will work in the command prompt (don’t forget to run it as Administrator) and we will do the correct installation of certificates, we need to establish the sessions. At the beginning, we want to know how the certificates are installed now. We can check this with the command netsh http show ssl.As you can see, on the port 443, there is installed a certificate only on the IPv4 protocol. A certificate hash must be the same as on our public trusted certificate (you can check this in the mmc). The second thing we see, is that is used the wrong Application ID for establishing the SSTP VPN. The current Application ID is from the TS Gateway; for the SSTP it must be BA195980-CD49-458b-9E23-C84EE0ADCD75.
  • We have to change the Application ID. First we must delete the current certificates form the 443 port with the command netsh http delete sslcert ipport=0.0.0.0:443. If we find an installed certificate also on IPv6, then we must uninstall also this one: http delete sslcert ipport=[::]:443.
  • Now we must install the certificates on the IPv4 and the IPv6 to the right Application ID with the commands netsh http add sslcert ipport=0.0.0.0:443 certhash=certificate_hash appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY for the Ipv4 and netsh http add sslcert ipport=[::]:443 certhash= certificate_hash appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY for the IPv6. Of course the certificate_hashis the hash of our public trusted certificate – the same we uninstalled previously and used for RWW and OWA.
  • In the end we have to restart some services. Here we have more services, which depend on each other. The simplest way to restart all of them is using the command net stop sstpsvc to stop and net start remoteaccess to start them.
  • The only thing now we have to do is to test, if everything is OK. This can be done by connecting to the application web site. We open the Internet Explorer and connect to the address https://remote.sbsdomain.com/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75, where remote.sbsdomain.comis a public internet address to connect to yours SBS server. The page must be blank, without any content!

This is all. If you have any problem, of course, you can do this process more times, but be careful to check the two registry keys:
HKLM System CurrentControlSet Services Sstpsvc Parameters Sha256CertificateHash
HKLM System CurrentControlSet Services Sstpsvc Parameters Sha1CertificateHash
This two keys should not be there, but if they are there, you can simply delete them.
.