SCCM | Intune | Windows 365 | Windows 11 Forums

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members. Please post your questions in the correct category.

SOLVED Secure Network Issue - Windows 10 Migration - MDT only

Abhishek Singh

New Member
Messages
2
Points
1
Hello Everyone,

We are setting up windows 10 Migration infra for one of our clients. It went through without any issues on a regular network, however, we were asked to test the same on the secured network as well.

Unfortunately, it did not work the secured network so called 802.1x, this is the first time we have come across this scenario.



In our deployment scenario, we have an MDT Server only. We are initiating the migration task sequence deployment (On Windows 7 machine- in OS mode) by accessing the deployment share over the network via LTIApply.wsf under script folder.

Everything works fine until the machine is rebooted to PE mode. Once the machine gets into PE mode it does not get the IP address due to the secure network. After going through multiple blogs below are the things that we tried, but no luck till now.



1. WinPE Generated adding additional features( IEEE 802.1x, .Net Framework)

2. Injected Windows6.1-KB972831-x64.msu in WinPE

3. Automated script to start service dot3svc

4. Exported Root certificate from existing client machine and added in WinPE through Script

5. Included LAN profile in WinPE, which was extracted from existing Client.



I have no clues what else I can try to get this working. Please let me know if anyone of you has gone through the same or ever worked on the same kind of scenario.



Please let me know if something else needs to be in place to get this working.

Thanks in advance
 
Once the machine gets into PE mode it does not get the IP address due to the secure network
If all the appropriate drivers are added then the machine should at-least get the IP address from DHCP server. That is where the further troubleshooting can done. Can you first check why the clients are not getting the IP address ?.
 
Hello Prajwal,

Thanks for the reply.

We have included all required drivers in WinPE.The reason machine is not getting the IP address is due to the secure network. In the secured network, DHCP waits for the authentication from AD before providing the IP address to the machine. It looks for some machine level certificate that needs to be there in WinPE to get it verified from AD. Once AD approves the machine then only DHCP will provide the IP address to the machine. We are unable to detect which certificates we need to include in WinPE to get the approval from AD for IP address. Our client is using 802.1x to implement the secure network.

Please correct me if I am wrong.
 
Back
Top