Also, the script does seem to work. If I set this step to continue on error, it goes through and the network settings are applied.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike Sent: Thursday, November 17, 2016 1:07 PM To: mssms@lists.myitforum.com Subject: [mssms] Odd exit code during OSD I've Googled, but haven't found any definitive answers. We have some ports that used wired NAC and computers connected to these ports require special network settings in order to connect. We're trying to change these settings during OSD with package that contains a PowerShell script (shown below). But, I'm getting this error and odd exit code in smsts.log: Executing command line: Run Powershell script RunPowerShellScript 11/17/2016 12:33:23 PM 1012 (0x03F4) Running as Admin RunPowerShellScript 11/17/2016 12:33:25 PM 1012 (0x03F4) Process completed with exit code 4294967295 RunPowerShellScript 11/17/2016 12:33:27 PM 1012 (0x03F4) Command line returned 4294967295 RunPowerShellScript 11/17/2016 12:33:27 PM 1012 (0x03F4) ReleaseSource() for C:\_SMSTaskSequence\Packages\CMC00252. RunPowerShellScript 11/17/2016 12:33:27 PM 1012 (0x03F4) reference count 1 for the source C:\_SMSTaskSequence\Packages\CMC00252 before releasing RunPowerShellScript 11/17/2016 12:33:27 PM 1012 (0x03F4) Released the resolved source C:\_SMSTaskSequence\Packages\CMC00252 RunPowerShellScript 11/17/2016 12:33:27 PM 1012 (0x03F4) Process completed with exit code 4294967295 TSManager 11/17/2016 12:33:27 PM 2936 (0x0B78) !--------------------------------------------------------------------------- -----------------! TSManager 11/17/2016 12:33:27 PM 2936 (0x0B78) Failed to run the action: Configure Wired NAC. Unknown error (Error: FFFFFFFF; Source: Unknown) TSManager 11/17/2016 12:33:27 PM 2936 (0x0B78) What little info I could find makes me think this might because the system needs to restart, but I'm not sure. Code below: param([switch]$Elevated) function Test-Admin { $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent()) $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator ) } if ((Test-Admin) -eq $false) { if ($elevated) { # tried to elevate, did not work, aborting } else { Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition)) } exit } 'Running as Admin' $CreateProfile = @" <?xml version="1.0"?> <LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1"> <MSM> <security> <OneXEnforced>false</OneXEnforced> <OneXEnabled>true</OneXEnabled> <OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> <cacheUserData>true</cacheUserData> <maxAuthFailures>1</maxAuthFailures> <authMode>machineOrUser</authMode> <EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorT ype xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><Autho rId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMet hod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> <Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1">< ServerValidation><DisableUserPromptForServerValidation>true</DisableUserProm ptForServerValidation><ServerNames>chi-cppm-vip.csuchico.edu</ServerNames><T rustedRootCA>06 c9 cf ed a6 99 76 d1 b9 c2 b5 23 49 0d a4 76 d9 dc 3a 5a </TrustedRootCA><TrustedRootCA>02 fa f3 e2 91 43 54 68 60 78 57 69 4d f5 e4 5b 68 85 18 68 </TrustedRootCA></ServerValidation><FastReconnect>false</FastReconnect><Inne rEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> <Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1" ><UseWinLogonCredentials>true</UseWinLogonCredentials></EapType></Eap><Enabl eQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false< /RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">t rue</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">t rue</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostCon fig></EAPConfig> </OneX> </security> </MSM> </LANProfile> "@ $CreateProfile | Out-File -FilePath C:\windows\Temp\profile.xml $CreateBat = @" @echo off ::(Starts Wired Service) net start dot3svc sc config dot3svc start= automatic ::(Removes and adds Ethernet Profile) netsh lan delete profile interface=e* netsh lan add profile filename=C:\windows\Temp\profile.xml interface=e* "@ $CreateBat | Out-File -FilePath C:\windows\Temp\loadprofile.bat -enc ascii $LoadingProfile = & "C:\windows\Temp\loadprofile.bat" stop-process -Id $PID #Read-Host -Prompt "Press Enter to exit" Best Regards, Mike Murray Desktop Engineer/IT Consultant - IT Support Services California State University, Chico 530.898.4357 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu Remember, Chico State will NEVER ask you for your password via email! For more information about recognizing phishing scam emails go to: http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml
smime.p7s
Description: S/MIME cryptographic signature