Imaging servers using MDT - Bigfix Patches

Usage and Config Platform
1

Hello, I was wondering if someone has experience this issue or if this is an issue at all.

Scenario

  1. 2016 servers gets built using a Vanilla CD.
  2. BigFix Client gets installed
  3. Bigfix Patches the client using latest baseline
  4. Server All OK
  5. Follow the instructions to reimage with Bigfix client on which are:
    Stop the client in the Windows services dialog.
    Remove the registry values “RegCount”, “ReportSequenceNumber”, and “ComputerID” (if they exist) at,
    “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions”.
    Delete the “__BESData” folder in the BigFix Client installation folder
    (default is “C:\Program Files\BigFix Enterprise\BES Client”).
    Delete the KeyStorage folder in the BigFix Client installation folder.

Now we create the image using MDT.

With the image we built a new server
The server gets built correctly
The server has the BES client on
The server registers correctly to the BES server

However the Bigfix Server wants to install all the patches that are already in the server (done in point 3 above)

Why will Bigfix find those patches relevant?, is there anything else I need to do before imaging so that Bigfix carries the patching information with it?

Thanks.

2

We’d probably need to know exactly which fixlets are evaluating relevant on the deployed machine, and then start debugging each of the relevance clauses to determine why the patches are relevant.

If the fixlets are succeeding on the deployed machine, that implies that the patches are in fact needed again (if it were a relevance logic error, the patches should fail with code 17025 indicating the patch is already installed).

It may be that something in the sysprep & capture process is reverting a patch.

1 Like
3

The other thing that might be a good idea is to install BigFix without BigFix starting up by specifying a command, then have BigFix run for the first time after reboot so that BigFix doesn’t get up and running during the WinPE stage of MDT process.

See here: Install BigFix without starting the service on Windows+Mac