WIE/WinPE Incorrect Login


  • Hi,

    I primarily used clonedeploy (and recently upgraded to Theopenem) for image management/deployment. I had an issue with clonedeploy that still appears to be present in Theopenem when trying to image certain models of laptops or desktops. I don't think it is driver-related because in the WinPE environment I can ping the deployment server. Basically what is happening is that the credentials used to log into the environment aren't working, but only on certain models of machines (for example, Lenovo Thinkbook 15 and Surface Laptop 3). I mounted the generated WinPE WIM and looked at the wie-start.ps1 script. I can confirm that the web.txt URL is correct so it appears to be trying to authenticate against the right address. It's just odd that the same set of credentials will work on one device but not another.

    Is there anything I can adjust in the wie-start.ps1 script to get more detailed info about what the error possibly is? Or possibly bypass authentication all together (our imaging lab is totally isolated from everything and physically access-controlled). Running out of ideas.

    Also - side note - is universal token login still supported? I see in the wie-start.ps1 the option to place a uToken.txt file inside system32 on the WIM, but I'm not sure which token to put there. Putting the global imaging token doesn't allow login either.

    Thanks for any assistance. Really enjoyed this product over the years.

    Oh - forgot to mention. This happens regardless of if I PXE boot or use the SuperISO USB.


  • In my experience, this is a driver issue. It seem strange but the nic is not working 100% correctly. That's what the universal token does not work either. Have you tried adding the drivers in inf format when building the WIE?


  • @theopenem_admin Yes - I actually just did this. I downloaded the manufacturer specific NIC driver and added to the WIM. Same result. I know that the process of adding the drivers to the WIM works because we've had some model laptops that failed to acquire an IP in the WinPE and worked after driver addition.

    I ran wireshark on the client com server and compared the results for a working machine vs the non-working ones. The non-working ones will send a GET request to http://x.x.x.x:8888/clientImaging/Test , receive the "True" response, then reset the connection. The working ones proceed to login after they receive the "True" text response.

    I'm going to try to see if adding a delay after the first request changes anything, but I'm not hopeful. Interestingly enough the machines that aren't working aren't working with the LIE either (but I don't use this often).


  • Have you ever tried a usb nic with these models? Still seems driver related to me. What was the error with the LIE?


  • @theopenem_admin With LIE it never finishes loading initrd.xz on these models, but works on other ones. I'll see if I can find a generic USB NIC to test with. We did order a Lenovo dock with these models - I added that specific driver package to WinPE and it is detected, but same error - incorrect login.

    Is the universal token the "global imaging token" or something else?

    EDIT: I was able to get this to work by generating a new global imaging token and placing that in the WinPE wim. Extremely strange to me that normal user/pass authentication is not working on certain devices. For simplicity I created another account with no special characters as well. Universal token works better for my needs anyway so I'm happy with that. Thank you for your help.


  • @edwinjamess Can you show me how to put in the universal token into the image? I'm having the same issue, regardless of the username and passwords I put in or any new users I created. Thanks.


  • @theopenem_admin I tried what you proposed about putting in the actual nic driver into the wim driver folder and I'm still getting "Incorrect Login"

    Thanks


  • having same issue, what was the full fix for the issue


  • @kdancause @QW Sorry for the late response guys. You need to go into the web console under admin settings -> security and get your "global imaging token." If you don't have one, you can hit the action menu up top and generate one. Once you have that, you can either edit the batch file that creates the WinPE media to include that (set UniversalToken=), or if you have already generated one, you can mount the WIM with dism and edit the uToken.txt file that is in \Windows\System32 to include the universal token you grabbed earlier.

    This was the only way I could get past the login screen on several devices, including Surface Laptops and Lenovo Laptops. Hope this helps.


  • @edwinjamess Thank you, tested it and everything is working now.


  • Hello. I know this is an old post but I am having the same issue. I saw the "fix" but it wasn't clear to me. Can you please clarify the global token thing?

    Thx


  • @dhdag22 No worries. Which part specifically? It's been a while but I read through my comment above and that is what I remember doing. Do you need help generating the token? Or adding it to the pre-boot WIM?


  • @edwinjamess appreciate the quick response. We still use Clonedeply at my workplace. Haven't upgraded to Theopenem as of yet. We image from a USB boot drive. I already have a WinPE boot drive created. But I'm getting the login error when I try to image our new HP model. I don't see an option to create a token in Clonedeply under security. Also, where is the wim file be located? I'm kinda new to dealing with those files. We've been imaging with the Linux based boot drive. It's been pretty straight forward.

    Thx


  • I'm guessing you are moving to WinPE because you are having issues with the LIE. The better option is probably to move to Theopenem


  • @theopenem_admin @DHDAG22 Agreed. The migration wasn't too difficult either and might be even easier now than it was a year ago.

    To answer your question though, it's called "universal token" under security in clonedeploy. We PXE boot everything but I assume that the WinPE USB is just an extracted WIM, so you'd copy that universal token from your server add that to the file under \Windows\System32\uToken.txt.

    But I do suggest that you upgrade. I only use Theopenem for imaging and I still think it was worth the upgrade.


  • @theopenem_admin LIE? Is this in reference to Linux?


  • yes it is


  • @theopenem_admin then yes. That is why. Can theopenem be installed on the same box until the setup is done?


  • @theopenem_admin also, can theopenem update be installed on top of clonedeploy or do I have to install the full version?


  • The automated installer won't work correctly if CloneDeploy is installed. It should be a clean Windows install.