WIE/WinPE Incorrect Login
I primarily used clonedeploy (and recently upgraded to Theopenem) for image management/deployment. I had an issue with clonedeploy that still appears to be present in Theopenem when trying to image certain models of laptops or desktops. I don't think it is driver-related because in the WinPE environment I can ping the deployment server. Basically what is happening is that the credentials used to log into the environment aren't working, but only on certain models of machines (for example, Lenovo Thinkbook 15 and Surface Laptop 3). I mounted the generated WinPE WIM and looked at the wie-start.ps1 script. I can confirm that the web.txt URL is correct so it appears to be trying to authenticate against the right address. It's just odd that the same set of credentials will work on one device but not another.
Is there anything I can adjust in the wie-start.ps1 script to get more detailed info about what the error possibly is? Or possibly bypass authentication all together (our imaging lab is totally isolated from everything and physically access-controlled). Running out of ideas.
Also - side note - is universal token login still supported? I see in the wie-start.ps1 the option to place a uToken.txt file inside system32 on the WIM, but I'm not sure which token to put there. Putting the global imaging token doesn't allow login either.
Thanks for any assistance. Really enjoyed this product over the years.
Oh - forgot to mention. This happens regardless of if I PXE boot or use the SuperISO USB.
In my experience, this is a driver issue. It seem strange but the nic is not working 100% correctly. That's what the universal token does not work either. Have you tried adding the drivers in inf format when building the WIE?
@theopenem_admin Yes - I actually just did this. I downloaded the manufacturer specific NIC driver and added to the WIM. Same result. I know that the process of adding the drivers to the WIM works because we've had some model laptops that failed to acquire an IP in the WinPE and worked after driver addition.
I ran wireshark on the client com server and compared the results for a working machine vs the non-working ones. The non-working ones will send a GET request to http://x.x.x.x:8888/clientImaging/Test , receive the "True" response, then reset the connection. The working ones proceed to login after they receive the "True" text response.
I'm going to try to see if adding a delay after the first request changes anything, but I'm not hopeful. Interestingly enough the machines that aren't working aren't working with the LIE either (but I don't use this often).
Have you ever tried a usb nic with these models? Still seems driver related to me. What was the error with the LIE?
@theopenem_admin With LIE it never finishes loading initrd.xz on these models, but works on other ones. I'll see if I can find a generic USB NIC to test with. We did order a Lenovo dock with these models - I added that specific driver package to WinPE and it is detected, but same error - incorrect login.
Is the universal token the "global imaging token" or something else?
EDIT: I was able to get this to work by generating a new global imaging token and placing that in the WinPE wim. Extremely strange to me that normal user/pass authentication is not working on certain devices. For simplicity I created another account with no special characters as well. Universal token works better for my needs anyway so I'm happy with that. Thank you for your help.
@edwinjamess Can you show me how to put in the universal token into the image? I'm having the same issue, regardless of the username and passwords I put in or any new users I created. Thanks.
@theopenem_admin I tried what you proposed about putting in the actual nic driver into the wim driver folder and I'm still getting "Incorrect Login"
having same issue, what was the full fix for the issue
@kdancause @QW Sorry for the late response guys. You need to go into the web console under admin settings -> security and get your "global imaging token." If you don't have one, you can hit the action menu up top and generate one. Once you have that, you can either edit the batch file that creates the WinPE media to include that (set UniversalToken=), or if you have already generated one, you can mount the WIM with dism and edit the uToken.txt file that is in \Windows\System32 to include the universal token you grabbed earlier.
This was the only way I could get past the login screen on several devices, including Surface Laptops and Lenovo Laptops. Hope this helps.
@edwinjamess Thank you, tested it and everything is working now.