Deployment of Windows11 | Stuck in a loop

[M.Frey]

I am currently trying to deploy Windows 11 with Opsi, but i just can't get it to work. My Client runs in Hyper-V with Secure Boot(Microsoft UEFI Certificate Authority) and TPM active.
On the Server the win11-x64 package is installed with the correct installfiles and winpe files.

This is how the installation process looks like:

img6.png (37 KiB) 818 mal betrachtet

img7.png (47.32 KiB) 818 mal betrachtet

img8.png (95.16 KiB) 818 mal betrachtet

So it says, the installation was successful, but it wasn't, because when i reboot it starts booting over PXE again.
What's weird is, is that when i disable Secure Boot it directly moves to the windows installer and only stops, when it detects, that Secure Boot is disabled.

I have tried shimx64.efi.signed and grub-shim.x64.efi and others as DHCP options but nothing works.
I investigated the Grub console on the client and found (hd0,gpt1) (hd0,gpt2) (hd0,gpt3) (hd0,gpt4), which are mostly empty except gpt4 which contains some files from winpe like the bootx64.efi, but files like the bootmgfw.efi are missing.

What is the problem here?

[ThomasT]

Under normal circumstances the opsi-linux-bootimage tries to change the boot-order to hard-disk, more specifically to the winpe-efi entry. If it fails to do that it should boot to a opsi themed grub menu where local-disk is the default selection and boot from there.

With Hyper-V you find another hurdle, when trying to use Secure-Boot:
You can configure the Template ( Certificate Store ) which is used to verify the signature of the boot-entry.
Obviously the opsi-linux-bootimage is not signed by the same CA as the WinPE, although both CAs are owned by Microsoft....
So perhaps switching this in the VM-settings after it ran through opsi-linux-bootimage helps.

[M.Frey]

So i've made a bit of progress now.


1. Boot with Microsoft UEFI Certificate Authority template and without TPM
2. After reboot it will try to pxe boot again, so i turn the vm off
3. Change Template to Microsoft Windows and enable TPM
4. Windows is booting, but will still say, that the machine doesn't meet the necessary requirements.
5. After rebooting again i get a Bluescreen

Bluescreen.png (90.83 KiB) 791 mal betrachtet

[ThomasT]

Hello,

regarding

4. Windows is booting, but will still say, that the machine doesn't meet the necessary requirements.

What happens, when you directly boot a Windows ISO?
If that works, did you add winpe-wmi and winpe-secure-startup components to your winpe for the netboot-product?
https://docs.opsi.org/opsi-docs-en/4.3/ ... ckages-nt6

[M.Frey]

Hello,

When i directly boot a Windows ISO everything works just fine.

I followed the documentation of OPSI.
I have opsi-winpe installed on the server and deployed it with "on demand" to a client. From there i copied all files to the winpe directory in my depot. However i didn't do anything specifically with winpe-wmi or winpe-secure-startup.