Syed Jahanzaib Personal Blog to Share Knowledge !

April 27, 2012

Windows Deployment Services (WDS) / Short Reference Notes

Following are short reference notes , I worked on WDS long time ago, recently I was assigned to deploy WDS in my company.It took some time to recall old memories, So this time I took short notes on how I manage to did some Advance configuration of WDS by integrating Acronis / Winternals ERD Commander 2007 / Win 7 / WinXP, Injecting Drivers on xp/win7.

Added: 10-March-2021

PXE-E16: No offer received

Today we received new laptops for field force staff. Upon booting them va network boot (WDS) all of them showed following error

PXE-E16: No offer received

after hour long R&D, it found out that our WDS was not patched with latest patches therefore it was a known bug. Supposedly fixed in the June updates.

As a workaround / quick remedy we did following & the client got booted instantly

  • Open WDS console In the WDS server in the left pane and open Properties
  • Select the TFTP tab and uncheck Enable Variable Windows Extension

More Information: June 19 rollup

Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.


If WDS and DHCP Server are NOT on same machine, Use the following Setting to inform client from which server to boot.


After configuring WDS, you may get following error while trying to boot from Network.

Solution : You have to configure boot ROM in WDS console to tell Client which boot ROM file to use.

Note: & Boot ROM files can found at this location


# is suitable if you have only legacy images on your WDS Server.
# is suitable if you have both legacy WinXP/ERD/Acronis and Windows 7 images configured on your WDS Server.

TIP: You can also use startrom.n12 & pxeboot.n12 If you want to directly boot to WDS skipping F12.

Howto Add Drivers in XP Image (Legacy)

First create following folder structure


in your Windows XP RIS image location e.g:


Copy your network card driver here. (in drivers folder)

Now open unattended file like winnt.sif or ristndrd.sif in notepad
(Depend on your deployment structure)


Add following lines in [Unattended] section


Make sure there are no duplications.
Restart WDS Service.

Adding ERD COMMANDER 2007 in WDS

Simply Add Windows 2003 Standard Edition  from WDS Legacy Console,
Now Copy I386 folder from ERD folder to WDS windows 2003  image folder. If it asks for Overwrite , Select Yes.
Now  add the /minint synatx in this file


OsLoadOptions = “/noguiboot /fastdetect /minint”

To add driver in ERD Commander, copy your network driver in
(I don’t know the exact path, so copy it in all possible folder, some1 please point which exactly should these files be pasted in, i guess only system32 is enough)


Add Win7 Boot Image:

Following is an excellent guide on howto add Windows 7 Boot Image in WDS

Add Drivers in Windows 7 Boot Image:

First copy boot.wim from windows 7 CD to your desktop.
Now we have to mount this image in any temporarily directory,
Then add drivers, then commit change,
Now dismount this image,
Now copy it to any folder in WDS server,
From wds console, replace current boot image with this new image. The traditional way is to use the DISM tool provided with your win7/vista, but the easiest way to do is to use 3rd party GUI tool (Free edition).

Download DISM GUI tool from

Mr Jinje DISM Tool™

Now first copy the boot.wim from the wds server or from the windows 7 dvd from \sources\ folder.
Now open the Jinje DISM Tool, Click on MOUNT WIM, select boot.wim , and mount it in any temp folder, e.g: c:\wds_temp_mount_dir
Now Click ADD DRIVERS, point it to folder where your windows 7 drivers are located. It will auto add it to boot.wim.
Now Click on COMMIT WIM, it will write changes to this boot.wim
Now click on DIS-MOUNT WIM.

Copy this updated boot.wim to wds temporarily directory.
From WDS Console, replace current boot image with your newly updated image you copied in temp folder of wds.


Final ~ Screenshots 🙂 <WDS running in Mixed Mode>




Boot image disappear from Menu / List after adding network driver [26th Febraury, 2013]

Recently (26th Feb 2013) we receive new range of HP PROBOOK 4540s series. When I tried to inject drivers in boot wim and replace previous wds boot image with this new one, it disappeared after refresh and it didn’t showed up in the pxe boot menu. I tried several ways and different drivers set including x86 and 64bit, but no use.
Finaly I made it. When adding drivers via DISM, selected INDEX 2 while mounting the WIM image Because most drivers get deposited in the 2nd index

Side NOTES for WDS:

Some Client PC’s are unable to receive ip from DHCP Server:

Some clients / LAN cards are unable to get ip’s from DHCP Server. Timeout occurs.
Possible causes:

1#)  If you are using managed switches, you probably have STP (Spanning tree protocol) enabled. This will cause a small delay with the WDS/RIS handshaking process. If you find that you have STP enabled, do the following to make RIS respond.

When you see the screen


Press the ‘Pause/Break’ key on , wait about 10-15 seconds and then press ENTER, Your client will be able to get the ip from DHCP Server.

2#  If you have WDS running on a Domain Controller with DHCP also running. There is a workaround which microsoft provides in detail.

I suffered this issue and was really exhausted with this issue 🙂 then google came to rescue me 🙂
Syed Jahanzaib

How can I CAPTURE an Image using WDS image capture
WIN_PE Related
If you get x0x0x03fb error
change the WAIK version.

(The right version of WAIK that worked :D for me was  6001.18000.080118-1840-kb3aikl_en.iso )

WDS deploying VISTA : If you are testing it in VMWARE, you will receive error that the wdsclient is unable to find the matching drivers. please read the following links.


WDS: error running wds in legacy mode.
use this command.

wdsutil.exe /Uninitialize

Encountered problem during Dell Optiplex GX280 NIC in RIS

TIP [10 January 2018]

I tried to add drivers in the boot wim file for HP Elitedesk 800 G3, but the driver was not detecting. After a full day irritation, I found out that I was trying to add the 64bit drivers to the 32bit WIM file. Grrrrrr it took a full day research for this awful pity mistake !

Unable to initialize WDS mode

added 29-June-2022

When booting one of HP PROBOOK g5 via WDS, and selecting boot image, it shows unable to initialize wds mode.

Solution was to download the relevant network adapter drivers from HP Site, extract it in some folder, and on WDS, add the drivers to BOOT image.

Youtube Video Tutorial on Howto add drivers in WDS




April 23, 2012

IBM Lotus Notes : Howto Change/Recover ID password

Recently, I forgot my lotus user password. There was no copy of ‘ID‘ file available in backup, So I was frustrated to get my mail account back. I searched all over the internet but couldn’t found any solution that worked for me.
Finally I applied the following method and was able to successfully get the ID password by create new ID while maintaining old mail file.

The logic is that You must register the user again with the same name. That way, a new user ID will be issued. This new ID will give access to the mail file.

1# Open Lotus Domino Admin Client, on People & Groups, Goto People.
Now search for the user , whom ID password you want to change . Double Click on it.
Note down all the info like email / user name / Short name. After making note, close it.

As showed in the image below . . .


2# Now Register a new ID by right click on People and select Register Person.
Register with exactly the same first name, middle name and last name.
Make sure you select Mail System to NONE.
THIS IS IMPORTANT. otherwise previous mail file will be overwritten with new file and all Emails will be lost.
As showed in the image below . . .


Now Goto ID Info
In Set ID File, select the destination where you want to save the new ID file. This file will contain the new password and will be used by the user.
As showed in the image below . . .


Now Register it. and you will see the following warning.

An entry with the specified person name ‘test1 test1/xxx’ is already in the Domino Direcotry. Update the entry?

Click YES to continue.
As showed in the image below . . .


3# Now again take user properties, in mail tab you will see something like below image

As showed in the image below . . .

Select Notes  in mail system.
Now define path to user mail file , for example mail\ttest1

Save & Close.

Provide this newly created ID file to user, either replace it with the previous file available in C:\Program Files\IBM\Lotus\Notes\Data , OR user can manually change ID by selecting Other option in username , when Lotus Notes prompts for password

As showed in the image below . . .


Syed Jahanzaib

April 16, 2012

April 14, 2012

Howto Exempt any User / Website from Mikrotik PCC [Part-1]

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 11:32 AM

Another updated working example [may-2017]

I recently deployed Dual WAN P.C.C configuration  at a local The scenario is something like below . . .


The problem they were facing of one particular Banking web site name , The best method to resolve such P.C.C issues is to use src-address as classifier, this way user WAN ip won’t be change and they will be stick to 1 wan for there session. But in above scenario I cant use src-address as users are not directly hitting PCC. So I made a workaround and exempted the user and in one case , the destination website from being processed by the P.C.C

The simple theory is to make a address with the user ip or the destination web site IP address. and then create an rule in mangle to exempt it from P.C.C, Then create a new default route in with your desired WAN selected , for that traffic which is exempted from P.C.C

Important:  Move this rule above of other PCC rules, so it will accept the data before PCC catches it.


To Exempt Any User IP from PCC Rule,

/ip firewall address-list
add list=usere-exempted-from-pcc address=

Now create Mangle Rule to accept traffic from above list, then PCC will not precess this user ip address , and Mikrotik will use the Default route for this user Traffic. (We will add it later)


/ip firewall mangle
add action=accept chain=prerouting disabled=no src-address-list=user-exempted-from-pcc

To Exempt Any Web Site from PCC, first track its IP Address (or pool), then add it in exempt list.

/ip firewall address-list
add list=site-exempted-from-pcc address=

( is for test purpose)

Now create its mangle rule

/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-address-list=site-exempted-from-pcc

Adding Route for Un-Marked Traffic

You have to add Default ROUTE rule to tell Mikrotik to use this ROUTE as default route for all other UNMARKED traffic not processed / marked by the PCC. and in this route, you can bind exempted traffic request to always go through Specific Link only.

/ip route
add comment=”Default Route For Un-Marked Traffic” disabled=no distance=3 dst-address= gateway= scope=30 target-scope=10

(Change IP Address as per your network configuration)



April 11, 2012

Howto Manage Active Directory using Webmin/Linux Customized Panel

Article by
~!~ Syed Jahanzaib ~!~

Dedicated to ALL Pakistani Soldiers who gave there Life in SIACHIN

Following is one of  the simplest way to manage your Active Directory Using WEBMIN base customized panel. I always prefer to create my own in-house made solutions for daily routine tasks.

Using this method you can customize the options you want to use. For example, this panel access can be granted to support personnel or help-desk staff , so they will be limited to the features / options you provide them with.

For example, Support personnel can access your panel via using there browser

and after entering his credentials, he will be redirected to command panel, Only those commands will appear here which you have granted access for.

A very basic example is showed in the image below . . . But you can create more advance, sophisticated functions with beautification using this panel to control every aspect of your network, whether its Microsoft, Linux or Mikrotik or any compatible device

To create this panel, you will need following components

1) Linux box with WEBMIN installed,

2) sshpass Utility on Linux box,

3) freeSSHD application installed on Windows AD Server .

4) Testing ssh connection to A.D from your Linux BOX

5) Create Scripts on Linux and Link them to WEBMIN

6) Create User in Webmin and Grant Custom Commands Rights

We will discuss above six topics in minimum details as following. . .


I assumed that you have installed and configure your Linux box (preferably Ubuntu, but any flavor can do the job, this is the main quality of Linux OS :)~
To install Webmin , first add its repositories to sources.list, to do this first open sources.list

nano /etc/apt/sources.list

Now paste the following lines in the end of this file.

deb sarge contrib
deb sarge contrib
deb lucid partner

Save & Exit.

Now update apt-get and install webmin using

apt-get update
apt-get install webmin

It will take some time to install webmin depend on your internet connection (usually less then 10 minutes) , afterward you can access it using


(TIP: you can change the webmin port by editing in /etc/webmin/miniserv.conf and change the port number to any port you like, for example 443 or 1234)

Now moving to ahead . . .


sshpass utility is required so that you can do ssh to your windows box with the provided password, otherwise if you do normal ssh it will stop and ask you  the password , which you can’t provide in automated way while using the webmin script, thus the script will stop on password function and will not perform as desired,
[However The best approach is to generate SSH keys and use them, but i am not going in that detail, just Google for it]

To install sshpass , use the below command . . .

sudo apt-get install sshpass



First download freeSSHD server and install it. Installation procedure of this app is very simple , just clicking few next next button :p You can download it from

At the end of the installation, it will ask you to run freeSSHD as Service, Select YES , so that it may run automatic when windows start as a windows service.

After Finishing setup, You will see its icon in your taskbar area , Right click on it and select SETTINGS,
Goto Users TAB, and add your users, (You can add local users in it , OR you can select NT Authentication for domain.
For domain, you wont have to enter password, choice is yours).
As shows in the image below . . .


Now its time to test if your freeSSHD box is working. From your Linux box you can use the following command to test the connection.

sshpass -p ‘freessdh_password’ ssh userid@

And if successful, you will see the windows command prompt
As shows in the image below . . .

If you are testing it from Windows, you can Use any sshclient tool, like PUTTY, and enter your freeSSHD Box IP and try to connect, if all goes OK, you will see the user id . Enter your id password you added in the freeSSHD , and you will see command prompt of windows.

4) Create Scripts on Linux and Link them to WEBMIN

Now that we have finished configuring base requirements, It is time to create various Scripts to perform our desired functions and link them to webmin GUI user interface (Usermin?) 😀

On your Linux box, Create an folder

mkdir /scripts
cd /scripts

Now create first script which will ssh to A.D Server and will fetch the DISABLED USERS list.

chmod +x

and paste the following line

sshpass -p '123' ssh zaib@ 'dsquery user -disabled'

Now Save & Exit.You can test it by execute it by ./ and you will see its result on your screen.

Now its time to link it with the webmin GUI Interface.

Login to Webmin.
Goto OTHERS / CUSTOM COMMANDS and click on Create a new custom command.
As showed in the image below . . .

After Entering Command Details as showed in the image above, Click on SAVE
Now you will see your newly created command box on Custom Commands Menu, click on it and you will see the result 🙂


I will show you howto create custom command for specific User Info with input box.

Create a new Custom Command ,
As showed in the image below . . .

After entering all details, click on SAVE.

Now you will see View User Info Box on Custom Commands menu, Enter any valid user id (which exists on AD Users) and click on view user info button.
As showed in the image below . . .

Result . . .
As showed in the image below . . .

6) CREATE USER IN WEBMIN USERS & Grant Custom Command Rights

Now we will create a support staff user account and grant Custom Commands rights only , so when the support staff logged in to webmin, they see only Custom Commands Box, (Not all webmin access)

Goto Webmin / Webmin Users
Click on Create a new Webmin user
As showed in the image below . . .

In User name, type your user name
In Password field, select SET TO  and enter password in the box.
In Available Webmin modules section, select Custom Commands
Click SAVE to finish.

As showed in the image below . . .

Now logout Webmin and again login with the new user id you just created in above step.

After successfully logedin . . .

User will see only Custom Commands Menu . . .

TIP: You can replace WEBMIN default logo with your company logo , default image location is/usr/share/webmin/images/webmin-blue.png

To change webmin default 10000 port

To change webmin default port which is 10000, you have to edit minisev.conf , following is an example. Open it and change port (usually appears in 1st line to one required)

sudo nano -w /etc/webmin/miniserv.conf


<pre>root@linux:/scripts# cat
sshpass -p 'freesshd_passowrd' ssh zaib@ dsquery computer  -limit 1000 | sort >  /scripts/temp.txt
sed -e 's/"CN=//g' -e 's/,CN=Computers,DC=YOURDOMAINNAME"//g' -e 's/,OU=WSUS,DC=agp1"//g' /scripts/temp.txt

sshpass -p 'freesshd_password' ssh zaib@ 'cmd /c dsquery user -limit 0 | dsget user -dn -disabled -display -email -dept -title' > /scripts/temp.txt
cat /scripts/temp.txt

root@linux:/scripts# cat
sshpass -p 'freesshd_password' ssh zaib@ Net user $UID /DOMAIN /active:NO

root@linux:/scripts# cat
sshpass -p 'freesshd_password' ssh zaib@  'cmd /c dsquery user "dc=YOURDOMAINNAME" -inactive 2 | dsget user -display -email -dept -title'> /scripts/temp.txt
sort /scripts/temp.txt -o /scripts/temp.txt
cat /scripts/temp.txt

root@linux:/scripts# cat
sshpass -p 'freesshd_password' ssh ssh@ 'cmd /c dsquery user -disabled | dsget user -display -email -dept -title' > /scripts/temp.txt
cat /scripts/temp.txt

root@linux:/scripts# cat
sshpass -p 'freesshd_password' ssh zaib@ Net user $UID /DOMAIN /active:YES

root@linux:/scripts# cat
sshpass -p 'freesshd_password' ssh zaib@ Net user $UID /domain

More commands references are available here.


aacable [at] hotmail . com

April 9, 2012

Lotus iNotes DWA: Unable to Open some Mails with Attachement [SOLVED]

From past one month we were having issue with Lotus iNotes (Domino Web Access) that some mails with attachments were not opening and displayed multiple errors while viewing using web access, on the other hand, they open properly via Notes client. We have Symantec Endpoint Protection Manager Server installed and all of our users have Symantec Client installed [Managed].

This issue was referred to IBM, and their engineers found out that a set of fields were being added to the emails. Those fields,


Which contained garbage that caused the emails to fail to open with messages indicating that they

failed due to an unterminated string.

The fields only apply to some emails with attachments,

The fun part is :> The effected emails open without any error in the Notes client. 

After considerable searching I’ve found out that Symantec Antivirus is the culprit. A feature was added in Notes (SEP) AutoProtect to cache scanning results on attachments, so that emails with unaltered attachments could be sent without redundant scanning. The fields create no problems in the Notes client, but some (not all) emails with these fields cannot be read in DWA (Webmail iNotes).

I confirmed it by sending the effected mail twice, with and without Notes Auto-Protect enabled. The 4 effected fields were only found on the message where Auto-Protect was Enabled.

I solved it by disabling the ‘NOTES Auto-Protect’ feature on SEPM or client, so far I haven’t seen this issue reproducing again.

Reply From Symantec Support:

Subject: Fixed in the next maintenance build
We are fixing this issue in the upcoming SEP 11 ru7 mp2 build.
Our apology for the inconvenience caused.
Feedback response number WEBB8Q78WM created by Symantec Symantec on 01/04/2012


You can create an Agent to run on all mail files to repair the documents. to create agent follow the below procedure.
(But you must have IBM LOTUS DOMINO DESIGNER installed. You can download it from following link. )

# Open your Notes Client

# Click on CREATE  >  AGENT
As showed in the image below . . .

# Now Type the Agent Name , and in RUN drop down menu, select FORMULA
As showed in the image below . . .

Now paste the following code in empty box.

FIELD LastScanOID := @DeleteField;
 FIELD LastScanOIDCheck := @DeleteField;
 FIELD LastScannedVersion := @DeleteField;
 FIELD LastScannedVersionCheck := @DeleteField;

As showed in the image below . . .


Save it by Goto FILE menu and select SAVE.

On your NOTES Clients, Select your effected mail message which is not opening in webmail. (You can also select ALL by pressing CTRL + A)

Open Action menu , and here you will see your newly created AGENT name, click on it to execute it. upon execution it will repair your mail file by removing four SEP fields from it, then this mail will open on webmail without any error.

As showed in the image below . . .




You can also disable NOTES Auto Protect from Symantec Endpoint Protection Manager Server.
As showed in the image below . . .



More information can be obtained here.

Syed Jahanzaib

April 5, 2012

%d bloggers like this: