Problems with P->V of OEM Windows Server 2003
March 10, 2011
Posted by on
When virtualized, an OEM installation of Server 2003 will detect hardware changes and attempt to force activation before allowing you to log on. Unfortunately, most OEM keys have been deactivated at the licensing center, so this will usually fail. You cannot update the key to a retail or volume key, as they are actually different products.
The normal path to convert to a different key type is to run an upgrade or repair install from the different media type. This path has generally failed in my attempts. It appears that some security settings are applied at some level that prevents the virtual hard disk driver from being activated properly. This results in an 0x0000007b blue screen on the first reboot after an upgrade/repair attempt. Once the machine is in this state, I have not found any method of repairing it. Through trial and error, I found a few workarounds that avoided that particular stop error, but resulted in other problems that rendered the VM unusable. The most typical outcome was a complete inability to direct any keyboard or mouse input to the VM.
These problems may be unique to my particular environment. This domain has seen a long line of inheritance through many administrators, some more competent than others. I’ve found more than a few security settings that just don’t make sense, and it is possible that some survived my attempts to remove them.
The path I take to successfully virtualize these machines is as follows:
- Ensure you know the password for a local administrator account on the server.
- Move the physical server into a domain OU that blocks group policy inheritance.
- Run GPUPDATE /FORCE on the server.
- Download the SubInACL package to the server. You may also wish to copy the lines from step 15 into a batch file for easier processing later (don’t forget to remove the hyphens at the beginning of each line).
- Use SCVMM to convert the physical server to virtual; do not connect it to the network.
- Boot the virtual server into Safe Mode, using the local administrator account.
- Enter the following two commands at a command prompt:
- In Device Manager, go to the View menu and select “Show Hidden Devices”
- Remove any OEM devices and disk drives; especially focus on SCSI disks and controllers (for Dell, look for PERC). Also remove any Unknown devices.
- Back at the command prompt, enter the following two lines:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
NET START MSISERVER
- Go into Add/Remove Programs and uninstall Hyper-V Integration Services
- Use the Action menu in Hyper-V Manager to insert the Integration Services CD. Copy the files to a temporary folder on the virtual server.
- Insert the relevant Windows CD (Server 2003 R1 or R2, Volume or Retail) and run an upgrade installation. You may get a fatal COM error during the installation, but the install will complete.
- Once the upgrade has completed, install SubInACL if you haven’t already.
- Run the following commands at a command prompt:
CD /D "%ProgramFiles%\Windows Resource Kits\Tools"
SUBINACL /SUBKEYREG HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
SUBINACL /SUBKEYREG HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
SUBINACL /SUBKEYREG HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
SUBINACL /SUBDIRECTORIES %SystemDrive% /grant=administrators=f /grant=system=f
SUBINACL /SUBDIRECTORIES %windir%\*.* /grant=administrators=f /grant=system=f
SECEDIT /CONFIGURE /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
- Reboot the server and install Integration Services from step 12.
- Restore the server to its original OU and reattach it to the network.
- If the server uses .Net, you will need to run a repair install on the relevant version and reboot.