Blog Posts by tekCTRL

Ask a question

Quickfix for "error (Handshake Failed)" in KACE patching

Recently we updated all our KACE agents to 6.4 and once we did that, none of our servers were patching and a small amount of our windows workstations weren't either as they all came back with "error (Handshake Failed)" as their status. They were either missing all their .ospx files or just 1 of 2 of them. Since we have over 80+ servers coming back with this I really couldn't be bothered to go through each one and copy over the files they have missing so I wrote a powershell script to do it for me.

This script has a few limitations such as it doesn't support 32-bit PCs (purely because we don't have any so I didn't want to spend time writing lines for something that will never run for us) and it will not fix these issues for XP, Server 2003 and some 2008 servers (due to requiring at least Powershell 3.0 for the Invoke-Webrequest line to down the ospx files direct from the KACE server.

# A little script to confirm all ospx files are in place for KACE patching. This will not work for x86 Win machines as 2003 and 2008 do not support Invoke-Webrequest out of the box and we don't have any x86 client machines.

# By Mike Donaldson (tekctrl@gmail.com)

#Specifiy variables.
$OS = ((Get-WmiObject Win32_OperatingSystem).Caption)
$ProgramFiles = "C:\Program Files (x86)\Dell\KACE\"

#First of all clear up any *.part files.
remove-item ($ProgramFiles + "*.part")
remove-Item "C:\ProgramData\Dell\KACE\patches\*.part"
#Work out the OS and the appropriate OS ospx file.
switch -wildcard ($OS)
'*2008 Standard*' {$kaceDL = 'win2k8.ospx'}
'*2008 R2*' {$kaceDL = 'win2k8r2x64.ospx'}
'*2003*' {$kaceDL = 'win2k3.ospx'}
'*Windows 10*' {$kaceDL = 'win10x64.ospx'}
'*Windows 7*' {$kaceDL = 'win7x64.ospx'}
#List out the ospx files required to compare to.
$ospxList = @("winapplications.ospx",
#Get a list of ospx files currently on the system.
$ospxInstalled = @(get-childitem $ProgramFiles -filter *.ospx -Name)
#Compare the 2 lists and get a list of all missing files and any missing, download and store in the KACE program files location.
compare-object $ospxList $ospxInstalled |ForEach-Object {$_.InputObject}| foreach{
echo $_
Invoke-WebRequest ("http://kbox/patches/" + $_) -OutFile ($ProgramFiles + $_);
echo "We're done here. Fingers crossed, it's fixed KACE handshake issues now"
After I ran this I saw that all our servers were detecting missing patches once again and all was well in the world so I could get back to the pub.
View comments (1)

WinSXS taking up space after Service Pack install

I was working on a users desktop the other day who had an SSD installed a while back (back when 128GB were silly prices!) and it could only hold 64GB and it was full (well around 500kb free). This meant her .ost for Outlook couldn’t expand, causing no end of problems for her. Cleaning out temp files and rebuilding the .ost managed to bring back around 2GB which just wasn’t enough really so after hunting around on the drive to find where the rest of the space had gone I found the WinSXS folder. Now this folder was changed from XP to Vista quite a bit from the old .INF files being in there in XP to .mui, .exe’s in Vista and beyond. This folder allows you to run application such as SFC (System File Checker) or when installing additional features and roles in Server 2008 etc. As handy as this is, it can take up a great deal of space, especially when Service Packs are installed (which was the case for this poor user). To help clean this folder up there is a handy tool built into Windows, which can be run from the command prompt (you need to run the command prompt in Elevated Mode to run. To do this, hold down shift and right click on the command prompt icon and select Run as administrator…) which does a nice job of doing it all for you. Please bear in mind after this runs, you won’t be able to roll-back from the Service Packs. The command to run is below:

DISM /online /Cleanup-Image /SpSuperseded

This will take around 20-30minutes to run (depending on the OS and how much space it can reclaim) and can usually bring back around 3-5GB, which is the perfect amount of time to crack open a can of beer ;)

WinSXS size before command was run
WinSXS size after command was run

View comments (1)

Entire scripted installation guide

I wrote this when I moved my company from seperate images for each model of PC to a one image for everything, that makes updating individual programs much easier.

The Process

Scripted Installations work by automating the process of creating a new PC everytime. It installs Windows from source media (a DVD uploaded to KBOX) and runs various post installation (scripts and installs that run after Windows has finished installing) that configure the PC and begins to install the programs that need to be on every PC rolling out to new users. Because this is a universal image and will work on a great deal of different vender and machine models a password has been set on the BootManager so only IT staff can deploy these images. Below is a basic layout of the imaging process:


Preinstallation Tasks

These tasks are run in the KBE (KBOX Boot Environment) before the Windows installation kicks off and prepares the hard drive in the following order

Create a single partition

the folllowing runs using DISKPART and creates a single partition on the hard drive for Windows:

select disk 0
create partition primary
select partition 1
assign letter=c

Format C: as NTFS

This runs as a BAT script to format the C:\ for NTFS

format /q /y /fs:ntfs c:

Install Vista/2008/7 MBR

This installs the Windows Master Boot Record for Windows Vista, Windows Server 2008 and Windows 7

bootsect.exe /NT60 c:


Windows Operating System Installation

Windows 7 is the choosen Operating System for all new PCs and have been uploaded to the KBOX2000. To speed up the installation of Windows along with updates, the source media is slipstreamed with Service Pack 1 and other Windows Updates (using the .msu files direct from Microsoft) to make sure the image is as up to date as possible when it is deployed. This slipstreaming is done once a month after the 3rd week so that the current months updates are included. Also other language updates are removed to make the image smaller and quicker to deploy. 

Once this has been slipstreamed (current program used to do this is RT 7 lite v2.6 beta) it is then uploaded to the KBOX2000 using the KBOX Media Manager (this can be downloaded from the KBOX2000) and a scripted Installation is built around it, replacing previous scripted installations


The KBOX2000 has a database of drivers for booting into KBE which allows you to deploy the image. Networking and storage controller drviers for the machine model are needed first otherwise it will not be able to boot into KBE. 

It also has a database for each Operating System (ranging from Windows 2000 - Windows 7/2008 R2 x86 and x64) where the PC will be able to get any drivers it needs after Windows has been installed. You can find out what drivers are missing for a PC by going into the System Inventory in KBOX and selecting the operating system, and you will get a list of all the drivers and any that are missing are marked with a no entry sign (shown below is a confirmed working driver and a missing driver)

Working driver

Missing driver

Any drivers that need to be uploaded can be done using the Driver Harvesting Utility or uploaded manually to the Driver share on KBOX2000 by mapping \\ikbox\drivers to a drive letter on your PC. From there you can upload the .inf, .sys, .cat and any other files required for the driver into the relevant OS folder (Windows 7 x64 drivers need to go into the windows_7_x64 folder for example)

Post Installation Tasks

Once Windows has been installed then a splash screen will appear which hides the various programs installing in the background. These programs are run by uploading the .msi or .exe and running a command line to install it. A list of the programs and command lines are written below:

Disable UAC

This needs to be disabled to allow the following programs to install so a registry edit is made to switch this off:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

Join Domain

This runs a .vbs file that is on the KBOX server by default which adds the computer to the domain. It runs the following:

join_domain.vbs <domain> <username> <password>

For security reasons the user details are not listed here. The user that is used is not allowed to login to any PC using Active Directory restrictions and has a random 20 digit password (this is saved in the service account keepass database) and has no rights except to add computers to the domain. This password will be reset each quarter

Activate Windows 7

This runs a .vbs script that already exists in Windows 7 and allows the user to run it beside other switches to activate using a Windows 7 product key

The following line enters in the ENGINE Windows 7 product key:

cscript C:\Windows\System32\slmgr.vbs /IPK xxxxx-xxxxx-xxxxx-xxxxx

and this line activates Windows:

cscript C:\Windows\System32\slmgr.vbs /ato

7Zip 9.20

"7z920.exe" /S

Adobe AiR

AdobeAIRInstaller.exe -silent -eulaAccepted

Adobe Flash Active X (32bit)

install_flash_player_11_active_x_32bit.exe -install

Adobe Flash Plugin (For 3rd party browsers 32bit)

install_flash_player_11_plugin_32bit.exe  -install

Adobe Reader X - 10.1.2

AdbeRdr1012_en_US.exe /sAll /rs /l /msi /qb- /norestart EULA_ACCEPT=YES


This has a seperate installer for each x86 and x64 Operating Systems and is a silent installer by default so just the filename is run to kick off the installation:



this is actually a part installer as it needs the Ghost Converter installed first. the converter is installed using:

converter.exe /auto

and then the actual PDF writer is installed using:

CuteWriter.exe /verysilent

FileZilla 3.5

FileZilla_3.5.0_win32-setup.exe /S

Gimp 2.6

gimp-2.6.11-i686-setup-1.exe /SP- /SILENT /NORESTART

Google Chrome

This actually uses the enterprise installer that Google distribute to businesses as the normal installation file for consumers cannot install silently

msiexec /i googlechromestandaloneenterprise.msi /qn /norestart

Java 6 Update 31

jre-6u31-windows-i586-s.exe /s ADDLOCAL=ALL IEXPLORER=1 MOZILLA=1 REBOOT=suppress

KBOX K1000 Agent

KInstallerSetup.exe -server=helpdesk.yourdomain.local -ssl_enabled=0 -amp_ssl=0 -display_mode=silent

Mozilla Firefox

"Firefox Setup versionnumber.exe" /silent

Microsoft Office 2007 Standard + SP3

This is actually installed using a .msp file which you can create using the Office 2007 installer (instructions are here) and it is zipped up and uploaded to the KBOX server and the following command line is run:

"setup.exe" /adminfile Office2007Standard.msp

Any updates for Office 2007 (for example Service Pack 3) are put into the Updates folder using the filename extract:path command and added into the zip file and the .msp file notices this and installs them automatically


msiexec.exe /i SkypeSetup_5.5.0.112.msi /qn /norestart

VLC Media Player 1.1.11

vlc-1.1.11-win32.exe /S /V /qn
View comments (7)
Showing 1 - 3 of 3 results

Top Contributors

Talk About Best Practices