strange authentication behavior: works for boot wizard, fails for future calls.

Jan 8, 2014 at 3:31 PM
I'm completely stumped on this one. We recently updated our CM server, and I had to re-install the webservice. The custom boot wizard will load and populate correctly...the log files show that Gather and ZTI_Executewebservice are working properly...then you move into the actual task sequence where I make a couple additional calls, and I get a 401 error in the Gather log file????

I've tried using the SCCM_Bootstrap.ini file that the wizard uses, and still the same. I have verified that the Settings, Initialize, and Default headers are identical across my ini files for both the boot wizard boot image, and my MDT toolkit.

I know that I'm providing the proper credentials because the boot wizard is able to authenticate from the beginning...what I don't understand is why I'm unable to authenticate after that.

I'm about at my wit's end here...anyone have suggestions?
Jan 20, 2014 at 9:03 PM

I found the following line in my ZTIGather.log file referencing the INITIALIZE phase:

variable is not a valid string (not Base64 format)

So without being able to process the INITIALIZE step which contained my user/pass for the web service, I was obviously not able to properly authenticate...note that this ONLY appeared in the log file after the "Use MDT Toolkit" step.

As I stated earlier, the custom boot wizard is working correctly...everything is working properly and there are no errors in the log files. That is until I add a "Use MDT Toolkit" step in my TS. I verified that all CustomSettings.ini and SCCM_Bootstrap.ini files were the same, and that all script files were the same versions as well. In testing I found that I could PXE boot a workstation, monitor the ZTIGather.log and ZTI_ExecuteWebService.log files and see everything go through correctly, but as soon as I encountered the "Use MDT Toolkit" step I would get the 401 authorization errors. What is even more peculiar (and what resulted in a working solution to the problem) was that I could copy all the files I needed to a different directory (c:\scripts in this case) and manually run the files from the command prompt and it would WORK! These are the same files from the MDT Toolkit that only seconds before were not being processed correctly.

So what I ended up doing was to create a new package in SCCM that contained only the files I needed to call the web service (CS.ini, ZTI_ExecuteWebservice.wsf, ZTIDataAccess.vbs, ZTIGather.wsf, ZTIGather.xml, and ZTIUtility.wsf) and I then added "Run Command Line" steps for the Gather and future calls...for example:

cscript.exe .\ZTIGather.wsf /inifile:CustomSettings.ini
cscript.exe .\ZTI_ExecuteWebservice.wsf /wsSection:RemoveComputerFromCollection

with a check mark next to Package and my newly created "Webservice Files" package selected. This is actually a tad faster than how I previously had it setup, because of not having the "Use MDT Toolkit" step (plus my web service files package is super small in size).

I'm still at a loss as to why it was failing to process the INITIALIZE step in my CS.ini, and why if I ran it manually in a different directory that it works. Hope this helps anyone else in the future who might also run into this problem.
Marked as answer by h4x0r on 1/20/2014 at 1:03 PM