Build a Windows 10 image with Packer using VMware Workstation

Most of the time I use Packer against a VMware vSphere and Microsoft Azure environment. But sometimes it’s useful to use VMware Workstation for local testing purposes. For building Windows 10 images with Packer and using VMware Workstation there is not much information available. In this blog post, I show how to build a Windows 10 image with Packer and VMware Workstation.

With Packer, the vmware-iso builder is used for creating images with VMware Workstation/Fusion.  In this example I create a Windows 10 image with the latest VMware Tools installed, the installation of the Evergreen module, and automatically install the latest Windows updates.

Pre-requisites

  • Windows a 10 ISO file. You can use this link for downloading the latest Windows 10 ISO for example
  • Install VMware Workstation. I use VMware Workstation Pro 16.x
  • The newly created image must be able to access the internet for  downloading the latest VMware Tools version
  • During my first deployment, the following build issue occurred Build “Could not determine network mappings from files in the path: C:/Program Files (x86)/VMware/VMware Workstation“. Colin Westwater of vGemba.net has blogged about a solution that can be found here, link.
  • Use NAT in VMware Workstation.

Steps

  • Run the following PowerShell script (link). This script does the following things:
    • Create a download folder such as c:\Packer (line 6-17)
    • Download the latest Packer version and unzip the package (line 19-30)
    • Download my Github Packer repository to the local download folder (line 35-39)
    • Create within the download folder the Packer folder structure (line 41-45)
# $ErrorActionPreference = "SilentlyContinue"
# Enable TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# Variables
$downloadfolder = 'C:\packer\'
$github = 'https://github.com/ibeerens/Packer/archive/refs/heads/main.zip'

# Create Folder
$checkdir = Test-Path -Path $downloadfolder
if ($checkdir -eq $false){
    Write-Verbose "Creating '$downloadfolder' folder"
    New-Item -Path $downloadfolder -ItemType Directory | Out-Null
}
else {
    Write-Verbose "Folder '$downloadfolder' already exists."
}

# Download the latest Packer version
$product='packer'
$packurl = Invoke-WebRequest -Uri https://www.$product.io/downloads.html | Select-Object -Expand links | Where-Object href -match "//releases\.hashicorp\.com/$product/\d.*/$product_.*_windows_amd64\.zip$" | Select-Object -Expand href
$packdown = $packurl | Split-Path -Leaf
$packdownload = $downloadfolder + $packdown
$webclient = New-object -TypeName System.Net.WebClient
$webclient.DownloadFile($packurl, $packdownload)

# Unzip Packer
Expand-Archive $packdownload -DestinationPath $downloadfolder
# Remove the Packer ZIP file
Remove-Item $packdownload

# Go to the Packer download folder
Set-Location $downloadfolder

# Download Github files
Invoke-WebRequest -Uri $github -OutFile ${downloadfolder}packer.zip
Expand-Archive ${downloadfolder}packer.zip -DestinationPath $downloadfolder
# Remove the packer.zip
Remove-Item -Path ${downloadfolder}packer.zip 

# Create the folder structure
Move-Item ${downloadfolder}Packer-main\workstation\windows10\setup -Destination $downloadfolder
Move-Item ${downloadfolder}Packer-main\workstation\windows10\*.* -Destination $downloadfolder
# Remove the Github structure
Remove-Item -Path ${downloadfolder}Packer-main -Recurse -Confirm:$false -Force
  • Browse to the download folder
  • Open the “win10-std-.auto-pkvars.hcl” file and edit the variables for your needs such as:
    • Line 2: The VM name
    • Line 17: The ISO location
    • Line 19: The ISO checksum. Use the PowerShell Get-Filehash command to get the checksum of the ISO
// VM
vm_name					= 	"GI-W10-001" 
operating_system_vm 	= 	"windows9-64"
vm_firmware				=	"bios"
vm_cdrom_type			=	"ide"
vm_cpus					= 	"2"
vm_cores				= 	"1"
vm_memory				= 	"2048"
vm_disk_controller_type = 	"nvme"
vm_disk_size			= 	"32768"
vm_network_adapter_type =   "e1000e"
// Use the NAT Network
vm_network              =   "VMnet8"
vm_hardwareversion 		= 	"19"

// Removeable media
win10_iso				= 	"c:/iso/en-us_windows_10_business_editions_version_21h2_x64_dvd_ce067768.iso"
// In Powershell use the "get-filehash" command to find the checksum of the ISO
win10_iso_checksum      =   "1323FD1EF0CBFD4BF23FA56A6538FF69DD410AD49969983FEE3DF936A6C811C5"
  • Open the “autounattend.xml” file in the setup folder and check and edit the following lines as needed:
    • Language and keyboard settings
    • Line 84: Administrator Password (must be the same as the winrm_password)
    • Line 92: Autologon Password (must be the same as the winrm_password)
    • Line 141: The ComputerName
  • Edit the build.ps1 file and check the following lines:
    • Line 2: Packer folder location
    • Line 14: The winrm_password matches the administrator password in the autounattended.xml file
# Variables
$downloadfolder = 'C:\packer\'

# Go to the Packer download folder
Set-Location $downloadfolder

# Show Packer Version
.\packer.exe -v

# Download Packer plugins
.\packer.exe init "${downloadfolder}windows.json.pkr.hcl"

# Packer build
.\packer.exe build -force -var-file="${downloadfolder}win10-std.auto.pkrvars.hcl" -var "winrm_username=administrator" -var "winrm_password=ThisisagoodPassword!" "${downloadfolder}windows.json.pkr.hcl"
  • Execute the “build.ps1” file with PowerShell to start the Packer image build process.

  • After a while, the build process finishes and you have a new Windows 10 image deployed with Packer in VMware Workstation.

 

An unattended installation of VMware Tools 12 generates a 2711 error

For a new Windows 10 image build, I used the latest supported VMware Tools  In this case that was VMware Tools 12.0.0. VMware Tools is deployed using an unattended installation such as:

e:\setup64.exe /S /v "/qb REBOOT=R ADDLOCAL=All REMOVE=AppDefense,Hgfs,CBHelper,VmwTimeProvider,VSS,NetworkIntrospection,FileIntrospection" /l c:\windows\temp\vmware_tools_install.log

During the installation of VMware Tools, the following error occurred: “The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2711.”

After comparing the syntax of the components and could not find any clue (link).

Feature Name Description
CBHelper Helper to install of Carbon black Sensor on a virtual machine.
Perfmon Utility for WMI performance logging. Enables performance monitoring between the Guest SDK and the WMI environment.
VmwTimeProvider Time provider for VMware virtual precision clock device.
AppDefense The VMware AppDefense component performs Application Security Monitoring. VMware Appdefense consists of glxgi.sysgiappdef.sys kernel mode drivers and gisvc.exe user mode service.
FileIntrospection The NSX File Introspection driver, vsepflt.sys is the first of the two guest introspection drivers. You can install it separately, without installing the NSX Network Introspection driver.

Note:This component is dependent on the VMCI driver.
NetworkIntrospection The NSX Network Introspection driver, vnetflt.sys is the second of the two guest introspection drivers.

Note:This component is dependent on the VMCI driver.

VMware Tools 10.2.5 supports vnetWFP driver for Windows 7 and later.

ServiceDiscovery The Service Discovery component enables the discovery of various services running inside a virtual machine.

Note:This user-mode component is dependent on the VMCI driver.
DeviceHelper The VMware Device Helper component helps to perform a device check and swap in your virtual machine.

Note:This user-mode component is dependent on the VMCI driver.
Hgfs Hgfs is a VMware shared folders driver that allows files to be shared between your virtual machine and the host computer.

You can use this driver, if you plan to use this virtual machine with VMware Workstation, Player, or Fusion.

Note:

  • If you exclude this feature, you cannot share a folder between your virtual machine and the host system.
  • This component is dependent on the VMCI driver.
SVGA The VMware SVGA driver enhances the performance of your virtual video card.

Note:If you exclude this feature, it limits the display capabilities of your virtual machine.
VMXNet The VMware VMXNet networking driver enhances the performance of your virtual network card.
VMXNet3 The VMware VMXNet3 networking driver enahnces the performance of your virtual network card (ndis5/ndis6). This is the Next-generation VMware VMXnet networking driver for virtual machines that use virtual hardware version 7 and higher.

For more information, see the VMware Knowledge Base article KB 1001805.

VMXNET3 adds several new features, such as multiqueue support (also known as ‘Receive Side Scaling’ in Windows), IPv6 offloads, and MSI/MSI-X interrupt delivery.

VMXNET 3 is not related to VMXNET or VMXNET 2.

Receive Side Scaling is enabled by default.

VMware Tools 10.3.0 adds receive data ring support for Windows VMXNET3 driver.

Virtual hardware version 7 corresponds to ESX/ESXi 4.x compatibility.

PVSCSI The VMware Paravirtual SCSI adapters enhances the performance of your paravirtual SCSI devices.
EFIFW The EFIFW driver is used for EFI Firmware update.
MemCtl The Memory Control Driver provides enahnced memory management of the virtual machine.

You can use this driver, if you plan to use a virtual machine in the vSphere environment.

Note:If you exclude this feature, it hinders the memory management capabilities of the virtual machine running in a vSphere environment.
Mouse The VMware PS2 Mouse driver enhances the performance of your virtual PS2 mouse.

Note:If you exclude this feature, the mouse performance of your virtual machine will decrease.
MouesUsb The VMware USB Mouse Driver enhances performance of your USB mouse.
Audio The Audio driver provides audio for your virtual sound card.

Note:This Audio driver is for 64-bit Windows Vista and later operating systems.
VSS The VSS driver is used for creating automatic backups. This driver is used, if the guest operating system is Windows Vista, Windows Server 2003, or other newer operating systems. Linux and older Windows operating systems use the Filesystem Sync driver.
BootCamp The BootCamp driver provides Mac BootCamp support.

So I decided to install VMware Tools 12 manually and search in the Windows registry for the components:

As you can see, the AppDefense component doesn’t exist anymore in VMware Tools 12. Removing the AppDefense component from the unattended VMware Tools installation command fixed the problem.

e:\setup64.exe /S /v "/qb REBOOT=R ADDLOCAL=All REMOVE=Hgfs,CBHelper,VmwTimeProvider,VSS,NetworkIntrospection,FileIntrospection" /l c:\windows\temp\vmware_tools_install.log

I filled in a feedback form on the VMware Tools 12 documentation page to change to remove the AppDefense component.

Optimize the Azure Virtual Desktop (AVD) golden image automatically

For Azure Virtual Desktop (AVD) there is an Optimization Tool available called Virtual Desktop Optimization Tool (VDOT). With this tool/script you optimize the following categories within an Azure Virtual Desktop (AVD):

    • Universal Windows Platform (UWP) app cleanup
    • Optional Features cleanup
    • Local policy settings
    • System services
    • Scheduled tasks
    • Apply Windows (and other) updates
    • Automatic Windows traces
    • Windows Defender optimization
    • Client network performance tuning by registry settings
    • Additional settings from the “Windows Restricted Traffic Limited Functionality Baseline” guidance.
    • Disk cleanup

Optimizing the AVD Golden Image will improve the User Experience, so it is highly recommended to use it. Vendors such as VMware (VMware OS Optimization Tool) and Citrix (Citrix Optimizer Tool) use their own tools for optimizing their Golden Images.

To optimize an AVD image you must do some things manually before you run the Virtual Desktop Optimization Tool (VDOT). I created a PowerShell script that downloads the latest VDOT and optimizes the AVD image automatically.

The PowerShell script below does the following:

  • Create a folder on the AVD  VM called c:\optimize
  • Download the latest Virtual Desktop Optimization Tool
  • Expand the Virtual Desktop Optimization Tool  zip file to the c:\optimize folder
  • Remove the VDOT Archive file
  • Download a modified apppackages.json file. The default apppackages.json file will enable all the APPX packages.
  • Copy the apppackages.json file to the configuration folder for each build
  • Unblock all the downloaded files
  • Execute the Virtual Desktop Optimization Tool
  • Remove the c:\optimize folder
  • Reboot the AVD host
<#
    .SYNOPSIS
        Virtual Desktop Optimalization Tool (VDOT)
    .DESCRIPTION
        Download the Virtual Desktop Optimalization Tool (VDOT), creates a folder called optimize and runs VDOT tool.
        The VDOT tool determines OS version at run-time
    .NOTES
        Version:        1.0
        Author:         Ivo Beerens
                        info@ivobeerens.nl
        Creation Date:  25-02-2022
        Plattform:      Azure VIrtual Desktop (AVD)
        Changelog:      
                        25-05-2022      1.0 - Initial script development
    .COMPONENT

    .LINK
 
    .Example
        Script needs to be run with PowerShell elevated
#>

# Variables
$verbosePreference = 'Continue'
$vdot = 'https://github.com/The-Virtual-Desktop-Team/Virtual-Desktop-Optimization-Tool/archive/refs/heads/main.zip' 
$apppackages = 'https://raw.githubusercontent.com/ibeerens/AVD/main/vdot/ConfigFiles/AppxPackages.json'
$vdot_location = 'c:\Optimize' 
$vdot_location_zip = 'c:\Optimize\vdot.zip'
$apppackages_location = 'C:\Optimize\AppxPackages.json'

# Enable TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# Clear screen
Clear

# Create Folder
$checkdir = Test-Path -Path $vdot_location
if ($checkdir -eq $false){
    Write-Verbose "Creating '$vdot_location' folder"
    New-Item -Path 'c:\' -Name 'Optimize' -ItemType 'directory' | Out-Null
}
else {
    Write-Verbose "Folder '$vdot_location' already exists."
}

# Download VDOT
Write-Verbose "Dowmload VDOT" 
Invoke-WebRequest -Uri $vdot -OutFile $vdot_location_zip

# Expand Archive
Write-Verbose "Expand Archive" 
Expand-Archive $vdot_location_zip -DestinationPath $vdot_location -Verbose -Force

# Remove Archive
Write-Verbose "Remove Archive" 
Remove-Item $vdot_location_zip

# Download AppPackages
Write-Verbose "Dowmload Apppackages.json APPX file" 
Invoke-WebRequest -Uri $apppackages -OutFile $apppackages_location

# Copy the AppPackage file to all versions
Write-Verbose "Copy Apppackages.json to all configurationfiles folders" 
Copy-Item $apppackages_location -Destination 'C:\Optimize\Virtual-Desktop-Optimization-Tool-main\1909\ConfigurationFiles\AppxPackages.json'
Copy-Item $apppackages_location -Destination 'C:\Optimize\Virtual-Desktop-Optimization-Tool-main\2004\ConfigurationFiles\AppxPackages.json'
Copy-Item $apppackages_location -Destination 'C:\Optimize\Virtual-Desktop-Optimization-Tool-main\2009\ConfigurationFiles\AppxPackages.json'

# Unblock all files
Write-Verbose "Unblock all files" 
dir $vdot_location -Recurse | Unblock-File

# Change folder to VDOT
Write-Verbose "Change folder to VDOT location" 
$vdot_folder = $vdot_location + '\Virtual-Desktop-Optimization-Tool-main' 
cd $vdot_folder

Write-Verbose "Run VDOT" 
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
.\Windows_VDOT.ps1 -Verbose -AcceptEULA

# Sleep 5 seconds
sleep 5

# Remove folder
Write-Verbose "Remove Optimize folder" 
cd \
Remove-Item $vdot_location -Recurse -Force

# Restart AVD Golden image
Restart-Computer -Force

You can use this script in your AVD Golden Image building process. The Virtual Desktop Optimization Tool (VDOT) changes a lot of settings so be sure to test your image very carefully. The script can be found on my GitHub, link.