8

Long story short(ish), we're on the tail-end of our XP to Windows 7 migration project, and finally got some VIP's machine in to be migrated. Since the machine is almost as old as the OS on it, this particular user was "blessed" with new hardware, in addition to a new OS.

Problem is that we had the intern do this particular migration, and he kind of messed it up. Seriously. In short, the general process for a user state migration is to create an association between the old and new computers in SCCM, run a capture task sequence on the old computer, and then do a restore sequence onto the new computer. In this case, the capture task sequence was run before the computers were associated, so SCCM is refusing to do the restore, and the old machine was reformatted... for some reason... before this was discovered.

Now, when we try to migrate the user's by "restoring" the USMT.mig that was captured and uploaded to the SCCM server, we get the error below, following the Request State Store action.

enter image description here

 Task Sequence: USMT - Restore State has failed with the error code  (0x00004005). 
 For more information, contact your system administrator or helpdesk operator.

The relevant log entries from the smsts[date-time].log seem to be:

<![LOG[Requesting SMP Root share config information from http://[Our SCCM server]:0]LOG]!><time="15:45:28.823+240" date="06-13-2014" component="OSDSMPClient" context="" type="1" thread="5136" file="smpclient.cpp:2348">
<![LOG[Received 4027 byte response.]LOG]!><time="15:45:28.892+240" date="06-13-2014" component="OSDSMPClient" context="" type="0" thread="5136" file="smpclient.cpp:2363">
<![LOG[Adding \\[Our SCCM server]\SMPSTORED_378B856C$ to list ]LOG]!><time="15:45:28.912+240" date="06-13-2014" component="OSDSMPClient" context="" type="1" thread="5136" file="smpclient.cpp:2403">
<![LOG[Successfully connected to "\\[Our SCCM server]\SMPSTORED_378B856C$"]LOG]!><time="15:45:28.919+240" date="06-13-2014" component="OSDSMPClient" context="" type="1" thread="5136" file="tsconnection.cpp:287">
<![LOG[Sending SMP request to http://[Our SCCM server]:0.]LOG]!><time="15:45:28.950+240" date="06-13-2014" component="OSDSMPClient" context="" type="1" thread="5136" file="smpclient.cpp:1854">
<![LOG[Received 4899 byte response.]LOG]!><time="15:45:29.045+240" date="06-13-2014" component="OSDSMPClient" context="" type="0" thread="5136" file="smpclient.cpp:1861">
<![LOG[SMP request to "http://[Our SCCM server]" failed with error: E_SMPERROR_MIGRATIONID_NOT_FOUND (204)]LOG]!><time="15:45:29.065+240" date="06-13-2014" component="OSDSMPClient" context="" type="2" thread="5136" file="smpclient.cpp:135">
<![LOG[Request to SMP 'http://[Our SCCM server]' failed with error (Code 0x80004005). Trying next SMP.]LOG]!><time="15:45:29.065+240" date="06-13-2014" component="OSDSMPClient" context="" type="2" thread="5136" file="smpclient.cpp:1601">
<![LOG[Failed to find an SMP that can serve request after trying 4 attempts.]LOG]!><time="15:45:29.065+240" date="06-13-2014" component="OSDSMPClient" context="" type="3" thread="5136" file="smpclient.cpp:1644">
<![LOG[ExecuteRestoreRequestToSMP failed (0x80004005).]LOG]!><time="15:45:29.065+240" date="06-13-2014" component="OSDSMPClient" context="" type="3" thread="5136" file="smpclient.cpp:2862">
<![LOG[ExecuteRestoreRequest failed (0x80004005).]LOG]!><time="15:45:29.065+240" date="06-13-2014" component="OSDSMPClient" context="" type="3" thread="5136" file="smpclient.cpp:2926">
<![LOG[OSDSMPClient finished: 0x00004005]LOG]!><time="15:45:29.065+240" date="06-13-2014" component="OSDSMPClient" context="" type="1" thread="5136" file="main.cpp:124">
<![LOG[Process completed with exit code 16389]LOG]!><time="15:45:29.077+240" date="06-13-2014" component="TSManager" context="" type="1" thread="5744" file="commandline.cpp:1123">
<![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="15:45:29.078+240" date="06-13-2014" component="TSManager" context="" type="1" thread="5744" file="instruction.cxx:804">
<![LOG[Failed to run the action: Request State Store. 
Unknown error (Error: 00004005; Source: Unknown)]LOG]!><time="15:45:29.082+240" date="06-13-2014" component="TSManager" context="" type="3" thread="5744" file="instruction.cxx:895">
<![LOG[Set authenticator in transport]LOG]!><time="15:45:29.088+240" date="06-13-2014" component="TSManager" context="" type="0" thread="5744" file="libsmsmessaging.cpp:7734">
<![LOG[Set a global environment variable _SMSTSLastActionRetCode=16389]LOG]!><time="15:45:29.350+240" date="06-13-2014" component="TSManager" context="" type="0" thread="5744" file="executionenv.cxx:668">
<![LOG[Set a global environment variable _SMSTSLastActionSucceeded=false]LOG]!><time="15:45:29.352+240" date="06-13-2014" component="TSManager" context="" type="0" thread="5744" file="executionenv.cxx:668">
<![LOG[Clear local default environment]LOG]!><time="15:45:29.353+240" date="06-13-2014" component="TSManager" context="" type="0" thread="5744" file="executionenv.cxx:807">
<![LOG[Failed to run the action: Request State Store. Execution has been aborted]LOG]!><time="15:45:29.365+240" date="06-13-2014" component="TSManager" context="" type="3" thread="5744" file="instruction.cxx:983">
<![LOG[Set authenticator in transport]LOG]!><time="15:45:29.373+240" date="06-13-2014" component="TSManager" context="" type="0" thread="5744" file="libsmsmessaging.cpp:7734">
<![LOG[Failed to run the last action: Request State Store. Execution of task sequence failed.
Unknown error (Error: 00004005; Source: Unknown)]LOG]!><time="15:45:29.700+240" date="06-13-2014" component="TSManager" context="" type="3" thread="5744" file="engine.cxx:213">
<![LOG[Set authenticator in transport]LOG]!><time="15:45:29.708+240" date="06-13-2014" component="TSManager" context="" type="0" thread="5744" file="libsmsmessaging.cpp:7734">
<![LOG[Task Sequence Engine failed! Code: enExecutionFail]LOG]!><time="15:45:33.323+240" date="06-13-2014" component="TSManager" context="" type="3" thread="5744" file="tsmanager.cpp:923">

Attempts to decrypt the USMT.mig file with the recovery key found in the Computer Association -> Recovery Information obviously don't work, and with the original computer being reformatted, I'm quickly getting that feeling that any trace of the key needed to decrypt this file might be gone.

enter image description here

So now we have a lovely USMT.mig file up on our SCCM server, and no way to restore it, or decrypt it manually (at least as far as I can tell).

Since it's come up, this was done via a GUI, so we can't go back and look at the CLI command to recover from there, and I'm pretty sure this .mig file is encrypted - MigViewer warns that it's encrypted, and attempts to extract the files anyway result in 0 byte files with (corrupt) appended to the filename.

Are we out of luck, or does someone know of a way to get us out of our bind?

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208

4 Answers4

2

The user's data is dead and gone, yes.

Microsoft support confirmed that the original, automatically generated encryption key is not retrievable, and is far too long to crack.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
2

Attempts to decrypt the USMT.mig file with the recovery key found in the Computer Association -> Recovery Information obviously don't work, and with the original computer being reformatted, I'm quickly getting that feeling that any trace of the key needed to decrypt this file might be gone.

Since the scan was done before this side-by-side computer association was created, SCCM should have automatically created an in-place computer association. If that association is still around, you should be able to crack open the .MIG file by using the USMTUtils.exe program (reference: How to Extract Files from a Compressed USMT Migration Store), using the following command:

usmtutils /extract <Path to .MIG file> /decrypt /key:<Recovery key from SCCM console> <Path to Extract to>
MikeB
  • 21
  • 1
  • Good thought, but of course, that association was no longer around either. +1 for something that would have worked if we hadn't shot ourselves in the foot a whole bunch of times before I was asked to halp. – HopelessN00b Jun 27 '14 at 18:55
2

Actually, you can use the generated key to decrypt the mig file. You have to paste the key into a text file and tell the command line to look for the key there rather than pasting it in (since it makes the command string too long).

Brian
  • 21
  • 1
0

Do you still have access to the old machine? What did you use to reformat it, and what settings - just a quick format, or a proper multi-write-cycle erase? If the former, you may be able to retrieve the old key from the drive, assuming you know where to look. There are many free and paid utilities to allow you to find files on recently formatted drives - as long as the old file hasn't actually been overwritten you stand a chance.

Ian Bamforth
  • 289
  • 3
  • 16