OS Customization fails in VMware vm

We have a VMWare environment, I have done the guide on making a Golden image as specified here https://community.sophos.com/kb/en-us/120560. When I start the new vm it goes through the process of starting the OScustomization change hostname ,SID, etc., then fails with this error Windows could not finish configuring the system. To attempt to resume the configuration, restart the computer. I have done the same customization without sophos installed and it went through. What else do I need to do to get it to work? the OS is server 2016 in vmware 6.5.

  • Hi  

    Would you please suggest which steps you have followed from the KB article, I mean have you performed script-based steps or manual steps from the KB?

    Also, It'd great if you can provide us with the error which you are getting while customization of the Operating System.

  • In reply to Jasmin:

    I did the script based steps then I booted the template and manually ran the script as an admin then shutdown with the same results. 

  • In reply to James Cook2:


    Could you please provide the exact error it is showing or the screenshot of the same? 

  • In reply to Shweta:

    Here is a screenshot of the error.


  • In reply to James Cook2:


    Are you running the script with the logging? If yes, the logs will help us to narrow down the issue else I'd request you to request a remote session on the case which you have opened with the Support as it needs detail troubleshooting to get the problematic component.

  • In reply to Jasmin:


    As per the support case, the VMware customization was failing because of the services which were hampering the customization. The assigned engineer provided that we need to put the batch file, in the end, to set the service to the automatic and then need to make sure that it is currently stopped.

    Also, there is a VMware KB article regarding the same issue which was provided to you.

  • Hi,

    I've been faced with the same problem. The cause is tamper protection.
    For the generalization with Sysprep to work, we had to deactivate the tamper protection!
    It seems that Tamper Protection blocks access to certain registry keys.

    When following the KBA, the last line of the SophosGoldImagePrep.txt script must be commented out.

    >echo Enable Tamper Protection
    >REM "C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe" -TPon | rem

    This behavior occurs with Windows 2016. With Windows 2019 this is not necessary.

  • In reply to strg:

    I worked with support and so far when we stop the MCS service it runs fine, now we need to create a startup script that runs once  to reenable the MCS service and then deletes itself if the server name is not the same as the golden image.