I'm facing problems while trying to create an image for my Azure Virtual Desktop (AVD) hosts. Each time I attempt to deploy this image, it fails, and the diagnostics show a command window labeled 'Administrator: ERROR HANDLER'. I start with a Standard D2als v6 Gen2 VM based on the win11-25h2-avd-m365 image. After installing the necessary applications, I run the command 'sysprep /oobe /generalize /shutdown', which seems to execute correctly. However, once I capture this image to the gallery and deploy a new VM using it, the deployment fails again.
I've managed to mount the failed disk and found errors in the setuperr.log related to BCD and firmware exports, specifically:
- SYSPRP BCD: BiUpdateEfiEntry failed c000000d
- SYSPRP BCD: BiExportBcdObjects failed c000000d
- SYSPRP BCD: Failed to export alterations to firmware. Status: c000000d
I've attempted several fixes but haven't found a solution yet. Has anyone experienced similar issues or found a way to resolve them?
4 Answers
You really should use Trusted Launch VMs for full support. Try adding the '/mode:vm' switch when you run sysprep to help with those bad UEFI errors.
Are you sure you're using the same generation for both the source and target VMs? It sounds like you're working with Gen2, so just double-check that both are Gen2. Also, make sure your trusted launch settings match, and it might be worth looking into the image generation version in the gallery.
Yes, all are Gen2. I did think of trying Gen1, but haven’t yet. I had trusted launch with BitLocker encryption originally, but after decrypting and not seeing changes, I moved to a standard security setup without BitLocker. Still getting the same post-sysprep error. I'll check the gallery image version soon.
You might want to look into using Packer to automate your image builds; it can save you a lot of time and hassle! Check this guide on creating an Azure VM golden image through Packer: [Creating an Azure VM with Packer](https://medium.com/@t.costantini89/creating-an-azure-vm-golden-image-with-packer-and-ado-pipelines-2425113f33ab).
Just curious, why are you using the Windows 11 25H2 AVD M365 image? I typically use the Windows 11 25H2 Enterprise multi-session version. Also, have you tried using an Intel SKU instead of AMD? It shouldn’t make a huge difference, but I’ve had some issues with RHEL and AMD SKUs in the past.
Why is Trusted Launch necessary for full support? I have clients using the standard setup with Windows 11 Enterprise multi-session and they’re fine.