diff --git a/ansible/roles/assets/tasks/manifests.yml b/ansible/roles/assets/tasks/manifests.yml
index d3a499b..adf2094 100644
--- a/ansible/roles/assets/tasks/manifests.yml
+++ b/ansible/roles/assets/tasks/manifests.yml
@@ -83,4 +83,4 @@
 #     mode: 0600
 #   loop: "{{ lookup('ansible.builtin.dict', components) | map(attribute='value.manifests') | list | select('defined') | flatten }}"
 #   loop_control:
-#     label: "{{ item.type + '/' + item.name }}"
+#     label: "{{ item.type ~ '/' ~ item.name }}"
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
index e634eec..d421837 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
@@ -62,7 +62,7 @@
             - key: root_ca.crt
               value: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
       loop_control:
-        label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}"
+        label: "{{ item.kind ~ '/' ~ item.name ~ ' (' ~ item.namespace ~ ')' }}"
 
     - name: Configure step-ca passthrough ingress
       ansible.builtin.template:
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
index 4294ed5..bed25b9 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
@@ -120,7 +120,7 @@
                 # default_branch: main
                 description: GitOps manifests
           loop_control:
-            label: "{{ item.organization + '/' + item.body.name }}"
+            label: "{{ item.organization ~ '/' ~ item.body.name }}"
 
         - name: Rebase/Push source gitops repository
           ansible.builtin.shell:
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
index b8bded8..18e9b58 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
@@ -1,7 +1,7 @@
 - name: Configure fallback name resolution
   ansible.builtin.lineinfile:
     path: /etc/hosts
-    line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
+    line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item ~ '.' ~ vapp['metacluster.fqdn'] }}"
     state: present
   loop:
     # TODO: Make this list dynamic
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
index a653df1..3a93035 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@@ -1,4 +1,7 @@
 - block:
+  # Below tasks circumvent usernames with `<domain>\<username>` format, which causes CAPV to
+  # incorrectly interpret the backslash (despite automatic escaping) as an escape sequence.
+  # `vcenter_session.user` will instead contain the username in `<username>@<domain>` format.
 
     - name: Generate vCenter API token
       ansible.builtin.uri:
@@ -13,7 +16,7 @@
         url: https://{{ vapp['hv.fqdn'] }}/api/session
         method: GET
         headers:
-          vmware-api-session-id: "{{ vcenter_api_token.json }}"
+          vmware-api-session-id: "{{ vcenterapi_token.json }}"
       register: vcenter_session
 
   module_defaults:
@@ -51,7 +54,7 @@
 
 - name: Update image references to use local registry
   ansible.builtin.replace:
-    dest: "{{ item.root + '/' + item.path }}"
+    dest: "{{ item.root ~ '/' ~ item.path }}"
     regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))'
     replace: '\1{{ _template.pattern }}'
   vars:
@@ -82,7 +85,7 @@
 - name: Store custom cluster-template
   ansible.builtin.copy:
     dest: /opt/metacluster/cluster-api/custom-cluster-template.yaml
-    content: "{{ lookup('kubernetes.core.kustomize', dir='/opt/metacluster/cluster-api/infrastructure-vsphere/' + components.clusterapi.management.version.infrastructure_vsphere ) }}"
+    content: "{{ lookup('kubernetes.core.kustomize', dir='/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ) }}"
 
 - name: Initialize Cluster API management cluster
   ansible.builtin.shell:
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml
index 5406584..a9c771f 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml
@@ -68,7 +68,7 @@
         --portgroup "{{ vcenter_info.network }}" \
         --startaddress {{ vapp['ippool.startip'] }} \
         --endaddress {{ vapp['ippool.endip'] }} \
-        --netmask {{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \
+        --netmask {{ (vapp['guestinfo.ipaddress'] ~ '/' ~ vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \
         {{ vapp['guestinfo.dnsserver'] | split(',') | map('trim') | map('regex_replace', '^', '--dnsserver ') | join(' ') }} \
         --dnsdomain {{ vapp['metacluster.fqdn'] }} \
         --gateway {{ vapp['guestinfo.gateway'] }} \
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/registry.yml
index 15a4800..2dc47df 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/registry.yml
@@ -5,7 +5,7 @@
       url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/projects
       method: POST
       headers:
-        Authorization: "Basic {{ ('admin:' + vapp['metacluster.password']) | b64encode }}"
+        Authorization: "Basic {{ ('admin:' ~ vapp['metacluster.password']) | b64encode }}"
       body:
         project_name: kubeadm
         public: true
@@ -28,7 +28,7 @@
       url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/projects/kubeadm/repositories/{{ ( item | regex_findall('([^:/]+)') )[-2] }}/artifacts?from=library/{{ item | replace('/', '%2F') | replace(':', '%3A') }}
       method: POST
       headers:
-        Authorization: "Basic {{ ('admin:' + vapp['metacluster.password']) | b64encode }}"
+        Authorization: "Basic {{ ('admin:' ~ vapp['metacluster.password']) | b64encode }}"
       body:
         from: "{{ item }}"
     loop: "{{ kubeadm_images }}"
diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/users/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/users/tasks/main.yml
index d689ea3..696244b 100644
--- a/ansible/roles/firstboot/files/ansible_payload/common/roles/users/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/users/tasks/main.yml
@@ -25,7 +25,7 @@
     line: 'PasswordAuthentication yes'
     state: absent
   loop_control:
-    label: "{{ '[' + item.regex + '] ' + item.state }}"
+    label: "{{ '[' ~ item.regex ~ '] ' ~ item.state }}"
 
 - name: Create dedicated SSH keypair
   community.crypto.openssh_keypair:
diff --git a/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2 b/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2
index 16f56af..d9f1c49 100644
--- a/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2
@@ -17,7 +17,7 @@ COMPONENTS=('storage' 'registry' 'git' 'gitops')
 FQDN='{{ _template.metacluster.fqdn }}'
 IPADDRESS='{{ _template.metacluster.vip }}'
 
-I=60
+I=0
 
 while /bin/true; do
   if [[ $I -gt 59 ]]; then
diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/init.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/init.yml
index 1106194..e7a0f1f 100644
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/init.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/init.yml
@@ -1,7 +1,7 @@
 - name: Configure fallback name resolution
   ansible.builtin.lineinfile:
     path: /etc/hosts
-    line: "{{ vapp['metacluster.vip'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
+    line: "{{ vapp['metacluster.vip'] }}  {{ item ~ '.' ~ vapp['metacluster.fqdn'] }}"
     state: present
   loop:
     # TODO: Make this list dynamic
diff --git a/ansible/roles/firstboot/templates/firstboot.j2 b/ansible/roles/firstboot/templates/firstboot.j2
index b028cd4..ccf800e 100644
--- a/ansible/roles/firstboot/templates/firstboot.j2
+++ b/ansible/roles/firstboot/templates/firstboot.j2
@@ -1,4 +1,10 @@
 #!/bin/bash
 
+# Workaround for ansible output regression
+export PYTHONUNBUFFERED=1
+
 # Apply firstboot configuration w/ ansible
-/usr/local/bin/ansible-playbook -e "PYTHONUNBUFFERED=1" /opt/firstboot/ansible/playbook.yml | tee -a /var/log/firstboot.log > /dev/tty1 2>&1
+/usr/local/bin/ansible-playbook /opt/firstboot/ansible/playbook.yml | tee -a /var/log/firstboot.log > /dev/tty1 2>&1
+
+# Cleanup console
+clear > /dev/tty1
diff --git a/scripts/Update-OvfConfiguration.bootstrap.yml b/scripts/Update-OvfConfiguration.bootstrap.yml
index 306dcf3..7f9d1dc 100644
--- a/scripts/Update-OvfConfiguration.bootstrap.yml
+++ b/scripts/Update-OvfConfiguration.bootstrap.yml
@@ -106,13 +106,13 @@ PropertyCategories:
     Configurations: '*'
     UserConfigurable: true
 
-  - Key: guestinfo.ntpserver
-    Type: string(1..)
-    Label: Time server*
-    Description: A comma-separated list of timeservers
-    DefaultValue: 0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org
-    Configurations: '*'
-    UserConfigurable: true
+  # - Key: guestinfo.ntpserver
+  #   Type: string(1..)
+  #   Label: Time server*
+  #   Description: A comma-separated list of timeservers
+  #   DefaultValue: 0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org
+  #   Configurations: '*'
+  #   UserConfigurable: true
 
 - Name: 3) Workload-cluster
   ProductProperties:
diff --git a/scripts/Update-OvfConfiguration.upgrade.yml b/scripts/Update-OvfConfiguration.upgrade.yml
index 346ba44..9200c1f 100644
--- a/scripts/Update-OvfConfiguration.upgrade.yml
+++ b/scripts/Update-OvfConfiguration.upgrade.yml
@@ -87,13 +87,13 @@ PropertyCategories:
     Configurations: '*'
     UserConfigurable: true
 
-  - Key: guestinfo.ntpserver
-    Type: string(1..)
-    Label: Time server*
-    Description: A comma-separated list of timeservers
-    DefaultValue: 0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org
-    Configurations: '*'
-    UserConfigurable: true
+  # - Key: guestinfo.ntpserver
+  #   Type: string(1..)
+  #   Label: Time server*
+  #   Description: A comma-separated list of timeservers
+  #   DefaultValue: 0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org
+  #   Configurations: '*'
+  #   UserConfigurable: true
 
 - Name: 3) Common
   ProductProperties: