?
Solved

How do I deploy an MSI to VPN clients

Posted on 2006-04-26
13
Medium Priority
?
782 Views
Last Modified: 2008-02-01
I have an MSI that I built and made to work on a land using a GPO that is assigned to the whole domain.  However, most of my users are remote and only VPN into our network to retrieve some files and get out.  None of the remote users logon using Dial-up (VPN).  We are using a Win2K3 server as our VPN server.  How do I get this MSI to load to a person that just casually VPNs into our system?
0
Comment
Question by:ace350
  • 4
  • 3
  • 3
  • +2
13 Comments
 

Author Comment

by:ace350
ID: 16546058
I am not real familure with scripting and I just started with GPOs.  I have been told that I can do this, yet I cannot figure out how.
0
 
LVL 4

Expert Comment

by:xcromx
ID: 16547718
Whats the scope of you VPN client..Meaning are you sure your VPN client can get to that IP address..You want them on the same subnet..
I have seen it where stuff does not work because your servers and applications can not see the VPN clients..
0
 

Author Comment

by:ace350
ID: 16547915
It is set up where when a user VPNs into our network they are on the same subnet as if they were sitting in there office.  We only have one subnet for users.  I have been able to get this to work on our network without going through VPN.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Expert Comment

by:Jeremy_Wiley
ID: 16558008
You are probably having an issue with because of Group Policy slow link detection.
When a slow link is detected (your VPN links) some Group Policies are not applied...and software deployment is one of them. You can turn it off however, or chage the default for what is considered a slow link. By default it is like 500k if you changed it to a lower value you might not have a problem.

How a Slow Link Is Detected for Processing User Profiles and Group Policy
http://support.microsoft.com/?id=227260

Default Behavior for Group Policy Extensions with Slow Link
http://support.microsoft.com/kb/227369/EN-US/

Let me know how it goes.
-JW
0
 

Author Comment

by:ace350
ID: 16558315
Still no luck.  I am trying to log onto the computer as if I am going to work offline.  Then I connect to our company VPN.  AND NOTHING.  I do not even see anything within the Event Viewer that would indicate that anything failed or even tried to load.  The exact same computer will accept the GPO when booted on the network, just not when authentication is over VPN.  There has got to be someone out there that has had to pass an MSI to a VPN user.
0
 
LVL 4

Expert Comment

by:Jeremy_Wiley
ID: 16562288
Are you publishing or assigning?
See the link to consider the login type, you mentioned this above.

http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid63_gci1053831,00.html

Secondly you could use gpupdate to force the GP down.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/refrgp.mspx?mfr=true


Basically what you have is a situation where your guys login not using the VPN to establish connectivity to the domain to check the credentials, as such group policy application is skipped and either you have to wait for the background refresh (like 90 minutes by default) or force them down using gpupdate, slow link settings must still be correct otherwise software deployment will not happen over a slow link.

Good Luck Again
-JW
0
 

Author Comment

by:ace350
ID: 16565409
In the event vewer, I do not see any activity until I do a 'gpupdate'.  Then I get the message that the GP has been updated; and no program is loaded (even after a reboot).  Then I tried to do a 'gpupdate /force' and it told me that I have to reboot.  I was so sure that was the good sign that I was looking for, but still no luck.  I do not understand how I can take this same machine and put it on our network and it works fine (by the book) but not while VPNed in.  I also shortened the refresh rate for the GPO.
0
 
LVL 5

Accepted Solution

by:
dclive earned 1500 total points
ID: 16570675
Publish the applications (so users can then "install" it themselves).

The issue you're seeing is due to the fact that GPOs only install assigned software at bootup.
0
 
LVL 70

Expert Comment

by:Merete
ID: 16570996
my two cents worth
Have you set up a folder only for share? When each user logs on, their My Documents is redirected to that folder.
check the settings of this folder by right clicking on the My Documents shared folder:
 go to the Sharing tab, click on Offline Settings. If it is set to  >>Files or programs from the share will not be available offline << 
dis-able this and allow it to be shared off line.
Hope this helps you.
Merete


0
 
LVL 5

Expert Comment

by:dclive
ID: 16570999
How is where My Documents is pointed to related to the OP's question?
0
 
LVL 70

Expert Comment

by:Merete
ID: 16571196
@dclive

Comment from ace350
Date: 04/28/2006 09:47AM EST
Still no luck.  I am trying to log onto the computer as if I am going to work offline <<<<
0
 
LVL 5

Expert Comment

by:dclive
ID: 16572256
Yes.  That means he's doing a cached login to the Windows desktop - he's not authenticating with a domain controller for the login, because he's offline, so there is no chance for the GPO to deploy applications (again, assigned applications only install at first bootup, and only if the network is already present.)  

This issue has nothing to do with offline folders.  The issue is that the assigned application from the GPO cannot find the link to the document because no network is present at the time it looks for the .MSI file(s).
0
 
LVL 4

Expert Comment

by:Jeremy_Wiley
ID: 16574245
dclive and I both have a similar opinion. You’re going to need to publish these apps and disable slow links (ie set it to "0"). Or if your dead set on assigning the app, switch to dial-up connectivity for domain authentication during initial login.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question