FPPADMIN
asked on
Problems deploying applications via group policy in windows 2003.
Hi,
The server (ukserver01/ukserver03) is a domain controller with windows server 2003. We only have 4 servers...all running windows server 2003. I seem to be unable to deploy applications via group policy. I have created an OU called "software deployment" in which i have placed a couple of PC's. I have then right clicked the OU > Group policy tab and created a new policy called "GPO". I have opened up the group policy MMC for this "GPO" policy. Under computer configuration > Software settings > software installation > New package > I selected the required msi file.
- I have rebooted PC 2/3 times but to no avail
- Under GPO > Properties > Security > System (has full control) > Apply group policy is ticked.
- I have checked the msi file and it runs fine when i double click on it.
- this is that path of the msi file that i used... \\ukserver02\data\OPERATIO
- When I reboot the PC i DO NOT see it saying installing managed FPP dashboard???
- I have tried this on other PCs but group policy is not applying...
- In event viewer i see event id: 1085 - The group policy client-side extension s/w installation failed to execute.
- In event viewer i see event id: 108 - Failed to apply changes to s/w installation settings. s/w changes could not be applied. The error was: the installation source for this produce is not available..verify the source exists and you can access it...
I have ran gpupdate, gpresult, gpupdate /force as shown... but to no avail...
--------------------------
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\FPP>gpresult
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 07/09/2006 at 11:36:38
RSOP results for FPICTET\FPP on SCANNERPC : Logging Mode
--------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: FPICTET
Domain Type: Windows 2000
Site Name: London
Roaming Profile:
Local Profile: C:\Documents and Settings\FPP
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SCANNERPC,OU=Software deployment,DC=Fpictet,DC=c
Last time Group Policy was applied: 07/09/2006 at 11:24:36
Group Policy was applied from: ukserver01.Fpictet.com
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
GPO
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
SCANNERPC$
Domain Computers
USER SETTINGS
--------------
CN=FPP,CN=Users,DC=Fpictet
Last time Group Policy was applied: 07/09/2006 at 11:24:47
Group Policy was applied from: ukserver01.Fpictet.com
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
--------------------------
Domain Guests
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Domain Users
FPPTrakUsers
C:\Documents and Settings\FPP>gpupdate
Refreshing Policy...
User Policy Refresh has completed.
Computer Policy Refresh has completed.
C:\Documents and Settings\FPP>gpupdate /force
Refreshing Policy...
User Policy Refresh has completed.
Computer Policy Refresh has completed.
Certain User policies are enabled that can only run during logon.
Certain Computer policies are enabled that can only run during startup.
OK to Reboot?. (Y/N) (after which i rebooted but to no avail...)
--------------------------
I enabled Verbose Logging (http://support.microsoft.com/kb/246509/EN-US/) which creates a log file such as appmgmt.log. Please see results below:
--------------------------
09-07 11:24:40:062
Software installation extension has been called for foreground synchronous policy refresh.
The following policies are to be applied, flags are 1.
Default Domain Policy (unique identifier {31B2F340-016D-11D2-945F-0
System volume path = \\Fpictet.com\sysvol\Fpict
Active Directory path = LDAP://CN=Machine,CN={31B2
GPO (unique identifier {21442172-1736-43C2-8250-0
System volume path = \\Fpictet.com\SysVol\Fpict
Active Directory path = LDAP://CN=Machine,CN={2144
Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,CN={21442
Enumerating applications in the Active Directory for computer SCANNERPC with flags 5.
The following applications were found in policy GPO.
Assigned application FPPTrak 28.3 (flags a0044c70).
Assigned application FPPTrak 1.0b (flags a0044c70).
Assigned application FPP Dashboard 0704 (flags a0004c70).
Assigned application FPP Dashboard (flags a0044c70).
Found 4 applications in policy GPO.
Enumerating the managed applications which are currently applied to this user.
No managed applications are currently applied to this user.
Found 0 applications locally that are not included in the set of applications from the Active Directory.
Application FPPTrak 28.3 from policy GPO is set for installation because it is assigned to this computer policy.
Application FPPTrak 1.0b from policy GPO is set for installation because it is assigned to this computer policy.
Application FPP Dashboard 0704 from policy GPO is set for installation because it is assigned to this computer policy.
Application FPP Dashboard from policy GPO is set for installation because it is assigned to this computer policy.
Application FPPTrak 1.0b from policy GPO is a potential upgrade of application FPPTrak 28.3 from policy GPO, states are 0 1 0 1 1.
Application FPPTrak 28.3 from policy GPO was superseded by application FPPTrak 1.0b from policy GPO with reason 4.
Application FPPTrak 28.3 from policy GPO is reset to no action because application FPPTrak 1.0b from policy GPO is a forced upgrade or a previously applied optional upgrade.
Application FPP Dashboard from policy GPO is a potential upgrade of application FPP Dashboard 0704 from policy GPO, states are 0 1 0 1 1.
Application FPP Dashboard 0704 from policy GPO was superseded by application FPP Dashboard from policy GPO with reason 4.
Application FPP Dashboard 0704 from policy GPO is reset to no action because application FPP Dashboard from policy GPO is a forced upgrade or a previously applied optional upgrade.
Assigning application FPPTrak 1.0b from policy GPO.
Calling the Windows Installer to advertise application FPPTrak 1.0b from script C:\WINDOWS\system32\appmgm
The assignment of application FPPTrak 1.0b from policy GPO succeeded.
Application FPPTrak 1.0b from policy GPO was reset to reinstall because an unmanaged application with the same product identifier was already present on the machine.
Calling Windows Installer to reinstall application FPPTrak 1.0b.
The reinstall of application FPPTrak 1.0b from policy GPO failed. The error was : %1612
Assigning application FPP Dashboard from policy GPO.
The script file for application FPP Dashboard from policy GPO cannot be copied. Copy from \\Fpictet.com\SysVol\Fpict
The assignment of application FPP Dashboard from policy GPO failed. The error was : %2
Removing application FPP Dashboard from the software installation database.
Calling Windows Installer to remove application advertisement for application FPP Dashboard from script C:\WINDOWS\system32\appmgm
Windows Installer cannot remove application advertisement for application FPP Dashboard from script C:\WINDOWS\system32\appmgm
The removal of the assignment of application FPP Dashboard from policy GPO failed. The error was : %2
Policy Logging for Software Management is attempting to log application FPPTrak 1.0b from policy GPO.
Policy Logging for Software Management is attempting to log application FPPTrak 28.3 from policy GPO.
Policy Logging for Software Management is attempting to log application FPP Dashboard from policy GPO.
Policy Logging for Software Management is attempting to log application FPP Dashboard 0704 from policy GPO.
Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was : %1612
Software installation extension returning with final error code 1612.
09-07 11:24:48:312
Software installation extension has been called for asynchronous policy refresh
The following policies are to be applied, flags are 1090.
Default Domain Policy (unique identifier {31B2F340-016D-11D2-945F-0
System volume path = \\Fpictet.com\sysvol\Fpict
Active Directory path = LDAP://CN=User,CN={31B2F34
Set the Active Directory path to LDAP://CN=Class Store,CN=User,CN={31B2F340
Policy has not changed. Only assigned applications will be advertised.
Enumerating the managed applications which are currently applied to this user.
No managed applications are currently applied to this user.
Found 0 applications locally that are not included in the set of applications from the Active Directory.
Software installation extension returning with final error code 0.
Windows Installer failed to resolve descriptor r}[Di+I!0?R42_1`1(Xo>Gs}il
Windows Installer failed to resolve descriptor r}[Di+I!0?R42_1`1(Xo>Gs}il
Windows Installer failed to resolve descriptor r}[Di+I!0?R42_1`1(Xo>Gs}il
--------------------------
Any ideas? Please help
Vijay
Did you assign the GPO to the proper place? (OU containing the computers, domain, site, etc..?) And secondly, did you make sure that everyone has Read and Execute permissions on the MSI (make sure its not just admins, but everyone) ?
C:\>net helpmsg 1612
The installation source for this product is not available. Verify that the source exists and that you can access it.
C:\>net helpmsg 1603
Fatal error during installation.
Those are the two error messages that are being displayed in your log. I suggest to do like I stated above and ensure the proper access permissions to the MSI, and then once those are correct make sure to remove any traces of the install on the client PC. Go through the registry and remove all keys that are from this software. (*always backup your registry*)
* Edit the Registry at your OWN risk. I take no responsibility for your actions. *
The installation source for this product is not available. Verify that the source exists and that you can access it.
C:\>net helpmsg 1603
Fatal error during installation.
Those are the two error messages that are being displayed in your log. I suggest to do like I stated above and ensure the proper access permissions to the MSI, and then once those are correct make sure to remove any traces of the install on the client PC. Go through the registry and remove all keys that are from this software. (*always backup your registry*)
* Edit the Registry at your OWN risk. I take no responsibility for your actions. *
ASKER
- I applied the GPO to the software deployment OU. If i right click the OU > properties > Group policy tab > The GPO is listed there...
- I have just made the everyone group have full control on the folder within which the msi resides and also on the group policy itself. I rebooted PC but i dont even see it say installing FPP dashboard. It does say applying software settings but thats it.. When I check control panel..the application is not there..
2 things:
1) On the Share where the installation resides (yes, it must be shared) - make sure Authenticated Users has Full Control.
2) On the Folder that is shared, make sure the NTFS permissions have Authenticated Users - Read (as a minimum).
The computer account is a member of Authenticated Users by default (as is all account objects).
1) On the Share where the installation resides (yes, it must be shared) - make sure Authenticated Users has Full Control.
2) On the Folder that is shared, make sure the NTFS permissions have Authenticated Users - Read (as a minimum).
The computer account is a member of Authenticated Users by default (as is all account objects).
ASKER
It seems to be working now on 4 PCs i have rebooted.... however there is 1 PC that it isnt working on...Any ideas why? Windows Firewall is off..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as netman said, another reboot should fix it, and as long as that computer is on the same LAN as the others and has access to the share. so if the reboot doesn't work be sure to check your permissions or group memberships.