GPO .msi Push Issues

Morning all,

I am currently having issues pushing a .msi package to machines on my AD network (MS Windows Server 2003 pushing to XP SP2 machine). This is what I have done:

- Created a share on the network and added the Software package.
- Double checked that the user machine has all relevant share and security permissions to the folder, and also double clicked the Software package to check that it will install.
- Created an OU within AD.
- Added the relevant machines to that OU.
- Created a group policy on that OU and added the Software package located at \\192.168.50.1\Modified_msi\msxml6.msi
- Made sure that "Install this application at logon" is ticket.
- Enabled "Always wait for the netowrk at computer startup and logon".
- Ran gpupdate /force on the AD server and then rebooted the client machine.

Basically the client machine reboots and as it starts up the message pops up that the package is being installed, and then it stops and just asks you to logon. The package isnt installed and when I go to the event viewer this is the message I get:
"The install of application MSXML 6.0 Parser from policy Test Test failed.  The error was : The installation source for this product is not available.  Verify that the source exists and that you can access it."

I have tried this with 3-4 different packages, and also rebooted the machine upto 10 times and I always get this error on the client machines. Im pretty sure i've covered all avenues. Any ideas?

safekeyAsked:
Who is Participating?
 
ee_autoConnect With a Mentor Commented:
Question PAQ'd, 500 points refunded, and stored in the solution database.
0
 
Joseph DalyCommented:
Here is what I would try. This should work for you I will explain my thinking after.

On your file server create a new folder called public and share it out. Give everyone full share permissions (full control, change, read). On the NTFS permissions grant everyone and anonymous full control. Then copy in your install. Create or modify your GPO to point to this location and then give it a shot.

As I understand it the group policies are being applied before the computer or user can authenticate to the file server. This may be why your getting the error message. Try it out and let me know how it works. This is how we have ours configured and it works.
0
 
_etoptasCommented:
I would do:
- Create SDC folder and share the folder for authenticated users read only
- Please your folder in SDC
- Create GPO and disable user configuration and add the package to Computer computer configuration
- Make sure the security permissions has deny on admininistrators and servers.
- In Deployment tab, make sure it assigned (you can only assign it to computers anyway)

Test it with one pc and if it works, create a sec group and add other pc's to this group and apply necessary permissions to GPO security.

I dont see why this should not work.

Efem
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Just a wired observation, why di you do a GPUPDATE on the server or was that a typo?

Are you deploying this per machine or when the user logs on?

Are you sure the permissions to the shared path are correct?

Can you post a screenshot of what your policy with the app looks like?
0
 
safekeyAuthor Commented:
xxdc - Just tried that. Same issue. Just to let you know I have the share on the AD server. This is ina  test domain, so I dont have a seperate file server.

Nappy - I meant I did gpupdate /force on the client machine sorry. That forces you to restart. I have the GPO setup to do the install on logon. The pemissions are definately correct. If I browse to that directory form any of the client machines I can get to the directory fine and and also run the installer.

Etopas - Not sure I fully understand what you've written, but i'll give it a go and see if I can do it that way.
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Yes but what are the permissions you have set?

Can you try deploying to a workstation rather than a user?

>>Verify that the source exists and that you can access it.  This indicates an issue with your path to the file or permissions.
0
 
Joseph DalyCommented:
One other thing you can try is setting the NTFS permissions for "Domain Computers" with full control.
0
 
Lukasz ChmielewskiCommented:
this is not the permissions issue, try to simply enter the path on the workstation after logging in then you'll know if the path is accessible. try to upgrade the installer on one of the workstations to
http://www.microsoft.com/downloads/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en
see if this works
0
 
Lukasz ChmielewskiCommented:
also, a question did you try to upgrade any previous version of msxml ?

additionally use the cleaner
http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

then try again
0
 
Joseph DalyCommented:
Granted you may or many not have performed all of these steps but this could be a helpful checklist as far as the issues your facing.

http://support.microsoft.com/kb/816102
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
This is either his permissions or his UNC path.  Can the auther please post a scrnshot of his permissions on the App deployment and a screenshot of app deployed in the GPO?

0
 
Joseph DalyCommented:
I agree ^^^^
0
 
safekeyAuthor Commented:
Hi All,

I can access the msi file from all of my client machine using the same UNC path as i've set on the deployment settings for the software.

I have no other xml installed on the machine. It doesnt matter anyway, I have tried to push out five different msi packages and I get the same issue with all of them.

I have attached some screenshots.


depsettings.JPG
gposecsettings.JPG
secperms.JPG
shareperms.JPG
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Can you please add a computer object directly to the GPO permissions for the app, reboot and see it if deploys?  I usually leave authenticated users in my app deployment policies but don't see it listed here.  It should not make a difference but thought I would mention this.
0
 
Lukasz ChmielewskiCommented:
As I mentioned way above:
1. upgrade msi installer to 4.5
2. additionally use the cleaner
http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

then try again
0
 
safekeyAuthor Commented:
Nappy - Just tried that, didnt work.

Roads - I will try this now.
0
 
safekeyAuthor Commented:
Tried that Roads, exactly the same issues and errors.
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
This TID from MS describes the problem.  Somewhere your NTFS and share permissions are not correct http://support.microsoft.com/kb/278472

What is the event id error number?
0
 
safekeyAuthor Commented:
They are the errors I am getting Nappy, but the correct persmissions are set.

I have also set the share for full access for everyone.
computerobj.JPG
0
 
_etoptasCommented:
can you also post the security of gpo object (not msi security tab)?

fm
0
 
safekeyAuthor Commented:
Etopas - Here it is. Authenticated users, everyone & the computer object are all set to full control.
gpoobjectsec.JPG
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Can you click on the computer ppdemo and show its permissions?
0
 
_etoptasCommented:
I meant, open Group Policy Object Editor, click on Delegation tab on right hand side and click on advanced. Do authenticated users (you dont need to add everyone) have apply group policy check?
0
 
_etoptasCommented:
sorry I just saw. ignore my last comment.
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Agreed, I eluded to that a few posts ago.. :)
0
 
safekeyAuthor Commented:
PDdemo is set to allow full access.
0
 
_etoptasCommented:
Can you let us know how did you packed the MSI file? Standard download from MS? Did you make any modifications to MSI File? maybe the error is coming from the file?
0
 
safekeyAuthor Commented:
Etopas - I've tried fie different msi files. One of them was edited, and the rest were in their original state. All with the same result.
0
 
DonNetwork AdministratorCommented:
Try adding Domain Computers to the  Authenticated Users group
0
 
safekeyAuthor Commented:
Where can I find Authenticated Users as a group? If I double click on "Domain Computers" and try to add "Authenticated Users" it doesnt show as an option. I've put "Domain Computers" in the Admin group, but it wont allow me to add it to authenticated users that way.
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
You should be able to type the group  name authenticate Users and it will ad the group to the security tab.
0
 
safekeyAuthor Commented:
If I double lcikc on "Domain Computers" there is only a member of option, not a security option. If I click member of, it cant find "authenticated users". I can only find authenticated users if i'm in a security tab of a folder.
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
You should be able to add it just like this in my screen shot

Picture-82.png
0
 
safekeyAuthor Commented:
I must be trying this in the wrong bit, because I only get the choice to add groups or built in security principals.
other.JPG
0
 
safekeyAuthor Commented:
Ok, I just changed the GPO to push the package out to the user rather than the computer object and it worked absolutely fine. Very weird. Any ideas, because i'd rather push them out via computer objects than users.
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
You really need to have that group named authenticated users in the security.  Try this, create a group for your computers, add alll the computers to the group, add the group to the application deployment.  See if it deploys now...
0
 
DonNetwork AdministratorCommented:
Follow the guide and you should be good to go.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.