• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2135
  • Last Modified:

GPO deploy application using computer configuration

Greetings,

I want to deploy msi applications using GPO. I want to deploy them per computer.

So I created an OU and put my domain computers into it. I created a network share on my Windows 2008 DC and set the share permission to
"Domain users - read"
"Domain computers - read"

I have also set my NTFS perms to domain users and domain computers read and execute.

I created my package in assign mode into "Computers configuration - Policies - Software Settings" using network path (\\Server\share\firefox.msi)

I activated the GPO "Always wait for the network at computer startup and logon"

I did a gpudate /force on my DC.

I rebooted a test computer to see if my gpo apply successfully. Of course it did not apply successfully.

When my computer boot up I saw that it try to install firefox but it ends up too rapidly and didn't install.

I have a log (event id 102) in my client computer that told me this :
"The install of application firefox from policy Installers
failed.  The error was : The installation source for this product is not
available.  Verify that the source exists and that you can access it."

If I try to install the software manually from the share on the client computer, it works.

I'm lost

Thank you
0
tblinc
Asked:
tblinc
  • 15
  • 9
  • 6
  • +3
4 Solutions
 
Mike KlineCommented:
Are you using an .msi file for firefox?   I haven't used this but if you need an msi  for it   http://www.frontmotion.com/Firefox/

Thanks

Mike
0
 
tblincAuthor Commented:
yes... firefox was just an exemple. I have already use it in GPO deployement in user configuration and it works perfectly.

0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Have you tried to do an RSOP.MSC on the machine in question? Does this installation fail on all machines?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
added_flavourCommented:
it should work ideally! however have you tried Disabling third party softwares on the share server or may be change the location to any other server to check the status .

Additionally you can configure Userenv logs to check what exactly is going on in the background on client machine.

thanks .
0
 
tblincAuthor Commented:
Spec01:

I only try this on one machine. It's currently a test. I don't have additionnal computer that I may use to test this. And by the way, the computer is a brand new laptop.

Also, you want me to do a rsop on the client computer or on the server ?

added_flavour:
I' not sure I understand want you want me to do.. I cannot really disable other third party software since that it's a production server. I don't have other Windows 2008 server.

I'll check the userenv
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Please do RSOP.MSC on client computer. They is another method of retreiving GP information that can possible provide more information. It is possible that another GPO could be interfering.
0
 
Jannie van der WaltCommented:
Try granting Everyone access to the share and NTFS (Everyone Read)

We still use GPO to deploy software and one of the settings I use is to configure the shares with Everyone?

Are you using a DFS? or just a straight share?
0
 
tblincAuthor Commented:
The RSOP give me the following information.

It gives me some error notification on all the applications I try to deploy.

The install of application "application" from policy Installers
failed.  The error was : The installation source for this product is not
available.  Verify that the source exists and that you can access it

I'm using a straight share
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
How deep is this Share on your network drive? I have run into issues where if the shared folder is deep in the folder structure it has failed. This hasn't happened often but something to mention.
0
 
tblincAuthor Commented:
My share is located there : e:\Public\GPOsoftware
0
 
added_flavourCommented:
I can understand the limitations  in a production env. As this is the only computer you should check userenv for a bit more in depth details .

As per the RSOP message it looks like its finding it hard to locate the package but again as you said you can install it doing \\ to the server so for sure there is something from the group policy side which is causing some issues could be any other policy which this client is trying to read , a configuration mismatch or could be a registry problem .

Thanks .
0
 
tblincAuthor Commented:
This is what I do.

I created a new OU at the root of my domain controller. Like this the only GPO that could interfere would be the default domain controller policy.

I assigned my application and did a gpupdate /force. Once my client computer rebooted, he still try to install the application and I thought that it fails.

I went to my start menu and saw that Firefox was installed. I launched it and it ask me my preference just like the first time launch.

When I look into the event viewer, I saw the same error message :

"The install of application firefox from policy Installers
failed.  The error was : The installation source for this product is not
available.  Verify that the source exists and that you can access it"

So I removed the application from my GPO and ask to delete the application. It did it successfully.

I create another application deploy using the same MSI.. this time it didn't work.

I also try this on another computer.
0
 
digitapCommented:
Confirm that the machine account for the workstation that is applying Group Policy has at least Read access to the source files for the package that is assigned with Group Policy. You can do this by assigning permissions directly to the machine accounts, or by assigning permissions to a Security group, such as the Domain Computers or Authenticated Users group that contains the machine account.
0
 
tblincAuthor Commented:
Confirmed.. the machine have the read permission
0
 
tblincAuthor Commented:
I just attached the userenv log in verbose mode.

Just take a look in the attachment.
LogUserENV.txt
0
 
tblincAuthor Commented:
I found something intersting on another forum:

"USERENV(270.714) 14:24:44:176 ProcessGPOs: Extension Installation de logiciel ProcessGroupPolicy failed, status 0x64c."

Convert 0x64c to DEC= 1612

Net helpmsg 1612 = The installation source for this product is not
available. Verify that the source exists and that you can access it.

so......

Basically 1 of 3 things thjat I can think of,

1- We are trying to hit a server that is not available for the source.

2. The computer account(?) doesn't have access to the source.

3. The policy is processing before the network is fully functional on this
machine.

As a test what happened if you give Everyone full control on the share and
NTFS permissions? Also are the permissions propogated all the way down the
share? Also are you specifying Fully Qualified or Netbios name in the UNC
path?

For item 3 try to disable XPs Fast Logon Optimization:"

----------------
In response of the questions:
1- I'm able to reach the server
2- The computer account have read and execute access...
3- it's probably the issue because my router dhcp server is very long to give ip address.

I already give domain users and domain computers full access to the share and ntfs. I'm using the netbiso name in the unc path.

And for the "disable XPs fast logon" it's already done. (GPO wait for connexion)

I'm completely out of solution....
0
 
digitapCommented:
Install the user profile hive cleaner from microsoft.  Restart and see if the issue persists.  Here's the link:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
0
 
tblincAuthor Commented:
Just to let you know, I have tested the GPO on another computer and I have the same issue.

I'll test the tool right now.
0
 
tblincAuthor Commented:
Still no luck
0
 
digitapCommented:
ok....guess i didn't realize that this was across multi workstations.  did you enable the verbose logging on the XP workstation....is that how you got the userenv.log file?  Here are those steps:

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
Name: VerboseStatus
Type: REG_DWORD
Value: 1 default=0
Note: Status messages will not display if the following key is present and the value is set to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableStatusMessages

2) Reboot disconnected.  Note the time.  Watch the status messages to see where it is hanging.
3) After it finally boots, check the Event Log for relevant messages that were logged during the boot process and post them here if you can't identify the problem from the verbose messages and Event log errors.


Having problems with login scripts and Group Policies? You can enable verbose logging to track all changes and settings applied using Group Policy and its extension to the local computer and to users who log on to the computer. The log file, userenv.log, will be written into the %windir%\debug folder. This folder is a hidden folder. To enable verbose logging (Userenv.log):

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\Current Version\Winlogon
Name: UserenvDebugLevel
Type: REG_DWORD
Set UserenvDebugLevel=30002 is for verbose logging, UserenvDebugLevel=30001 is for errors and warnings only, and UserenvDebugLevel=30000 logs nothing.
0
 
tblincAuthor Commented:
For the first part.. I don't see anything. the message came to fast. I've nothing new in my event viewer except the exact same error message

I already did the last part of you message about the UserenDebugLevel. If you look at the post 33535045 you'll see a log file.

0
 
added_flavourCommented:
can you ping  servername -f -l 1472  from the client machine ?
0
 
tblincAuthor Commented:
It works successfully ... see attached
ping.jpg
0
 
digitapCommented:
Yeah...I know you had a userenv.log, but I didn't know if you'd used verbose with it.  Sorry...I'll look through the log and see if anything jumps out.
0
 
added_flavourCommented:
thats good your router seems to be working fine and not a case of blackhole router here .... well i think Software Installation CSE  logging would be more helpful here .. wot you say digitap ?

http://technet.microsoft.com/en-us/library/cc775423(WS.10).aspx
0
 
digitapCommented:
@add_flavour :: The link certainly offers more logging capabilities than what I suggested.  It would provide more information for sure.
0
 
tblincAuthor Commented:
With the Software installation CSE logging I have the following error:

Failed installation of WinZip 14.5 InstallationApp strategy. The error was:% 1612
0
 
added_flavourCommented:
0
 
added_flavourCommented:
might be helpful !!!
0
 
tblincAuthor Commented:
@added_flavour.. this seems very intersting. The only trouble is to find the correct AAS file. Where can I find the correct one ?

I have multiple active GPO right now and I don't want to flush the wrong one.

Thank you very much, it's very appreciated.
0
 
added_flavourCommented:
please check following :

http://geekswithblogs.net/derekf/archive/2006/12/28/102149.aspx

http://technet.microsoft.com/en-us/library/cc782152(WS.10).aspx

i am really sorry but its 2:17 AM  right now in india ... got office tomorrow but ill surely check this thread tomorrow  ....

meanwhile i hope u can get most of it ..

Thanks .
0
 
added_flavourCommented:
Any update on this ?
0
 
tblincAuthor Commented:
Thank you very much added_flavour and digitap. Your help was really appreciated.

I removed the AAS file and delete the OU and recreated it.

It works like a charm.
0
 
digitapCommented:
Great!  I'm glad we could help and thanks for the points!
0
 
added_flavourCommented:
Thats Great !!   :)
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 15
  • 9
  • 6
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now