Solved

GPO deploy application using computer configuration

Posted on 2010-08-17
35
2,071 Views
Last Modified: 2013-12-12
Greetings,

I want to deploy msi applications using GPO. I want to deploy them per computer.

So I created an OU and put my domain computers into it. I created a network share on my Windows 2008 DC and set the share permission to
"Domain users - read"
"Domain computers - read"

I have also set my NTFS perms to domain users and domain computers read and execute.

I created my package in assign mode into "Computers configuration - Policies - Software Settings" using network path (\\Server\share\firefox.msi)

I activated the GPO "Always wait for the network at computer startup and logon"

I did a gpudate /force on my DC.

I rebooted a test computer to see if my gpo apply successfully. Of course it did not apply successfully.

When my computer boot up I saw that it try to install firefox but it ends up too rapidly and didn't install.

I have a log (event id 102) in my client computer that told me this :
"The install of application firefox from policy Installers
failed.  The error was : The installation source for this product is not
available.  Verify that the source exists and that you can access it."

If I try to install the software manually from the share on the client computer, it works.

I'm lost

Thank you
0
Comment
Question by:tblinc
  • 15
  • 9
  • 6
  • +3
35 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Are you using an .msi file for firefox?   I haven't used this but if you need an msi  for it   http://www.frontmotion.com/Firefox/

Thanks

Mike
0
 

Author Comment

by:tblinc
Comment Utility
yes... firefox was just an exemple. I have already use it in GPO deployement in user configuration and it works perfectly.

0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Have you tried to do an RSOP.MSC on the machine in question? Does this installation fail on all machines?
0
 
LVL 4

Expert Comment

by:added_flavour
Comment Utility
it should work ideally! however have you tried Disabling third party softwares on the share server or may be change the location to any other server to check the status .

Additionally you can configure Userenv logs to check what exactly is going on in the background on client machine.

thanks .
0
 

Author Comment

by:tblinc
Comment Utility
Spec01:

I only try this on one machine. It's currently a test. I don't have additionnal computer that I may use to test this. And by the way, the computer is a brand new laptop.

Also, you want me to do a rsop on the client computer or on the server ?

added_flavour:
I' not sure I understand want you want me to do.. I cannot really disable other third party software since that it's a production server. I don't have other Windows 2008 server.

I'll check the userenv
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Please do RSOP.MSC on client computer. They is another method of retreiving GP information that can possible provide more information. It is possible that another GPO could be interfering.
0
 
LVL 1

Expert Comment

by:Jannie van der Walt
Comment Utility
Try granting Everyone access to the share and NTFS (Everyone Read)

We still use GPO to deploy software and one of the settings I use is to configure the shares with Everyone?

Are you using a DFS? or just a straight share?
0
 

Author Comment

by:tblinc
Comment Utility
The RSOP give me the following information.

It gives me some error notification on all the applications I try to deploy.

The install of application "application" from policy Installers
failed.  The error was : The installation source for this product is not
available.  Verify that the source exists and that you can access it

I'm using a straight share
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
How deep is this Share on your network drive? I have run into issues where if the shared folder is deep in the folder structure it has failed. This hasn't happened often but something to mention.
0
 

Author Comment

by:tblinc
Comment Utility
My share is located there : e:\Public\GPOsoftware
0
 
LVL 4

Expert Comment

by:added_flavour
Comment Utility
I can understand the limitations  in a production env. As this is the only computer you should check userenv for a bit more in depth details .

As per the RSOP message it looks like its finding it hard to locate the package but again as you said you can install it doing \\ to the server so for sure there is something from the group policy side which is causing some issues could be any other policy which this client is trying to read , a configuration mismatch or could be a registry problem .

Thanks .
0
 

Author Comment

by:tblinc
Comment Utility
This is what I do.

I created a new OU at the root of my domain controller. Like this the only GPO that could interfere would be the default domain controller policy.

I assigned my application and did a gpupdate /force. Once my client computer rebooted, he still try to install the application and I thought that it fails.

I went to my start menu and saw that Firefox was installed. I launched it and it ask me my preference just like the first time launch.

When I look into the event viewer, I saw the same error message :

"The install of application firefox from policy Installers
failed.  The error was : The installation source for this product is not
available.  Verify that the source exists and that you can access it"

So I removed the application from my GPO and ask to delete the application. It did it successfully.

I create another application deploy using the same MSI.. this time it didn't work.

I also try this on another computer.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
Confirm that the machine account for the workstation that is applying Group Policy has at least Read access to the source files for the package that is assigned with Group Policy. You can do this by assigning permissions directly to the machine accounts, or by assigning permissions to a Security group, such as the Domain Computers or Authenticated Users group that contains the machine account.
0
 

Author Comment

by:tblinc
Comment Utility
Confirmed.. the machine have the read permission
0
 

Author Comment

by:tblinc
Comment Utility
I just attached the userenv log in verbose mode.

Just take a look in the attachment.
LogUserENV.txt
0
 

Author Comment

by:tblinc
Comment Utility
I found something intersting on another forum:

"USERENV(270.714) 14:24:44:176 ProcessGPOs: Extension Installation de logiciel ProcessGroupPolicy failed, status 0x64c."

Convert 0x64c to DEC= 1612

Net helpmsg 1612 = The installation source for this product is not
available. Verify that the source exists and that you can access it.

so......

Basically 1 of 3 things thjat I can think of,

1- We are trying to hit a server that is not available for the source.

2. The computer account(?) doesn't have access to the source.

3. The policy is processing before the network is fully functional on this
machine.

As a test what happened if you give Everyone full control on the share and
NTFS permissions? Also are the permissions propogated all the way down the
share? Also are you specifying Fully Qualified or Netbios name in the UNC
path?

For item 3 try to disable XPs Fast Logon Optimization:"

----------------
In response of the questions:
1- I'm able to reach the server
2- The computer account have read and execute access...
3- it's probably the issue because my router dhcp server is very long to give ip address.

I already give domain users and domain computers full access to the share and ntfs. I'm using the netbiso name in the unc path.

And for the "disable XPs fast logon" it's already done. (GPO wait for connexion)

I'm completely out of solution....
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
Install the user profile hive cleaner from microsoft.  Restart and see if the issue persists.  Here's the link:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:tblinc
Comment Utility
Just to let you know, I have tested the GPO on another computer and I have the same issue.

I'll test the tool right now.
0
 

Author Comment

by:tblinc
Comment Utility
Still no luck
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 133 total points
Comment Utility
ok....guess i didn't realize that this was across multi workstations.  did you enable the verbose logging on the XP workstation....is that how you got the userenv.log file?  Here are those steps:

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
Name: VerboseStatus
Type: REG_DWORD
Value: 1 default=0
Note: Status messages will not display if the following key is present and the value is set to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableStatusMessages

2) Reboot disconnected.  Note the time.  Watch the status messages to see where it is hanging.
3) After it finally boots, check the Event Log for relevant messages that were logged during the boot process and post them here if you can't identify the problem from the verbose messages and Event log errors.


Having problems with login scripts and Group Policies? You can enable verbose logging to track all changes and settings applied using Group Policy and its extension to the local computer and to users who log on to the computer. The log file, userenv.log, will be written into the %windir%\debug folder. This folder is a hidden folder. To enable verbose logging (Userenv.log):

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\Current Version\Winlogon
Name: UserenvDebugLevel
Type: REG_DWORD
Set UserenvDebugLevel=30002 is for verbose logging, UserenvDebugLevel=30001 is for errors and warnings only, and UserenvDebugLevel=30000 logs nothing.
0
 

Author Comment

by:tblinc
Comment Utility
For the first part.. I don't see anything. the message came to fast. I've nothing new in my event viewer except the exact same error message

I already did the last part of you message about the UserenDebugLevel. If you look at the post 33535045 you'll see a log file.

0
 
LVL 4

Expert Comment

by:added_flavour
Comment Utility
can you ping  servername -f -l 1472  from the client machine ?
0
 

Author Comment

by:tblinc
Comment Utility
It works successfully ... see attached
ping.jpg
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
Yeah...I know you had a userenv.log, but I didn't know if you'd used verbose with it.  Sorry...I'll look through the log and see if anything jumps out.
0
 
LVL 4

Assisted Solution

by:added_flavour
added_flavour earned 367 total points
Comment Utility
thats good your router seems to be working fine and not a case of blackhole router here .... well i think Software Installation CSE  logging would be more helpful here .. wot you say digitap ?

http://technet.microsoft.com/en-us/library/cc775423(WS.10).aspx
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
@add_flavour :: The link certainly offers more logging capabilities than what I suggested.  It would provide more information for sure.
0
 

Author Comment

by:tblinc
Comment Utility
With the Software installation CSE logging I have the following error:

Failed installation of WinZip 14.5 InstallationApp strategy. The error was:% 1612
0
 
LVL 4

Accepted Solution

by:
added_flavour earned 367 total points
Comment Utility
0
 
LVL 4

Expert Comment

by:added_flavour
Comment Utility
might be helpful !!!
0
 

Author Comment

by:tblinc
Comment Utility
@added_flavour.. this seems very intersting. The only trouble is to find the correct AAS file. Where can I find the correct one ?

I have multiple active GPO right now and I don't want to flush the wrong one.

Thank you very much, it's very appreciated.
0
 
LVL 4

Assisted Solution

by:added_flavour
added_flavour earned 367 total points
Comment Utility
please check following :

http://geekswithblogs.net/derekf/archive/2006/12/28/102149.aspx

http://technet.microsoft.com/en-us/library/cc782152(WS.10).aspx

i am really sorry but its 2:17 AM  right now in india ... got office tomorrow but ill surely check this thread tomorrow  ....

meanwhile i hope u can get most of it ..

Thanks .
0
 
LVL 4

Expert Comment

by:added_flavour
Comment Utility
Any update on this ?
0
 

Author Closing Comment

by:tblinc
Comment Utility
Thank you very much added_flavour and digitap. Your help was really appreciated.

I removed the AAS file and delete the OU and recreated it.

It works like a charm.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
Great!  I'm glad we could help and thanks for the points!
0
 
LVL 4

Expert Comment

by:added_flavour
Comment Utility
Thats Great !!   :)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now