• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1851
  • Last Modified:

Cisco VPN Client Being Uninstalled on Startup

We use a Cisco VPN Client (v5.0.3) to connect to our corporate network. A user came to use today saying their VPN client was missing. We had a look, and couldn't find it, so reinstalled. However, when we rebooted after installing, the installer launches again, and tries to uninstall the client. We have to click cancel to stop the uninstall from happening.

We've checked in the registry at HKCU\Software\Microsoft\WIndows\CurrentVersion\Run & RunOnce & in HKLM\Software\Microsoft\WIndows\CurrentVersion\Run & RunOnce, however there is nothing in there to launch the uninstall. We've also check the Startup items, and MSConfig, there appears to be nothing trying to launch the uninstallation.

When the uninstall is happening it looks like it's the standard MSIEXEC process that's running, and is probably running with the Cisco setup vpnclient_setup.msi.

Where else could the uninstall be being launched from?

Ben
0
bjblackmore
Asked:
bjblackmore
1 Solution
 
sausCommented:
if you instal lthe same client on another PC - the same behaviour or only on that specific PC ?
0
 
bjblackmoreAuthor Commented:
Hi,

Thanks for the reply.

We currently have this on about a dozen of our users laptops, and this is the only one presenting with this issue.

I've just uninstalled and rebooted, and the installer has launched on startup. THere is definitely something somewhere running the installer, which if it's not already installed, installs the client, but if it is already installed, it uninstalls it!
0
 
MikeKaneCommented:
If this is the only one doing this, I would use systernals autoruns to check all possible startup items....
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

I imagine this behavior doesn't happen in safe mode.   HAve you tried MSConfig and use a selective startup?  

0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
johnb6767Commented:
Any chance theres a Windows Installer sourced error in the Event Log? Might be trying to do a first run config for the user, and then it bombs, and decides it is best to leave the os?

Also, Process Monitor can enable boot logging, so you can see whats happening, in more detail that you probably even want to know............

Troubleshooting with Process Monitor
http://blogs.technet.com/b/askperf/archive/2007/06/01/troubleshooting-with-process-monitor.aspx

Options>Select Enable Boot Logging, and reboot.... After reboot, launch Procmon to compile the logs.....

Then you can look at the view, think you set it to Process Tree, and search for your MSIexec command that is being called....
0
 
bjblackmoreAuthor Commented:
Seem to have sorted the problem by manually uninstalling the vpn client, then rebooting, then after windows logged on the installer ran again, but this time it installed the vpn client rather than uninstalled, this time when I rebooted again and windows logged on it didn't launch the installer!

There must have been something somewhere launching the installer that got removed when it was successfully installed!
0
 
johnb6767Commented:
Login script?
0
 
tdodd72Commented:
I am just wondering if this machine is in a Organizational unit that is having a GPO pushed to it.
0
 
bjblackmoreAuthor Commented:
No login script or group policy being applied, also this was a laptop and the behaviour was happening both on and off the network!
0
 
bjblackmoreAuthor Commented:
Resolved problem myself
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now