Solved

Problems deploying software through Microsoft Deployment Toolkit

Posted on 2013-07-01
18
4,847 Views
Last Modified: 2013-07-05
I have a Microsoft Deployment server that I recently stood up, and I am having a problem with a few of the applications that are to be installed during the deployment process.

When the deployment process runs the software in question (7-zip, Adobe Acrobat 9, AutoCAD Design Review 2013 and Tight VNC) are all returning Unexpected Return Code 1620.

That code is described as "1620 This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package." according to the MSDN page I found (http://msdn.microsoft.com/en-us/library/windows/desktop/aa367988%28v=vs.85%29.aspx). But when I run the command line from Powershell it installs correctly.

Attached you will find the BDD.log file that was generated on the last deployment attempt.

Can anyone tell me why I am getting this error message with the MDT but not through Powershell?

BDD.log
0
Comment
Question by:Mdamon808
  • 8
  • 4
  • 3
  • +2
18 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 39292678
I would check the credentials used to perform the deployment.
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 39293056
Can you post the full command lines you are using?

I have installed 7zip and Adobe myself so know they are ok.

If you can install via powershell you can call the script directly instead of running the installer.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39293090
I see the following in the log:

About to run command: \\DEN-DEP-001\DeploymentShare$\Tools\X64\bddrun.exe msiexec /q /i \\den-fs-001\software\Downloaded\AutoDesk\Autodesk_Design_Review_2013\MSI\SetupDesignReview2013.msi

Do you need quotes around that path?

ie
msiexec /q /i "\\den-fs-001\software\Downloaded\AutoDesk\Autodesk_Design_Review_2013\MSI\SetupDesignReview2013.msi"
0
 

Author Comment

by:Mdamon808
ID: 39294392
I am using a domain admin account so the credentials are not an issue.

The command lines are as follows;

msiexec /q /i \\den-fs-001\software\downloaded\7-Zip\x64\7z465-x64.msi

msiexec /q /i "\\den-fs-001\software\downloaded\Adobe Acrobat\Adobe Acrobat 9 Std VL\Adobe Acrobat 9 Standard\AcroStan.msi"

msiexec /q /i "\\den-fs-001\software\downloaded\Adobe Acrobat\Adobe Acrobat 9 Std VL\Adobe Acrobat 9 Standard\AcroStan.msi"

msiexec /q /i "\\den-fs-001\software\downloaded\tightvnc\x64\tightvnc-2.5.2-setup-64bit.msi" SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=******** (password redacted for security purposes)

Running the script directly causes the system to either ignore the /q flag or fail with an unknown error code (don't have the actual code, but I can get it to generate one if needed)

Adding quotes to the command lines does not make a difference. The scripts that do have quotes, have them to force the system to ignore the spaces in the path.
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 39294691
Not sure if it makes a difference but I always have the command as follows:

msiexec /i "<filepath>" /qn /norestart
0
 
LVL 16

Expert Comment

by:Mike T
ID: 39294993
Hi,

I looks like a path limitation in Windows. The share name has a 12 character limit apparently.
http://support.microsoft.com/kb/294978.

To test, forget MDT and just try installing the MSI from that path manually. Either

\\DEN-DEP-001\DeploymentShare$\Tools\X64\bddrun.exe msiexec /i \\den-fs-001\software\downloaded\7-Zip\x64\7z465-x64.msi /q

or
msiexec /i \\den-fs-001\software\downloaded\7-Zip\x64\7z465-x64.msi /q

It's not a magic feature of PowerShell. I've learn with deployments that MSI behaviour differs according to the path where it's run from. The error codes can often be misleading.

Mike
0
 

Author Comment

by:Mdamon808
ID: 39297185
Moving the /q to the end does not seem to make a difference.

The MSIs works when installed manually.

I tried moving the installs to a drive on the local machine (new command lines below) and now all return error code 1619.

msiexec /i E:\Software\7-Zip\x64\7z465-x64.msi /q

msiexec /i E:\Software\Acrobat_9\AcroStan.msi /q

msiexec /i E:\Software\DesignReview_2013\SetupDesignReview2013.msi /q /norestart

msiexec /i "E:\Software\TightVNC x64\tightvnc-2.6.4-setup-64bit.msi" /q SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=*******
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 39297257
I can't see any successful applications install in your log. Do you have any installing correctly?

Can you add /i <pathtologfile.txt> into the command line which will hopefully log some more information.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39297551
This really ought to be credentials?  I don't know under what security context the install occurs.  Give all users Read on that folder and see what happens.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:Mdamon808
ID: 39297648
Some software is installing successfully, but I am not running those installs as they are fine. I can produce a BDD.log with all software installs included if you like.

I will add the flag you are requesting and post a new bdd.log with the results.


The attached image is of the user rights for the folder containing all of the installs in question. As you can see all users have full control, so it can't be credentials. Also, as I mentioned earlier, I am using a domain admin account so there should be no credential issues in the first place.Illustrating folder rights.
0
 

Author Comment

by:Mdamon808
ID: 39297808
Here is a new bdd.log file after adding the /li flag to the command line.

I do not see separate log files generated by the /li flag in the root of C:. Do you know the default output location for these log files?
BDD.log
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 39297959
Sorry, that should have been /l not /i.  (L)

The log file should be wherever you have written the path in your command
0
 
LVL 16

Expert Comment

by:Mike T
ID: 39298240
Hi

If you are getting *any* error code returned from the MSI, then it's not a share permissions thing - you would get a different MDT based error code

Putting /q at the end or the start will make no difference.

The key thing is this: if you copy the MSI and all files it uses locally and still can't install it, it will never work from MDT. Error 1619 is a specific MSI error usually meaning the MSI is broken, locked by something, can't be read or is missing one or more files.
As I said running from a network is different from local and from USB.

If all MSI installs fail, but something like Silverlight works, then it's an MSI issue. Seeing as you don't have any non-MSI installs, try installing the EXE version of 7-zip with /s.

How can I install 7-Zip in silent mode?

For exe installer: Use the "/S" parameter to do a silent installation and the "/D=dir" parameter to specify the "output directory". These options are case-sensitive. 7-Zip uses the NSIS installer by Nullsoft.

Please attach this log: C:\Users\ADMINI~1\AppData\Local\Temp\SMSTSLog\SMSTS.LOG.

it might have more evidence, but it's looking like an MSI issue now.

How have you created them? I don't see any MST options. Is each app in it's own folder with all the files?

The full command line for silent, deploy-friendly MSI installs is:

%windir%\system32\msiexec /i yourapp.msi /qn REBOOT=ReallySuppress /l*v "%programfiles%\Logs\MDT_yourapp.log"

I give the path to msiexec to stop an error about the path; it works without it but I don't like seeing errors!
/qn is quiet no GUI
REBOOT=ReallySuppres is case specific and prevents reboot
/l*v path\file.log   will create a verbose log file.

Mike
0
 

Author Comment

by:Mdamon808
ID: 39298479
I am using the x64 version of 7-zip which has no .exe available. There is only an .MSI file. I could go to the x86 version, but I would prefer to keep things consistent.

I have a number of non-MSI installers in the MDT. I have just been running the installers that I have been having trouble with. I have attached the BDD.log from a full install, including the functioning .exe installs.

I have also attached the SMSTS log file as well.

I have not built any of the MSI files that I have been using. They are all the .MSI's that are available from the software manufacturer.

The Design Review 2013 .MSI is the file that was specifically recommended in a thread (on the Autodesk site) about silently installing the software (though not through MDT).
BDD.log
0
 

Author Comment

by:Mdamon808
ID: 39298480
Oops forgot the SMSTS.log file...


smsts.log
0
 

Author Comment

by:Mdamon808
ID: 39298600
Here are the logs from the latest install attempts of the 7-Zip, Acrobat 9, Design Review 2013, and TightVNC.

Everything looks like it is working correctly, but I am new to reading these logs, so I am not sure of that.
7zip.txt
acrobat.txt
DRVW2013.txt
Tightvnc.txt
0
 
LVL 16

Accepted Solution

by:
Mike T earned 500 total points
ID: 39298726
Hi,

I think I see an issue with the paths. All the EXE setups work, the MSIs don't as I suggested

Change directory: \\DEN-DEP-001\DeploymentShare$\Applications\Malwarebytes]
then
[About to run command: \\DEN-DEP-001\DeploymentShare$\Tools\X64\bddrun.exe mbam-setup-1.75.0.1300.exe /verysilent

but your MSIs use this:

Validating connection to \\DEN-DEP-001\DeploymentShare$\Applications\7-Zip 4.65

Run Command: \\DEN-DEP-001\DeploymentShare$\Tools\X64\bddrun.exe msiexec /i \\den-fs-001\software\downloaded\7-Zip\x64\7z465-x64.msi /q]LOG

MDT will only look in the Deploymentshare\apps...\7-zip path not the \\server\share\software\downloaded. Remove all the path and just leave this

msiexec /i 7z465-x64.msi /q

Use /l*v path\log.log for verbose logging if you want.

Mike

PS: you made the same style when running from E, but added a typo: DesignReveiw.
but you misspelt it consistently so didn't notice. I know it was a test but I've wasted time on typos so it's another thing to check.
0
 

Author Closing Comment

by:Mdamon808
ID: 39302168
Cutting out the path did the trick.

Thanks a ton Mike. You are awesome.

Also. thanks for pointing out the typo. I am dyslexic, so those things can be hard for me to spot sometimes.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now