Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 308
  • Last Modified:

SCCM 2012 - Deploy Splunk UniversalForwarder as Application

Hello Everyone:

I am trying to deploy Splunk UniversalForwarder as Application (.MSI).  I deploy/advertise it to a Windows 2012 Server and it downloads to the Windows\ccmcache directory correctly.  However, when the MSI runs from the SCCM Deployment, it will first add the HKEY_CLASSES_ROOT\Installer\Products\C33E90967C4508347909398E437BB8FA and the MSI will then respond with "The version of the UniversalForwarder has already been installed on this computer."

When I run the .MSI from the same command line within a run or command window, I do not get this issue.

Any thoughts on why this is occurring when I deploy the .msi through SCCM 2012?
0
rmessing171
Asked:
rmessing171
  • 2
1 Solution
 
Mike TLeading EngineerCommented:
Hi,

It does not matter (usually) what the app is. The important thing is what format the software is, how you added it to ConfigMgr and how it installs normally with silent switches.

As it's an MSI that means things are generally a lot easier, as the wizard does most of the work for you.

You've created an application. By default the install command line will be

msiexec /i SplunkUF.msi /qn

If you edited this field make sure it's correct. It's always wise to add logging for troubleshooting here so the command line becomes:

msiexec /i SplunkUF.msi /qn /l*v c:\temp\Splunk.log

You have to understand a little about MSI logs which can be arcane at the best of times. Tip: use CMtrace to read it anyway.

Note, the uninstall GUID will also populate in the field below that. Make sure you click on the bottom button and browse to the MSI to manage the source otherwise MSI repairs will not be "owned" by CM and likely fail.

As for the failure to install, it looks like the MSI is meeting the detection method rule. The default behaviour is to look for the MSI GUID, here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

If you have changed the detection method then look for the presence of the file\regkey you used.
When you're testing you have to be 100% sure that any uninstall is clean and leaves no traces of the app whatsoever. No files, no registry, no cached files, fonts, icons, shortcuts.

Apps are a lot better than they used to be but some are still a bit dirty and leave things behind.

What is the command-line you use to do the manual install?

It looks like there's a slight different otherwise you would get the same behaviour. Either way, MSI logs will be a massive help.

Finally speaking of logs, check the CM logs c:\windows\ccm\logs\appdeploy.log and ccmexec.log.

Mike
0
 
rmessing171Author Commented:
Thank you for your assistance!
0
 
Mike TLeading EngineerCommented:
You're very welcome
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now