Batch Files Not Executing Through BigFix

QvR 2021-04-05 19:33:17 UTC #1

Hi,

I have a problem where I have created a batch file for the installation of MS Teams through BF SWD. The batch file runs perfectly outside of BigFix, but when pushed by SWD it doesn’t work. The batch file is created in such a way that it temporarily maps to a central repository in the environment in order to retrieve and install said packages. What could be the cause of BigFix not being successful?

I have now encountered this problem with Microsoft Office as well as Teams.

Thank you,

Quentin

JasonWalker 2021-04-05 19:38:18 UTC #2

Likely it’s the “maps to a central repository” that’s the problem.

The BigFix client is running as the LocalSystem account, and won’t be able to access UNC drives like \servername\sharename. In Active Directory, Computer accounts are not allowed to connect to the shares, only authenticated user accounts.

Since you have the Software Deployment offering, why not use “Manage Software Distribution” dashboard to import/upload your installers instead of using the UNC share?

The other consideration is that MS Teams is available as both a per-user and a system-wide installation. You should use the system-wide installer to avoid having to deal with per-user installations.

QvR 2021-04-05 19:49:31 UTC #3

Hi Jason,

Thank you for your reply. The batch file makes provision for the permissions to the central repository. I have added the contents below for an Office install .bat file. Would that still hinder access?

Any guidance would be appreciated as I’m busy pulling my hair out at the moment.

:: @echo off

setlocal
set /A ERRORNO=0

::Store working directory to return after finished
set WORKDIR=C:
set SHARESRV=::Removed::
set SHAREDIR=BigFixProf_SWD_\Office2013Pro-32bit

::Map network drive and give it unmapped drive letter
net use * \%SHARESRV%%SHAREDIR% /user:

::Map and switch to a network drive and give it unmapped drive letter
pushd \%SHARESRV%%SHAREDIR%

::Store the name of the network drive so it can be unmapped when finished
set NETSHARE=%CD%
set NETDRIVE=%CD:~0,2%

::Change to the Network Share Drive
cd /d %NETSHARE%

::Run commands with the network drive mapped
setup.exe /adminfile proplus2013-32.MSP

::Uncomment this to catch errors from the executable
if %errorlevel% GTR 0 set ERRORNO^|=%errorlevel%

::Change back to the original directory
cd /d %WORKDIR%

::Unmap the network drive
net use %NETDRIVE% /delete /y

endlocal
exit /B %ERRORNO%

Thank you,

Quentin

JasonWalker 2021-04-05 20:37:18 UTC #4

Looks like that should overcome the network share credential issue…what does your ActionScript look like? What is the exit code? We should be able to modify it to save a log file and see where it’s failing.

JasonWalker 2021-04-05 20:38:23 UTC #5

Actually if you used the SWD wizard, the ActionScript may be quite long…how about just the ‘wait’ command that executes your batch file?

QvR 2021-04-05 20:45:03 UTC #6

Below is the ActionScript:

begin prefetch block
add prefetch item name=f2cd41e8f605059de983742e68fa4c51a5cf52bd sha1=f2cd41e8f605059de983742e68fa4c51a5cf52bd size=762 url=SWDProtocol://127.0.0.1:52311/Uploads/f2cd41e8f605059de983742e68fa4c51a5cf52bd/Teams_Windows_x64.bat.bfswd sha256=7d4705d3201ecda978e6a92b2ecaea453e10bb930532eef76fcc97a6127f54a4
end prefetch block

// All SWD files will go into a folder in the clients __BESData folder. This folder gets cleared on every restart.
parameter “baseFolder” = “__Download/”
// Move files into subfolders and unescape file names
move “__Download/f2cd41e8f605059de983742e68fa4c51a5cf52bd” “{parameter “baseFolder”}Teams_Windows_x64.bat”

// Log setup
parameter “mainSWDLogFolder” = "{parent folder of client folder of current site}/__Global/SWDDeployData"
folder create "{parameter “mainSWDLogFolder”}"
parameter “logFile” = “SWD_DeploymentResults.log”

//**End Preparation Marker
delete __createfile
parameter “logFolder” = “{parameter “mainSWDLogFolder”}”
// Run setup process
delete run.bat

// Use .bat to set working directory to packages root, for setup command.
createfile until end
@ECHO OFF
cd "{parameter “baseFolder”}"
rem // See comments at the beginning of this action for an explanation of the comment markers.
echo %DATE% %TIME% >> "{parameter “logFolder”}{parameter “logFile”}"
echo Action ID: {id of active action} >> "{parameter “logFolder”}{parameter “logFile”}"
rem //**Begin Command Marker
echo Command: “Teams_Windows_x64.bat” /s >> "{parameter “logFolder”}{parameter “logFile”}"
set errorlevel=
“Teams_Windows_x64.bat” /s >> “{parameter “logFolder”}{parameter “logFile”}” 2>&1
set SWDExitCode=%errorlevel%
rem //**End Command Marker

echo Return code: %SWDExitCode% >> "{parameter “logFolder”}{parameter “logFile”}"
echo. >> "{parameter “logFolder”}{parameter “logFile”}"
exit %SWDExitCode%
end

move __createfile run.bat
// You will not be able to stop or take action on an applicable BigFix Client until your installer completes.
// So ensure no user input is required.
// If your package absolutely must interact with the user, replace ‘override wait’ with ‘override run’ and ‘wait’ with ‘run’.
override wait
hidden=true
completion=job
wait run.bat

//**Begin Closing Marker
// Get the return code of the previous action.
parameter “returnCode” = “{exit code of action}”

// Task will now exit.
exit {parameter “returnCode”}
//**End Closing Marker

JasonWalker 2021-04-05 21:47:48 UTC #7

Check for log entries under the client’s SWD logs, at
BES Client\__BESData\__Global/SWDDeployData\SWD_DeploymentResults.log

QvR 2021-04-05 21:53:21 UTC #8

Hi Jason,

Nothing out of the ordinary in the log files.

Tue 04/06/2021 0:19:05.48
Action ID: 56538
Command: “Teams_Windows_x64.bat” /s
Z: was deleted successfully.

MS Teams is the above log file. It shows up in process on the client side that it’s there but for some reason it doesn’t finish the installation. On the BigFix console it shows “running” without completion.

QvR 2021-04-05 21:55:10 UTC #9

The below is from the __Global log file:

Command succeeded parameter “baseFolder” = “__Download/” (action:56538)
Command succeeded move “__Download/0c1adaf6e23289e221b0a1076b192d134eec1d78” “__Download/Teams_Windows_x64.bat” (action:56538)
Command succeeded parameter “mainSWDLogFolder” = “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData/__Global/SWDDeployData” (action:56538)
Command succeeded folder create “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData/__Global/SWDDeployData” (action:56538)
Command succeeded parameter “logFile” = “SWD_DeploymentResults.log” (action:56538)
Command succeeded delete No ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite__createfile’ exists to delete, no failure reported (action:56538)
Command succeeded parameter “logFolder” = “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData/__Global/SWDDeployData” (action:56538)
Command succeeded delete No ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite\run.bat’ exists to delete, no failure reported (action:56538)
Command succeeded createfile until (action:56538)
Command succeeded move __createfile run.bat (action:56538)
Command succeeded override wait (action:56538)
Command succeeded override hidden=true (action:56538)
Command succeeded override completion=job (action:56538)
Command started - wait run.bat (action:56538)

JasonWalker 2021-04-05 22:05:40 UTC #10

That sounds like it is likely prompting for some kind of input. What happens if you run the batch file manually?

QvR 2021-04-05 23:16:30 UTC #11

If I run the file from the repository I get a popup stating “We can’t verify who created this file”

Could that be hindering the installation as I need to accept it first before it will run?

JasonWalker 2021-04-05 23:43:48 UTC #12

That could be a problem, maybe the files have a Zone Identifier tagging them as “Internet” files. Check https://thewayeye.net/2012/march/2/bulk-removing-zoneidentifier-alternate-data-streams-downloaded-windows-files/ for info on how to check and remove using the Sysinternals “streams” tool.

QvR 2021-04-05 23:58:10 UTC #13

No zone identifiers either

I just can’t wrap my head around the fact that process is running on the endpoint, but there is no finalization or completion of the installation.

QvR 2021-04-06 10:16:18 UTC #14

Hi Jason,

I have managed to deploy MS Teams without the .bat file successfully. I deployed with the .msi file, and found out with MS Teams the user needs to log out and back in again after the BigFix task has completed in order for the installation to start running. Thereafter the installation completes successfully… The logging in and out is what I was not aware of.

Best Regards,

Quentin