There really are so many different possibilities. When something subtle doesn’t seem to work it can become a real headache.
These 3 are all slightly different:
wait
waithidden
waitdetached
Then you also have this times 3 different wait options:
wait??? CMD /C
plus this times 3 different wait options:
wait??? start
Then you have PSExec with multiple options:
wait??? PSEXEC ????
And then on top of all that, there is what it actually does when run from an admin command prompt, user command prompt, and the SYSTEM command prompt.
Then there are the cases where you run some of these commands from an Admin User context by providing credentials.
Then on top of all of that, there can be differences to how all of these things work depending on if there are 0 users logged in, 1 user logged in, or more than 1 user logged in.
You might need the Core MSI in the same folder while installing the Posture module or whatever it is, even if the Core MSI is already installed.
As an added complication, everything is downloaded to a __Download folder but the actual current working directory when running things is the parent folder of the __Download folder. This means that there are some cases where you have to copy all of the install files to the current working directory before running it to get it to work correctly. This differs when testing from the command line when you almost always have all of the files run from the current working directory.
I think the problem is solved. It wasn’t the System account, or psexec, or wait* command variations. The actual problem was a poisoned BigFix cache!
I’m not quite sure how it happened, but it seems I’d somehow managed to prefetch the core VPN file (with its sha and size values) into the system, but with the filename for the Posture file. Thereafter, it seems that when I was executing lines for the Posture file it was using the cached version, which was actually the core VPN file.
As a result, the failures I was seeing were really the fault of running msiexec /i install when that packaged was already installed – and not /f as a repair.
Thank you all for the for the help and suggestions. @TimRice and @jgstew, thanks in particular for the suggestion of having both files alongside each other. I discovered the mixup while pasting prefetch commands for each file in the same action. It turns out that the individual action for Posture had the wrong values all along.
I have had similar to this before. Sometimes it helps test against different test machines to see if you get different kinds of errors or problems. In this case it might have helped to try it on a system that didn’t have the VPN Core installed.
Can we detect if AnyConnect is currently connected? I’d like to have a “pause while” that waits until the user disconnects before running the upgrades.
exists adapters whose (address of it as string != "0.0.0.0" AND description of it as string as lowercase contains "Cisco Systems VPN Adapter" as lowercase) of network
You will need to modify the Fixlet Action to use your own URL to download the installer. I stored the files I want to distribute on an internal WWW server.
That’s superb, thanks.