Creating a Fixlet for a Cisco AnyConnect install, I added a folder which includes 4 MSI files that need to be installed in sequential order. I attempted to run the action script below that will run the install commands, but I think my locations for the files are incorrect and possibly my approach.
prefetch 4a7bc05290817d8979754b326d70b6be5fc3118c sha1:4a7bc05290817d8979754b326d70b6be5fc3118c size:12024655 http://BIGFIX:52311/Uploads/4a7bc05290817d8979754b326d70b6be5fc3118c/anyconnet-win-4.4.03034_NIH.tmp sha256:372c50e796ff38f47f131728a03eee2729c5bfd9a6c8ed6f1b2a4a01b45587d8
extract 4a7bc05290817d8979754b326d70b6be5fc3118c
// Stop the VPNUI.exe process if it's there
wait cmd.exe /c taskkill /f /im vpnui.exe /qn
waithidden "{pathname of system folder & "\msiexec.exe"}" /i "{(pathname of client folder of current site) & "\__Download\anyconnet-win-4.4.03034_NIH\anyconnect-win-4.4.03034-core-vpn-predeploy-k9"}" /qn
wait cmd.exe /c taskkill /f /im vpnui.exe /qn
waithidden "{pathname of system folder & "\msiexec.exe"}" /i "{(pathname of client folder of current site) & "\__Download\anyconnet-win-4.4.03034_NIH\anyconnect-win-4.4.03034-gina-predeploy-k9"}" /qn
wait cmd.exe /c taskkill /f /im vpnui.exe /qn
waithidden "{pathname of system folder & "\msiexec.exe"}" /i "{(pathname of client folder of current site) & "\__Download\anyconnet-win-4.4.03034_NIH\anyconnect-win-4.4.03034-dart-predeploy-k9"}" /qn
wait cmd.exe /c taskkill /f /im vpnui.exe /qn
waithidden "{pathname of system folder & "\msiexec.exe"}" /i "{(pathname of client folder of current site) & "\__Download\anyconnet-win-4.4.03034_NIH\anyconnect-win-4.4.03034-iseposture-predeploy-k9"}" /qn
You certainly can do this in a single fixlet, and it is probably the right decision if it is an offer, but technically this could/should be 4 separate fixlets that run in sequence in a baseline with proper relevance for each step.
One issue could be that the files are not named correctly and referenced in the right locations after being extracted, though it does look correct in general.
I would comment out all of the actionscript after the first call to install using msiexec and get that one working before trying the rest.
If it is a baseline instead of a fixlet, you might actually have an issue where the first installation kills the VPN connection that the subsequent actions need to download files from the relay, so you would want to make sure the checkbox to download before constraints are satisfied is checked. Maybe even have an component of the baseline that precaches everything without doing the installation.
Update: So the 4 MSI were able to be run fine as a baseline, but I realized that those 4 MSI files I took from an installation folder are reliant on other files in the install folder to install some profile for AnyConnect. I used the Windows Software Distribution Wizard that gave the option of using a folder as the source which it says zips the folder. I left my relevancy to run on all Windows and my Action script is shown below. The MSI files need to run in order. I was hoping this would run the MSI files and use whichever other files might be needed in the folder to properly do the install, but the action status is just stuck on “Running” with an Exit code 0. I did run it through the debugger and it came back fine. Any ideas or others ways I can run the 4 MSI files from a folder containing other files needed for the install? See my action script below.
prefetch …. /Uploads/5d5fb515658e4d1c3583c369ace3fc9f648c571d/AnyConnect-4.4.03034.tmp sha256:dca95ae8ab3725a12cb2f421463a4a0e9e8c532164d93c0aa1db00abdae89001
extract 5d5fb515658e4d1c3583c369ace3fc9f648c571d
waithidden "{pathname of client folder of site "BESSupport"}\taskkill.exe" /F /IM vpnui.exe
waithidden "{pathname of client folder of site "BESSupport"}\taskkill.exe" /F /IM vpnagent.exe
wait "{pathname of system folder & "\msiexec.exe"}" /i "{{(pathname of client folder of current site) & "\__Download\AnyConnect-4.4.03034\anyconnect-win-4.4.03034_NIH\anyconnect-win-4.4.03034-core-vpn-predeploy-k9.msi"}" /qn /norestart
wait "{pathname of system folder & "\msiexec.exe"}" /i "{{(pathname of client folder of current site) & "\__Download\AnyConnect-4.4.03034\anyconnect-win-4.4.03034_NIH\anyconnect-win-4.4.03034-dart-predeploy-k9.msi"}" /qn /norestart
wait "{pathname of system folder & "\msiexec.exe"}" /i "{{(pathname of client folder of current site) & "\__Download\AnyConnect-4.4.03034\anyconnect-win-4.4.03034_NIH\anyconnect-win-4.4.03034-iseposture-predeploy-k9.msi"}" /qn /norestart
wait "{pathname of system folder & "\msiexec.exe"}" /i "{{(pathname of client folder of current site) & "\__Download\AnyConnect-4.4.03034\anyconnect-win-4.4.03034_NIH\anyconnect-win-4.4.03034-gina-predeploy-k9.msi"}" /qn /norestart
It’s possible that the 32-bit redirection is giving problems. It does that for me sometimes, particularly with 64-bit packages because by default the BESClient will be running the 32-bit version of msiexec (and {pathname of system folder} actually redirects to \windows\syswow64)
You could try adding action uses wow64 redirection false
anywhere before the wait commands start.
Alternatively, it’s best to try out each command individually to see where it’s hanging up. The best way to check that interactively is with psexec, part of the Sysinternals suite available at https://microsoft.com/sysinternals
You’d use
psexec -i -s cmd
to open a new command window in SYSTEM context, the same context that the BESClient would be using to run the MSI packages (with wow64 disabled) or
psexec -i -s \windows\syswow64\cmd.exe
to run in a 32-bit command prompt.
Then you can try each of your msiexec commands and see whether it’s popping-up any kind of a gui interface or error message (which would be hidden when run from the BESClient so you can’t acknowledge it and the script would not continue)
I’m pretty sure this is your issue. Your current working directory is the parent directory of __Download but your files are inside of __Download so that is part of the problem.
It is unusual for MSI’s to look for external files though, that is not typical I think.
One option is to run it all in a BAT file with cd __Download in there to switch to the download folder for the current working directory, but I’m not even sure that will work for sure in this case.
I’d bet you need to do something else to install the profile or whatever.
AnyConnect is an odd duck. I solved this with individual fixlets for each module, wrapped in a baseline.
Relevance for the baseline:
not exists key whose (value "DisplayName" of it as string contains "Cisco AnyConnect") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry)
Relevance for the VPN module:
not exists key whose (value "DisplayName" of it as string contains "Cisco AnyConnect Secure Mobility Client") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry)
Relevance for DART:
exists key whose (value "DisplayName" of it as string is "Cisco AnyConnect Secure Mobility Client") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry)
not exists key whose (value "DisplayName" of it as string contains "Cisco AnyConnect Diagnostics and Reporting Tool") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry)
Relevance for Posture:
exists key whose (value "DisplayName" of it as string is "Cisco AnyConnect Secure Mobility Client") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry)
not exists key whose (value "DisplayName" of it as string contains "Cisco AnyConnect Posture Module") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry)
…and then each fixlet has its own prefetch and action sequences with wait statements on execution of the installation.