Spirion (IdentityFinder) and RabbitMQ Database

In the past, I have had no issues installing Spirion using Bigfix till they released version 13… With this newer version Spirion started to use ERLANG (OCR) and RabbitMQ Database. We have build the Custom MSI as per usual and are had it hang when installing via the usual command line
wait “{pathname of system folder & “\msiexec.exe”}” /i “{(pathname of client folder of current site) & “__Download\Spirion-Custom.msi”}” /qn /l*vx “C:\Temp\Spirion.log”

Looking at the log, its the RabbitMQ where it stops , and it appears to be waiting for a user input… I did some research and it turns out that RABBITMQ cannot be installed as system as it ignores the required Environment variables to point to ERLANG_HOME and RABBITMQ_BASE. As a work around, within the action script, I create those env variables and it kind of installs but never reports back to the Spirion Server console . This is the link to the article I found about this NSIS installer silent install not supported in Windows upgrades · Issue #264 · rabbitmq/rabbitmq-server · GitHub
Specifically the quote " I don’t know if this is an issue that can be remedied, but I’d like to add that we have found that the NSIS installer run with the /S argument for silent mode install cannot be run as the system account “NT AUTHORITY\SYSTEM”. When it is run this way, some of the functionality of the installer is bypassed. In particular, the installer ignores the installer configuration environment variables listed here, specifically RABBITMQ_BASE, leading to the failure to create the db and logs folders."
So my actionscript is this.

action uses wow64 redirection false
prefetch the file
extract the file


delete __createfile
delete powershell.ps1
// create the Required environment variables

createfile until END_OF_FILE
REG delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /F /V "ERLANG_HOME"
REG delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /F /V "RABBITMQ_BASE"
[Environment]::SetEnvironmentVariable("ERLANG_HOME", "C:\Program Files\ERLANG OTP", "Machine")
[Environment]::SetEnvironmentVariable("RABBITMQ_BASE", "{value "APPDATA" of key "Volatile Environment" of current user key (logged on user) of registry}", "User")
END_OF_FILE

move __createfile powershell.ps1

override wait
hidden=true
RunAs=currentuser
completion=job
wait { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File powershell.ps1

//poor mans pause for about 10 secs to allow time for env variables to be set and recognised for the following
wait cmd /C ping 127.0.0.1 -n 10 -w 1000> nul

//now install the package

wait "{pathname of system folder & "\msiexec.exe"}" /i "{(pathname of client folder of current site) & "\__Download\Spirion-Custom.msi"}" /qn /l*vx "C:\Temp\Spirion.log"

The above installs ok but doesnt communicate with the spirion server.
So I ammended the last block “Install the package” to install as the current user using the same override wait . It attempted to install , bit failed with a 1603 error.

So referring back to the github link, the only options I see are to add ALL the environment variables listed in the article to System where possible…
as an FYI, this installs without any futzing about when pushed from a GPO… Does anyone have any suggestions or exerience with SPirion and or RabbitMQ?

I’ve never used any of those tools but I’ve done a lot of weird software installations so I’ll help where I can -

Possibly useful links:

Maybe helpful - use of cookies to auth client sessions / copy the cookie:

Install guide:

Config guide:

And some notes on your process - It’s certainly possible that these products are reading environment variables directly from the Registry, but it’s extremely unlikely. Instead most programs would use some well-known APIs to get environment variable values. One problem is that when you set them with the Registry the way you’re doing, those may be effective for a new process but don’t take effect in the current process. And it’s difficult to know which processes pick up the change, and which just inherit existing environment values from their parent process, so…usually if you have to change them in the Registry we’d reboot before continuing to the next step.

But here, you know which processes need to pick up the change, so you can set it in the registry (as you’re doing), and set it in the current environment, but then make sure to run the installers in the same environment where you just set it. i.e. don’t run the Powershell script, then fall back to the BESAgent, then start the setup process, do all that in the same script.

I prefer Batch over PowerShell myself, so you might try something like this. I’m going to suppose it might actually work with the LocalSystem account if the environment variables are set before the installer runs. If this continues to fail we can look at overriding the install user as well, but please let me know either way:

action uses wow64 redirection false
prefetch the file
extract the file

delete __createfile
delete installer.cmd

// create the Required environment variables
createfile until END_OF_FILE
REG delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /F /V "ERLANG_HOME"

REG delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /F /V "RABBITMQ_BASE"

REM I use parentheses on the next lines to ensure that extra spaces after the value are not included or at least are visible, there should be no space before the close-paren

REM Set variables for current environment
(SET ERLANG_HOME=C:\Program Files\ERLANG OTP)
(SET RABBITMQ_BASE=%APPDATA%\User)

REM Set variables for persistent environment
SETX ERLANG_HOME "C:\Program Files\ERLANG OTP" /M
SETX RABBITMQ_BASE "%APPDATA%\User" /M

"{pathname of system folder & "\msiexec.exe"}" /i "{(pathname of client folder of current site) & "\__Download\Spirion-Custom.msi"}" /qn /l*vx "C:\Temp\Spirion.log"
END_OF_FILE

move __createfile installer.cmd
wait cmd.exe /c installer.cmd
1 Like

I left off the ‘END_OF_FILE’ marker above, just edited to fix that.