Dec 19, 2013 After you troubleshoot software installations by using Windows application management debug logging, we recommend that you delete the AppMgmtDebugLevel registry value to avoid performance degradation. Because of code changes in application management in Windows 8, debug logging is not working in Windows 8 or Windows Server 2012.
DC: WinServer2012, Client: XP
Hi there,
i have a problem getting a GPO install to work. I created a MSI thats hosted in a network share:
serverDeploymentxxxxxx.msi
when i log on to a computer and start it manually, it installs perfectly in silence and is listed uninstallable via systemcontrol/software.
However, if i deploy it by GPO, it wont work. eventvwr.msc reveals error codes 101, 103, 108 and 1085 without any useful further information (roughly translated in english it is something like: 'it did not work because it did not work..' :@). Client is set to wait on network, GPO is listed as applied on gpresult, when i log onto the server and check the ntfs-settings, the MSI has read and execute fordomain-computers, auth-users, everyone, anonymous and full for system and admins. The share settings are read for everyone. There are no further events related to that failure.
Does someone please can suggest some fixes? How can i find out WHY it does not get installed?
TIA, rhavin.
1 Answer
These errors tell me that your GPO and software distribution are working fine. It's the installer itself that's failing for some reason, and (probably) not reporting 'why' back to the launching process. To that end, they're telling you to check the log file of the installer to determine why, presuming the installer provides a log.
When run by the GP at start up, the context is the 'System' context, not a user context. One of the major things that doesn't happen during the System-level install, is that no user profile is loaded. If the installer depends on the user profile to be available for some reason, then it could fail when it's not.
So you have to determine if/why the installer is failing when run in the context used during the GP initiated install.
Optionally, you could change the GP setup you are using; instead of assigning the software package to the Computer, assign (or publish) the software to the User.
I'd explain how to do that here, but there are a few important options and it's better if you get familiar with them all, and then decide which are best for your AD setup.
All the info you need on how to do it is available from Microsoft, and here's a YouTube video that popped up in a search that may help as well: Assigning Versus Publishing Applications in Active Directory .
Ƭᴇcʜιᴇ007Ƭᴇcʜιᴇ007Not the answer you're looking for? Browse other questions tagged group-policywindows-installerdeployment or ask your own question.
-->This section lists a few common issues you may encounter when using Advanced Group Policy Management (AGPM) to manage Group Policy objects (GPOs).
What problems are you having?
I am unable to access an archive
Cause: You have not selected the correct server and port for the archive.
Solution:
If you are an AGPM Administrator: See Configure the AGPM Server Connection.
If you are not an AGPM Administrator: Request connection details for the AGPM Server from an AGPM Administrator. See Configure the AGPM Server Connection.
Cause: The Advanced Group Policy Management Service is not running.
Solution:
If you are an AGPM Administrator: Start the AGPM Service. For more information, see Start and Stop the AGPM Service.
If you are not an AGPM Administrator: Contact an AGPM Administrator for assistance.
The GPO state varies for different Group Policy administrators
Cause: Different Group Policy administrators have selected different AGPM Servers for the same archive.
Solution:
If you are an AGPM Administrator: See Configure the AGPM Server Connection.
If you are not an AGPM Administrator: Request connection details for the AGPM Server from an AGPM Administrator. See Configure the AGPM Server Connection.
I am unable to modify the AGPM Server connection
Troubleshooting Gpo Software Installation
Cause: If the settings on the AGPM Server tab are unavailable, the AGPM Server has been centrally configured using an Administrative template.
Solution:
If you are an AGPM Administrator: If the settings on the AGPM Server tab are unavailable, see Configure the AGPM Server Connection.
If you are not an AGPM Administrator: If the settings on the AGPM Server tab are unavailable, you do not need to modify the AGPM Server.
I am unable to change the default template or view, create, edit, rename, deploy, or delete GPOs
Software Installation Definition
Cause: You have not been assigned a role with the permissions required to perform the task or tasks.
Solution:
If you are an AGPM Administrator: See Delegate Domain-Level Access and Delegate Access to an Individual GPO. AGPM permissions will cascade from the domain to all GPOs currently in the archive. As new Group Policy administrators are added at the domain level, their permissions must be set to apply to This object and nested objects. For details about which roles can perform a task and what permissions are necessary to perform a task, refer to the help for that task.
If you are not an AGPM Administrator and you require additional roles or permissions: Contact an AGPM Administrator for assistance. Note that if you are an Editor, you can begin the process of creating a GPO, deploying a GPO, or deleting a GPO from the production environment, but an Approver or AGPM Administrator must approve your request.
I am unable to use a particular GPO name
Cause: Either the GPO name is already in use or you lack permission to list the GPO.
Solution:
If the GPO name appears on the Controlled, Uncontrolled, or Pending tab, choose another name. If a GPO that has been deployed is renamed but not yet redeployed, it will be displayed under its old name in the production environment—therefore, the old name is still in use. Redeploy the GPO to update its name in the production environment and release that name for use by another GPO.
If the GPO name does not appear on the Controlled, Uncontrolled, or Pending tab, you may lack permission to list the GPO. To request permission, contact an AGPM Administrator.
I am not receiving AGPM e-mail notifications
Cause: A valid SMTP e-mail server and e-mail address has not been provided, or no action has been taken that generates an e-mail notification.
Solution:
If you are an AGPM Administrator: For e-mail notifications about pending actions to be sent by AGPM, an AGPM Administrator must provide a valid SMTP e-mail server and e-mail addresses for Approvers on the Domain Delegation tab. For more information, see Configure E-Mail Notification.
E-mail notifications are generated only when an Editor, Reviewer, or other Group Policy administrator who lacks the permission necessary to create, deploy, or delete a GPO submits a request for one of those actions to occur. There is no automatic notification of approval or rejection of a request.
I cannot use port 4600 for the AGPM Service
Cause: By default, the port on which the AGPM Service listens is port 4600.
Solution: If port 4600 is not available for the AGPM Service, modify each archive index file to use another port and then update the AGPM Server for all Group Policy administrators. For more information, see Modify the Port on Which the AGPM Service Listens.
The AGPM Service will not start
Cause: You have modified settings for the AGPM Service in the operating system under Administrative Tools and Services.
Solution: Modify the settings for Microsoft Advanced Group Policy Management - Server under Add or Remove Programs. For more information, see Modify the AGPM Service Account.
Group Policy Software Installation fails to install software
Cause: AGPM preserves the integrity of Group Policy Software Installation packages. Although GPOs are edited offline, links between packages as well as cached client information are preserved. This is by design.
Solution: When editing a GPO offline with AGPM, configure any Group Policy Software Installation upgrade of a package in another GPO to reference the deployed GPO, not the checked-out copy. The Editor must have Read permission for the deployed GPO.