NAV 8.0 MSI Install 5

[albinotoad]

Symantec Antivirus Corprate Editon 8.0 with Windows 2000 SP3

I've having a little difficulty using Intellimirror, attempting to roll out NAV Client via group policy. Have made the MSI package with the Packager, then adding the MSI package into the Group Policy, Software installation, adding as an assigned package. The following message is encountered. "Add Operation Failed. Unable to extract deploymnet information from that package. Run Validation on the package to ensure the package is correct"

Any ideas? This did work in verison 7.6 (Before Packager was required)

Review the Installer log shows:

SI (s) (98:20): Doing action: DisallowAdvertisedInstall
Action start 15:04:49: DisallowAdvertisedInstall.
This setup cannot be run in advertised mode.
MSI (s) (98:20): Product: Symantec AntiVirus Client -- This setup cannot be run in advertised mode.

Action ended 15:04:49: DisallowAdvertisedInstall. Return value 3.

Any ideas?

 

[elazar]

Hey Everyone,
Ok, It seems that with some people my method of deploying SAV 8.x works fine, and some get access denied when they try to start SAV 8.x after its is installed. When I first tested this, it was on some test machines I have at work. However, I was asked to set up a network at a school, they had SAV 8.x, and I kept getting this error. After looking at the event logs I saw what was being returned was that SAV 8.x was complaining that its didn't have the required license information needed to load the required DLL's, etc. This is strange because the GRC.DAT(look at my first post) has the license key contained in it! Maybe there are different builds of SAV 8.x, and this method does not work with some of them. This is in response to a couple of e-mails that I got about this issue. I am still working on it, but if anyone has found a solution, please e-mail me at emb3433@juno.com

Elazar

 

[AbSoLu]

I have a question about the real interest of creating a MSI package for an anti-virus : many antivirus update themselves, so they often modify their signature database file, and sometimes their programs (.exe files). If you create a MSI install for NAV, for example, it is a "best-practice" to set each .exe file as a component key file, to allow auto-repair.

The problem is : if the anti-virus modify its own executable files when updating, Windows Installer will "repair" them and you will have some sort of "incomplete upgrade" (in my opinion, it is not acceptable).

Am I wrong somewhere ? Or maybe this is the reason why Symantec do not support MSI install and recommand .zap install (which does not support auto-repair)

Any help or comment would be great !

 

[xPaulD]

elazar, great work. Some additional info.

1.Start msi, wait for package unpack files to current directory. Stop installation.
2.Run orca.exe, find InstallExecuteSequence and InstallUISequence tables, delete rows InstallSymPkgFiles, InstallSymPkgFilesU, InstallSymPkgFilesForRepair,InstallSymPkgFilesUForRepair

Now there is no need to give system account write privilege on a share folder to deploy NAV80CE.msi via GPO.

 

[elazar]

Nice Work xPaulD! Thanks Alot! I have been trying to get around that issue for a while.

Elazar

 

[ntoepfer]

1st of all, many thanks to elazar for putting me on the path with this one. Without his work I would not have gotten this to work at all! This is a bit involved, but here’s the procedure I came up with. All of this assumes you are using Windows 2000, it may work on XP without any changes.

1st, you will need to get the Windows Installer Wrapper Wizard, my personal favorite for making distribution packages:

http://sywan.nl/forums/uploaded/vincent/20021010162125_WIWW_0.0.0.1.zip

Build an MSI package with the Symantec Packager and set things like you want them to be on the target workstations. Also, get the isscript.msi package from Symantec and put it in the same folder, this is required for their MSI to run on a target workstation.

Once you have built the package, you will need to edit it using your favorite MSI editor (Orca works well). In Orca, you need to locate a table called “AdvExecuteSequence”, delete the row “DisallowAdvertisedInstall”, and save the MSI.

I used the WIWW to create an MSI package that launches this vbscript:

set fso = createobject("scripting.filesystemobject")
if fso.fileexists("\\DOMAINDFS\Share\NavCE8.0\Symantec AntiVirus Client.msi") then
	fso.copyfile "\\DOMAINDFS\Share\NavCE8.0\Symantec AntiVirus Client.msi", "C:\WINNT\TEMP\",true
end if
set fso = nothing

To do this, run WIWW and in the Install Commands, add one that runs from the SystemFolder and has its target as “[SourceDir]”copyit.vbs where copyit,vbs is the vbscript above. This will make a MSI package that runs the script which copies the Symantec MSI package you created earlier to the common temp folder of the target workstation.

At this point, create your software installation GPO. In it you need to add the following:

\\DOMAINDFS\SHARE\NavCE8.0\issscript.msi
\\DOMAINDFS\SHARE\NavCE8.0\copyit.msi
C:\WINNT\TEMP\Symantec AntiVirus Client.msi

The packages need to be added to the GPO in the order above (actually, the only requirement is that Symantec AntiVirus Client.msi runs LAST. The GPO editor will give you a warning about the path of the 3rd package. Ignore this and continue.

I have been able to successfully install new clients on clean PC’s and upgrade PC’s loaded with NAV 7.61 without any problems using this method. It does take a bit longer to run the whole thing due to the copy but not much.

Anyway, since I was VERY frustrated with Symantec over this and it appears many others are too I thought I would share the solution I arrived at. Best of luck to everyone!

Neil Toepfer

 

[Gambit23]

Hi, i create a MSI and Attach fine to AD, but the MSI crated is NOT full automated installed !!!! is required clic Next at last 3 times, in Welcome Screen, License Agreement and varius confirmations...

I create the package in silent mode...

ANY IDEA ???

REGARDS !!!

Fernando

 

[wmjoann]

Thanx elazar and xPaulD for your great work. I copied what you did and got it to work at our company.
But do you know how you can get around the password problem with the application. I mean, if I would like to uninstall the appliaction via AD/group policy for som reason (new version etc.) so won't it work. The next boot the machine tries to remove the application but stands in that mode forever. Manual uninstall via Control panel works after you have typed in password.

How can I get around the password problem when uninstalling with group policy. Can I do something from System Center or some other hack?

Has anyone heard the date for the new release? I heard there will be a hole new "concept" in q1/q2 2004?

Regards
Jorgen

 

[laic]

Dear all

My problem is not related to this thread, however it
has to do with NAV product.

I have recently deployed NAV 7.6 Client via GPO.
It is working beautifully, the problem is, users
will not see the Norton Antivirus Corporation icon under
add/remove program. I guess the problem lies when I
simply copy the whole thing out from

D:\Norton7.6E\NAVCORP\ROLLOUT\AVSERVER\CLIENTS\WIN32

Can any one of you suggest me how to have the Norton Antivirus Corporation icon appear under add/remove programs??

Please help me out here.
Thanks

laic

 

[wilbs]

I have an issue where by using the above method I can succesfully publish the MSI and it installs as an assigned package. But it tries to install every time!! Any ideas?

 

[johnnyb99]

wmjoann,

In SSC, under All Task->Symantec AntiVirus->Client Administrator Only Options->Security tab provides the ability remove the password requirement for removal.

 

[jbwvegas]

Ntoepfer-

Can you provide a little more guidance on WIWW?

I add an Install Command, choose SystemFolder from the drop-down. I am confused by this statment:
"add one that runs from the SystemFolder and has its target as “[SourceDir]”copyit.vbs"
I choose SystemFolder from the drop-down, then what do I enter in the line below? I have tested the copyit.vbs script by itself, it copies the SAV.msi like it's supposed to, but the copyit.msi doesn't work. Help!
Thank you much for your help so far.
jbwvegas

It's a living...

 

[GODLIKE]

I'm having the same issue described. The readme for SAV 8.0 says that Intellimirror advertising for MSI packages is not supported.. And that's it. One line.

Like many people, I have simply NOT upgraded enterprise clients (XP/Windows 2000 Pro) to version 8.. I'm still installing 7.6 because it comes with a nice, packaged, managed MSI and supporting GRC.DAT file. This way, I can use the same package (NAVCE.MSI v. 7.6) on ALL of my sites, only tweaking the GRC.DAT file as required. When a PC is re-installed, Intellimirror GPOs ensure that antivirus is installed at first boot.

WHY Symantec has decided to quietly drop support for Intellimirror is beyond me, but I am looking for alternatives. The first vendor to supply me with an Intellimirror-friendly Antivirus solution by the time Longhorn arrives will get my business.(XP runs fine on 7.6, so I'm not worried until then; you can still license new clients and install the older version.) That said, it's great to see smart people (ie, net admins) are trying to fix this up.

I'm going to follow some of the advice in here and try to repackage 8.1 as a "real" (intellimirror friendly) MSI package using both Winstall LE and Wise Package Studio... I'll post in here if I can get it to work. The real trick, I think, will be to get it to work while STILL reading the old GRC.DAT file so that we don't have to deploy a different package for each site/server.

 

[ss702sh]

This is a reply to Bugbear0001's post. I too used PSExec to push it out to my remote locations, executing the script on the workstations with "passed" credentials. I had the script execute the package in the Win32 folder down in VPHome, where the .dat file is located.

For most of the installations I just pushed them out with the console, which was not too terrible. Of course, I only have to manage 1000 clients and about 30 servers.

 

[Whisper111]

Just some news.

After all the problems packaging 8.x to an MSI package its time to go forward. Symantec 9.x or SCS 2.0 will soon be released. And packaging and MSI package for XP is no problem anymore, it works real good with RIS (remote installation system) and AD (Active Directory). For windows 2000 it requires Windows installer 2.0.
We have been locked with 7.6 for quite a while so this will be a relief for us.
Just wanted to let everybody know this on this site.

Be well

Bye

 

[djtj74]

Maybe it can help....

I found this thread by coincidense... and have struggeled a lot with it.

What I needed was to install the software throug a GPO. Which as the thread indicates was not possible without a lot of workaround.

I simply applied the logon script to the Computers Startup script in AD. Now it installs when the computer is turned on, and it is also installed with system account permission.

Only thing i had to do to get it to work was to make a simpe .bat file. Which first maps the share folder to a network share, then calls the vplogon.bat file, and at last deletes the mapped drive.

Just wanted you to know

Kind Regards,
Thomas

PS: I didn't have time to read the hole thread, so i apologies if my suggestion already have been mentioned.

 

[psschmied]

In my migration from Netware to AD group policy login scripting, I struggled for a couple weks to fihgure out how to make it work. The basic script used for Novell works with a few minor mods in user profile scripts, but fails in a Group Policy script.

My method may seem a little hokey, but it works for our network which has 180 sites, each with its own local server, and 8 departmental SAV servers at our main office.

NET USE V: \\%FILE_SERVER%\VPLOGON /PERSISTENT:NO >NUL
V:
VP_Log32 /p=\\%FILE_SERVER%\VPLOGON
C:
NET USE V: /DELETE >NUL

The variable for FILE_SERVER is passed for each OU's script call.

Because of our system architecture, we already needed scripts to map drive letters for the various sites' servers. Fortunately, we are 100% W2K, and we were able to create a very clean file structure. The same very short (1K) script is used to do everything for every site. I found this easier to implement than dealing with the packager and publishing packages through GP.

 

[Whisper111]

Hi

Hope someone has a solution to this problem.
We are about to upgrade from 7.5 to 7.6 of Norton AV and we will do this by Active Directory and Group Policy.
Why we upgrade only to 7.6?
Because its the only version to support MSI packaging.
Next step will be 9.0.
Back to the question....
We have set a password from SSC (Symantec System Center) that you have to have before uninstalling the NAV on the clients.
In order to upgrade we have to uninstall this password on the clients.
We have unchecked this password policy in SSC so most of the clients (5000 clients) have received this policy. BUT... not the clients wich are not online.
When we shoot out an upgrade of a newer version the windows installer will uninstall the old version first and after it will install the new version. This works fine with the clients who have received the password policy (no password) from SSC.
The problem is the clients wich are not online, when the user gets back and starts the computer it will normally start to uninstall the NAV on the client. But if the client have NOT received the password policy earlyer the computer will "freeze" during the startup process because the uninstallaion is unable to go further.

The question is: Is it possible to prompt the password in the old (7.5) MSI package so that the uninstallation will go thrue???
Or is there another way to solve this problem?

Need urgent help
Thanks

 

[albinotoad]

Does anyone have any actual information about Symantec 9.x or SCS 2.0 that they can direct me to? I would be most interested in this since I've been pestering Symantec over this for sometime now.

I would like to thank all those who worked on this issue. It does my heart good to see this thread is still active.

 

[Whisper111]

Hi Albinotoad

I just got a beta version of 9.0 or 2.0 SCS and it looks very good. The best part is that Symantec now support the MSI packaging with this version. We have tested the packaging on XP and it works really good. A lot of new features are on it to.
It looks that Symantec has done a good job with this version (i hope).
Here in Europe the release is late 2 weeks but hopefully in the middle of April we will get the new version.

bye

 

[BoomStick]

Hey Guys,

I'm having the same headache as you are! I have tried several other methods as well. I have tried pushing the MSI through startup script using the MSIEXEC /i command. I have used packager to create a .exe distribution that I have also tried to push out via startup script.

When I attempt to do so, I get the following event in the application event log:


Source: MsiInstaller
type: Error
Event Id:10005
Description: Product: Symantec AntiVirus Client -- Internal Error 2761.

I also had the same error when trying to package the .msi that packager gives me within a GPO that others have recieved. I have not tried the workaround that was posted earlier yet.

Have any of you run into this problem. These packages seem to install fine if I am loged in, but never fail to error out while running in a startup script under the system context.

Any input would be very welcome.

Thanks