Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Use group policy to deploy a SEE MSI application -failed without helpful log -

Created: 28 Dec 2010 | 4 comments
4400's picture

Hi, I am trying to deploy Symantec end point encryption msi application client to a XP VM . I tried to maual install the client and everything  ok. Then I use SEE server console GP to deploy but nothing happen. Then change to use AD itself to deoploy the client msi through the Group police, but I still  couldn't see the software to be installed and the SEE server still see the xp client is not encryptied.  But the event log on the client looks all ok. It shows The assignment of application Symantec Endpoint Encryption Full Disk Edition Client from policy SEE client installation pkg succeeded. Any advice how can check ?
The VM servers (DC and SEE) are both win2003 R2. I created a user1 and move to a new OU SEE_clients OU. I edit the policy for this OU to apply software ditributio to users group mentioned above. no errro found in server event log too. HEre below is xp client log. I configured the policy to "assigned", and then I changed it to "published" as it didn't work. I restarted the server and client a few times and ran gpupdate /force too.

from add/remove programs, I can see the symtenc endpoint encryption framework and other msi pkg "installed" already, but in c:\programfiles I am not able to find them. funny....

Please advise,thanks.

 
Event Type: Information
Event Source: Application Management
Event Category: None
Event ID: 308
Date:  12/28/2010
Time:  8:33:15 AM
User:  SINGAPORE\user1
Computer: XP5
Description:
Changes to software installation settings were applied successfully.
 
Event Type: Information
Event Source: Application Management
Event Category: None
Event ID: 301
Date:  12/28/2010
Time:  8:33:15 AM
User:  SINGAPORE\user1
Computer: XP5
Description:
The assignment of application Symantec Endpoint Encryption Full Disk Edition Client from policy SEE client installation pkg succeeded.
 
Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date:  12/28/2010
Time:  8:32:58 AM
User:  N/A
Computer: XP5
Description:
Security policy in the Group policy objects has been applied successfully.

Comments 4 CommentsJump to latest comment

M_Marcos's picture

If Possible, can you paste the screen shot of the add\remove program and c:\program file Please.

Looking at the event log and add\remove program, I see that the setup got suceeded. I am not sure how it do not list on the C:\Program Files.

Could you please run a "gpresult"

4400's picture

thanks for reply, here below I have uploaded the screenshot ,the error log and the comprehensive MPS report, please take a look and advise.

http://cid-df3ee7c6c94a93ee.office.live.com/self.aspx/.Public/SEEclientinstallederror.JPG

http://cid-df3ee7c6c94a93ee.office.live.com/self.aspx/.Public/XP7%5E_MPSReports%5E_201101010730AM.CAB

http://cid-df3ee7c6c94a93ee.office.live.com/self.aspx/.Public/SEE%20client%20installed%20log%202.rar

By the way, I have manaully installed client on one xp and the client said check in successfully ,but in unsigned SEE computers I am not able to see it. I can see this client in AD's computers list.any advice,please?thanks.

M_Marcos's picture

I don't see the installation is going properly. You might want to have a look on the installation step again.

Please have a look on the installation guide and compare the steps that you did. We want to make sure that we are following the right procedure.

Note : I copied the below steps from the installation guide.

Group Policy Deployment : -

With the SEE client installer packages already generated (Symantec Endpoint Encryption Framework Client.msi, and Symantec Endpoint Encryption Full Disk Edition Client.msi), the next series of steps describe how to use Active Directory’s software distribution capabilities to push these MSI packages out to the Client Computers for automatic
installation.

When using Active Directory to deploy the client installer packages, they must be installed as part of a software installation computer policy and not as part of a software installation user policy.

1. Open the SEE Manager Console. In the left-hand navigation pane, click the Group Policy Management container and expand the entire container hierarchy to reveal the Group Policy Objects container.

2. Right-click Group Policy Objects and select New. A New GPO window displays. Type SEE Client Installer Packages in the Group Policy Object box and click OK to save the new policy. Right-click the new policy and
choose Edit. The Group Policy Object Editor will display.

3. Expand Computer Configuration, Software Settings, then Software installation.

4. Right-click Software Installation and select New then Package. Click My Network Places, and navigate to the Microsoft Windows Network\your-org\Cadc-01\SYSVOL location or alternate location where you previously
saved the two SEE client packages.

Note : If you do not select the install packages by navigating to them using My Network Places, Client Computers receiving the policy will be unable to locate the install packages and the software installation policy will fail
to be applied.

5. Select the SEE Framework Client package, and click Open.

6. A confirmation screen will appear. Click OK to accept the default value of Assigned for that package.

7. Right-click Software Installation and select New then Package. Click My Network Places, and navigate to the Microsoft Windows Network\your-org\Cadc-01\SYSVOL location or alternate location where you previously saved the two SEE client packages.

8. Select the SEE Full Disk Client package, and click Open.

9. A confirmation screen will appear. Click OK to accept the default value of Assigned for that package. SEE clients are not currently compatible with 64-bit versions of Windows. The following setting will prevent SEE client packages from being deployed to computers running 64-bit versions of Windows.

10. Right-click Software Installation and click Properties. Click the Advanced tab.

11. Under 32-bit applications on 64-bit platforms, deselect the Make 32-bit X86 Windows Installer applications available to Win64 machines check box. Click Apply, then OK.

12. Close the Group Policy Object Editor.

13. In the SEE Manager, select the group policy you just created, then drag the group policy and drop it into the organizational unit (OU) or other object containing the computers you are deploying the client installer packages to. To simplify these instructions, the policy shown in Figure 5.1 is linked at the domain level. In practice, applying policies at the OU level allows much greater flexibility.

14. A confirmation dialog appears. Click OK to confirm linking the policy to the specified location.

Once the software installation GPO has been linked, it can take between 90 and 120 minutes before it is processed by a Client Computer connected to the domain. In addition to this policy processing delay, the Client Computer must be restarted to begin the installation.

Some users simply log off rather than perform a complete shut down, resulting in computer policies not being fully processed. Best practices can help mitigate this condition. For example, you can implement scripts to either periodically restart the Client Computer during off-peak hours or when a user logs off.

Remotely Initiated Package Installation on the Client

After the software installation computer policy has been applied and the Client Computer has been restarted, the Symantec Endpoint Encryption Framework Client.msi and the Symantec Endpoint Encryption Full Disk Edition
Client.msi installations will begin.

Depending on the MSIEXEC parameters specified, the Client Computer can automatically restart when the client packages have finished installing

Please call support incase of any immediate assitance.

ianpugh's picture

I'm a bit confused. Are you in effect trying to reinstall the application or install from scratch on a second machine?

If you are reinstalling dont forget to put the reinstall and reinstallmode flags at the end of the MSIExec command.