Supersedence Behavior (SCCM2012r2)

Topics: Archive - General
May 21, 2014 at 5:06 PM
Edited May 21, 2014 at 5:06 PM
Hi folks,

Wonderful toolkit, still learning it of course.

I am using 3.1.0 currently.

Have a neat little setup for installing Adobe Flash (13) that asks nicely to kill the browsers before doing so. Works fine set as deployed application via Software Center.

However, when I set this application to replace the old version (12) of the app with a deadline (The old app was also distributed via SCCM, but without PSAppDeploy).

This new deployment shows the balloons for installation, but does not ask about closing the browser (or giving the defer option).

Is this behavior something I can change? I would like it to still prompt the user to close the browsers, or offer deferment. I figure, they will be able to defer up to X amount of times, then they will be forced to do so (the time based on the Software Deployment Cycle of SCCM).

Thanks for an awesome script!
Coordinator
May 22, 2014 at 12:02 PM
Can you post the log from the install? I've not seen this issue before. Are you using SCCM supersedence, ie. New app references the old SCCM application? I personally found this to be unreliable and so each of my install scripts handle supersedence internally by removing the current and any previous version.

Dan
May 22, 2014 at 7:27 PM
I'll be happy to, as soon as I recreate them :)

I wiped the machine to test my Task Sequence WMI exception to WMI Computer Naming if a VM (had to make sure it didn't break physical imaging).

I was using the SCCM supersedence, and come to think of it, the oldest superseded application blindly killed the browsers running and uninstalled.

I too now also internally remove the old application (in this case Flash, with both PSAppdeploy removing it and by also running the Adobe Cleanup Tool).

Once I have those logs, I'll post back, but I think you've solved it for me.

Jon
Jun 12, 2014 at 4:25 PM
Hello,

I'm very impressed by the range of functions PADT provides and it's exactly what we need for our deployments. But we also need the supersedence feature of SCCM 2012. I have the same problem as the OP here.

App A is superseded by App B.
Visibility is set to "Normal" for both apps.
When I deploy App A, everything works as intended.

When I deploy App B, PADT is running in "NonInteractive" mode, even though a user is logged on. It doesn't matter if App A is installed beforehand or not. The DeployMode for installation of App B remains NonInteractive.
If I now delete the supersedence at App B, it works!

Here is the AppDeploy Log:
[12-06-2014 17:20:38] [Initialization] Deploy Application script version is [3.1.4]
[12-06-2014 17:20:38] [Initialization] App Deploy Toolkit Main script version is [3.1.4]
[12-06-2014 17:20:38] [Initialization] App Deploy Toolkit Extensions version is [1.0.0]
[12-06-2014 17:20:38] [Initialization] PowerShell version is [3.0 x64]
[12-06-2014 17:20:38] [Initialization] PowerShell host is [ConsoleHost version 3.0]
[12-06-2014 17:20:38] [Initialization] OS version is [Microsoft Windows 7 Enterprise  64-Bit 6.1.7601]
[12-06-2014 17:20:38] [Initialization] Hardware platform is [Virtual:Hyper-V]
[12-06-2014 17:20:38] [Initialization] Computer name is [...]
[12-06-2014 17:20:38] [Initialization] Current user is [...\...$]
[12-06-2014 17:20:38] [Initialization] Current Culture is [de-DE] and UI language is [DE]
[12-06-2014 17:20:38] [Initialization] Deployment type is [Installation]
[12-06-2014 17:20:38] [Initialization] Running under Session 0.
[12-06-2014 17:20:38] [Initialization] Installation is running in [NonInteractive] mode.
[12-06-2014 17:20:38] [Pre-Installation] Checking for running applications [acrord32,firefox]...
Which additional infos/logs do you need?

Thank you !
Coordinator
Jun 12, 2014 at 4:37 PM
Ok so this is interesting - the current user is running as SYSTEM (as indicated with the $) and it's running under Session 0. The toolkit detects this and switches to NonInteractive mode as it would fail if it tried to display anything on the UI.

My best guess is that Superscedence forces the application to run as SYSTEM regardless of whether there is a user logged in or not.

I don't know if this will work, but it's worth a shot. Use ServiceUI to break out of Session 0 to the current user's context. Details of how to do this are here: https://psappdeploytoolkit.codeplex.com/discussions/465270

Hope this helps. Dan
Jun 12, 2014 at 4:52 PM
Thanks for the speedy answer!

I thought you integrated with 3.1.0 ServiceUI.exe in the Deploy-Application.exe and handled that automatically.

But I'm testing it right now.
I guess I should be using the x64 ServiceUI and use this commandline: "ServiceUi.exe Deploy-Application.exe" ?
The option to run it as 32-bit process on 64-bit clients should be unticked?

Would that same deployment type work also for an OSD TS and when no user is logged on?

Thanks for your support!
Coordinator
Jun 12, 2014 at 4:56 PM
We did try to integrate ServiceUI and we hit so many issues we backed it out. We're actively investigating this and other alternative methods though - if we can cobble something together that works consistently then we'll definitely include it but it's hard to support something we didn't write or know the internal workings of.

You might have to try both x64 and x86 - If I recall correctly, last time I tried I had to use x86.

This definitely works for OSD TS - I use this trick there.

Dan
Jun 17, 2014 at 12:32 PM
We now have a working solution for us to use this great tool in 1 SCCM deployment type and I wanted to give some feedback here, maybe it helps someone or the devs would like to comment on it. :)

With ServiceUI in our SCCM deployment type the OSD TS would fail.
So we build a little powershell script to check if a user is logged in and use ServiceUI, or if no user is logged in call PADT directly.
Param (
    [string] $DeploymentType = "Install"
    )

function Starte-Prozess (
  [string]$EXE,
  [string]$Argumente
  ){
    $pinfo = New-Object System.Diagnostics.ProcessStartInfo
    $pinfo.FileName = $EXE
    $pinfo.RedirectStandardError = $true
    $pinfo.RedirectStandardOutput = $true
    $pinfo.UseShellExecute = $false
    $pinfo.Arguments = $Argumente
    $p = New-Object System.Diagnostics.Process
    $p.StartInfo = $pinfo
    $p.Start() | Out-Null
    #Do Other Stuff Here....
    $p.WaitForExit()
    $ExitCode = $p.ExitCode
  
 return $ExitCode
}

$Query = "Select * from Win32_ComputerSystem Where UserName != NULL"
 
$username = Get-WMIObject -query $Query | Select-Object -Expand UserName
 
IF ($username -ne $null) 
{
    # a user is logged in  
    $ExitCode = Starte-Prozess "ServiceUI.exe" "Deploy-Application.exe -DeploymentType $DeploymentType"
    exit $ExitCode
    }
Else 
{
    # no user is logged in
    $ExitCode = Starte-Prozess "Deploy-Application.exe" "-DeploymentType $DeploymentType"
    exit $ExitCode
    }
Jun 17, 2014 at 2:51 PM
Very nice Tss, I like the concept... but I'm not quite sure I understand how to implement this. Would you mind providing an example? This would save me alot of hassle with multiple deployments.
Jun 17, 2014 at 3:14 PM
You mean the commandline for SCCM? We named the script Run-Toolkit.ps1, so...

Install: powershell -executionpolicy bypass -file .\Run-Toolkit.ps1
Uninstall: powershell -executionpolicy bypass -file .\Run-Toolkit.ps1 -DeploymentType Uninstall

Of course you have to put the script in the source folder where Deploy-Application.exe and ServiceUI.exe resides.
Jun 17, 2014 at 8:28 PM
Edited Jun 17, 2014 at 8:34 PM
I understand now, I thought you had made this into a "Toolkit Extension"...

Quite anxious to try this out. Though, I do have one question about possible functionality when using this.

We use a special AD OU for Machines that cannot have the "Interactive" installation and must go silently. At this time I am using 2 separate installations, would it be possible to add a query in this script, that if that machine resides in the AD OU to do the silent installation? Not all machines would have the AD Module running, but I did manage to find a way to fun it without.
$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))"
([adsisearcher]$filter).FindOne().Properties.distinguishedname
Forgive me, I am not strong in powershell so I'll throw in what I think it may look like.
If ($filer -eq "CN=$env:computername,[OU/DC Structure]") {
    $ExitCode = Starte-Prozess "Deploy-Application.exe" "-DeploymentType $DeploymentType"
    exit $ExitCode
Coordinator
Jun 17, 2014 at 8:35 PM
Given the amount of activity on the forums about running UI in system context, we've decided to resurrect the work we did on this previously and look at building this functionality in to the toolkit. See this forum thread for more info: http://psappdeploytoolkit.codeplex.com/discussions/465270

We should have something in the next days ready to test so would be great to get some help testing it.

Thanks
Sean
Coordinator
Jun 17, 2014 at 9:51 PM
OK, so quicker than expected we've got a beta v4 with the ServiceUI functionality built in to the toolkit. I've posted about it here: https://psappdeploytoolkit.codeplex.com/discussions/465270

We'd really appreciate your help testing this and getting your feedback. You can download the latest version from the "Source Code" tab.

Thanks,
Sean
Coordinator
Jun 18, 2014 at 1:45 PM
Liquid_Venom,

Using the beta v4, I would suggest you implement as follows - modify the default Deploy-Application.ps1 template and just before the Variables: Environmnent section, add
$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))"
$dn = ([adsisearcher]$filter).FindOne().Properties.distinguishedname
If ($dn -match "<Insert your OU name here>") { $deployMode = "NonInteractive" )
This must be done before the main App Deploy Toolkit is dotSourced.

Hope this helps.

Dan
Jun 18, 2014 at 2:38 PM
Edited Jun 18, 2014 at 2:39 PM
Thanks for the quick update.

I got the beta and tested it in our environment. We get very strange behaviour from SCCM:

If I install the app without interaction from Software Center, you see in AppEnforce.log
    Executing Command line: "C:\WINDOWS\ccmcache\5y\Deploy-Application.EXE" with system context
    Process 1712 terminated with exitcode: 65535
Toolkit Log:
[18-06-2014 15:18:18] [Initialization] Invoking ServiceUI to provide interaction in the system session...
[18-06-2014 15:18:18] [Initialization] Executing [C:\Windows\ccmcache\5y\AppDeployToolkit\ServiceUIx64.exe C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File "C:\Windows\ccmcache\5y\Deploy-Application.ps1"]...
[18-06-2014 15:18:18] [Initialization] Working Directory is [C:\Windows\ccmcache\5y\AppDeployToolkit]
[18-06-2014 15:18:18] [Initialization] Execution completed with return code -1.
[18-06-2014 15:18:18] [Initialization] ServiceUI: [winlogon.exe] Session: [1] PID [592] [Target Session [1] = Match]
[18-06-2014 15:18:18] [Initialization] ServiceUI: Program to launch : [C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe]
[18-06-2014 15:18:18] [Initialization] ServiceUI: Command line      : [C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File C:\Windows\ccmcache\5y\Deploy-Application.ps1]
[18-06-2014 15:18:18] [Initialization] ServiceUI: API [CreateProcessAsUser] Error: [5]
[18-06-2014 15:18:18] [Initialization] ServiceUI returned exit code [-1]
..
If I install it via Software Center, AppEnforce.log:
    Executing Command line: "C:\WINDOWS\ccmcache\5y\Deploy-Application.EXE" with user context
    Process 4080 terminated with exitcode: 0
Toolkit Log:
[18-06-2014 15:19:18] [Initialization] Session 0 not detected.
I'm sorry, our own script suffers from the same problem. Like people in the other thread mentioned already, it is a problem with ServiceUI.

I don't if this helps, but I found this: http://blogs.msdn.com/b/alejacma/archive/2012/03/09/createprocessasuser-fails-with-error-5-access-denied-when-using-jobs.aspx
Coordinator
Jun 19, 2014 at 10:24 PM
Hi,

Thanks for testing and for sharing the link - it's appreciated. We're investigating this and will post and update here when we have more news.

Thanks,
Sean
Jul 3, 2014 at 9:59 AM
Hey guys,

i'm an friend of 'Tssthahn', we are working together on the described issue.

i invested more time and come to the following solution:

-The new beta (v4) worked for us under the following customizations and SCCM-Options:


Customization for the case "No User is logged on" in your: AppDeployToolkitMain.ps1
*Row 4458 ff.: before:
$usersLoggedOn = Get-WmiObject -Class "Win32_ComputerSystem" -Property UserName | Select UserName -ExpandProperty UserName

        If ($usersLoggedOn -ne $Null) {
            Write-Log "The following users are logged on to the system: $($usersLoggedOn | % {$_ -join ","})"
        }
*Row 4458 ff.: after:
$usersLoggedOn = Get-WmiObject -Class "Win32_ComputerSystem" -Property UserName | Where-Object {$_.UserName -ne $null} | Select UserName -ExpandProperty UserName
        If ($usersLoggedOn -ne $Null) {
            Write-Log "The following users are logged on to the system: $($usersLoggedOn | % {$_ -join ","})"
        }
        Else {
            Write-Log "No User is logged on"
        }
Reason:
Get-WmiObject -Class "Win32_ComputerSystem" -Property UserName | Select UserName -ExpandProperty UserName - throws an Error if there is no Username where he can't expand the Property.

Customization in SCCM for the "ServiceUI: API [CreateProcessAsUser] Error: [5]"
In SCCM you have to activate the Option on the Deployment Type of your deployed application(under Programm):

"Installationsprogramm ausführen und Programm als 32-Bit-Prozess auf 64-Bit-Clients deinstallieren"

Reason: Access denied when ServiceUI wants to create an 64-Bit Process.


Hope this helps in your enviroments!

Thanks,
Marco
Coordinator
Jul 3, 2014 at 12:04 PM
Hi Marco,

This is excellent work, thanks for finding the solution and reporting it back. I've actually been without an SCCM environment to test this myself which is why we haven't made any progress on it, but I'll encorporate these changes and then we can share with the community for wider feedback.

Thanks for your support,
Sean
Coordinator
Jul 3, 2014 at 9:17 PM
Edited Jul 3, 2014 at 9:54 PM
Hi,

I have added your change above in to the v4 beta. I've also forced ServiceUIx86 instead of ServiceUIx64 as this may be part of the problem, plus I've added some code to make sure the same PowerShell architecture is launched by ServiceUI as was used to launch ServiceUI. This it to avoid forcing 32-bit PowerShell which will have an impact on accessing 64 bit registry, etc. Ideally we want to get this working without having to tick the 32-bit process box.

Could you do us a favour and run the following tests:

-Run the latest v3 toolkit using <ServiceUIx64.exe Deploy-Application.exe> as a 64-bit installation
-Run the latest v4 toolkit as a 64-bit installation.
-Run the latest v4 toolkit as a 64-bit installation launching 32-bit PowerShell.
-Run the latest v4 toolkit as a 64-bit installation launching PowerShell.exe -File "Deploy-Application.ps1" instead of the Deploy-Application.exe

We need to establish if the access denied message with ServiceUI is because ServiceUIx64 doesn't play well at all with ccmexec.exe, ServiceUIx86 doesn't play well with ccmexec 64-bit, or it has something to do with Deploy-Application.exe or the PSArchitecture.

Thanks,
Sean
Jul 7, 2014 at 7:13 PM
Here you go .... Strange things going on ;-) (FYI: I was logged in for each test!)


Test 1: Run the latest v4 toolkit as a 64-bit installation.


[07-07-2014 20:07:44] [Initialization] Deployment type is [Installation]
[07-07-2014 20:07:44] [Initialization] Script [C:\Windows\ccmcache\p\AppDeployToolkit\AppDeployToolkitMain.ps1] dot-source invoked by [C:\Windows\ccmcache\p\Deploy-Application.ps1]
[07-07-2014 20:07:45] [Initialization] The following users are logged on to the system: MSSCCMFAQ\torsten
[07-07-2014 20:07:45] [Initialization] __Session 0 detected.
[07-07-2014 20:07:45] [Initialization] Invoking ServiceUI to provide interaction in the system session...
[07-07-2014 20:07:46] [Initialization] Executing [C:\Windows\ccmcache\p\AppDeployToolkit__ServiceUIx86.exe
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File "C:\Windows\ccmcache\p\Deploy-Application.ps1"]...
[07-07-2014 20:07:46] [Initialization] Working Directory is [C:\Windows\ccmcache\p\AppDeployToolkit]
[07-07-2014 20:07:46] [Initialization] Execution completed with return code -1.
[07-07-2014 20:07:46] [Initialization] ServiceUI: [winlogon.exe] Session: [1] PID [540] [Target Session [1] = Match]

[07-07-2014 20:07:46] [Initialization] ServiceUI: Program to launch : [C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe]

[07-07-2014 20:07:46] [Initialization] ServiceUI: Command line : [C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File C:\Windows\ccmcache\p\Deploy-Application.ps1]

[07-07-2014 20:07:46] [Initialization] ServiceUI: API [CreateProcessAsUser] Error: [5]

[07-07-2014 20:07:46] [Initialization] ServiceUI returned exit code [-1]
[07-07-2014 20:07:46] [Initialization] Microsoft_ConfigMgrSupportCenter_2012_EN_1 Installation completed with exit code [-1].
[07-07-2014 20:07:47] [Initialization] ----------------------------------------------------------------------------------------------------------

+++ Application not discovered. [AppDT Id: ScopeId_9CF7DEB9-6D21-4D41-B660-CC4E9ED87B1D/DeploymentType_efd2d033-784d-4edf-8adc-2d8a041c29a6, Revision: 1] AppEnforce 07.07.2014 20:07:31 3076 (0x0C04)
App enforcement environment: 
Context: Machine
Command line: "Deploy-Application.EXE"
Allow user interaction: No
UI mode: 1
User token: null
Session Id: 4294967295
Content path: C:\WINDOWS\ccmcache\p
Working directory:  AppEnforce  07.07.2014 20:07:31 3076 (0x0C04)
Prepared working directory: C:\WINDOWS\ccmcache\p   AppEnforce  07.07.2014 20:07:31 3076 (0x0C04)
Prepared command line: "C:\WINDOWS\ccmcache\p\Deploy-Application.EXE"   AppEnforce  07.07.2014 20:07:31 3076 (0x0C04)
Executing Command line: "C:\WINDOWS\ccmcache\p\Deploy-Application.EXE" with system context  AppEnforce  07.07.2014 20:07:31 3076 (0x0C04)
Working directory C:\WINDOWS\ccmcache\p AppEnforce  07.07.2014 20:07:31 3076 (0x0C04)
Post install behavior is BasedOnExitCode    AppEnforce  07.07.2014 20:07:31 3076 (0x0C04)
Waiting for process 1844 to finish.  Timeout = 120 minutes. AppEnforce  07.07.2014 20:07:31 3076 (0x0C04)
Process 1844 terminated with exitcode: 65535    AppEnforce  07.07.2014 20:07:48 3076 (0x0C04)
Looking for exit code 65535 in exit codes table...  AppEnforce  07.07.2014 20:07:48 3076 (0x0C04)
Unmatched exit code (65535) is considered an execution failure. AppEnforce  07.07.2014 20:07:48 3076 (0x0C04)
++++++ App enforcement completed (16 seconds) for App DT "PADT V4" [ScopeId_9CF7DEB9-6D21-4D41-B660-CC4E9ED87B1D/DeploymentType_efd2d033-784d-4edf-8adc-2d8a041c29a6], Revision: 1, User SID: ] ++++++ AppEnforce 07.07.2014 20:07:48 3076 (0x0C04)
Jul 7, 2014 at 7:17 PM
Edited Jul 7, 2014 at 7:17 PM
Test 2: Run the latest v4 toolkit as a 64-bit installation launching 32-bit PowerShell (--> using "Run installation program as 32bit process on 64bit clients) --> is this what you wanted us to test?


[07-07-2014 20:26:44] [Initialization] Deployment type is [Installation]
[07-07-2014 20:26:44] [Initialization] Script [C:\Windows\ccmcache\p\AppDeployToolkit\AppDeployToolkitMain.ps1] dot-source invoked by [C:\Windows\ccmcache\p\Deploy-Application.ps1]
[07-07-2014 20:26:44] [Initialization] The following users are logged on to the system: MSSCCMFAQ\torsten
[07-07-2014 20:26:44] [Initialization] Session 0 not detected.
[07-07-2014 20:26:44] [Initialization] Installation is running in [Interactive] mode.
[07-07-2014 20:26:44] [Pre-Installation] Getting deferral history...
[07-07-2014 20:26:44] [Pre-Installation] Getting Registry key [Registry::\HKEY_LOCAL_MACHINE\SOFTWARE\PSAppDeployToolkit\DeferHistory\Microsoft_ConfigMgrSupportCenter_2012_EN_1] ...
[07-07-2014 20:26:44] [Pre-Installation] Registry key does not exist: [Registry::\HKEY_LOCAL_MACHINE\SOFTWARE\PSAppDeployToolkit\DeferHistory\Microsoft_ConfigMgrSupportCenter_2012_EN_1]
[07-07-2014 20:26:44] [Pre-Installation] User now has [2] deferrals remaining.
[07-07-2014 20:26:44] [Pre-Installation] Checking for running applications [notepad]...
[07-07-2014 20:26:44] [Pre-Installation] The following processes are running: [notepad]
[07-07-2014 20:26:44] [Pre-Installation] Resolving process descriptions...
[07-07-2014 20:26:44] [Pre-Installation] Finished checking running applications.
[07-07-2014 20:26:45] [Pre-Installation] Prompting user to close application(s) [notepad]...
[07-07-2014 20:26:45] [Pre-Installation] User has the option to defer.
App enforcement environment: 
Context: Machine
Command line: "Deploy-Application.EXE"
Allow user interaction: No
UI mode: 1
User token: null
Session Id: 4294967295
Content path: C:\WINDOWS\ccmcache\p
Working directory:  AppEnforce  07.07.2014 20:26:25 804 (0x0324)
Prepared working directory: C:\WINDOWS\ccmcache\p   AppEnforce  07.07.2014 20:26:25 804 (0x0324)
Prepared command line: "C:\WINDOWS\ccmcache\p\Deploy-Application.EXE"   AppEnforce  07.07.2014 20:26:25 804 (0x0324)
Post install behavior is BasedOnExitCode    AppEnforce  07.07.2014 20:26:26 804 (0x0324)
Waiting for process 768 to finish.  Timeout = 120 minutes.  AppEnforce  07.07.2014 20:26:26 804 (0x0324)
Process 768 terminated with exitcode: 0 AppEnforce  07.07.2014 20:28:09 804 (0x0324)
Looking for exit code 0 in exit codes table...  AppEnforce  07.07.2014 20:28:09 804 (0x0324)
Matched exit code 0 to a Success entry in exit codes table. AppEnforce  07.07.2014 20:28:09 804 (0x0324)
Performing detection of app deployment type PADT V4(ScopeId_9CF7DEB9-6D21-4D41-B660-CC4E9ED87B1D/DeploymentType_efd2d033-784d-4edf-8adc-2d8a041c29a6, revision 2) for system.   AppEnforce  07.07.2014 20:28:09 804 (0x0324)
+++ Discovered application [AppDT Id: ScopeId_9CF7DEB9-6D21-4D41-B660-CC4E9ED87B1D/DeploymentType_efd2d033-784d-4edf-8adc-2d8a041c29a6, Revision: 2] AppEnforce 07.07.2014 20:28:09 804 (0x0324)
++++++ App enforcement completed (103 seconds) for App DT "PADT V4" [ScopeId_9CF7DEB9-6D21-4D41-B660-CC4E9ED87B1D/DeploymentType_efd2d033-784d-4edf-8adc-2d8a041c29a6], Revision: 2, User SID: ] ++++++ AppEnforce 07.07.2014 20:28:09 804 (0x0324)
Jul 7, 2014 at 7:18 PM
Test 3 Run the latest v4 toolkit as a 64-bit installation launching PowerShell.exe -File "Deploy-Application.ps1" instead of the Deploy-Application.exe


[07-07-2014 20:50:41] [Initialization] Deployment type is [Installation]
[07-07-2014 20:50:41] [Initialization] Script [C:\WINDOWS\ccmcache\p\AppDeployToolkit\AppDeployToolkitMain.ps1] dot-source invoked by [C:\WINDOWS\ccmcache\p\Deploy-Application.ps1]
[07-07-2014 20:50:41] [Initialization] The following users are logged on to the system: MSSCCMFAQ\torsten
[07-07-2014 20:50:42] [Initialization] __Session 0 detected.
[07-07-2014 20:50:42] [Initialization] Invoking ServiceUI to provide interaction in the system session...
[07-07-2014 20:50:42] [Initialization] Executing [C:\WINDOWS\ccmcache\p\AppDeployToolkit__\ServiceUIx86.exe
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File "C:\WINDOWS\ccmcache\p\Deploy-Application.ps1"]...
[07-07-2014 20:50:42] [Initialization] Working Directory is [C:\WINDOWS\ccmcache\p\AppDeployToolkit]
[07-07-2014 20:50:42] [Initialization] Execution completed with return code -1.
[07-07-2014 20:50:42] [Initialization] ServiceUI: [winlogon.exe] Session: [1] PID [540] [Target Session [1] = Match]

[07-07-2014 20:50:42] [Initialization] ServiceUI: Program to launch : [C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe]

[07-07-2014 20:50:42] [Initialization] ServiceUI: Command line : [C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File C:\WINDOWS\ccmcache\p\Deploy-Application.ps1]

[07-07-2014 20:50:42] [Initialization] ServiceUI: API [CreateProcessAsUser] Error: [5]

[07-07-2014 20:50:42] [Initialization] ServiceUI returned exit code [-1]
[07-07-2014 20:50:43] [Initialization] Microsoft_ConfigMgrSupportCenter_2012_EN_1 Installation completed with exit code [-1].
[07-07-2014 20:50:43] [Initialization] ----------------------------------------------------------------------------------------------------------



+++ Application not discovered. [AppDT Id: ScopeId_9CF7DEB9-6D21-4D41-B660-CC4E9ED87B1D/DeploymentType_efd2d033-784d-4edf-8adc-2d8a041c29a6, Revision: 6] AppEnforce 07.07.2014 20:50:37 3336 (0x0D08)
App enforcement environment: 
Context: Machine
Command line: powershell.exe -ExecutionPolicy Bypass -File ".\Deploy-Application.ps1"
Allow user interaction: No
UI mode: 1
User token: null
Session Id: 4294967295
Content path: C:\WINDOWS\ccmcache\p
Working directory:  AppEnforce  07.07.2014 20:50:37 3336 (0x0D08)
Prepared working directory: C:\WINDOWS\ccmcache\p   AppEnforce  07.07.2014 20:50:37 3336 (0x0D08)
Found executable file powershell.exe with complete path C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe AppEnforce 07.07.2014 20:50:37 3336 (0x0D08)
Prepared command line: "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File ".\Deploy-Application.ps1" AppEnforce  07.07.2014 20:50:37 3336 (0x0D08)
Executing Command line: "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File ".\Deploy-Application.ps1" with system context    AppEnforce  07.07.2014 20:50:37 3336 (0x0D08)
Working directory C:\WINDOWS\ccmcache\p AppEnforce  07.07.2014 20:50:37 3336 (0x0D08)
Post install behavior is BasedOnExitCode    AppEnforce  07.07.2014 20:50:37 3336 (0x0D08)
Waiting for process 3444 to finish.  Timeout = 120 minutes. AppEnforce  07.07.2014 20:50:37 3336 (0x0D08)
Process 3444 terminated with exitcode: 4294967295   AppEnforce  07.07.2014 20:50:43 3336 (0x0D08)
Looking for exit code -1 in exit codes table... AppEnforce  07.07.2014 20:50:43 3336 (0x0D08)
Unmatched exit code (4294967295) is considered an execution failure.    AppEnforce  07.07.2014 20:50:43 3336 (0x0D08)
++++++ App enforcement completed (6 seconds) for App DT "PADT V4" [ScopeId_9CF7DEB9-6D21-4D41-B660-CC4E9ED87B1D/DeploymentType_efd2d033-784d-4edf-8adc-2d8a041c29a6], Revision: 6, User SID: ] ++++++ AppEnforce 07.07.2014 20:50:43 3336 (0x0D08)
Coordinator
Jul 7, 2014 at 8:57 PM
Hi Torsten,

Many thanks for running through those tests. The results are very strange because in Dan's run of your test 3 scenario above ServiceUI launches successfully and every thing works fine, no CreateProcessAsUser error 5.

We suspect that Deploy-Application.exe breaks ServiceUI running in a 64-bit installation because it's a 32-bit process and that's confirmed when we just run PowerShell.exe (x64) instead.

One thing Dan's testing also confirmed is that when you tick "Run installation program as 32bit process on 64bit clients" SCCM runs the installation as the logged on user - weird, huh?

We'll keep working on it and provide an update tomorrow hopefully.

Thanks,
Sean
Jul 8, 2014 at 7:04 PM
PowerSheller wrote:
One thing Dan's testing also confirmed is that when you tick "Run installation program as 32bit process on 64bit clients" SCCM runs the installation as the logged on user - weird, huh?
How did you determine that? See the AppEnforce.log from Test 2 above: it clearly states "Context: Machine".

One thing that makes me wonder is:
Test1: "Session 0 detected"
Test2: "Session 0 not detected."
Coordinator
Jul 8, 2014 at 8:16 PM
Maybe what Dan meant was it runs in interactive mode as 32 bit process but in system context. @Dan, jump in if you want to add anything.

Would anyone here know Cameron King? He's probably the best person to help solve the mystery of ServiceUI.
Coordinator
Jul 9, 2014 at 12:21 PM
Sorry, it doesn't run the installation as the logged in user, it runs it as the SYSTEM account under the currently logged in user session. From my logs:

<snip>

[07-07-2014 13:23:33] [Initialization] Current user is [<domain>\<computername$>]

<snip>

[07-07-2014 13:23:33] [Initialization] Session 0 not detected.
[07-07-2014 13:23:33] [Initialization] Installation is running in [Interactive] mode.

Dan
Jul 9, 2014 at 3:37 PM
Hey guys,

we now discovered another weird thing.

If you run the script in SYSTEM-context (using PSExec or SCCM) each function from Deploy-Application.ps1 would run two times.
Reproduce steps:

adding the following code in Deploy-Application.ps1:
#*===============================================
#* INSTALLATION 
$installPhase = "Installation"
#*===============================================

    # Perform installation tasks here
    Write-Log -text "Test"
#*===============================================
Then you can look at the created Log and then u will see that the above line will be logged two times:


[09-07-2014 17:08:14] [Installation] Test
[09-07-2014 17:08:14] [Post-Installation] Oracle_JavaRuntime_1.07.060-351__01 Installation completed with exit code [0].
[09-07-2014 17:08:14] [Post-Installation] ----------------------------------------------------------------------------------------------------------
[09-07-2014 17:08:18] [Initialization] Execution completed with return code 0.
[09-07-2014 17:08:18] [Initialization] ServiceUI: [winlogon.exe] Session: [1] PID [592] [Target Session [1] = Match]

[09-07-2014 17:08:18] [Initialization] ServiceUI: Program to launch : [C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe]

[09-07-2014 17:08:18] [Initialization] ServiceUI: Command line : [C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File D:#app\deploy-application.ps1]

[09-07-2014 17:08:18] [Initialization] ServiceUI: Process launching with PID [3604]

[09-07-2014 17:08:18] [Initialization] ServiceUI: Process exit code [0]

[09-07-2014 17:08:18] [Initialization] ServiceUI returned exit code [0]
[09-07-2014 17:08:18] [Pre-Installation] Spinning up Progress Dialog in a separate thread with message: [Installation im Gange. Bitte warten...]
[09-07-2014 17:08:20] [Installation] Executing [msiexec.exe /i "D:#app\Files\jre1.7.0_60.msi" TRANSFORMS="oracle-javaruntime-32Bit-1.07.060-351-01.mst" REBOOT=ReallySuppress /QN /Lv "C:\WINDOWS\MSILogs\351-01_Install.log"]...
[09-07-2014 17:08:20] [Installation] Working Directory is [D:#app\Files]
[09-07-2014 17:08:28] [Installation] Execution completed successfully with return code 0.
[09-07-2014 17:08:28] [Installation] Test


Thus every function would called two times. Of course not only Write-Log, even "Execute-MSI" and this maybe crashes the installation.

Reason:
if you run Deploy-Application.ps1 through psexec (or SCCM) the AppDeployToolkitMain.ps1 (Script-Body) would be called through following line(Deploy-Application.ps1 ):
# Dot source the App Deploy Toolkit Functions
."$scriptDirectory\AppDeployToolkit\AppDeployToolkitMain.ps1"
In the Script-Body of the Main the Part of the ServiceUI.exe would call the InvokingScript (line 4495 ff.):
                           $serviceUIArguments = "$PSHOME\powershell.exe -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File `"$invokingScript`""
And so the Deploy-Application runs a second time, now under the ServiceUI (User)-Context.


Can u understand it and fix it ? :)

Thanks,

TorstenM and MarcoMMA
Jul 10, 2014 at 12:43 PM
Hey guys,

we again.


We have now implemented solution which works for us :)

We customized the Deploy-Application.ps1.
We only run the Script-Body from Deploy-Application if:
  • no User is logged on or
  • a Tasksequence is running or
  • Session ID =! 0
We are in the final tests, but in our minds the solution should work ;).

Thanks,

TorstenM and MarcoMMA
Coordinator
Jul 10, 2014 at 10:11 PM
Edited Jul 15, 2014 at 9:19 PM
Hmm, have you been using the latest version of Deploy-Application.ps1? There is already code in there to handle this issue. Basically when the main script is dot sourced and ServiceUI is called the exit code is stored in a variable $serviceUIExitCode which is read by Deploy-Application.ps1 directly after the dot-sourcing. If ServiceUI was invoked, the Deploy-Application.ps1 script will exit as we know the code has already been executed (or attempted) via ServiceUI.
# Dot source the App Deploy Toolkit Functions
."$scriptDirectory\AppDeployToolkit\AppDeployToolkitMain.ps1"
# Handle ServiceUI invocation
If ($serviceUIExitCode -ne $null) { Exit-Script $serviceUIExitCode }
So our testing with ServiceUI has proved mysteriously inconsistent, we can't seem to get it to work reliably with the different combinations we have tried. If anyone can find a pattern or an explanation we'd love to hear it. Otherwise I think we need Cameron King from Microsoft to help out or else we need to code this functionality natively in PowerShell (something I don't have time to commit to currently).
Jul 11, 2014 at 9:19 AM
PowerSheller wrote:
Otherwise I think we need Cameron King from Microsoft to help out

Let me see if I can reach him somehow ...