Hello,
Trying to figure out a problem with anyconnect intune package. I was using the win32 packager as that is what my company wants to do.
Been trying to get my test laptop to install it correctly. However it’s failing to find the package error. I’ve tried some different ways to get it done but I’m at this point - mindlessly bashing my head on the wall. It’s probably a small detail I’m missing somewhere. Any help is appreciated.
In intune app portal:
Error is the following: The system cannot find the file specified. (0x80070002)
Install command: Start-Process -FilePath anyconnect-win-4.10.06079-core-vpn-predeploy-k9.msi -ArgumentList /quiet -Wait Start-Process -FilePath anyconnect-win-4.10.06079-dart-predeploy-k9.msi -ArgumentList /quiet -Wait
Uninstall command
MsiExec.exe /X{1023BC1D-6B5A-4806-82AF-D4F160334829} MsiExec.exe /X{F4BACC43-70D3-4CCF-A0C6-89512F64CBB4}
App install may force a device restart
Return codes
0 Success
1707 Success
3010 Soft reboot
1641 Hard reboot
1618 Retry
Detection rules
File C:\Program Files (x86)\Cisco\
Registry HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{1023BC1D-6B5A-4806-82AF-D4F160334829}
Registry HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{F4BACC43-70D3-4CCF-A0C6-89512F64CBB4}
I’ve been using the following setup for the files itself when creating the win32 package:
Anyconnect folder:
-
Output
-
Source
- Powershell script
- MSI Packages
Powershell script:
#path variables
$CorePath = "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe"
$DartPath = "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\DART\DartOffline.exe"
$installerPathCore = "anyconnect-win-4.10.06079-core-vpn-predeploy-k9.msi"
$installerPathDart = "anyconnect-win-4.10.06079-dart-predeploy-k9.msi"
$installParameters = "/quiet"
#install core VPN package
function CorePackage {
if (Test-Path $CorePath) {
Write-host "Core VPN already installed"
}else{
Start-Process -FilePath $installerPathCore -ArgumentList $installParameters -Wait
Write-Host "Installed CORE VPN have been installed"
}
}
#Dart Package
Function DartPackage {
#tests to see if it's already installed.
if (Test-Path $DartPath) {
Write-host "DART VPN tools already installed"
}else{
Start-Process -FilePath $installerPathDart -ArgumentList $installParameters -Wait
Write-host "DART VPN tools have been installed"
}
}
CorePackage
DartPackage
Exit 0
Solution: I needed to update the install command to the following: powershell -executionpolicy unrestricted .\nameofscript.ps1
This is what I use for our setup, I created an Intune package and then I have a second package that sets the preferences. From what I remember there was an issue/bug with detection and MSI/registry? with AnyConnect. For detection I ended up just checking for the installed folder/files.
Install command
msiexec /i “anyconnect-win-4.10.06079-core-vpn-predeploy-k9.msi” /qn
Rules formatManually configure detection rules
Detection rulesFile C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client
Install command
anyconnect-preferences.bat
Rules formatManually configure detection rules
Detection rulesFile C:\Users\%USERNAME%\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\
anyconnect-preferences.bat
xCopy.exe preferences.xml “C:\Users\%USERNAME%\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml”
https://pariswells.com/blog/intune/copy-file-to-workstations-with-windows-intune
Better build bundle msi and use chaining, far easier to manage and better controlled.
Whyyyyyyyyyyyyyyyyyyy
It’s not hard.
Install on your own machine via msiexec if you have the msi.
I prefer reg entries for the detect and Uninstaller.
Can Still do file location as most msi have the msi in the path and you can msiexec Uninstaller via that path.
Peaches peaches peaches …
And if this is meraki … just use windows. The reg entry is the key to not deal with the authentication bug.
I’m not going to spell It out for you. I believe we all have to earn our stripes. Others are nicer. I believe in work.
I don’t believe we’re trying to do any special preferences as it’s pretty simple address for our own users to put in. So I at least don’t have to worry about that aspect.
I did try a custom detection script which was the following:
If([Version](Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1023BC1D-6B5A-4806-82AF-D4F160334829} {F4BACC43-70D3-4CCF-A0C6-89512F64CBB4}','HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1023BC1D-6B5A-4806-82AF-D4F160334829} {F4BACC43-70D3-4CCF-A0C6-89512F64CBB4}' -Name DisplayVersion -ea SilentlyContinue) -ge '4.10.06079 4.10.06079') {
Write-Host "Installed"
}
That also resulted in the same error. Which is why I am guessing that it has something to do with my powershell script or app package settings. I don’t think it’s the detection settings itself cause the app package is kicking off in not detecting it. Like perhaps the installer script is getting ahead of itself before the msi has finished downloading itself or something. The powershell script runs fine when I manually have the same folder setup on the laptop.
It’s only when I deploy it as an intune package does it seems to run into that error.
Uuuuhh… Are you calling the script?
Cuz you have this posted as the install command.
Install command: Start-Process -FilePath anyconnect-win-4.10.06079-core-vpn-predeploy-k9.msi -ArgumentList /quiet -Wait Start-Process -FilePath anyconnect-win-4.10.06079-dart-predeploy-k9.msi -ArgumentList /quiet -Wait
If you’re just installing anyconnect you just need.
msiexec /i “anyconnect-win-4.10.06079-core-vpn-predeploy-k9.msi” /qn
Yeah, I have it pointed towards a powershell script in the source folder since there is two packages we needed to install, the DART and CORE vpn package. I was hoping to get away with only needing one intune package if possible. You need the wait command so it’ll finish installing the first msi before proceeding to the second. I also put it in two seperate powershell functions to ensure that only one gets installed before the other.
I could divide this up into two packages but was trying to avoid that.
If you want to try and use your powershell script you need to make sure both msi files and the script are in the directory when you create the intune package file so all 3 are included.
Install command
powershell -executionpolicy unrestricted .\nameofscript.ps1
Just make the CORE package a dependency of the DART Install. Thats what Im doing for the Umbrella package. For detection, have it look for the version, equal to or greater than vpnui.exe (and umbrellaac.exe?) , because it auto updates by default and changes the product code.
Well, that worked. They are installed now. now I don’t have to do two packages. Thanks.
Yeah, I’m gonna go that route now.
/u/parrothd69 powershell install command worked and my script went off without a hitch. Think I’m all set now.