I have successfully employed a WSUS server and LUP install at our business.
WSUS updates are rolling out wonderfully, and I was able to successfully
deploy Flash, Firefox, and LibreOffice using LUP. My next piece of software I
wanted to deploy was Foxit Reader.
I tried setting it up yesterday, but when I came in this morning it failed to
install on my test machines. A bit of googling led me to discover that Foxit
doesn't allow silent installs any longer unless you use their Enterprise
Reader. So I signed up for that, got the MSI installer, made my package and
approved it for my test rigs... and it still failed. I checked the event log
and it gave me error 11708.
Two questions: Do I need to do anything within LUP to make it re-try the
install? It's sitting there reading failed, and I can't see an option in the
clear to try and redeploy.
Is this a common problem, as in did I set up my package wrong?
Thanks in advance.
You don't need to do anything to get it to re-install; the WSUS client will
continually attempt to install a package that has failed. Rephrased, the
client will perpetually attempt to install the package until it is successful.
The error you gave isn't listed as a WSUS Error code so I can't tell you much
about it. From a bit of searching it seems to be a somewhat generic MSI error.
Yeah, I didn't have much luck with the error code either. When I am actually
in LUP and right click on the failed install under the report tab, it says it
failed with error code 0x80070643.
Which translates to ERROR_INSTALL_FAILURE. I'm fairly certain that the problem
lies with the installer here. It's being ran but then for some internal reason
A common failure point is having a previous version of the app running or
dependent apps like browsers open when attempting the install. Test on a
client running nothing else at the time.
There is a previously installed version of the software on the machine, but
with both FireFox and LibreOffice they both successfully replaced the older
versions. I'll try removing it manually and seeing if it makes a difference.
Yea; that's one thing to try. I was thinking more along the lines of making
sure no other applications are running at the time of the install. For
instance, if IE or FireFox is running when the WSUS client tries to update
Flash or Java they may very well fail.
Ah, I understand. I'm not sure if Foxit Reader integrates with the browsers or
not, but I'll try that as well. Is there a good way to force updates to
install "now"? I try using wuauclt /detectnow but it seems to be hit or miss.
That's how you do it. It always works; it's just a matter of timing of a few
different things which determine if a newly created and approved package is
ready. The client itself will take a few hours to join a group once it has
first been added and there is a minute or so delay after approving the
It might be worth mention that we have neither Active Directory or Group
Policy implemented at this time. I configured all the clients with WSUS
through the registry and manually installed the LUP Certificate. Not sure if
that factors into the timing aspect.
I might be onto something. Error 0x80070643 comes up for a few things when
Windows Installer is out of date. I just checked my machine by executing
"msiexec" from Run, and it came up at version 3.01 (where it seems to need at
least 3.1). I just upgraded to 4.5, I'll let you know if it makes a
Whomp. Still got error 0x80070643.
Doh! Looks like it was just due to it already being installed. I went to run
the installer manually, and it came up "This is already installed, you need to
remove it blah blah..."
That's what I get for trying to test on two machines at once. Remove the
program from machine X, then try to install on machine Y. Wonder why it didn't
make a difference.
Anyway, victory! Thanks for your help Bryan.
On a related note, is there a way to make the computer uninstall the old
version through LUP? Superseding or command line options or something?
Although I haven't personally tested this a whole lot, you can approve MSI
packages for uninstall. So if package B can only be installed if a previous
package A is not installed you will want to create Is Installable rules on
package B to make certain that is the case.
That also seems to be what you need to do here for Foxit. You need Is
Installed rules that detect the existing installation. Usually the default MSI
rules will work just fine but if a previous version was installed via an EXE
you might need to create additional rules to detect those.
For the record, the AD/Workgroup scenario doesn't affect the timing at all;
they are just part of the WSUS architecture.
Unfortunately it looks like all the previous installs were all done by EXE installers, and they range a gamut of different versions.
I've managed to figure out the rules for the package to detect the current install, and approve or decline it based on that (it comes up as "Not Applicable" for my test rig, so I think I've got that part down) but I'm still a little confused about uninstall.
From what I understand, I can't approve an EXE for uninstall? I'd have to do them manually?
You are correct; you cannot uninstall an EXE even if that EXE was
distributed via LUP.
If your test rig has the latest version of the EXE manually installed then
you want the MSI package to report is as 'Installed' in LUP rather than
'Not Applicable'. The goal is to have WSUS detect that the package is
installable on the client but has already been installed.
We know that the MSI will not install if there is the same version already
installed via EXE but will the MSI update older version regardless of
installation method? If so then you can just release the current MSI and
have it take care of the older versions. If the MSI won't take care of the
old installs then you are S.O.L. and will have to figure out how to remove
them. In theory you could create a batch script and publish it via RunIt
but I'm not sure how successful that would be. It is in this later case
that you would want the package in LUP to be Not Applicable if an older
version was detected.
Aye, it look's as though I am S.O.L; the MSI package just get's angry if there is any form of previously installed version. I'm still trying out a few more things, but it looks like this specific piece of software might just have to be done manually... at least initially. Hopefully once I have all the computers set up with the MSI install I will be able to get them updated when I please through LUP.
To clarify, it may be best to manually uninstall everything first, but you should still be able to do the install of the desired version once that is done.
Yep; it's a PITA but was one of the things I had to do as well when distributing the first round of packages.
If you really have too many machines for it to be feasible you could try a batch file if it is possible to uninstall via the command line.
It's about 35 machines. Enough to be a annoying, not so many to make me pull my hair out.
My concern is simply if there will be more than one application to which I will have to do this for. Then I could see myself getting frustrated.
And yes, once the old application is uninstalled, the new version drops in almost immediately... it's rather impressive actually. Pair that with the fact that I'm figuring out the command line options, I'm getting pretty excited about the possibilities LUP is providing for me.
I'd recommend doing what I did when I was getting ready to distribute apps
via LUP. First take a test machine and make sure every application you
want distributed works as you need it to. Then go around machine to
machine and do whatever you need to do manually to get the machine to a
common starting point and then force the updates to make sure they all
install. I did that back in 2010 when first developing LUP and I haven't
had to utilize sneakernet since. I even just distributed the new 2048bit
certificates for LUP via LUP.