none
.msi bypassing SCCM reboot countdown

    Question

  • Hello everyone,

    I have some issues with MBAM 2.0 .msi. I can't figure out why MBAM client application I have created in SCCM reboots some workstations right away skipping my application settings to let SCCM control reboots. I know my app settings are correct.

    Has anyone seen anything like that and was able to come up with workaround?
    I can't find information if there are any switches for MBAM 2.0 msi to suppress reboot in execution command.

    Thanks.



    Tuesday, July 30, 2013 1:38 PM

Answers

  • I didn't say it prevented command-line from initiating reboot but reboot happened without countdown, I think I found the reason for that.

    I can't believe I didn't look for it in AppEnforce.log on affected machine in the first place.

    It matched 1641 code (PendingHardReboot) entry thus SCCM allowed it to do what it did.
    From here I got two options. 

    One to do it from command-line with additional switches or second one with alteration of Return Codes settings on SCCM deployment properties so that 1641 can become a reboot with countdown notification (soft reboot) instead of hard reboot.

    Thank you both for your input. It pointed me in the right direction.

    • Marked as answer by skywalker123 Tuesday, July 30, 2013 5:14 PM
    Tuesday, July 30, 2013 5:12 PM
  • "I didn't say it prevented command-line from initiating reboot"

    And neither did I.

    That's the point of my comment, ConfigMgr cannot prevent or allow the command-line to do anything. It runs the command-line and what the command-line does is beyond the control or influence of ConfigMgr. The return code matching initiates action on the ConfigMgr side.

    If the command-line initiates the reboot, the ConfigMgr cannot provide a countdown of any kind. That's why you must tell the command-line not to reboot and allow ConfigMgr to do it for you based upon the return code.


    Jason | http://blog.configmgrftw.com

    • Marked as answer by skywalker123 Tuesday, July 30, 2013 5:47 PM
    Tuesday, July 30, 2013 5:39 PM

All replies

  • Hi,

    What command line are you using?

    Tried with REBOOT=ReallySuppress ?

    Regards,

    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Tuesday, July 30, 2013 1:49 PM
  • Originally I have not used it. I wanted to let CM control reboot behavior which usually is the case.
    During multiple tests MBAM client installed straight in on many different OSs and workstations. I have never seen it rebooting PC forcefully.

    Now, the problem really is that I cannot reproduce the case where reboot is indeed needed thus I don't know if this option would work.

    During phase 1 of deployment there was only handful amount of machines where reboot occurred. I was able to get this from application logs:
    Windows Installer requires a system restart. Product Name: MDOP MBAM. Product Version: 2.0.5301.1. Product Language: 1033. Manufacturer: Microsoft Corporation. Type of System Restart: 1. Reason for Restart: 1.

    After searching for the codes of restart types I got here:
    http://blogs.msdn.com/b/windows_installer_team/archive/2005/09/19/470980.aspx

    Unfortunately I did not use logging on the .msi so I can't really tell what was the reason of the reboot. 
    Because of that I'm having really hard time to reproduce this state.

    Tuesday, July 30, 2013 2:29 PM
  • Just to address the title of this thread, ConfigMgr cannot prevent a command-line from initiating a reboot so there really is no bypass. You must instruct the command-line not to reboot the system so that ConfigMgr can do it and display the countdown.

    Jason | http://blog.configmgrftw.com

    Tuesday, July 30, 2013 4:16 PM
  • I didn't say it prevented command-line from initiating reboot but reboot happened without countdown, I think I found the reason for that.

    I can't believe I didn't look for it in AppEnforce.log on affected machine in the first place.

    It matched 1641 code (PendingHardReboot) entry thus SCCM allowed it to do what it did.
    From here I got two options. 

    One to do it from command-line with additional switches or second one with alteration of Return Codes settings on SCCM deployment properties so that 1641 can become a reboot with countdown notification (soft reboot) instead of hard reboot.

    Thank you both for your input. It pointed me in the right direction.

    • Marked as answer by skywalker123 Tuesday, July 30, 2013 5:14 PM
    Tuesday, July 30, 2013 5:12 PM
  • "I didn't say it prevented command-line from initiating reboot"

    And neither did I.

    That's the point of my comment, ConfigMgr cannot prevent or allow the command-line to do anything. It runs the command-line and what the command-line does is beyond the control or influence of ConfigMgr. The return code matching initiates action on the ConfigMgr side.

    If the command-line initiates the reboot, the ConfigMgr cannot provide a countdown of any kind. That's why you must tell the command-line not to reboot and allow ConfigMgr to do it for you based upon the return code.


    Jason | http://blog.configmgrftw.com

    • Marked as answer by skywalker123 Tuesday, July 30, 2013 5:47 PM
    Tuesday, July 30, 2013 5:39 PM
  • Thanks for clarifying this.

    Jason, what do you think would happen if:

    Scenario 1
    Execution line does not contain reboot suppressing switches and we know application will perform hard reboot (1641). At the same time application's exit code 1641 is matched with SCCM return codes to indicate soft reboot (with countdown).

    Scenario 2
    Execution line has reboot suppressing switch. What most likely would be its exit code? 0 - success or 3010 - soft reboot?

    In scenario 1, based on your post, I assume that application would reboot the workstation even though return code has been altered on deployment properties to indicate that 1641 is a soft reboot.

    I'm not sure about scenario 2 though but I would like to know your opinion on both if you don't mind.

    Thanks !

    Tuesday, July 30, 2013 6:02 PM
  • 1 - Command-line reboots workstation; doesn't matter what ConfigMgr has configured.

    2 - For a 3010, ConfigMgr (by default) will initiate the reboot with a countdown. For a 0 return code, nothing will happen (as far as reboots go).


    Jason | http://blog.configmgrftw.com

    Tuesday, July 30, 2013 6:07 PM