none
Intermittingly getting error "Permission denied (70)" when installing applications on Windows 10 RRS feed

  • Question

  • I've installed patch 2 for MDT 2013 and started to look into deploying Windows 10 Enterprise. Most of the times the deployment works ok. However, sometimes I do get errors when installing applications:

    "WARNING - unable to set working directory: Permission denied (70)"

    The files reside on a DFS share and access is set correctly. The same applications do work ok when deploying Windows 7. Nothing has been changed on the DFS side. We install apps from different locations like local MDT share and also two different DFS shares. Access to one of the DFS shares works ok while the second may fail.

    I can remember having had a similar issue back in Windows XP times where XP wasn't able to access different network locations. So we had to put in a couple of reboots. Strange to see that behaviour come back.

    Interestingly enough sometimes it works without problems. I don't think it is related to the back-end systems as that is occuring at multiple sites and Windows 7 works ok.

    Excerpt from the log file below showing both the successful and the failed attempt.

    Any ideas ?

    Thanks
    Thorsten

    <![LOG[Name:  Microsoft Skype for Business]LOG]!><time="11:06:32.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[################]LOG]!><time="11:06:32.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Validating connection to \\<domain-dfs>\software$\Deployment\Microsoft\Lync\Skype]LOG]!><time="11:06:32.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Mapping server share: \\<domain-dfs>\software$]LOG]!><time="11:06:32.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Already connected to server <domain-dfs> as that is where this script is running from.]LOG]!><time="11:06:32.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[        Change directory: \\<domain-dfs>\software$\Deployment\Microsoft\Lync\Skype]LOG]!><time="11:06:32.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[WARNING - unable to set working directory: Permission denied (70)]LOG]!><time="11:06:34.000+000" date="05-04-2016" component="ZTIApplications" context="" type="2" thread="" file="ZTIApplications">
    <![LOG[        Run Command: \\<domain-dfs>\EMDeployment\UAT\Tools\X64\bddrun.exe lyncmso2013-kb3039779-fullfile-x86-glb.exe /quiet /passive /norestart]LOG]!><time="11:06:34.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[ZTI installing application ]LOG]!><time="11:06:34.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Event 41031 sent: ZTI installing application ]LOG]!><time="11:06:35.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[About to run command: \\<domain-dfs>\EMDeployment\UAT\Tools\X64\bddrun.exe lyncmso2013-kb3039779-fullfile-x86-glb.exe /quiet /passive /norestart]LOG]!><time="11:06:35.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Command has been started (process ID 904)]LOG]!><time="11:06:35.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Return code from command = 2]LOG]!><time="11:06:36.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Application Microsoft Skype for Business returned an unexpected return code: 2]LOG]!><time="11:06:36.000+000" date="05-04-2016" component="ZTIApplications" context="" type="3" thread="" file="ZTIApplications">
    <![LOG[Event 41034 sent: Application Microsoft Skype for Business returned an unexpected return code: 2]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[################]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Entry: {da2f354a-51ae-47a0-8074-012acbc572f0}]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Name:  Microsoft Office 2010 Professional Plus 14]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[################]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Validating connection to \\<domain-dfs>\nancdfsrglobalapps\Apps\Microsoft\Office14\Office14\]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Mapping server share: \\<domain-dfs>\nancdfsrglobalapps]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Already connected to server <domain-dfs> as that is where this script is running from.]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[        Change directory: \\<domain-dfs>\nancdfsrglobalapps\Apps\Microsoft\Office14\Office14\]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[        Run Command: \\<domain-dfs>\EMDeployment\UAT\Tools\X64\bddrun.exe Setup.exe /adminfile \\<domain-dfs>\nancdfsrglobalapps\Apps\Microsoft\Office14\MSP\office14-global.msp /config \\<domain-dfs>\nancdfsrglobalapps\Apps\Microsoft\Office14\CONFIG\configInstallEMEA.xml]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[ZTI installing application ]LOG]!><time="11:06:37.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Event 41031 sent: ZTI installing application ]LOG]!><time="11:06:39.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[About to run command: \\<domain-dfs>\EMDeployment\UAT\Tools\X64\bddrun.exe Setup.exe /adminfile \\<domain-dfs>\nancdfsrglobalapps\Apps\Microsoft\Office14\MSP\office14-global.msp /config \\<domain-dfs>\nancdfsrglobalapps\Apps\Microsoft\Office14\CONFIG\configInstallEMEA.xml]LOG]!><time="11:06:39.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Command has been started (process ID 4636)]LOG]!><time="11:06:39.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[ZTI Heartbeat: command has been running for 2 minutes (process ID 4636)]LOG]!><time="11:08:00.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Event 41003 sent: ZTI Heartbeat: command has been running for 2 minutes (process ID 4636)]LOG]!><time="11:08:03.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[ZTI Heartbeat: command has been running for 7 minutes (process ID 4636)]LOG]!><time="11:13:00.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Event 41003 sent: ZTI Heartbeat: command has been running for 7 minutes (process ID 4636)]LOG]!><time="11:13:09.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Return code from command = 0]LOG]!><time="11:16:20.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">
    <![LOG[Application Microsoft Office 2010 Professional Plus 14 installed successfully]LOG]!><time="11:16:20.000+000" date="05-04-2016" component="ZTIApplications" context="" type="1" thread="" file="ZTIApplications">


    Wednesday, May 4, 2016 12:25 PM

All replies

  • I would try deploying it from a thumbdrive/iso to see if it persisists.  If the issue goes away then you're dealing with some sort of permission/replication issue on your DFS.

    Ryan

    Wednesday, May 4, 2016 12:48 PM
  • Windows 10 includes some changes to SMB/CIFS.  The result is some servers have to be modified to play nice with Windows 10 clients.  If your environment uses a mix of servers for DFS, it could be that one particular DFS server is experiencing problems because of this.
    Wednesday, May 4, 2016 1:32 PM
  • Thanks for your suggestion. However, I don't think it is related to a DFS permissions issue since we use the same setup for around four years now with having done thousands of deployments. Just by moving to Windows 10 and using the new WinPE it seems to behave differently. To me it looks like it cannot handle multiple connection to different DFS shares at the same time. I just did another test using Windows 7 and everything has worked ok.

    Thorsten

    Wednesday, May 4, 2016 2:38 PM
  • I would look into what BiAtE-Z said, other people are definitely complaining about it - https://social.technet.microsoft.com/Forums/en-US/f4d77de7-17df-4463-b751-d1892829e7ab/windows-10-cannot-be-access-sysvol-netlogon-folder-on-the-server-2012-r2?forum=win10itprogeneral (I haven't seen this yet). 

    This stuffs pretty basic in that it plugs in the credentials you configure or enter at deployment to deploy it. Offline media would definitely validate what's going on as DFS, or attempting to net use the location with your credentials (which is what MDT is essentially doing).

    Wednesday, May 4, 2016 2:53 PM
  • Thanks for sharing that link.

    I could understand this if the problem was reproducable. However, it is not.

    I just ran another test with two VMs, deploying Windows 10 plus lots of applications as part of the task sequence. Those applications reside on either the deployment share itself or on two different DFS shares. Those DFS shares are hosted on the SAME server.
    In my test the same set of applications where selected and one of the VMs finished without issues while I got error 70 (Permission denied) for three applications. Funnily enough, a fourth application residing on the same share got installed a few moments later ok. Both the test VM and the DFS server are in the same physical site. So latency cannot play a role here. And there is a domain controller in that site as well.

    I'd be happy to accept this to be an issue with the DFS shares or security settings - however, since it sometimes works ok I'm quite confused and lost. I can access the shares ok using the same credentials after the deployment has finished.

    At the time of the installation the machines are not joined to the domain. So all security settings are default.

    Any more ideas would be much appreaciatd.

    Tuesday, May 10, 2016 9:49 AM
  • So your applications are outside of your deployment share?  Honestly I find it a best practice to keep everything contained and secured inside of the DS.  At this point you would need to take it off the DFS and deploy it via ISO, these things are usually solved by a process of elimination.
    Tuesday, May 10, 2016 6:07 PM
  • Hello MrBrooks,

    yes, some of our applications are outside the deployment share. We are using that kind of setup for the last four years without any issues to deploy Windows 7. Our offices (50+) are spread across the world and there were other reasons to have appliations on a dedicated DFS share. Some of the apps, like McAfee agent, are maintained by other teams and are replicated by EPO. Changing that would be a lot of work.
    Deploying via ISO ? We use WDS to PXE boot WinPE, everything else comes from the network. Deployment Share is replicated via DFS as well as all of the apps.

    To rule out any network related issues, I've set the SyncForegroundPolicy (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon) to 1 which hasn't made a difference.

    I can't get my head round why it only fails randomly. Around 20 applications get installed and it is not always the same one that fails. It's a bit like roling a dice...

    Wednesday, May 11, 2016 7:36 AM
  • I'd like to bump that thread up to the top since I still experience this issue.

    It is more or less totally random. When deploying two systems on the same setup one does work ok while the other runs into this problem. Why ? I don't think anything in 2013 Update 2 has been changed (script-wise) since our Windows 7 deployments work ok. It is just when deploying Windows 10 using WinPE 10.

    This is a real showstopper for us since we need to have a reliable deployment system.

    Thanks for any suggestions

    Tuesday, May 31, 2016 1:12 PM
  • I wouldn't suggest anything more than what has already been posted.  You could try talking to support.

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.

    Tuesday, May 31, 2016 4:58 PM
    Moderator