none
Cisco Anyconnect Dirty Environment Found RRS feed

  • Question

  • Hi,

    When I want to deploy Cisco Anyconnect 4.4 via MDT, it always display Dirty Environment Found.

    I used install command "msiexec.exe /qb- /l*vx %LogPath%\Ciscoanyconnect.log REBOOT=ReallySuppress /i anyconnect-win-4.4.04030-core-vpn-predeploy-k9.msi" in MDT

    Monday, April 16, 2018 9:09 AM

All replies

  • Hi,

    i use a batch  and a local folder (C:\Installationen)for Cisco AnyConnect

    net use o: "\\10.10.10.10\DeploymentShare\Applications\Cisco Anyconnect 4.1.02011"
    xcopy o: c:\Installationen\anyconnect /I
    c:\installationen\anyconnect\anyconnect.msi /passive
    del c:\Installationen\anyconnect /s /q
    net use /delete o: /yes


    Toni


    • Edited by tonibert Monday, April 16, 2018 9:38 AM
    Monday, April 16, 2018 9:37 AM
  • Thank you Toni, I tried, but it has same issue, additional net use command need input username and password.

    Cisco Anyconnect must have some settings led to MDT occur Dirty Environment. Another application is Citrix Receiver, same porblem.

    • Edited by Tim, Xu Wednesday, April 18, 2018 1:33 AM
    Wednesday, April 18, 2018 1:30 AM
  • The issue, with both AnyConnect and Citrix Workspace (Receiver), is that they spawn another Explorer process while installing. This causes the RunOnce keys that MDT uses to execute again and you get a Dirty Environment. As per https://www.reddit.com/r/MDT/comments/7lvckm/wdt_8450_issues_after_upgraded_from_8443/.

    The fix is given on Reddit but I had to modify it slightly as the installer errors if the RunOnce reg key is not present.

    rename-item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce RunOnce.bak
    new-item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    
    cd "Z:\Applications\Cisco AnyConnect"
    $msis = gci anyconnect*core*.msi,*anyconnect*gina*.msi
    foreach ($msi in $msis) {
        start-process -wait msiexec -argumentlist "/i `"$($msi.fullname)`" /norestart /passive /l*vx C:\windows\temp\$($msi.name).log"
    }
    
    remove-item -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -force
    rename-item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.bak RunOnce

    I execute the above PowerShell script in my TS and it works without any issues (with AnyConnect 4.8.x).

    Citrix Workspace (Receiver)

    Workspace installs a USB component which waits for mouse movement and that same component also spawns another Explorer process (same as above). To get around this I install Workspace as a normal Application in MDT, but without the USB component.

    CitrixWorkspaceApp.exe /noreboot /silent /includeSSON /AutoUpdateCheck=disabled /ALLOWADDSTORE=N EnableCEIP=false ADDLOCAL="ReceiverInside,ICA_Client,SSON,DesktopViewer,Flash,Vd3d,WebHelper,BrowserEngine

    I then manually install the USB MSI using the same logic as AnyConnect.

    rename-item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce RunOnce.bak
    new-item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    
    cd "Z:\Applications\Citrix Workspace"
    start-process -wait msiexec -argumentlist "/i GenericUSB.msi REBOOT=ReallySuppress MSIDISABLERMRESTART=0 MSIRESTARTMANAGERCONTROL=0 NEED_RECEIVER=n TROLLEYINSTALL=1 ALLUSERS=1 /l*vx C:\windows\temp\GenericUSB.log"
    
    remove-item -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -force
    rename-item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.bak RunOnce

    This also has the benefit of not waiting for mouse movement.


    Friday, January 31, 2020 9:17 AM