none
Cisco AnyConnect Group Policy Software Deployment Issues

    Question

  • Hi,

    I am trying to configure a GPO to deploy AnyConnect through GPO but I am running into issues and need some assistance.

    • The GPO is a Computer Policy with a FQDN UNC path navigating to the MSI installer
    • The MSI is saved in a folder which has been Shared
    • Share permissions have Authenticated Users (Read) and Everyone (Full) access applied
    • Security permissions on MSI and hierarchy are Authenticated Users / Everyone (3x Read Permissions)
    • Always wait for the network at computer startup and logon - Applied in same policy
    • The GPO is applying to an OU with my test machine in and I have only given my machine access to the GPO via Security filtering
    • Gpresult -r is showing my machine as applying the policy but I am receiving the following error in event viewer under GPO  "Software Installation Extension deferred processing until next synchronous foreground.  Refer to a Resultant Set of Policy report for more information."
    • MSI has the ability to run silently as I can deploy the package using silent switches through PDQ Deploy.

    Hopefully something obvious has been missed!

    Thanks in advanced.


    • Edited by SonJim Thursday, May 04, 2017 1:36 PM
    Wednesday, May 03, 2017 4:30 PM

Answers

  • Hi,
    Ok, let us test the followings:
    1. Run gpupdate /force on client and then reboot the machine for twice or more.
    2. Referring to the following article, please have a try set Specify startup policy processing wait time.policy to 90 or 120 seconds, you could see more details from: https://serverfault.com/questions/44257/group-policy-installation-failed-error-1274
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by SonJim Tuesday, May 09, 2017 7:18 AM
    Monday, May 08, 2017 5:26 AM
    Moderator

All replies

  • Hi,
    Please shut down the client and turn it on for twice and see if the event is gone.
    Here is an article regarding details of similar scenario, you could take a look:
    https://www.experts-exchange.com/articles/25279/Overcoming-software-deployment-pitfalls-on-modern-Windows.html
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 04, 2017 1:52 AM
    Moderator
  • Thanks - after a restart of the device it is still the same issue.

    I did forget to mention the device I am trying to deploy to is using Windows 10.  I have just tried the same policy on a Windows 7 machine and that failed as well.

    Any other suggestions?


    • Edited by SonJim Thursday, May 04, 2017 4:15 PM
    Thursday, May 04, 2017 2:03 PM
  • Hi,
    Ok, let us test the followings:
    1. Run gpupdate /force on client and then reboot the machine for twice or more.
    2. Referring to the following article, please have a try set Specify startup policy processing wait time.policy to 90 or 120 seconds, you could see more details from: https://serverfault.com/questions/44257/group-policy-installation-failed-error-1274
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by SonJim Tuesday, May 09, 2017 7:18 AM
    Monday, May 08, 2017 5:26 AM
    Moderator
  • Hi Wendy,

    Literally just tried this before reading your message which suggested it (busy day yesterday) and it worked!  Just came back to let everyone know the Specify startup policy processing wait time settings is the golden nugget!

    In event viewer I was seeing errors that my machine could not connect to the DC and that no logon servers were available.  Sorted now though, thanks for your help!

    Tuesday, May 09, 2017 7:17 AM