Environment
Novell ZENworks Configuration Management 11.x System Update
ZENworks Configuration Management 2017.x System Update
ZENworks Configuration Management 2017.x System Update
Situation
ZCM 11.3.x ZONE
11.4.0 .iso mounted to F:
system-update.log:
[ERROR] [01/25/2016 09:49:56.689] [952] [ZENUpdater] [] [mallen] [SystemUpdate] [MSI_INSTALL_ERROR] [ERROR] [CASA.x86_64.msi,1625] [] [] [ZENworks]
[DEBUG] [01/25/2016 09:49:56.689] [952] [ZENUpdater] [] [mallen] [SystemUpdate] [] [DEBUG] [An error occurred during command execution...details should have already been logged] [] [] [ZENworks]
The failing msi CASA.x86_64.msi error log:
MSI (s) (44:F0) [09:50:13:193]: MSI_LUA: Elevation prompt disabled for silent installs
MSI (s) (44:F0) [09:50:13:193]: Note: 1: 1708 MSI (s) (44:F0) [09:50:13:193]: Product: CASA -- Installation failed.
MSI (s) (44:F0) [09:50:13:193]: Windows Installer installed the product. Product Name: CASA. Product Version: 1.7.1875. Product Language: 1033. Manufacturer: Novell. Installation success or error status: 1625.
MSI (s) (44:F0) [09:50:13:193]: MainEngineThread is returning 1625
MSI (s) (44:C4) [09:50:13:193]: No System Restore sequence number for this installation.
This installation is forbidden by system policy. Contact your system administrator.
The CASA msi log :
11.4.0 .iso mounted to F:
Installation fails MSI Error Code: 1625 - "This installation is forbidden by system policy. Contact your system administrator."
In these cases the CASA msi reported these errorssystem-update.log:
[ERROR] [01/25/2016 09:49:56.689] [952] [ZENUpdater] [] [mallen] [SystemUpdate] [MSI_INSTALL_ERROR] [ERROR] [CASA.x86_64.msi,1625] [] [] [ZENworks]
[DEBUG] [01/25/2016 09:49:56.689] [952] [ZENUpdater] [] [mallen] [SystemUpdate] [] [DEBUG] [An error occurred during command execution...details should have already been logged] [] [] [ZENworks]
The failing msi CASA.x86_64.msi error log:
MSI (s) (44:F0) [09:50:13:193]: MSI_LUA: Elevation prompt disabled for silent installs
MSI (s) (44:F0) [09:50:13:193]: Note: 1: 1708 MSI (s) (44:F0) [09:50:13:193]: Product: CASA -- Installation failed.
MSI (s) (44:F0) [09:50:13:193]: Windows Installer installed the product. Product Name: CASA. Product Version: 1.7.1875. Product Language: 1033. Manufacturer: Novell. Installation success or error status: 1625.
MSI (s) (44:F0) [09:50:13:193]: MainEngineThread is returning 1625
MSI (s) (44:C4) [09:50:13:193]: No System Restore sequence number for this installation.
This installation is forbidden by system policy. Contact your system administrator.
The CASA msi log :
MSI (s) (44:BC) [09:49:56:642]:
User policy value 'DisableMedia' is 1
Second Customer - Windows 10 on 2017 U3 upgrading to 2017 U4
system-update.log:
[ERROR] [09-12-2019 18:50:38.698] [14628] [ZENUpdater] [] [SYSTEM] [SystemUpdate] [MSI_INSTALL_ERROR] [ERROR] [CASA.x86_64.msi,1625] [] [] [ZENworks]
The failing msi CASA.x86_64.msi error
log:
MSI (s) (00:48) [17:56:52:888]: Machine policy value 'DisableBrowse' is 1
MSI (s) (00:48) [17:56:52:888]: Adding new sources is not allowed.
MSI (s) (00:48) [17:56:52:888]: Warning: rejected attempt to add new source 'C:\Program Files (x86)\Novell\ZENworks\ZeUS\cache\ZeUSCache\ef2c6c72f8b8467a882e32aadddf8386\' (product: {88E22697-DE18-4878-AA62-992C9A3C606E})
MSI (s) (00:48) [17:56:52:888]: MSI_LUA: Elevation prompt disabled for silent installs
MSI (s) (00:48) [17:56:52:888]: Note: 1: 1729
MSI (s) (00:48) [17:56:52:888]: Product: CASA -- Configuration failed.
MSI (s) (00:48) [17:56:52:888]: Adding new sources is not allowed.
MSI (s) (00:48) [17:56:52:888]: Warning: rejected attempt to add new source 'C:\Program Files (x86)\Novell\ZENworks\ZeUS\cache\ZeUSCache\ef2c6c72f8b8467a882e32aadddf8386\' (product: {88E22697-DE18-4878-AA62-992C9A3C606E})
MSI (s) (00:48) [17:56:52:888]: MSI_LUA: Elevation prompt disabled for silent installs
MSI (s) (00:48) [17:56:52:888]: Note: 1: 1729
MSI (s) (00:48) [17:56:52:888]: Product: CASA -- Configuration failed.
Resolution
Verified:
-.iso MD5 Checksum
-UAC Disabled
Ran: gpresult /H GPReport.html
Microsoft KB 247528 How to Configure Windows Installer for maximum security
Disable MSI
"If this policy value is set to "1", users and administrators are prevented
from using media sources, such as CD-ROMs, for installations regardless
of whether the installation is with elevated privileges."
Check if local policies have been applied one or more of the following may fix your issue.
-Modified registry (Manually set =0) per MSDN DisableMSI (Windows) & MSDN DisableMedia & MSDN DisableBrowse
HKEY_LOCAL_MACHINE\Software\Polices\Microsoft\Windows\Installer DISABLEMSI=0
AlwaysInstallElevated=1 DisableBrowse=0
HKEY_CURRENT_USER\Software\Polices\Microsoft\Windows\Installer DISABLEMEDIA=0 AlwaysInstallElevated=1
SecPol modifications in msc.
Set:Software restriction Enforcement "All users except local administrators
Set:Disabled Admin Approval Mode
Run - secpol.msc
Click Start -> Control Panel
Open Administrative Tools
Open Local Security Settings
Click Software Restriction Policies
If no software restrictions are defined, right click the Software Restriction Policies node and select New Software Restriction Policy
Double click Enforcement
Select "All users except local administrators"
Click OK
Reboot the machine
Cause
Root cause for a customer
DisableMSI=1
DisableMedia=1
Root cause for another customer
DisableBrowse=1
Verify/Manually set =0 in registry these REG_DWORD values
HKEY_LOCAL_MACHINE\Software\Polices\Microsoft\Windows\Installer DISABLEMSI=0 AlwaysInstallElevated=1 DisableBrowse=0
HKEY_CURRENT_USER\Software\Polices\Microsoft\Windows\Installer DISABLEMEDIA=0 AlwaysInstallElevated=1
Additional Information
Try copying the contents of the mounted ISO to a folder. After copying the contents of mounted iso to a folder, check whether the files names inside the Common/msi and Common/rpm folders are proper.
Files with long names may be truncated and that might result in additional failures.
Use bat/sh files in the attachment to verify.
If this is a re-run attempt, the command to backup would have already run.
Note: If the caching folder is present in %ZENWORKS_HOME%/tmp/confFilesBackup/${UPDATE_GUID}/datamodel folder,
move to conf/datamodel folder and retry upgrade.