cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging

So I've got another issue with the Identity Awareness Agent. This time its the deployment from Microsoft SCCM. SCCM will run the installation as SYSTEM. Installation works, and all seems good. For some reason the MAD service doesn't work as expected. It doesn't provide the computer account to the gateway, and when you try to restart the Check Point Managed Asset Detection service, it crashes and completely stops working. Also the Packet Tagging driver doesn't work properly. It says its enabled, but the packet tagging never happens.

Installing the same packet as Admin manually works perfectly. So is there any work-around for this? Or am I missing something? I would prefer not to have to manually install the agent on every computer. There are just to many to even think about going that way. Our SCCM guy says you can do a really ugly work around and have a admin account run the the installation from SCCM, but this is very much not recommended, and it won't work if you want it installed as a part of the task sequence, 

 

Any tips on how to do this?

0 Kudos
6 Replies
Admin
Admin

Re: Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging

I believe a driver has to be installed for packet tagging.
That requires admin, to the best of my knowledge.
Possible @Royi_Priov might have a suggestion.

Employee+
Employee+

Re: Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging

Can you open SR with TAC for this? I wonder if the MAD process crash due to this fact or is there something else here.

Re: Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging

Thank for the replys! I'll open a ticket!

0 Kudos

Re: Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging

Looks like the issue is only with one of our models. Dell 5290 2-1. @Royi_Priov, do you know if you have a supported devices list?

0 Kudos
Employee+
Employee+

Re: Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging


@PatrikSkoglund wrote:

Looks like the issue is only with one of our models. Dell 5290 2-1. @Royi_Priov, do you know if you have a supported devices list?


No, we don't have, as we are not HW related, only OS related.

Is the OS identical for working and non-working machines?

0 Kudos

Re: Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging

OK! They are using the same OS, and the same installation package, the only exception is drivers. As the models differ slightly.

The big difference is that the model 5290 2-1 is a tablet model with a detachable keyboard variant.

The error we get during the installation is the following:

IA_error.PNG

Unless the OK button is clicked, the installation of the Packet Tagging driver doesn't install on this model. We don't see this error on our other models. The problem here is that our deployment tool(MS SCCM) can't click OK during installation. The issue occurs no matter what user context we use(system, or admin). Have you seen this before?

 

Patrik

0 Kudos