Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging

So I've got another issue with the Identity Awareness Agent. This time its the deployment from Microsoft SCCM. SCCM will run the installation as SYSTEM. Installation works, and all seems good. For some reason the MAD service doesn't work as expected. It doesn't provide the computer account to the gateway, and when you try to restart the Check Point Managed Asset Detection service, it crashes and completely stops working. Also the Packet Tagging driver doesn't work properly. It says its enabled, but the packet tagging never happens.

Installing the same packet as Admin manually works perfectly. So is there any work-around for this? Or am I missing something? I would prefer not to have to manually install the agent on every computer. There are just to many to even think about going that way. Our SCCM guy says you can do a really ugly work around and have a admin account run the the installation from SCCM, but this is very much not recommended, and it won't work if you want it installed as a part of the task sequence, 

 

Any tips on how to do this?

0 Kudos
7 Replies
Highlighted
Admin
Admin

I believe a driver has to be installed for packet tagging.
That requires admin, to the best of my knowledge.
Possible @Royi_Priov might have a suggestion.

Highlighted
Employee+
Employee+

Can you open SR with TAC for this? I wonder if the MAD process crash due to this fact or is there something else here.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
Highlighted

Thank for the replys! I'll open a ticket!

0 Kudos
Highlighted

Looks like the issue is only with one of our models. Dell 5290 2-1. @Royi_Priov, do you know if you have a supported devices list?

0 Kudos
Highlighted
Employee+
Employee+


@PatrikSkoglund wrote:

Looks like the issue is only with one of our models. Dell 5290 2-1. @Royi_Priov, do you know if you have a supported devices list?


No, we don't have, as we are not HW related, only OS related.

Is the OS identical for working and non-working machines?

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Highlighted

OK! They are using the same OS, and the same installation package, the only exception is drivers. As the models differ slightly.

The big difference is that the model 5290 2-1 is a tablet model with a detachable keyboard variant.

The error we get during the installation is the following:

IA_error.PNG

Unless the OK button is clicked, the installation of the Packet Tagging driver doesn't install on this model. We don't see this error on our other models. The problem here is that our deployment tool(MS SCCM) can't click OK during installation. The issue occurs no matter what user context we use(system, or admin). Have you seen this before?

 

Patrik

Highlighted
Ivory

I know this is an older post, but was there a resolution for this? Getting a very similar issue trying to silently install the identity agent. Error code is 0x80041008 in my case though.

0 Kudos