Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PatrikSkoglund
Contributor

Deploy Identity Awareness Agent with Microsoft SCCM - Full Client with MAD and Packet Tagging

So I've got another issue with the Identity Awareness Agent. This time its the deployment from Microsoft SCCM. SCCM will run the installation as SYSTEM. Installation works, and all seems good. For some reason the MAD service doesn't work as expected. It doesn't provide the computer account to the gateway, and when you try to restart the Check Point Managed Asset Detection service, it crashes and completely stops working. Also the Packet Tagging driver doesn't work properly. It says its enabled, but the packet tagging never happens.

Installing the same packet as Admin manually works perfectly. So is there any work-around for this? Or am I missing something? I would prefer not to have to manually install the agent on every computer. There are just to many to even think about going that way. Our SCCM guy says you can do a really ugly work around and have a admin account run the the installation from SCCM, but this is very much not recommended, and it won't work if you want it installed as a part of the task sequence, 

 

Any tips on how to do this?

8 Replies
PhoneBoy
Admin
Admin

I believe a driver has to be installed for packet tagging.
That requires admin, to the best of my knowledge.
Possible @Royi_Priov might have a suggestion.

Royi_Priov
Employee
Employee

Can you open SR with TAC for this? I wonder if the MAD process crash due to this fact or is there something else here.

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
PatrikSkoglund
Contributor

Thank for the replys! I'll open a ticket!

PatrikSkoglund
Contributor

Looks like the issue is only with one of our models. Dell 5290 2-1. @Royi_Priov, do you know if you have a supported devices list?

Royi_Priov
Employee
Employee


@PatrikSkoglund wrote:

Looks like the issue is only with one of our models. Dell 5290 2-1. @Royi_Priov, do you know if you have a supported devices list?


No, we don't have, as we are not HW related, only OS related.

Is the OS identical for working and non-working machines?

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
PatrikSkoglund
Contributor

OK! They are using the same OS, and the same installation package, the only exception is drivers. As the models differ slightly.

The big difference is that the model 5290 2-1 is a tablet model with a detachable keyboard variant.

The error we get during the installation is the following:

IA_error.PNG

Unless the OK button is clicked, the installation of the Packet Tagging driver doesn't install on this model. We don't see this error on our other models. The problem here is that our deployment tool(MS SCCM) can't click OK during installation. The issue occurs no matter what user context we use(system, or admin). Have you seen this before?

 

Patrik

DanBurner
Explorer

I know this is an older post, but was there a resolution for this? Getting a very similar issue trying to silently install the identity agent. Error code is 0x80041008 in my case though.

Hanzo_Hattori
Explorer

We have also a problem installing version R77.10. We had 1803 and no problems at all but now that we are on 1909 there's an error in our SCCM task sequence:

MSI (s) (34:9C) [15:46:43:759]: Executing op: ServiceInstall(Name=MADService,DisplayName=Check Point Managed Asset Detection,ImagePath="C:\Program Files (x86)\CheckPoint\Identity Agent\MADService.exe",ServiceType=16,StartType=2,ErrorControl=1,,Dependencies=[~],,,Password=**********,Description=Identity Agent Managed Asset Detection control service.,,)

Execution command is with PSADT: C:\WINDOWS\system32\msiexec.exe /i "C:\WINDOWS\ccmcache\w\Files\Check_Point_Identity_Agent.msi" REBOOT=ReallySuppress /QN /L*v "C:\WINDOWS\TEMP\OpenSource_Check_Point_Identity_Agent_80.181.0000_Install\Check_Point_Identity_Agent_Install.log

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events