Ansible windows modules

Hi all,

I start learning Ansible to run some deployment tasks on Windows platform. I encounter some hiccups with Windows modules as below:

  • Install the executable package (.NET 4.5.2 framework)
failed: [x.x.x.x] => {"rc": 16389}
stdout: An error was encountered.
 

Unspecified error

  • I did some searching then this error might relate to the cache size then I use the Web installation (https://www.microsoft.com/en-us/download/details.aspx?id=42643) then Ansible can run the package and download the package in middle then throw an error (“rc” 5) (something relates to access denied). I try to use with administrator account for the host inventory but no luck with that move
  • Install an MSI with properties
  • I try to use win_msi module and see the win_msi.ps1 script that execute the installation by “msiexec.exe /i $params.path /qb /l $logfile $extra_args;” so I try to input the properties within the path parameter, for ex: C:\tool.msi property1=A perty2=b. However, seems my syntax is not correct with the parse function then I got this error

This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

  • Then I try to run the raw command in playbook: raw: msiexec.exe /i C:\Tool.msi property1=a property2=b /qn . This way can install this msi, in conclusion, we can’t not the win_msi module at the moment for installation with properties?

Thank you very much for your help
Quang

I would recommend trying the win_package module which can take properties and, if you capture the product_id you can use that in your playbook to make sure it only attempts installation once.

Hope this helps,

Please report back if this works for you so others can learn from your experience.

Many thanks

Jon

The NDP452-KB2901907-x86-x64-AllOS-ENU.exe package contains the framework for various Windows versions.
Have you tried to install it from the cli? E.g. start powershell as admin and try to install it?

In my case, I wrote a playbook in order to install it on a W2012R2 using ansible. Here an overview of the steps:

  • copy this exe file to the remote host
  • extract it
  • in case of W2012R2 you will need the x64-Windows8.1-KB2934520-x64.msu, which you can install as next step
  • finally the remote host has to be rebooted

Stavros

Jon,

I have tried with win_package, as .NET framework 4.5 can not be uninstalled so I just grab a fake product_id (not sure for the other but for me, I’m using ansible 1.9.3 and product_id param should be productid without dash) and the results are the same as using raw command. If I use the offline package then receive error 16389 and use the web package then the installation runs in middle then stop with error 5. Still no luck so far.

I will try to upgrade to 2.0 then use win_acl to overcome the error 5 or win_webpicmd.

Stavros,

I can run the installation without ansible for offline package (copy this package into the remote machine):

  • Use powershell to call on the remote machine
  • Use paexec and call the exe from remote

Thank you for your update.

I have tried to use Start-Process -FilePath “exe path” -ArgumentList /q -Verb RunAs to elevate the current account for the web installation package but no luck too,

I’m using the following code for installing msi’s, e.g.:

$msi = @(‘D:\Temp\Pscx-3.2.0.msi’, ‘D:\Temp\notep.msi’)
foreach ($msifile in $msi)
{
Start-Process -FilePath “$env:systemroot\system32\msiexec.exe” -ArgumentList “/i "$msifile” /qn /passive" -Wait
}

Stavros

Quang,

I suggest you try running the installation as a user with Administrative privileges. You may also find you need to temporarily disable UAC prompting for Administrative users only, which on Server 2012 R2 can be achieved by modifying

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=dword:00000000

To re-enable UAC prompting for Administrative users, set
“ConsentPromptBehaviorAdmin”=dword:00000005

Hope this helps,

Jon

Hi Stavros,

I think you’re right on x64-Windows8.1-KB2934520-x64.msu. I tried to dumb the installation log and found access denied when running the web installation package.

I think there is something wrong on my environment setting that cause about security issue, try with another environment, it works like a charm :frowning:

Hi Jon,
I have tried with Administrator account but no luck
For my account in administrators group, I have to disable the UAC in order to run it (even manual run the installation package)

Will keep you post on my finding
Quang

The problem with installing msu file via WinRM (as Ansible uses Py connects to window host via WinRM). I grab this article on the net (http://www.hurryupandwait.io/blog/safely-running-windows-automation-operations-that-typically-fail-over-winrm-or-powershell-remoting) and this one from MS (https://support.microsoft.com/en-us/kb/2773898) but seems there is an update has fixed it.

Trying to run Window update for my environment to see how it goes.

I have used the workaround described in the article to install a hotfix. I expanded the .msu and then used raw to run dism.exe to install the expanded file, so I hope the same workaround will work for you.

Hope this helps,

Jon

Hi Quang,

you can also try to extract the x64-Windows8.1-KB2934520-x64.msu, which will give you the Windows8.1-KB2934520-x64.cab. For the installation try this:

DISM.exe /Online /Add-Package /PackagePath:C:\Temp\Windows8.1-KB2934520-x64.cab /NoRestart /Quiet

You’ll have to reboot the server after the installation, so it’s up to you to set the /NoRestart parameter…or not…

Stavros

Actually, when I update with all the latest updates from Windows, I can go through the problem, means, with the latest Windows update, you’re good with msu installation.

Thank you all!

Hello Stavos,

I would like to run the ansible to use your workaround for ms patch.
By the way, can your workaround have Idempotence ?

BestRegards,

Takeshi

Hello Takeshi,

what do you actually mean by asking if the workaround has idempotence? That you run this and nothing changes/happens on the target host?

If you tried it so far, then you can see if the .Net Framework is installed only by searching the installed Windows updates. There you will find an update with the KB number according to the Windows OS (2012 or 8.1 or …) version that your target host has.

Best Regards
Stavros

Hi Stavris,

I am not familiar with DISM tool then I have not tried this workaround yet.
For example, if the system has already the KB, this task does nothing,
on the other hands this system does not have the KB it should be fixed
the KB by this task ( it called idempotence ).
I would like to run it in offline after copy already the KB has been
downloaded to that system and expand.

Thank you.

Takeshi,