- This topic has 5 replies, 3 voices, and was last updated 4 years, 2 months ago by .
-
Posts
-
Hi,
I can’t get my BAT file to work with BatchPatch. It is a very simple *.bat file that removes a OP5 agent and then installs a new version.
It works If I run it from a server locally but when I try to use PatchPatch, only the first part works. It removes the old agent, but then it doesent install the new one.
This is how the nsclient.bat looks like@echo off
wmic product where name=”OP5 NSClient++ Windows Agent (x64)” call uninstall
msiexec /i \\servername\share\NSCP-0.5.2.35-x64.msi /norestart MONITORING_TOOL=OP5 CONF_CAN_CHANGE=1 NSCLIENT_PWD=”x” ALLOWED_HOSTS=”x.x.x.x” /quiet
Net Stop “nscp”
Net Start “nscp”
exitis it rebooting after the uninstall?
https://stackoverflow.com/questions/42837736/prevent-reboot-when-uninstalling-a-package-using-wmic
this suggests a permission issue accessing \\servername\share\
i would try setting deployment to elevated token
https://batchpatch.com/remote-execution-context
alternatively, you could place the batch file and msi in the same directory, select ‘Copy entire directory contents in addtion to the specified file’, and change the executable path to
msiexec /i “%~dp0NSCP-0.5.2.35-x64.msi” /norestart
I’m glad you got it worked out, @Johan. Thanks @mmccar for pointing to the solution. For anyone else who might read this thread, here are some things to be aware of:
1. Remote Execution Context:
https://batchpatch.com/remote-execution-contextIf BatchPatch is set to SYSTEM, if you execute a deployment to run a .bat file on a remote computer, when the .bat file runs it will not have network access. So, if that .bat file contains a call to a network share, as was the case with @Johan’s .bat file, it will not be able to run to completion successfully.
Set the remote execution context to ‘Elevated token’ to resolve this issue, as @mmccar pointed out.
2. Integrated security vs alternate credentials
If you continue to have problems after setting the remote execution context to ‘Elevated token’ the next thing that you should do is specify alternate credentials for the row(s) in BatchPatch (Actions > Specify alternate logon credentials). Even if the alternate credentials that you specify are for the same exact logon account that you are already running BatchPatch under, you should still do this. It’s complicated to describe why this makes a difference, so I’m not going to get into a lot of detail on the topic right now. Suffice it to say that when there are multiple hops of authentication (from the BatchPatch computer to the target computer, and then from the target computer to the network share that is called inside the .bat file), there is a difference between using integrated security as compared to when you specify alternate credentials. When you specify alternate credentials you essentially end up removing one of the hops, and this can be the difference between the deployment completing successfully vs failing.
- You must be logged in to reply to this topic.