The logging, when we are 'stuck' is at this point:
Logging into the server and we get the notification that a something requires an action 'Interactive Services Detection'
If you run the install in a interactive user session the custom action appears to be this message:
For some reason, Citrix found it necessary to include a dialog in the installer that forces you to answer it. When this dialog is presented in a 'silent' install it requires interactivity to continue so the install stops until it is dealt with.
So, why is this dialog appearing? It is appearing because CFSDEP2 service was not uninstalled cleanly and the installer requires it removed for a clean install.
When uninstalling the software silently you also get a 'Interactive Services Detection' dialog. For whatever reason though, the uninstall dialog doesn't halt the process.
When doing an interactive uninstall this is a screenshot of all the actions that it executes:
And you can very clearly see it deletes the CFSDEP2 file system filter driver.
What does it look like when run silently?
The interactive services detected prompts on uninstall (UI0Detect.exe) appears to be caused by 'runonce.exe' and the 'grpconv.exe' programs.
Is our CFSDEP2 service deleted when run silently?
It was not deleted. Is the runonce.exe utility the cause of our CFSDEP2 service not being removed?
It is not. The CFSDEP2 service is removed *before* the runonce.exe utility it executed. So something else is triggering it's removal.
Examining the cfsdep2.sys file in the C:\Windows\system32\drivers reveals that the driver was not uninstalled with the Citrix PVS Target Device software.
It turns out that file system filter drivers can be installed and uninstalled using the command line.
Uninstall:
Install:
So, we should just be able to add a 'Invoke-command' and execute it, right?
I tried installing and uninstalling with both WMI and Invoke-Command:
Neither command worked remotely. I could see rundll32.exe executing and exiting with status "0" which implies success. But the commands themselves didn't *actually* work. When I executed the uninstall remotely neither the CFSDEP2.SYS file was deleted nor was the service uninstalled. Doing a procmon.exe I could see that the supplemental 'runonce.exe' and 'grpconv.exe' were not run. The reverse was true for the install as well, the CFSDEP2.SYS was not present and the service was not installed, but the exit code was "0". So we can't trust the exit code, we need to manually check to see if the files and service are present.
So what's happening? It turns out, for some reason, that the file system filter driver install/uninstall *requires* an interactive session to complete successfully. What is an interactive session you could use? The SYSTEM account. I was hoping to create a purely native script with no outside dependencies but PSEXEC will be required. Elevating permissions in a remote powershell session is very difficult and maybe one day I'll spend some time figuring it out and documenting it, but at this point I cheaped out and decided to use psexec.exe. To get the install/uninstall to execute remotely, you can use psexec.exe with the following lines:
And the install executes successfully as well under the interactive SYSTEM context:
No comments:
Post a Comment