Bitten by a [Old] Bug . . .
October 13th, 2008 Posted in TechI set up a virtual lab to test some deployments of Office 2007 and Symantec Endpoint Protection. Cue many hours banging my head off the wall and cursing the wrong software.
I needed to test the deployment of the packages before putting them onto clients’ systems so I set up a couple of VMs from media I had lying about. I set up a Server 2003 DC and an XP Pro client to mimic the infrastructure I’d be rolling the packages out in.
I decided to use Virtual PC for a change as I’ve always stuck with VMware Server to date but wanted to get some experience of Microsoft’s offering since I’d used it a little at the last training course I did and been quite impressed by it.
The Server 2003 VM was no problem, I got AD configured and added a test user and computer account. Unattended setup of the XP Pro VM went smoothly using an old SP2 integrated media made with nLite and I joined the client to the domain without fuss.
I proceeded with my software deployment tests:
- Office 2007 via GPO
- Symantec Endpoint Protection via the included deployment wizard
I quickly discovered issues with both applications after their initial push deployments when running under a Limited User Account; both threw up Error 2503 and Error 2502 with no real information as to what was causing the issue.
Googling both errors yielded little in the way of useful results beyond a Microsoft Knowledge Base article saying to make sure time and date were correctly set - which they were. I also could find no reported issues running either as a limited user and didn’t expect there’d really be an issue as both are meant for a corporate environment where such is standard practice.
I was stumped; I could add the user to the local Administrators group and everything would work wonderfully so I realised I had a permissions issue of some type. I was focused on the programs and attempted relaxing the permissions on the respective registry keys and folders for both to no avail.
I tried Process Monitor to no avail (I’m really not very good debugging issues with this app to my shame). I even ran the Security Configuration and Analysis MMC snap-in with the workstation compatibility template in the hope of relaxing any permissions or policies I’d missed. I was completely barking up the wrong tree.
I realised both issues were relating to MSI packages and maybe the permission issue was to do with the Microsoft Installer. I’d briefly had this thought and dismissed/forgot to investigate it thoroughly in my previous troubleshooting. Having run out of ideas and finding a post while having a final google for any hint what Error 2502 or 2503 could mean in general with a LUA.
I struck gold. A bug in the version of nLite used to make my XP Pro media had mangled the permissions in the registry for the installer. I confirmed the issue after reading this post and replaced the permissions as directed. A logoff and logon later the errors were gone.
I’d wasted countless hours fighting an issue that’s long been fixed since the next version of the nLite software and I’d been using an RC of v1.3 for that particular install media.
I guess the moral of the story is to always make sure you have the latest and greatest release of all components even the non-obvious ones. Or stick to vanilla Microsoft media is probably the more professional mantra. Ultimately it’s my own fault and I should really have been on top of this issue much quicker. I’m pretty sure more skilled use of Process Explorer would have saved me a lot of time.