Deploy VPN client with intune: installation failed when wgsslvpnsrc.exe is running
I'm trying to deploy watchguard Mobile vpn with ssl client with intune using this guide.
So far, I'm able to install the client on a fresh install. But when an older version of the client is installed & still active (i.e. wgsslvpnsrc.exe is running in the background, indicated by the watchguard logo in the taskbar) the installation fails. I tried to add a taskkill command to close this process:
"C:\Windows\System32\taskkill.exe" /f /t /im wgsslvpnc.exe & "WG-MVPN-SSL_12_11.exe" /silent /verysilent
This command succeeds when running manually, but upon using this in intune I got a installation failed error.
When I manually close wgsslvpnc.exe & do the installation via intune, it succeeds.
So: how can I add a command to close wgsslvpnc.exe before executing the (de-)installation?
Comments
Hi @wouterVE
The installer checks to see if the SSLVPN service is running, and will prompt to close it. The silent option removes the ability to do this. There isn't a specific flag to force close the client.
You could likely use a powershell script that starts with the command "Stop-Process" (using the -Name and process name flag would probably work best here.)
-James Carson
WatchGuard Customer Support
Hello @james.carson
Thanks for your reply. Indeed I started to write a powershell script to install it. Still have to search how to deploy this through intune.
For other's interest; it looks like this:
@wouterVE - thanks. I took your script and juiced it up a tiny bit so we could use it with Panda System Management as a PowerShell job as we had several clients get corrupted this morning due to a blotched Panda Patch Management update of the client (which resulted in the installer failing and deleting the WatchGuard SSLVPN Service in Windows, which effectively broke the client - the issue is currently being escalated by our WG sales engineer).
You can use the following script in Panda System Management (or probably Intune if that is your tool of choice) to install / reinstall the SSL VPN client so if required.
if (!(Test-Path -Path "HKLM:\SYSTEM\CurrentControlSet\Services\wgsslvpnsrc")) { if (!(Test-Path -Path "C:\SWSetup\")){New-Item -Path $output_path -ItemType "Directory" -Force -Confirm:$false | out-null} Set-Variable ProgressPreference SilentlyContinue ; Invoke-WebRequest -Uri https://cdn.watchguard.com/SoftwareCenter/Files/MUVPN_SSL/12_11/WG-MVPN-SSL_12_11.exe -OutFile C:\SWSetup\WG-MVPN-SSL_12_11.exe Set-ExecutionPolicy -ExecutionPolicy Bypass -scope process Get-Process -name 'wgsslvpnsrc' -ErrorAction SilentlyContinue | Stop-Process -Force -PassThru Get-Process -name 'wgsslvpnc' -ErrorAction SilentlyContinue | Stop-Process -Force -PassThru Start-Process "C:\SWSetup\WG-MVPN-SSL_12_11.exe" -Wait -ArgumentList " /SP- /VERYSILENT /SUPPRESSMSGBOXES /NORESTART" }Basically the script looks to see if the registry key "HKLM:\SYSTEM\CurrentControlSet\Services\wgsslvpnsrc" exists. If the service still exists, then the script exits.
@dcolpitts
Thanks for your input! I've created a script for intune based on yours.