Deploy Authentication Client with Intune?

phanaaekITphanaaekIT
edited August 12 in Firebox - Authentication

I'm trying to deploy 12.7.0 authentication client to Win 11 devices using Intune. I created the intunewin file and used these options.

Install: msiexec /i "/WG-Auth-Client.msi" /qn
Success: 0,1707,3010,1641,1618
Detect MSI: {B77E1CE0-50B5-4A03-9FA8-93FFD65AFBAB}
Detect File: %ProgramFiles(x86)%\WatchGuard\WatchGuard Authentication Client\wgssoclient.exe
Install Behavior: System
Deployed to Device Group

The app deployment was successful on about half of my 30 devices so far. Any idea on how to properly deploy this app or have any idea why it failed?

Here's the error on all the devices that failed:

Error code: 0x80070653
This installation package could not be opened. Verify that the package exists and that you can access it or contact the application vendor to verify that this is a valid Windows Installer package.
Suggested remediation
The installation package couldn't be opened or installed. The installer might be corrupt or not appropriate for this device. Contact the app vendor for help.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    You'll probably need to use the verbose logging option and log the output to a file to get any more info. My guess would be that some of the PCs couldn't access where the file was stored.

    like:
    msiexec.exe /i "C:\example.msi" /L*V "C:\package.log"

    https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec

    -James Carson
    WatchGuard Customer Support

  • phanaaekITphanaaekIT
    edited August 13

    Looks like the / in the install line was causing an issue "/WG-Auth-Client.msi". The app is now deployed after removing the / but I'm back to an issue I was having with Intune before. The users show up in the Traffic Monitor and Authentication List correctly but the policies targeting these users are not applied. If I uninstall the SSO client and reinstall it manually, then the issue goes away.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @phanaaekIT

    I'd suggest opening a support case.

    I also would suggest targeting user groups instead of users. The user will show up however they typed in their user name (for example, JAMES, james, James, and JaMeS are all the same user to Windows, but for other directory servers these will be case sensitive.) User groups always return the same way -- so even if it's just a group for one user, the group will always return how it is in Active Directory.

    -James Carson
    WatchGuard Customer Support

  • phanaaekITphanaaekIT

    These are Entra ID only joined devices, and I have tried targeting both by username and by group. It still only works if I reinstall the sso client manually.

Sign In to comment.