cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

24676
Views
40
Helpful
10
Replies
rschwart
Beginner

AnyConnect deploy with SCCM help

We are in need of help deploying AnyConnect via Microsoft SCCM. Has anybody done this and willing to share how they did it. Our AD admin has not done this before. We need to deploy 4 msi files as well as a profile folder. We are using the SCCM to insure the users do not uninstall AnyConnect. We want to deploy using the domain admin credentials, as some users are not admins and can not install the software. During our initial test with the SCCM we got a message that a module was missing. The software was on the computer but wanted the user permission to run, but not being admin, they could not do this.

Thank you for any help.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Marvin Rhoads
VIP Community Legend

Here's an example that I've used successfully for NAM + ISE Posture module (and no VPN tile). You would of course substitute your version for the one I used below:

msiexec /package anyconnect-win-4.2.00096-pre-deploy-k9.msi /norestart /passive PRE_DEPLOY_DISABLE_VPN=1 TRANSFORMS=anyconnect_client_novpn.mst
msiexec /package anyconnect-nam-win-4.2.00096-k9.msi /norestart /passive TRANSFORMS=nam.mst
msiexec /package anyconnect-iseposture-win-4.2.00096-pre-deploy-k9.msi /norestart /passive TRANSFORMS=iseposture.mst
XCopy /Y /F /C /E  "\\<server name>\<folder / subfolder name(s)>\profile.xml" "c:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager\newConfigFiles\"

 

View solution in original post

Marvin Rhoads
VIP Community Legend

It's referencing the source of the profile.xml that you telling the target host to pull down. 

In SCCM usage, the <server name> is any way the target host can see that folder. It can be the NetBIOS computer name (e.g filesvr01), fully qualified domain name (something like fs01.company.com) or even IP address (e.g., 192.168.1.100). If the file is local to the SCCM server, then your would just specify drive and folder.

View solution in original post

10 REPLIES 10
Marvin Rhoads
VIP Community Legend

Here's an example that I've used successfully for NAM + ISE Posture module (and no VPN tile). You would of course substitute your version for the one I used below:

msiexec /package anyconnect-win-4.2.00096-pre-deploy-k9.msi /norestart /passive PRE_DEPLOY_DISABLE_VPN=1 TRANSFORMS=anyconnect_client_novpn.mst
msiexec /package anyconnect-nam-win-4.2.00096-k9.msi /norestart /passive TRANSFORMS=nam.mst
msiexec /package anyconnect-iseposture-win-4.2.00096-pre-deploy-k9.msi /norestart /passive TRANSFORMS=iseposture.mst
XCopy /Y /F /C /E  "\\<server name>\<folder / subfolder name(s)>\profile.xml" "c:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager\newConfigFiles\"

 

View solution in original post

Marvin,

In this statement could you clarify the server referenced in \\<server name>\. Not being familiar with SCCM at all, is this the SCCM or a shared folder on another server,  or a folder on the ISE server.

Thank you for your help here.

Roger

Marvin Rhoads
VIP Community Legend

It's referencing the source of the profile.xml that you telling the target host to pull down. 

In SCCM usage, the <server name> is any way the target host can see that folder. It can be the NetBIOS computer name (e.g filesvr01), fully qualified domain name (something like fs01.company.com) or even IP address (e.g., 192.168.1.100). If the file is local to the SCCM server, then your would just specify drive and folder.

View solution in original post

Marvion,

Another question from our SCCM admin "Could you ask him if all the msiexec commands were enclosed in one application or package in SCCM?"

Again thank you for your assistance.Roger

Marvin Rhoads
VIP Community Legend

You're welcome.

One of my customers developed it originally - he was an SCCM whiz kid. :)

He had the commands I listed all in a single package that was a bat file deployed via SCCM.

Marvin,

Could you reach out to my SCCM admin?

bterhune@uthsc.edu

Thank you

Roger

Marvin Rhoads
VIP Community Legend

We prefer to keep discussion online here in CSC. I'm just a volunteer who helps out as I can. I do this in addition to my "day job".

If you need focused Cisco support please open a TAC case. If you need partner support, please reach out to your reseller. 

hi,

 

Thanks for the script it was really helpful, just one question what does TRANSFORM will do?

 

Thanks & Regards,

Dhayanithi S

Hello!

 

Is there any way yo deploy upgrade of Cisco AnyConnect Client unattended from SCCM ? 

 

So when the user is online with VPN with Cisco AnyConnect the upgrade can work then?

Hi Marvin

 

I want to know if this could work with Umbrella modulo? I need to copy OrgInfo.json like the last command Xcopy? I have the chance maybe you can tell me.

 

Thanks

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel