Intune MSI LOB Deployment Return Codes
Hi,
I want to deploy the Firefox .msi installer using Intune as Line of Business application.
I can deploy any other msi in this manner successfully, except Firefox. The application installs, but never reports back to Intune that it was a success, just pending, which makes my AutoPilot deployment fail.
Here are a couple forms from people having the same issue.
https://www.reddit.com/r/Intune/comments/mvp80t/firefox_msi_always_waiting_for_install_status/
https://www.reddit.com/r/Intune/comments/lych1h/deployed_msi_stuck_on_pending_install/
It seems that the only way people can fix it is by wrapping the .exe installer as win32 app in Intune. While that technically works, it removes abilities to control versions in a large company.
We really need the MSI to return success codes properly, or we have to stop using Firefox.
Anyone know of any workarounds? Is there something in the MSI I can tweak with Orca?
Thanks
Jeff
Wšě wotmołwy (7)
We're wrapping our EXE the same was a Chrome. Does it not have this issue?
The Chrome MSI deploys fine and reports back as a success. As I mentioned I am not deploying with EXE, I am downloading the Windows 64-bit MSI from: https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
I am actually trying to package it as an MSIX as a workaround, but having issues with MSIX and "Device Context" installs in Intune...long Microsoft support story for another day :).
FYI, we have an official MSIX now.
Unfortunately I was never able to get a good answer for you here and we don't have anyone working on the MSI right now.
We do have an open bug for related issues.
Hi Mike,
Thanks for the info.
By the looks of that bugzilla forum it looks like this has been around for years, and there is no hope in fixing it. Honestly, I think we will just move on from Firefox. Considering that it can't even be deployed via Intune, I would suggest that we won't be the only ones to abandon the product.
Appreciate the link to the MSIX, but downloading and deploying MSIX applications that we didn't create ourselves is a pain, considering we also need to download and deploy certificates for ever application.
Ours built in house share a common cert, for ease of deployment. I'm not really interested in deploying individual certificates for every application we deploy.
Thanks for the info, and if the msi ever gets fixed let me know.
Jeff
I'm curious why you deploy certs in the MSIX instead of using Firefox policy to cause it to use Windows certs.
Or use policy to put those certs in Firefox.
I'm not sure I understand your question. Sorry, MSIX is a bit new for us and it hasn't been a fun ride so far mostly due to Microsoft catering to business and "per user deployments" in Intune. I am in education, and require device based deployments to work (can't have kids waiting for apps to install based on a per-user deployment). So far, that deployment type is an afterthought for MS and its not quite there yet.
I currently have 1 cert for MSIX applications that I have deployed to and trusted on all workstations. When I package a new MSIX application with the Microsoft Packaging tool I tie it to that certificate, so in essence I no longer have to worry about certificates for applications that I package myself.
From what I am reading, to deploy the MSIX provided by Mozilla (or any other company), I need to download and trust "MozFakeCA_2017-10-13.cer" on my workstations. This isn't something that I want to get into with every application, making simple app deployment more complicated than it needs to be.
Like the people in the bugzilla forum, I just want a working MSI. They are dead simple to deploy, and work perfect with the LOB install function in Intune. I can download and deploy Chrome and pretty much any other msi out there without issue. Its baffling that this is even an issue as it seems to be a Firefox only problem thats been nagging for years.
Thanks
Our MSIX is packaged with our regular certificate, so there is no additional cert needed to install. That fake cert is only needed if you install an unofficial build.
I understand your (and others) frustration. Unfortunately we just haven't had the resources to do additional work on the MSI.