Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Intune MSI LOB Deployment Return Codes

  • 7 replies
  • 1 has this problem
  • 1 view
  • Last reply by Mike Kaply

more options

Hi,

I want to deploy the Firefox .msi installer using Intune as Line of Business application.

I can deploy any other msi in this manner successfully, except Firefox. The application installs, but never reports back to Intune that it was a success, just pending, which makes my AutoPilot deployment fail.

Here are a couple forms from people having the same issue.

https://www.reddit.com/r/Intune/comments/mvp80t/firefox_msi_always_waiting_for_install_status/

https://www.reddit.com/r/Intune/comments/lych1h/deployed_msi_stuck_on_pending_install/

It seems that the only way people can fix it is by wrapping the .exe installer as win32 app in Intune. While that technically works, it removes abilities to control versions in a large company.

We really need the MSI to return success codes properly, or we have to stop using Firefox.

Anyone know of any workarounds? Is there something in the MSI I can tweak with Orca?

Thanks

Jeff

Hi, I want to deploy the Firefox .msi installer using Intune as Line of Business application. I can deploy any other msi in this manner successfully, except Firefox. The application installs, but never reports back to Intune that it was a success, just pending, which makes my AutoPilot deployment fail. Here are a couple forms from people having the same issue. https://www.reddit.com/r/Intune/comments/mvp80t/firefox_msi_always_waiting_for_install_status/ https://www.reddit.com/r/Intune/comments/lych1h/deployed_msi_stuck_on_pending_install/ It seems that the only way people can fix it is by wrapping the .exe installer as win32 app in Intune. While that technically works, it removes abilities to control versions in a large company. We really need the MSI to return success codes properly, or we have to stop using Firefox. Anyone know of any workarounds? Is there something in the MSI I can tweak with Orca? Thanks Jeff

All Replies (7)

more options

We're wrapping our EXE the same was a Chrome. Does it not have this issue?

more options

The Chrome MSI deploys fine and reports back as a success. As I mentioned I am not deploying with EXE, I am downloading the Windows 64-bit MSI from: https://www.mozilla.org/en-US/firefox/all/#product-desktop-release

I am actually trying to package it as an MSIX as a workaround, but having issues with MSIX and "Device Context" installs in Intune...long Microsoft support story for another day :).

more options

FYI, we have an official MSIX now.

Unfortunately I was never able to get a good answer for you here and we don't have anyone working on the MSI right now.

We do have an open bug for related issues.

https://bugzilla.mozilla.org/show_bug.cgi?id=1505436

more options

Hi Mike,

Thanks for the info.

By the looks of that bugzilla forum it looks like this has been around for years, and there is no hope in fixing it. Honestly, I think we will just move on from Firefox. Considering that it can't even be deployed via Intune, I would suggest that we won't be the only ones to abandon the product.

Appreciate the link to the MSIX, but downloading and deploying MSIX applications that we didn't create ourselves is a pain, considering we also need to download and deploy certificates for ever application.

Ours built in house share a common cert, for ease of deployment. I'm not really interested in deploying individual certificates for every application we deploy.

Thanks for the info, and if the msi ever gets fixed let me know.

Jeff

more options

I'm curious why you deploy certs in the MSIX instead of using Firefox policy to cause it to use Windows certs.

Or use policy to put those certs in Firefox.

more options

I'm not sure I understand your question. Sorry, MSIX is a bit new for us and it hasn't been a fun ride so far mostly due to Microsoft catering to business and "per user deployments" in Intune. I am in education, and require device based deployments to work (can't have kids waiting for apps to install based on a per-user deployment). So far, that deployment type is an afterthought for MS and its not quite there yet.

I currently have 1 cert for MSIX applications that I have deployed to and trusted on all workstations. When I package a new MSIX application with the Microsoft Packaging tool I tie it to that certificate, so in essence I no longer have to worry about certificates for applications that I package myself.

From what I am reading, to deploy the MSIX provided by Mozilla (or any other company), I need to download and trust "MozFakeCA_2017-10-13.cer" on my workstations. This isn't something that I want to get into with every application, making simple app deployment more complicated than it needs to be.

Like the people in the bugzilla forum, I just want a working MSI. They are dead simple to deploy, and work perfect with the LOB install function in Intune. I can download and deploy Chrome and pretty much any other msi out there without issue. Its baffling that this is even an issue as it seems to be a Firefox only problem thats been nagging for years.

Thanks

more options

Our MSIX is packaged with our regular certificate, so there is no additional cert needed to install. That fake cert is only needed if you install an unofficial build.

I understand your (and others) frustration. Unfortunately we just haven't had the resources to do additional work on the MSI.