task sequence failed to install application

Question

_{Monday, December 23, 2013 10:21 AM}

he task sequence failed to install application Mozilla Firefox (en-US)(ScopeId_DF37C18A-3DCC-4C3E-87B7-BCF6704DB3F9/Application_b2c11445-6b22-4a02-96d4-69bbafcc7d92) for action (Install Applications) in the group () with exit code 617. The operating system reported error 617: You have attempted to change your password to one that you have used in the past. The policy of your user account does not allow this. Please select a password that you have not previously used.

regards

Lashkham

All replies (22)

_{Monday, December 23, 2013 10:07 PM}

This is definitely a new one on me. Is the task sequence for OSD or just multiple app installs? Have any other app install steps worked before it gets to this step or is this the first app?

Dustin Estes - MCP

_{Saturday, February 22, 2014 11:50 AM}

Could you post AppEnforce, AppDiscovery and AppEval logfiles?

_{Friday, March 21, 2014 11:34 AM}

Lashkam, have you resolved this? I am experiencing the same issue. Using the MDT database to install role-based apps, and the error only happens on random machines. No applications get installed and no log files are moved. This is on SCCM 2012 R2.

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

_{Friday, March 21, 2014 11:48 AM}

Has the password on your Network Access Account expired?

My Personal Blog: http://madluka.wordpress.com

_{Friday, March 21, 2014 11:52 AM}

Hey MadLuka, this is a clients site and I thought of that but the service account was set to never expire or change. Plus I figured it would be more frequent. This issue only occurs on a handful of machines. The only thing I can think of is that they are running the TS as a new computer to remove 3rd party encryption and move to bitlocker. Maybe an issue with the computer account itself, thoughts?

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

_{Friday, March 21, 2014 11:59 AM}

No applications get installed and no log files are moved. This is on SCCM 2012 R2.

Is there an AppEnforce.log (locally on the client)?

Torsten Meringer | http://www.mssccmfaq.de

_{Friday, March 21, 2014 12:03 PM}

You haven't said yet if this issue applies to all apps or just the firefox app?

My Personal Blog: http://madluka.wordpress.com

_{Friday, March 21, 2014 12:06 PM}

Has the customer implemented any crazy permissions on OU's that would affect the ability of the system to amend it's own computer account?  For new computers, check the OU permissions.  Does the DomainJoin account you are using have the necessary delegated permissions (there are a handful) to perform the required operations on existing computer accounts wherever they may be?

My Personal Blog: http://madluka.wordpress.com

_{Friday, March 21, 2014 12:10 PM}

All good questions. I will double-check with the client if:

• They created a new OU for bitlocker and the domainjoin account has proper permissions
• If Firefox is a part of the install
• If there an appenforce.log

I will update as soon as they respond, thanks for the help guys.

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

_{Friday, March 21, 2014 5:23 PM}

Ok, here is an update:

• DomianJoin account is still valid and working. Permissions are the same on the OU.
• Firefox is not part of the installs
• There is no appenforce.log, as a matter of fact, there are quite a few logs missing.

I will be remoting into the machines over the weekend. I will keep the forum updated if I find a solution.

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

_{Monday, July 7, 2014 10:56 PM}

I came across this error during my SCCM 2012 R2 CU1 build this morning. Not sure if this helps or not but my problem was that the domain join was trying to join to a non existent OU in my AD. The OU had been removed from AD and relevant settings in Config Manager had not been updated / removed.

Reviewing the setupact.log provided relevant information.

Cheers

Damon

_{Tuesday, September 23, 2014 11:24 AM}

Lashkam, did you ever solve this problem? We have this issue on SCCM 2012 R2 CU1.

Regards Anders

_{Monday, March 30, 2015 9:31 AM}

Did anyone find a solution to this problem?

I have the same problem in my build and capture TS.

Installation of the Office Application in my TS exits with this error code :-(

Thomas Forsmark Soerensen

_{Wednesday, October 14, 2015 2:38 PM}

The Problem is when the Client in WIM is newer than the Site Version

_{Thursday, January 7, 2016 12:18 PM}

Hi,

I have the same issue. I have recently upgrade my Primary Site Server SCCM 2012 R2 Sp1 with MDT 2013 Update 1 and  ADK 10. During OSD installation of Windows 10 machine it successfully works on Primary and few site but it fails to install the applications with the error code mentioned above on couple of sites which are only distribution point.

As mentioned above that the problem is when the Client in WIM is newer than the site version. Can you ellaborate more on it. Which WIM File you are refering.

I am not capturing the image but using the standard image file to build windows 10.

Regards,

Hitesh

_{Monday, January 11, 2016 10:52 AM}

I was able to solve the issue by adding aditional step to join the machine to domain using Join Domain or Workgroup task in tasksequence under General option.

It seems the machine were not able to join the domain for remote site with domain controllers on different time zone.

Regards,

Hitesh

_{Friday, April 22, 2016 10:48 AM}

This error occures only in spesific site behind Branch Distribution Point in one location. Same TS and apps works fine in the main site. From BDP, I see that there is TCP/IP connections available.

Any ideas?

_{Friday, January 27, 2017 3:14 AM}

This happened to me when I removed the "Apply Network Settings" step which was joining the device to a workgroup

_{Wednesday, February 1, 2017 10:50 PM}

I think I finally figured this out as I snared me twice when I redeveloped a task sequence.

Simply try put a restart before the app steps that are failing to install.

If this works for others I'd love to know.

- Ben

_{Tuesday, February 14, 2017 3:09 PM}

I encountered this when the device was trying to join the domain as a machine account that was already existing and online.  The attempt to take over the machine account was rejected.

Fred Bainbridge | Enterprise Mobility MVP | Systems Consultant, Now Micro | fredbainbridge.com

_{Tuesday, April 11, 2017 12:16 AM}

I think I finally figured this out as I snared me twice when I redeveloped a task sequence.

Simply try put a restart before the app steps that are failing to install.

If this works for others I'd love to know.

- Ben

Didn't work for me 

_{Monday, December 10, 2018 8:08 PM}

These are the permissions needed by the sccm-domainjoin account

http://blog.ctglobalservices.com/configuration-manager-sccm/mip/creating-a-joindomain-account-for-use-with-sccm-osd/