"I noticed this using a compliance job with remediation" -> the 'remediation' job here is just a normal deploy job, nothing special.
In both cases I'm deploying a BLPackage that consist of 1 specific registry value, and the REBOOT setting is set to 'By end of job'.
-> i believe the 'end of job' is the deploy, not the undo.
what if you have the reboot set to 'use item defined reboot setting' and have the entry in the blpackage set to 'reboot' ?
To clarify what I've got.
If My BL Package consists of a registry Value vs a registry Key, the UNDO fails to reboot the server.
BL Package 1; contained in the disable folder compressins.zip (1 Reg value Only with REBOOT = By end of job): Whether I use it as an AUTO- remediation package for a COMPLIANCE job (as in I can't edit the deploy packages it spawns) or just as a DEPLOY JOY, the reboot happens during the COMMIT phase (as expected). BUT, if UNDO, the reboot doesn't happen.
BL Package 2; contained in 'Set PCI....zip (1 Reg KEY where REBOOT = By end of job): Whether I use it as an AUTO- remediation package for a COMPLIANCE job (as in I can't edit the deploy packages it spawns) or just as a DEPLOY JOY, the reboot happens during the COMMIT phase (as expected). If I UNDO, the reboot does happen.
I've just re-run a test where both BLPacakges have same settings (ADD & reboot by end of job) and exactly as described above, no errors logged or anything, the UNDO of the package with a REG VALUE fails to try a reboot, but the pkg with a REG KEY, does. I've attached an export of the 2 deploy jobs and of the two job results where I did the deploy and UNDO. Notice in the INTEL job, the rollback steps don't even suggest there should be a reboot.
Any thoughts are appreciated... I'm just wondering if I'm missing something or if this is a bug?
The BL Packages both are set to AT JOB END
In this case, the jobs are both set to "Use item defined reboot setting"
The blexport.xml's are kinda tough to read & spot differences, but comparing the Job and Phase option tabs for each job they match as well.
can you get the bldelpoy.xml off the file server for each and the bldeploy log from the target for the reboot and no-reboot cases ?
yeah - that's odd. so in the reboot one i see this:
12/02/16 11:07:57.718 DEBUG
bldeploy - [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes] Item has reboot by end of job set, requesting reboot by end of job
but in the other one
12/02/16 11:01:45.432 DEBUG
bldeploy - [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableCompression] Set registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem" value name "NtfsDisableCompression"
it doesn't seem to see that. so maybe there is a problem w/ the reg values vs reg keys picking up the reboot ?
Yeah - that's pretty much what I was thinking. I first found this on another test package that I've since deleted...
Anyway - I'll take this to support and see about them helping sort this out.
As a workaround I was prepared to simply add some PRE and POST commands to have the reg key backed up and the re-imported as an UNDO, but because it's for auto-remediation, I haven't anywhere to create the PRE / POST commands for the deploy jobs that are automagically kicked off by then compliance job(s).
Thanks for taking a look!