Now to something completely different: Lately, I had been asked to help out with the deployment Adobe Acrobat DC to Microsoft Intune-managed notebooks. Getting out of my system design/software architecture bubble turned out to be an interesting experience.

First some background: All notebooks are managed by Microsoft Intune through the Microsoft Endpoint Manager. They have been deployed with help of Windows Autopilot.

Adobe Adcrobat DC

Getting the binaries

Adobe provides the base binaries for Adobe Acrobat DC (not Adobe Acrobat Reader) for free, without requiring a login. After downloading the ~ 1 GByte MUI package, I had also to download the Acrobat DC Customization Wizard.

Head over to the latest releases and download the correct .msp file. These are the patches which will be installed over the base image. In my case I had to go with Acrobat Planned Update Windows Installer 32 Bit.

Customization of the Acrobat DC installer

With help of the Customization Wizard you can customize the Acrobat DC installer. Basically, you have to

  • unzip the MMUI ZIP file
  • start the customization wizard
  • load the extracted AcroPro.msi file in the customization wizard
  • configure the installation procedure with help of the customization wizard
  • save the package.

By saving the package, an AcroPro.mst file will be created. The .mst file is later used by the MSI installer to transform the installation process. Don’t get confused by the Pro suffix in the AcroPro.msi file. Acrobat DC Standard and Pro are using the same installer.

AcroPro.mst

Applying patches

Copy the previously downloaded patch file next to the AcroPro.msi file.

Without the latest patch you will like see the error that your browser or operating system is not up-to-date when starting Adobe Acrobat DC.

Converting the installer to an .intunewin package

To deploy the package to Microsoft Intune, the MSI installer and all dependent packages have to be converted to the .intunewin format. Head over to https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool, download the binary and execute it:

.\IntuneWinAppUtil.exe
Please specify the source folder: c:\temp\acrobat
Please specify the setup file: c:\temp\acrobat\AcroPro.msi
Please specify the output folder: c:\temp\acrobat-install
Do you want to specify catalog folder (Y/N)? N

The operation takes some time, but in the end it will look like

Converting the MSI package to an .intunewin package.

Microsoft Intune / Endpoint Manager

In Endpoint Manager, create a new Windows application by navigating to Home > Apps > Windows > Add.

As App Type select Other > Windows app (Win32) app and upload the previously created AcroPro.intunewin file. Please note that this takes some time.

For the installation command use this:

msiexec /I "AcroPro.msi" IGNOREVCRT64=1 TRANSFORMS="AcroPro.mst" PATCH="AcrobatDCUpd2100720099.msp" /l*v c:\Adobe_DC_Install.log 

With help of the /l*v parameter, the MSI installer creates a log output which helps to debug any issues during the installation.

For the uninstall command, use:

msiexec /x "{AC76BA86-1033-FFFF-7760-0C0F074E4100}" /q

The GUID (AC76BA86-1033-FFFF-7760-0C0F074E4100 in my case) can be looked up on a PC, on which you have already installed Acrobat DC. Just execute the following PowerShell command:

get-wmiobject Win32_Product | Sort-Object -Property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
GUID for Acrobat DC

As a detection rule, I am going with a simple if directory exists then strategy. I am using the directory C:\Program Files (x86)\Adobe\Acrobat DC\ as marker to identify an existing installation.

Please note that the target machine needs atleast 4.5 GByte of free hard disk space:

  • ~1.5 GByte for downloading the .intunwin package
  • ~1.5 GByte for the installation process
  • ~1.5 GByte for the installed files.

Testing

For testing the installation procedures, two security groups had been set up in the Azure Active Directory:

  • One security group contained a virtual machine for testing the device installation
  • The other security group contained some test users for installing the app through the company portal.

Issues

After assigning the newly created application to the proper security groups, Microsoft Endpoint Manager reported the error code 0x80070643 during installation. After looking through the C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log I noticed that the MSI installer had failed with a very generic error code 1603. To dig deeper, I enabled the /l*v parameter above, waited for a new installation run and looked into the c:\Adobe_DC_Install.log file.

In my case, I tried to deploy the MSI package to a testing VM which had just 2 GByte left. The MSI installer failed with a classic Not enough space exception.

I am asking you for a donation.

You liked the content or this article has helped and reduced the amount of time you have struggled with this issue? Please donate a few bucks so I can keep going with solving challenges.

Categories: Microsoft