Sometimes we find it necessary to uninstall the VPN components from a user's machine if they've got a corrupted installation or have other issues. Unfortunately, the BEST way to do this is to lead them through uninstallation via the F5-supplied "f5wininfo.exe" program. You have to get the .exe to them first, which can be tricky to do with some mail systems...
This is a way to create an automated uninstaller to which you can direct a user. It works under Vista and XP quite well.
It'd be nice if F5 took a design cue here and ran with this approach -- it's quite "HelpDeskUseful(tm)"!
- Microsoft Cabinet Software Development Kit (http://support.microsoft.com/kb/310618)
- Microsoft Authenticode Tools (in the Platform SDK, http://www.microsoft.com/downloads/details.aspx?FamilyId=A55B6B43-E24F-4EA3-A93E-40C0EC4F68E5&displaylang=en)
- F5WinInfo.exe (Diagnostic tool from 6.0.2)
- Codesigning certificate and key for your organization (from Verisign)
1. Obtain CABARC.EXE from the Microsoft Cabinet Software Development Kit. You will need this utility to create the distributable CAB file that will be embedded in the web page.
2. Create a folder to contain your work and put CABARC.EXE and F5WinInfo.exe into that folder.
3. Open a command window and change to that directory.
4. In Windows explorer, find F5WinInfo.exe, right click on it, and select "Properties". Click on the tab labeled "Version" and copy down the value you see under "File Version." It should look like "6040.2008.215.2127". You will need to use this value in creating your CAB file.
5. Create a file in your working directory called "f5wininfo.inf". It will contain the following content:
; Version number and signature of INF file.
Note the FileVersion above. The value you put here is the value you obtained in step 4, only with commas instead of periods in between the numbers. The CLSID value is a bogus one, but will work. If you like, you can generate your own CLSID and use it here.
6. (Optional) You may choose to re-sign the f5wininfo.exe file if you like (removing the F5 signature and replacing it with your own). This is not strictly necessary but may be required in some organizations that have restrictive software load policies.
7. From the command line, create the cab file:
cabarc.exe -s 6144 n f5wininfo.cab f5wininfo.inf f5wininfo.exe
This command line will create the CAB file, reserving enough space at the beginning of the file for the signing certificate.
8. Sign this cab file with your codesigning certificate. You will need Microsoft's Authenticode tools to do this. How to do this is beyond the scope of this particular HOWTO, but Google can direct you to some wonderful resources about signing CAB files.
9. Create an HTML file called "uninstall.html". It MUST contain the following content, but the look and feel is up to you:
<OBJECT ID="VPNUninstall" CLASSID="CLSID:21449A90-C484-21d1-8D75-00C04FC23CE6" width=1
I'm attaching some example HTML files that do the job and actually attempt to use the control-interface "statusbar" that Firepass uses. It will track the download and execution of the f5wininfo.exe program and watch for its completion. I don't know if it functions COMPLETELY well (in fact, I am fairly sure it does not handle error conditions at all), but it mostly works.
10. Upload all HTML files and the cab file to your WebDAV sandbox on the Firepass controller. Users can then access the utility at "https://<controllername>/sandbox/uninstall.html". When the page launches, the CAB file will download and automatically uninstall all VPN components.