Installation of a Symantec Endpoint Protection 11 (RU6 or later) client rollbacks with error "LiveUpdate registration failed. (HRESULT=-2147467259)"

Article:TECH140612  |  Created: 2010-09-24  |  Updated: 2013-01-14  |  Article URL
Article Type
Technical Solution


Attempts to install a Symantec Endpoint Protection 11 (SEP 11) client fail at the point where the LiveUpdate component is registered.  




The SEP_INST.log contains:

 MSI (s) (08:7C) [10:21:25:671]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI100.tmp, Entrypoint: _LURegisterDecomposerABI@4
-- DECABI_LOGGING --   Enter LURegisterDecomposerABI()
-- DECABI_LOGGING --   GetDecomposerABIProperties Registry created.
-- DECABI_LOGGING --   GetDecABIDirectory() -- failed to get Decomposer ABI key from registry.
-- DECABI_LOGGING --   Decomposer ABI DLL version is: not installed
-- DECABI_LOGGING --   Could not get Decomposer ABI version from LiveUpdate. (HRESULT=-2147467259)
-- DECABI_LOGGING --   Decomposer ABI version registered with LiveUpdate is: not installed
-- DECABI_LOGGING --   Decomposer ABI sequence number registered with LiveUpdate is: not installed
-- DECABI_LOGGING --   For rollback using Decomposer ABI custom action  property: sizeof= 130 not installed:not installed
-- DECABI_LOGGING --   LiveUpdate registration failed. (HRESULT=-2147467259)
Action ended 10:21:26: InstallFinalize. Return value 3.



A Process Monitor (ProcMon) log of the installation shows the following issue with access rights:


LuSetup.exe          2052       RegOpenKey        HKCR\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32                ACCESS DENIED              Desired Access: Query Value               "C:\DOCUME~1\SERVIC~1\LOCALS~1\Temp\XSCKBPEY\LiveUpdate\LuSetup.exe" -s -a -q –log




It is likely that a virus infection changed the DCOM permissions or registry permissions on this computer.

It is possible as well that an old installation of LiveUpdate (or partial LiveUpdate installation) was remaining in the registry.



Attempting to install the very latest available SEP 11 or SEP 12.1 client often resolves this issue.
If this is not possible, the following steps should resolve the issue and allow a SEP client to install successfully:
1.)     Uninstall LiveUpdate from Add/Remove programs
2.)     Delete the following registry key (If it exists)
3.)     In the registry, navigate to:
Back up the registry key. Delete the PendingFileRenameOperations registry value from the right pane. Additionally, make sure that SYSTEM account has full rights on the following registry key:
4.)     Install the latest available LiveUpdate client for Enterprise use (3.3.x).  This lusetup.exe file can generally be found on the SEP product installation media.
5.)     Correct DCOM permissions in accordance with Troubleshooting Symantec AntiVirus Corporate Edition installations: Checking rights and permissions (These remain valid for Symantec Endpoint Protection as well.)
In Windows XP/2003:
Click Start, click on Run
Type dcomcnfg, then click OK
Click on Component Services, then click on Computers
Click on My Computer, then right-click My Computer and click Properties
In all other versions of Windows:
On the Default Security or Default COM Security tab, under Default Access Permissions, click Edit Default
Verify that Administrators, Interactive, and System accounts are set to Allow Access, and then click OK
Under Default Launch Permissions, click Edit Default
Verify that the Administrators, Interactive, and System accounts are set to Allow Launch, and click OK
In Windows XP/2003, skip the two following steps, if working on any other version of Windows:
In the Default Configuration Permissions section, click Edit Default
In the Registry Key Permissions window, verify that the following are set to Full Control, and then click OK
On the Default Properties tab, verify that Default Impersonation Level is set to Identify
Click Apply, and then click OK
Restart the computer for the changes to take effect
6.)     Verify that LiveUpdate is installed.
It should be listed in the Windows Control Panel's Add/Remove Programs.
7.)     Start the SEP client installation once again.
If the installation rolls back, with the same error in sep_inst.log, please follow the procedure below:
1.       Change DCOM permissions of LuComServer
With LiveUpdate in place
Make the following change to the DCOM settings for LuComServer:
Start-> Run dcomcnfg and go to Component Services-> Computers-> My Computer-> DCOM Config
Right-click LuComServer and go to properties, Identify tab, and choose a local administrator account.
NOTE: Use the Browse button if necessary; the account name must be prefixed by machine name to be recognized.
Click OK, OK...
Restart the machine.
NOTE: This should not normally be necessary for LuComServer; if this works there is something wrong with permissions that makes this work-around necessary.
2.       Install SEP client once again.
If the same installation error is encountered again, please contact the Symantec Technical Support.

Article URL

Terms of use for this information are found in Legal Notices