Video Screencast Help

How to completely remove SEP Client from Management Server

Created: 23 Mar 2012 | 14 comments

Hi All,

One of our customers is using SEP. The Management Server is installed on the SBS2003 server.

Recently they upgraded from version 11 to version 12 of the SEP. We did the upgrade of the Management Console, with sucess, it's now running the 12 version.

However, when we try to deploy the "client" component to the server, the instalation fails in the last minute, and the server won't get the "client" protection needed.

The event log mentions an error with a driver or service, called "BHDsrvx86", saying that it's impossible to start such a service, as a file already exists (Event ID 7000 of the Service Control Manager source). However, I've combed the server and I can't find any referente to that file / service / driver. It seems that during the instalation of the client, the setup stumbles on something and it fails the install.

I was considering totally removing the traces of the previous SEP Client version, something similar to this article: TECH102261. However, the article is explicit as it mentions that we shouldn't do that procedure on a machine with SEP Manager, which is my case.

So my question is: how can I completly remove the traces from SEP Client, withouth messing with SEP Manager, so that I can, hopefully, install the new SEP Client version?

Thanks in advance!

Comments 14 CommentsJump to latest comment

Thomas K's picture

Please see the manual removal steps for 2003.

How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions

Let us know how it goes for you.


HGGN's picture


Thats the article I mentioned, but it says that it will affect other Symantec products, so I won't use it on a machine with SEP Manager...

I don't want to completely remove both SEP Client and Manager, as it will bring downtime to the customer, that's why I'm trying to "fix" the Client part on the server without touching anything else. 

NRaj's picture

Am I missing something?

Did you try to remove from add/remove programs?

HGGN's picture

Yes, I've removed the SEP Client, version 11, using "add/remove". However, when I try to deploy the client to the server, via SEP Management, the setup ends with an error, and won't install. I've checked the event log, and I've seen the error regarding that driver/service. I suspect that might be some traces of SEP Client 11 still in the system...

Thomas K's picture

Can you give us the install log information? Maybe we can see from the log what is failing.

SEP's install log is "SEP_INST.LOG" and is found in one of the temp directories.

Post the 10 lines above  return value 3 in SEP_INST.log.

HGGN's picture

Ok, so I've tried the installation again, and since "return value 3" shows twice in the log, I'm posting the lines before each ocurrence:

MSI (s) (30:90) [19:08:23:765]: Added new source 'C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Cached Installs\' with index '2'
MSI (s) (30:CC) [19:08:23:781]: Executing op: ActionStart(Name=StartServices,Description=Starting services,Template=Service: [1])
AddCacheAsInstallSource Successfully added C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Cached Installs\ as source dir for {FA689023-0B72-4771-98A6-A1C927E58207}
MSI (s) (30:CC) [19:08:23:781]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=1300000)
MSI (s) (30:CC) [19:08:23:781]: Executing op: ServiceControl(,Name=SepMasterService,Action=1,Wait=1,)
MSI (s) (30:CC) [19:08:26:250]: Executing op: ActionStart(Name=ShowServiceProgress_RB,Description=Executing rollback script via service,Template=[1])
MSI (s) (30:CC) [19:08:26:250]: Executing op: CustomActionSchedule(Action=ShowServiceProgress_RB,ActionType=3329,Source=BinaryData,Target=ShowServiceProgress_RB,CustomActionData={FCF84532-5E19-4602-85DC-07AD26FE0070};SOFTWARE\Symantec\Symantec Endpoint Protection;Executing rollback script via service;)
MSI (s) (30:CC) [19:08:26:265]: Executing op: ActionStart(Name=ShowServiceProgress,Description=Executing install script via service,Template=[1])
MSI (s) (30:CC) [19:08:26:265]: Executing op: CustomActionSchedule(Action=ShowServiceProgress,ActionType=3073,Source=BinaryData,Target=ShowServiceProgress,CustomActionData={FCF84532-5E19-4602-85DC-07AD26FE0070};SOFTWARE\Symantec\Symantec Endpoint Protection;Executing install script via service;)
MSI (s) (30:34) [19:08:26:296]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSID0.tmp, Entrypoint: ShowServiceProgress
ScriptGen: ShowServiceProgress() MSIRUNMODE_SCHEDULED
ScriptGen: ShowServiceProgress() calling WaitForSingleObject(scriptStarted) ...
ScriptGen: ShowServiceProgress() WaitForSingleObject(scriptStarted) returned WAIT_OBJECT_0
ScriptGen: ShowServiceProgress() script execution failed.
ScriptGen: ShowServiceProgress() reset script failure event.
ScriptGen: ShowServiceProgress() is returning an error (so close to the end!)
MSI (s) (30:CC) [19:11:45:125]: User policy value 'DisableRollback' is 0
MSI (s) (30:CC) [19:11:45:125]: Machine policy value 'DisableRollback' is 0
Action ended 19:11:45: InstallFinalize. Return value 3.


MSI (s) (30:CC) [19:12:52:296]: Executing op: CustomActionRollback(Action=installFailure,ActionType=1281,Source=BinaryData,Target=installFailure,)
MSI (s) (30:44) [19:12:52:312]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSIEB.tmp, Entrypoint: installFailure
IDC::CancelEvent Signaling Global\SymIDCInstallComplete
IDC::CancelEvent Received WAIT_COMPLETE_EVENT event
IDCCA:  Failed to set property IdcXmlPath to C:\WINDOWS\TEMP\idc.xml (6)
Action ended 19:12:52: waitForIDCEvent. Return value 0.
IDCCA: Machine ID: a62c165621377cf9c164aaca8e79a82f0433d16
IDCCA: HttpQueryInfo: 200 OK Error: 0
IDCCA: SETI::CUploadFile::logout200 OK
MSI (s) (30:CC) [19:13:02:187]: Executing op: ActionStart(Name=CommunicateRollback,,)
MSI (s) (30:CC) [19:13:02:187]: Executing op: CustomActionRollback(Action=CommunicateRollback,ActionType=1345,Source=BinaryData,Target=CommunicateRollback,CustomActionData=12.1.1000.157;C:\TEMP\Clt-Inst\;;105)
MSI (s) (30:5C) [19:13:02:218]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSIEC.tmp, Entrypoint: CommunicateRollback
Communicate RB:  calling communicate state with the following arguments:
Communicate RB: Prodversion = 12.1.1000.157
Communicate RB: PathToSylink = C:\TEMP\Clt-Inst\
Communicate RB: Oldversion =
Communicate RB: ReasonStr =
MSI (s) (30:CC) [19:13:03:812]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
MSI (s) (30:CC) [19:13:03:812]: Error in rollback skipped.    Return: 5
Communicate RB: StatusCode = 302469120
MSI (s) (30:CC) [19:13:03:828]: No System Restore sequence number for this installation.
MSI (s) (30:CC) [19:13:03:828]: Unlocking Server
MSI (s) (30:CC) [19:13:03:859]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
Action ended 19:13:03: INSTALL. Return value 3.

Again, thank you all for your help.


HGGN's picture

I've read it, but my Event Log service is working ok...

I have a very specific error on the event log, at the time when the instalation starts to rollback, which I believe is the cause for the fail.

It's an 7000 Event, from Service Control Manager, with the following text:

"The BHDrvx86 service failed to start due to the following error: Cannot create a file when that file already exists."

The thing is that the BHDrvx86 service/driver doesn't exist before the installation, so I can't imagine why the setup can't just create it properly.

Again, thank you for your attention.

Thomas K's picture

Check this -

If the problem persists, try the steps below.

1. Open regedit

2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

3. If there are entries which point to files ending in *.rbs, delete the entries

4. Close regedit and restart PC

If this fails, it might be best to get support involved.

HGGN's picture

Thank you, Sayan, but as I mentioned before, I've already read the article, and since I have End Point Manager on that server, I believe the steps in the article will mess with that product as well.

I'm in touch with the customer to eventually remove the End Point Manager as well, then follow the article and basically reinstall from scratch everything Symantec related on the server.

Nicolasferos's picture

Hello HGGN,

Could you solve this issue? Im having exactly the same poblem with a customer and i would like to know which was your resolution.


HGGN1's picture

Hi Nicolas,

I ended up backing up the database on the SEP Manager Server, removed it all, following the article to remove all the services, files, etc, reinstalled it, restored the database and now everything is working ok :)