Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Installation of Endpoint Protection Client

Created: 17 Dec 2007 • Updated: 09 Sep 2010 | 11 comments

Afternoon All,

We have two HP Proliant servers with Windows 2003 Server Standard installed. When installing the SEP11 client, it'll get as far as LiveUpdate install, begin making registry changes and then for no apparent reason, roll back the install. This happens on both servers. The event log shows an entry in Application:

Event Type:    Information
Event Source:    MsiInstaller
Event Category:    None
Event ID:    11708
Date:        17/12/2007
Time:        11:39:48
User:        DOMAIN\Account
Computer:    SERVER
Description:
Product: Symantec Endpoint Protection -- Installation operation failed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 46 42 38 41 34 45 33   {FB8A4E3
0008: 30 2d 39 39 31 35 2d 34   0-9915-4
0010: 38 31 34 2d 41 44 46 39   814-ADF9
0018: 2d 34 32 45 30 30 44 39   -42E00D9
0020: 46 44 43 33 44 7d         FDC3D} 

but this is all the information we have.

Has anybody encountered and fixed this issue?

Comments 11 CommentsJump to latest comment

dr's picture

I'm having the same problem.  Even after manually uninstalling the old client, we get a failure.  It looks (in the event log) like its a problem running LiveUpdate:

Event Type:    Error
Event Source:    Automatic LiveUpdate Scheduler
Event Category:    (1)
Event ID:    101
Date:        12/21/2007
Time:        1:02:33 PM
User:        NT AUTHORITY\SYSTEM
Computer:    DJHY2M11
Description:
The description for Event ID ( 101 ) in Source ( Automatic LiveUpdate Scheduler ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: error, Failed unregistering service..

dr's picture

Forgot to mention: Windows XP SP2 client.  It had SAV 10.x installed, but I uninstalled it (automatically followed by manual clean-up) prior to attempting to install the SEP client.

MYGC8's picture

I also have the same problem using push deployment.  Client is running Windows XP SP2.  The event log of the client also shows a similar event with an event ID of 11708.  However, I don't seem to notice the issue as "dr" noted.

I tried the silent install option and after the deployment package was sent to the client, the installation ran for a while and the program shortcuts were added to the Start menu but they then disappeared as the installation rolls back itself.

The installation also failed when I tried to run the installation program locally (i.e. not via remote deployment).

Any pointers would be greatly appreciated.  Thank you.

Dondro's picture

I was experiencing this issue on two of my servers (both 2003 R2 SP2), my exchange server and my DC (which is also the management server).

I spoke to Symantec support and was told that this is due to remnants from the old SAV installs interfering with the SEP install. They advised I run SCSCleanWipe on the machines with all option enabled (which can take up to 8 hours and require multiple reboots, apparently), and then they should install fine.

  • I ran SCSCleanWipe on the exchange server with NO options selected, and then installed SEP successfully.
  • I ran SCSCleanWipe on the DC with the options enabled, (took about 1hr and a reboot), but the problem remains.


Sorry I don't have a link for SCS CleanWipe, you should be able to get it by contacting Symantec support.

MNSysAdmin's picture
I'm apparently having the same problem you're experiencing. Despite running SCSCleanWipe and the new CleanWipe for Endpoint, and going through the manual uninstall procedures, I'm still unable to install the Endpoint client on my server.
 
It's a Windows 2K3 acting as an AD PDC and has Exchange installled on it. Other than that it's simply a file server with little else installed on it. It was the manager for the Symantec 10 antivirus which I unistalled.
 
It installs to about the point where it looks like it's trying to start LiveUpdate and then immediately rolls back the installation leaving a bunch of errors about LiveUpdate in the event log.
 
Any help or ideas would be appreciated.
Icarii's picture
I had similar problem with a 2000 server that is running SEPM. It was filling the hard drive up, so I applied the MR1. After the upgrade the server was stuck in a loop trying to install the new client. I uninstalled the client. When I tried to install the client it would fail. I fix some registry issues with RAS, but that did not do it. Finally, I uninstalled Liveupdate, then reistalled the client from a push and it work. Do not know if that will help you or not.
TobyM's picture
I had the same issue and it was liveupdate. For some reason it wasn't showing up in add/remove programs and you would get an error when trying to access it through the control panel. I deleted the liveupdate folder in program files\symantec and removed the registry keys for it.
 
After that, the client installed properly and it reinstalled liveupdate.
MYGC8's picture
Just want to give an update for my case.  I finally got Symantec Endpoint Protection installed on my Win XP SP2 client.  I was a little reluctant to use the Symantec/Norton removal tool so I uninstall Symantec/Norton products one by one and after I uninstalled Norton Ghost 10 on the client the Endpoint Protection installation went to completion.
 
Probably the majority of you do not have Ghost installed so this message may not help at all.
 
Good luck on troubleshooting!  :)
eberthet's picture
Same Problem for me. It was due to LiveUpdate as already described by a poster.
Uninstalling LiveUpdate and the push install worked fine.
 
JimPompano's picture

I was having the same problem on my PC servers (i.e. EndPoint client not installing).  I was unable to push the Endpoint Client in some cases and in others where I was able to push the client and get it installed the installed client was not connection back to the console (i.e. no green light).

 

I found the following procedure fixed BOTH of the above problems:

1) uninstall the Symantec EndPoint client (if installed)

2) Reboot the computer

3) Run the SCSCleanwipe utility

4) Reboot the computer

5) Push the Symantec EndPoint client to the targer computer

6) Reboot the computer

 

After doing the aove 6 steps i found that EndPoint was installed  AND communicating with the symantec Console..i got the little GREEN light on the console next to the machine name.

 

While this is a solution, the developers of this product's installation process should be embarassed that it takes so much to get a clean install.  If there is a better way to achieve the clean install than the above 6-steps I have been unable to find it.

 

 

Chugach's picture

Basically the 6 steps listed above still work just fine, 1 year and a half later...