Video Screencast Help

Migration and Deployment Wizard help

Created: 03 Nov 2010 • Updated: 22 Nov 2010 | 35 comments
This issue has been solved. See solution.

I'm using the Migration and Deployment Wizard to deploy to clients to upgrade from SAV 10 to SEP 11 RU6 MP1. It seems that they don't get installed on first try. I included the Prep tool or competitive uninstall in the package.

I added some lines to the script:

RunBeforeRemoval=net stop "LUALL.EXE"
RunAfterRemoval=C:\Windows\Temp\SEPInstall.exe
RunAfterRemoval=C:\WinNT\Temp\SEPInstall.exe

I added the first one because the logs indicate that the LiveUpdate does not stop and then the installation is halted.

I've already tested it out without the SEPprep exe (following the procedures from the pdf and the one found here) with mixed results. Some clients succeed and some failed with the same LU problem.

Comments 35 CommentsJump to latest comment

AravindKM's picture

Can you attach SEP_inst.log?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

Accessed the remote PCs. There's no SEP_inst.log

“Your most unhappy customers are your greatest source of learning.”

AravindKM's picture

Whether it is creating clt-Inst folder in the client and the package is getting copied?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

Found this on one of the deployed clients in [ipaddress]\C$\WINDOWS\Temp

AttachmentSize
SEP_INST.zip 16.8 KB

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

Found the folder on another PC that also failed to upgrade:

[ip address]\c$\temp\Clt-Inst

It only contains vpnremote.exe

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

Thanks pete_4u2002. I checked the link. Solutions offered are:

Cause

You are upgrading the Symantec Endpoint Protection client on a computer that had older version of the Symantec Endpoint Protection previously installed and the Client Communications Setting was set to Pull Mode. The client heartbeat with PULL mode enabled calls Livedupdate to sync with the Symantec Endpoint Protection Manager every 5 minutes and this process prevents installation from running.

Solution

Either one or both of the following solutions will allow you to work around this issue:

1) Increase the client heartbeat interval from 5 minutes to at least 2 hours or even longer.
2) Change the Communication Settings to Push Mode until the client installs are complete

 
I can't do that on SAV clients.
I got the IP list from the SAV 10 server. And I can confirm that there is a Symantec Antivirus folder and no Symantec Endpoint protection folder.

“Your most unhappy customers are your greatest source of learning.”

AravindKM's picture

For this particular group uncheck LU server from LU Policy,Set the heat bear interval to 30 minute or above,Create a new installation package and try.Also assure that installation package you are using is RU5 or above....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

We're using RU6 MP1 to install over SAV 10. LiveUpdate was already disabled when I checked in the SEPM console.

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

I'm testing the installation again.

I'm getting a few popups for some clients - asking for a password, I'm using a domain admin password right now and I've successfully used it to install locally on some PCs. Then there's the Network path not found. Though I guess it's irrelevant to the original problem.

And when using the Push Deployment Wizard, I select the 1st option which is to deploy to Windows clients.

“Your most unhappy customers are your greatest source of learning.”

AravindKM's picture

As per the logs you are using 11.0.4202.75(MR4MP2).

 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

@AravindKM: "As per the logs you are using 11.0.4202.75(MR4MP2). "

Me: [FacePalm] Clicked on the wrong package. Recreated a new one.

“Your most unhappy customers are your greatest source of learning.”

AravindKM's picture

Even after trying with RU6MAP1 you are facing this same problem?If yes try with RU6a...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

Assure that you had done all settings as per this KB

About preparing computers for remote deployment

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

Thanks, checked the link. It states the following:

Windows XP in a workgroup - Disable simple file sharing. Simple file sharing may prevent deployment of client software.

Windows Vista, Windows Server 2008, and Windows 7 in an Active Directory domain - The account used to deploy client software must be a domain administrator, and have elevated privileges on the client computer.

 The other that doesn't apply is:

Windows Vista, Windows Server 2008, and Windows 7 -

  • Disable the File Sharing Wizard.

  • Enable network discovery by using the Network and Sharing Center.

  • Verify that your account has elevated user rights.

I've checked with the admins, sharing is disabled - I can't share folders using a regular account. And the account I'm using to deploy is a Domain Admin.

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

Out of 58 online clients, I was able to deploy to 8. I'll be verifying this in a while.

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

Still failed on some clients.

Tried what was in the forum discussion:

https://www-secure.symantec.com/connect/forums/cant-upgrade-90-corporate-remote-clients-sep

I found out that the failed clients are running version 9. I have a package with SEP 11 RU5 to use on the clients. The logs show that the LU is still running and returns '3'.

I used Migration and Deployment wizard for this, as well. I also tried having the SEPprep included in the installation folder and still fails to install even if I added a line to disable the LU:

RunBeforeRemoval=net stop "LUCOMS.EXE"

Any ideas would be  appreciated.

“Your most unhappy customers are your greatest source of learning.”

AravindKM's picture

RUNLIVEUPDATE=0 try this switch

Ref:MSI command line reference for Symantec Endpoint Protection 11.0

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

Tried it:

MSI (s) (44:C8) [10:15:34:342]: Invoking remote custom action. DLL: C:\WINNT\Installer\MSI90.tmp, Entrypoint: CheckForRunningLU
Action start 10:15:34: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644.
LUCA: UILevel = 2 (2)
LUCA(1782): error=2 GetLastError=2
LUCA(1782): error=2 GetLastError=2
LUCA(1782): error=2 GetLastError=2
LUCA(1782): error=2 GetLastError=2
LUCA: Checking if LUALL is running...
LUCA: LiveUpdate is running!!
Action ended 10:20:34: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644. Return value 3.
Action ended 10:20:34: INSTALL. Return value 3.

 

The line I added to SEPprep.ini was:

[Settings]
ShowGUI=N
ShowMessageBox=N
MessageBoxText=Prepairing your system for Symantec Endpoint Protection 11.0.  During this process other antivirus products will be removed.\n\nIf you are prompted please fully remove these products.
AutoRunAfterUILoads=N
AskBeforeRemoval=N
SilentMSIInstaller=Y
RemoveSymantec=Y
CheckDiskSpace=Y
ResumeAfterReboot=Y
EnableLogging=N
LogPath=%TEMP%
MSIExtraParameters=RUNLIVEUPDATE=0
RUNLIVEUPDATE=0

RunBeforeRemoval=net stop "LUCOMS.EXE"
RunAfterRemoval=C:\Temp\SEPInstall.exe

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

Tried with logging enabled:

Computer Name: ########
11/19/2010 10:40:10:138 SEPprep starting!
11/19/2010 10:40:10:138 Attempting to run: net stop "LUCOMS.EXE"
11/19/2010 10:40:11:201 Exit code: 2
11/19/2010 10:40:12:122 Removing: Symantec AntiVirus
11/19/2010 10:40:12:122 Attempting to run: MsiExec.exe /X{848AC794-8B81-440A-81AE-6474337DB527} REMOVE=ALL REBOOT=R /qn RUNLIVEUPDATE=0
11/19/2010 10:40:32:496 Exit code: 1602
11/19/2010 10:40:32:496 Failed to remove Symantec AntiVirus
11/19/2010 10:40:32:512 Removing: Symantec AntiVirus
11/19/2010 10:40:32:512 Attempting to run: MsiExec.exe /X{848AC794-8B81-440A-81AE-6474337DB527} REMOVE=ALL REBOOT=R /qn RUNLIVEUPDATE=0
11/19/2010 10:40:41:840 Exit code: 1602
11/19/2010 10:40:41:840 Failed to remove Symantec AntiVirus
11/19/2010 10:40:44:730 Attempting to run: C:\Temp\SEPInstall.exe
11/19/2010 10:40:44:730 Failed to launch process!
11/19/2010 10:40:44:730 Symantec Endpoint Protection is NOT installed.
11/19/2010 10:40:44:730 SEPprep stopping!

The Exit codes:

2 = The system cannot find the file specified. 

1602 = User cancelled installation

I'll see what I can find. :( It's starting to frustrate me.

“Your most unhappy customers are your greatest source of learning.”

.Brian's picture

You'll need to run cleanwipe. I've had this same error many times and could not uninstall  AT ALL....cleanwipe fixed it though.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

mon_raralio's picture

I can do this if only not for the fact that this is an interactive program. And the user will just cancel this.

“Your most unhappy customers are your greatest source of learning.”

AravindKM's picture

You may create a script based on below KBs,and run it first for removing sav from your systems.

Manually uninstalling Symantec AntiVirus 10.1 client

Manually uninstalling Symantec AntiVirus 10.2 client

Manually uninstalling the Symantec AntiVirus 10.0 client

By the way I forget ask one thing.DO you have uninstall password in place.If yes remove it first

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

Thanks again Aravind. :D

I'm getting the procedures from this link for SAV9 clients:

http://www.symantec.com/business/support/index?page=content&id=TECH100621&locale=en_US

I just used the computer management to stop Symantec services namely: SAV and DefWatch.

So far, so good. Will keep you posted after it finishes.

Cheers!

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

My settings of SEPprep.ini:

[Settings]
ShowGUI=N
ShowMessageBox=N
MessageBoxText=Prepairing your system for Symantec Endpoint Protection 11.0.  During this process other antivirus products will be removed.\n\nIf you are prompted please fully remove these products.
AutoRunAfterUILoads=N
AskBeforeRemoval=N
SilentMSIInstaller=Y
RemoveSymantec=Y
CheckDiskSpace=Y
ResumeAfterReboot=Y
EnableLogging=Y
LogPath=%TEMP%
MSIExtraParameters=RUNLIVEUPDATE=0
RUNLIVEUPDATE=0
;Symantec 9 memory resident programs
RunBeforeRemoval=taskkill /f /im "LUComServer.EXE"
RunBeforeRemoval=taskkill /f /im "LUALL.EXE"
RunBeforeRemoval=taskkill /f /im "SAVROAM.EXE"

;Install path of SEP
RunAfterRemoval=C:\Temp\Clt-Inst\SEPInstall.exe
;RunAfterRemoval="C:\Temp\Clt-Inst\Symantec AntiVirus.msi"

The logs taken from the remote client:

11/19/2010 15:02:58:773 SEPprep starting!
11/19/2010 15:02:58:773 Attempting to run: taskkill /f /im "LUComServer.EXE"
11/19/2010 15:02:58:929 Exit code: 128
11/19/2010 15:02:58:929 Attempting to run: taskkill /f /im "LUALL.EXE"
11/19/2010 15:02:58:992 Exit code: 128
11/19/2010 15:02:58:992 Attempting to run: taskkill /f /im "SAVROAM.EXE"
11/19/2010 15:02:59:054 Exit code: 0
11/19/2010 15:02:59:148 Removing: Symantec AntiVirus
11/19/2010 15:02:59:148 Attempting to run: MsiExec.exe /X{848AC794-8B81-440A-81AE-6474337DB527} REMOVE=ALL REBOOT=R /qn RUNLIVEUPDATE=0
11/19/2010 15:03:02:210 Exit code: 1602
11/19/2010 15:03:02:210 Failed to remove Symantec AntiVirus
11/19/2010 15:03:02:210 Removing: Symantec AntiVirus
11/19/2010 15:03:02:210 Attempting to run: MsiExec.exe /X{848AC794-8B81-440A-81AE-6474337DB527} REMOVE=ALL REBOOT=R /qn RUNLIVEUPDATE=0
11/19/2010 15:03:04:679 Exit code: 1602
11/19/2010 15:03:04:679 Failed to remove Symantec AntiVirus
11/19/2010 15:03:05:851 Attempting to run: C:\Temp\Clt-Inst\SEPInstall.exe
 

I guess I missed something here. I'm just trying to stop SAV 9 from the system  task  remotely.

“Your most unhappy customers are your greatest source of learning.”

AravindKM's picture

Try killing rtvscan also...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

I tried this. RTVScan did stop. Here's the log:

11/19/2010 16:13:08:570 SEPprep starting!
11/19/2010 16:13:08:570 Attempting to run: taskkill /f /im "LUComServer.EXE"
11/19/2010 16:13:09:179 Exit code: 128
11/19/2010 16:13:09:179 Attempting to run: taskkill /f /im "LUALL.EXE"
11/19/2010 16:13:09:273 Exit code: 128
11/19/2010 16:13:09:273 Attempting to run: taskkill /f /im "SAVROAM.EXE"
11/19/2010 16:13:09:367 Exit code: 0
11/19/2010 16:13:09:367 Attempting to run: taskkill /f /im "RTVScan.exe"
11/19/2010 16:13:09:429 Exit code: 0
11/19/2010 16:13:09:554 Removing: Symantec AntiVirus
11/19/2010 16:13:09:554 Attempting to run: MsiExec.exe /X{848AC794-8B81-440A-81AE-6474337DB527} REMOVE=ALL REBOOT=R /qn RUNLIVEUPDATE=0
11/19/2010 16:14:43:578 Exit code: 1602
11/19/2010 16:14:43:578 Failed to remove Symantec AntiVirus
11/19/2010 16:14:43:594 Removing: Symantec AntiVirus
11/19/2010 16:14:43:594 Attempting to run: MsiExec.exe /X{848AC794-8B81-440A-81AE-6474337DB527} REMOVE=ALL REBOOT=R /qn RUNLIVEUPDATE=0
11/19/2010 16:14:48:531 Exit code: 1602
11/19/2010 16:14:48:531 Failed to remove Symantec AntiVirus
11/19/2010 16:14:50:015 Attempting to run: C:\Temp\Clt-Inst\SEPInstall.exe

Exit code based from MS states that the 1602 means that the user cancelled it. I'm not sure how this is possible since the settings in SEPPrep.ini is set to SilentInstall and to not ShowMessageBox.

“Your most unhappy customers are your greatest source of learning.”

Mahesh Roja's picture

Use NONAV tool to remove SAV then reboot and try to install

AttachmentSize
nonav.zip 819.78 KB

If this Info helps to resolve the issue please Mark as Solution

Thanks

mon_raralio's picture

I tested it out.

NoNav.exe is a self extracting file and will pop-up on the user to 'Extract'. So they'd probably cancel this.

I'm looking for a silent uninstall or just be able to run SEP11 install without user intervention.

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

I checked the services of the remote PC via the Computer Management.

I didn't find LiveUpdate on the client.

“Your most unhappy customers are your greatest source of learning.”

AravindKM's picture

In remote system manually stop all SAV services and try for the same.Whether it is working?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

mon_raralio's picture

I don't see LiveUpdate in their list of services. Even though that's what SEP says that prevents it from installing.

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

Managed to get a running process list on one of the PC using pslist:

Process information for ########:

Name                             Pid Pri Thd  Hnd      VM      WS    Priv
Idle                               0   0   2    0       0      28       0
  System                           4   8  73  571    1884      56       0
    smss                         612  11   3   19    3808      60     180
      csrss                      660  13  15  665   27108     972    1856
      winlogon                   688  13  24  620   59484     872    8016
        services                 732   9  17  445   53376    1304    5908
          svchost                456   8   3   80   30632     200    2176
          DataServer             488   8   3  114   47168     232    3216
          DefWatch               516   8   3   34   19212     132     556
            DWHWizrd            3516   8   5   95   59760     280    3796
          LMS                    556   8   2   65   15368     488    1632
          MDM                    604   8   4   88   34248     468     996
          ati2evxx               940   8   4   82   20804     100     792
          svchost                960   8  21  212   66840     156    2836
          svchost               1048   8  10  411   40780     928    1952
          svchost               1148   8  59 1337  321536   90768  130796
            wuauclt             2544   8   8  379  133240    3220    9720
            rundll32            2668   8   1   26   27528      64    1912
          svchost               1216   8   6   92   30552     308    1380
          svchost               1404   8  13  230   38052    1652    2008
          ccSetMgr              1492   8   6  190   34768     128    2536
          ccEvtMgr              1516   8  18  251   47064     100    2616
          spoolsv               1664   8  10  139   48152     104    3196
          svchost               1708   8   5  118   35016     164    1912
          GravitixService       1916   8   8  336   61000    1324    9036
            MCEScan             2936   8   3  161   41440     240    2416
          trcboot               1932   8   1   27   13644      96     308
          fsprocsvc             2088   8   3   37   18472     140     484
          svchost               2172   8   5  127   35732     224    2408
          Rtvscan               2260   8   1  482  295948     528   37676
          ldlcserv              2332   8   2   27    9952     200     380
          alg                   3244   8   5  104   32948     232    1176
          vpremote              4032   8   2   29   14240      80     352
            setup               2248   8   2   33   32840     304    2636
              msiexec           1868   8   5  115   44996     488    2624
          msiexec               4048   8   9  215   47152    1212    4532
            msiexec             2916   8   4   97   37608     248    1088
        lsass                    744   9  21  452   42144     608    4036
        ati2evxx                1268   8   7   94   26872     412     864
PCS_AGNT                         304   8   5   73   36680     228    2272
nlnotes                         1356   8  15  359  189964    6704   33128
  ntaskldr                       508   8   6  202  106632    6920    5348
    ndyncfg                     3052   8   1  153   97064    5352    3632
explorer                        1900   8  14  573  132500    3932   43472
  pcsws                          156   8   4  166   48612     324    4448
    pcscm                       2900   8  23  216   59116     472    2224
  sametime                       188   8   1   30   16300     264     424
    sametime75                  2676   8  25  292  415588    2508   30112
  DrgToDsc                       652   8   4  159   44652     200    1848
  issch                          708   8   1   21   13640     316     328
  PDVDDXSrv                      988   8   2  125   52364     104    1624
  iexplore                      1044   8  13  444  121224     520   20196
  ccApp                         1092   8   8  236   51428     104    3268
  VPTray                        1100   8   5  200   48552     460    3952
  pddm                          1140   8   2   81   23800     540     992
  rundll32                      1208   8   4   75   34208     200    2264
  ctfmon                        1264   8   1   68   29688     360     864
  conf                          1752   8   7  199   49700     404    4136
    rundll32                    1816   8   1   36   31040     144    1948
  smax4pnp                      2008   8   3  105   36064     104    2264
soffice                         1936   8   1   18   14740      88     408
  soffice.bin                   2016   8   5  146  120128     656    5620

“Your most unhappy customers are your greatest source of learning.”

mon_raralio's picture

Used PSList.exe and PSKill.exe from SysInternals Suite...

PsList.exe - to check if the following processes are stopped: rtvscan, defwatch, savroam

Double check with Compmgmt.msc - sometimes rtvscan would not stop, so I just connected with the computer and re-stopped the service. Usual error here is that the service did not stop in a timely manner. Just wait it out.

PsKill - to kill the still running process.

PsList - again to check if the SEP installation is running. Look for setup in the running process - vpremote > setup > msiexec

I also included the Competitive uninstall tool found on the CD during deployment. The logs are quite useful. So I applied the tool based on the PDF included to the install package.

I've added the following:

RunBeforeRemoval=taskkill /f /im "LUComServer.EXE"
RunBeforeRemoval=taskkill /f /im "LUALL.EXE"
RunBeforeRemoval=taskkill /f /im "SAVROAM.EXE"
RunBeforeRemoval=taskkill /f /im "RTVScan.exe"

“Your most unhappy customers are your greatest source of learning.”

SOLUTION
AravindKM's picture

Happy to hear your problem got solved and thank you for posting solution in the form.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind