Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP 11.0.7000.975 installation rolls back

Migration User

Migration UserNov 23, 2012 02:27 AM

Any further idea?

  • 1.  SEP 11.0.7000.975 installation rolls back

    Posted Nov 21, 2012 04:40 AM

    Dear All,

    I'm trying to install SEP 11.0.7000.975 on a Win 2003 SP2 server. The previous installation crashed, a couple of moduls was not running, so I completely removed it. 

    Ran the built-in uninstaller, CleanWipe, also performed the steps on the below link:

    http://www.symantec.com/business/support/index?page=content&id=TECH102261

    So thoretically no remnant of the old installation should exist on the machine.

    However it still keeps rolling back, after isntalling virus definitions the status is: 'Removing backup files', right after it the 'Rolling back' action is starting. I've spent hours of googling this issue and I tried every single suggestion.

    E.g.:

    - Check for infections. Installed AVG, Spybot, MBAM, TDSSKiller etc. to scan for any threat. Nothing found, machine seems clean.

    Check if Event Log is Started and set as automatic  in services.msc. It's running fine.

    - Making sure that the value of 'HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' is '%USERPROFILE%\Application Data'.

    So I'm out of ideas. I searched for 'return value 3' in SEP_INST.LOG. Please see around 30 lines above it:

    ADMINMOVEFILES: Removed folder: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\MARGBVDQ\IPSDefs\

    WriteCcSettingsTables: SetOneTimeUpdateCookie_RB.93C43188_D2F5_461E_B42B_C3A2A318345C
    MSI (s) (B4:B8) [22:26:24:607]: Executing op: ActionStart(Name=SetOneTimeUpdateCookie_RB.93C43188_D2F5_461E_B42B_C3A2A318345C,,)
    MSI (s) (B4:B8) [22:26:24:607]: Executing op: CustomActionRollback(Action=SetOneTimeUpdateCookie_RB.93C43188_D2F5_461E_B42B_C3A2A318345C,ActionType=1281,Source=BinaryData,Target=SetOneTimeUpdateCookie_RB,)
    MSI (s) (B4:14) [22:26:24:654]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI191.tmp, Entrypoint: SetOneTimeUpdateCookie_RB
    WriteCcSettingsTables: DisableCancelButton.93C43188_D2F5_461E_B42B_C3A2A318345C
    MSI (s) (B4:B8) [22:26:25:622]: Executing op: ActionStart(Name=DisableCancelButton.93C43188_D2F5_461E_B42B_C3A2A318345C,,)
    WriteCcSettingsTables: stopSP.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1
    MSI (s) (B4:B8) [22:26:25:622]: Executing op: ActionStart(Name=stopSP.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
    WriteCcSettingsTables: restoreSPState.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1
    MSI (s) (B4:B8) [22:26:25:622]: Executing op: ActionStart(Name=restoreSPState.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
    MSI (s) (B4:B8) [22:26:25:622]: Executing op: CustomActionRollback(Action=restoreSPState.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,ActionType=3329,Source=BinaryData,Target=restoreSPState,CustomActionData=0)
    MSI (s) (B4:F4) [22:26:25:638]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI192.tmp, Entrypoint: restoreSPState
    restoreSPState: called
    restoreSPState: calling loadEventManagerDLLs
    loadEventManagerDLLs: called
    serviceIsRunning: OpenService FAILED with error 1060
    LoadEvtMgrDll: ccEvtMgr is not running
    serviceIsRunning: OpenService FAILED with error 1060
    SendReload: ccEvtMgr is not running
    loadEventManagerDLLs: FAILED to send reload event
    loadEventManagerDLLs: exiting
    restoreSPState: Changing service configuration to SERVICE_DEMAND START for SPBBCSvc
    modifyServiceConfiguration: OpenService() FAILED with error 1060
    restoreSPState: Unable to modify configuration for SPBBCSvc
    restoreSPState: Value of szSPState "0"
    restoreSPState: SPState is NOT set to 1. NOT Calling startSP
    restoreSPState: exiting
    WriteCcSettingsTables: checkMSXMLVersion.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1
    MSI (s) (B4:B8) [22:26:25:950]: Executing op: ActionStart(Name=checkMSXMLVersion.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
    WriteCcSettingsTables: RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1
    MSI (s) (B4:B8) [22:26:25:950]: Executing op: ActionStart(Name=RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
    MSI (s) (B4:B8) [22:26:25:950]: Executing op: CustomActionRollback(Action=RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,ActionType=1345,Source=BinaryData,Target=cleanupFolder,)
    MSI (s) (B4:D0) [22:26:25:966]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI193.tmp, Entrypoint: cleanupFolder
    InstSymProtect::cleanupFolder() -> called
    DeleteFolderIfNoFileExists: Driver file is not present.
    DeleteFolder: FAILED to delete directory C:\Program Files\Common Files\Symantec Shared\SPBBC
    DeleteFolderIfNoFileExists: SHDeleteFolder FAILED
    InstSymProtect::cleanupFolder() -> DeleteFolderIfNoFileExists FAILED
    cleanupFolder:  exiting
    MSI (s) (B4:B8) [22:26:26:341]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
    MSI (s) (B4:B8) [22:26:26:341]: Error in rollback skipped. Return: 5
    MSI (s) (B4:B8) [22:26:26:356]: No System Restore sequence number for this installation.
    MSI (s) (B4:B8) [22:26:26:356]: Unlocking Server
    MSI (s) (B4:B8) [22:26:26:372]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
    Action ended 22:26:26: InstallFinalize. Return value 3.
     
    In case the entire log is needed to diagnose my issue, please let me know.
    Thank you for your help in advance.
     
    fishmong3r


  • 2.  RE: SEP 11.0.7000.975 installation rolls back

    Broadcom Employee
    Posted Nov 21, 2012 04:43 AM

    are you trying to install using the local admin account? if not can you try ?



  • 3.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 21, 2012 04:45 AM

    Yes, I'm trying to install with local admin account.



  • 4.  RE: SEP 11.0.7000.975 installation rolls back

    Trusted Advisor
    Posted Nov 21, 2012 05:20 AM

    Hello,

    As per the above logs, we see errors as below:

     

    serviceIsRunning: OpenService FAILED with error 1060
    LoadEvtMgrDll: ccEvtMgr is not running
    serviceIsRunning: OpenService FAILED with error 1060
    SendReload: ccEvtMgr is not running
    loadEventManagerDLLs: FAILED to send reload event
    loadEventManagerDLLs: exiting
    restoreSPState: Changing service configuration to SERVICE_DEMAND START for SPBBCSvc
    modifyServiceConfiguration: OpenService() FAILED with error 1060
    restoreSPState: Unable to modify configuration for SPBBCSvc
    restoreSPState: Value of szSPState "0"
    restoreSPState: SPState is NOT set to 1. NOT Calling startSP
     
     
    Could you let us know -
     
    What happens if you export the package and then manually copy paste the package on the local HDD of the server and then run the setup.exe?

     

    Also try creating a .msi package and running from the local hdd.

    Check if there is a driver SPBBCSvc under Device Manager >> View >> Show Hidden devices >> Non-Plug and Play drivers. If there is a SPBBCSvc Driver, please uninstall it.

    Also, check this Thread: 

    https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-agent-1105-rolls-back-installation-configuring-services

    It suggests - 

     

    Open the Registry Editor and go to

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

    On the right hand side right-click and modify the value of "CommonFilesDir" to C:\Program Files\Common Files.

    Hope that helps!!



  • 5.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 21, 2012 06:14 AM

    Hello,

    Thank you for your advice. Unfortunately no success.

    1. I extracted the installer package and ran setup.exe. The same happedned as before, also it generated the very same install log.

    2. How to create MSI installer? Is there a way to do it without any 3rd party tool?

    3. There were no SPBBC Svc in device manager.

    4. I checked the link you posted and did:

     - Checked CommonFiledDir in 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion', the setting is ok.

    - Tried the below as well:

    # Open the Windows Registry editor (regedit.exe) browse to the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

    # Verify the following Reg Multi String value PendingFileRenameOperations exists under this key.
    Note: If you do not find the PendingFileRenameOperations value in the location above, this error message can be generated if there are pending changes in:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Control\SessionManager\PendingFileRenameOperations

    # IfHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired exists, right-click on the RebootRequired registry key and choose Export.
    # Provide a different file name than in step 4 for the exported registry key and click Save
    # Delete RebootRequired sub-key

    (delete the value after double clicking on the "PendingFileRenameOperations" string value), no need to restart the client just perform another push install from the server.

    Additionally this the content of HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Control\SessionManager\PendingFileRenameOperations after the installation attempt:

     

    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI2F.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI30.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI33.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI34.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI35.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI36.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI37.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI38.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI39.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI3A.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI3B.tmp
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CCI3C.tmp
     
    \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SEVINST.EXE
     
    \??\C:\PROGRA~1\COMMON~1\SYMANT~1
     
    \??\C:\PROGRA~1\COMMON~1\SYMANT~1
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sevinst0.exe
     
    \??\C:\Program Files\Common Files\Symantec Shared\TBD175.tmp
     
    \??\C:\Program Files\Common Files\Symantec Shared\TBD176.tmp
     
    \??\C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
     
    \??\C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
     
    \??\C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_3.DLL
     
    \??\C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_3.DLL
     
    \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LUInit.exe
     
    \??\C:\Program Files\Symantec\LiveUpdate
     
    \??\C:\Program Files\Symantec\LiveUpdate
     
    \??\C:\Program Files\Symantec
     
    \??\C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_3.dll
     
    \??\C:\Program Files\Symantec\LiveUpdate
     
    \??\C:\Program Files\Symantec
     


  • 6.  RE: SEP 11.0.7000.975 installation rolls back

    Trusted Advisor
    Posted Nov 21, 2012 07:28 AM

    Hello,

    Could you please upload us the entire SEP_Inst.log to understand the root cause of the issue.

    Please Attach it under File Attachments.

     



  • 7.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 21, 2012 07:46 AM
      |   view attached

    Attached the log as requested.

    Meanwhile I ran a SEP Support Tool scan but no error was shown in the result.

    Attachment(s)

    zip
    SEP_INST_upload_0.zip   500 KB 1 version


  • 8.  RE: SEP 11.0.7000.975 installation rolls back

    Trusted Advisor
    Posted Nov 21, 2012 01:55 PM

    Hello,

    After checking the Logs, we see as below:

     

    Property(S): _IsSetupTypeMin = Typical
    Property(S): Display_IsBitmapDlg = 1
    Property(S): SAVRebootPromptText = You must restart your system for the configuration changes made to [2] to take effect. Click Yes to restart now or No if you plan to restart later.
    Property(S): INSTALLLEVEL = 100
    Property(S): ADDSTARTMENUICON = 1
     
    Here are the suggestions - 
     
    There is pending installation and you need to restart the machine.
     
    If restart does not help, please check this document:
     

    Installer Information - "Symantec Endpoint Protection has detected that there are pending system changes that require a reboot." when trying to install SEP 11.0 on Windows 7

    http://www.symantec.com/business/support/index?page=content&id=TECH95608

    NOTE: The steps also applies in case of using Windows 2003 Server.

    Hope that helps!!



  • 9.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 21, 2012 03:16 PM

     

    Please find my exact actions below.
    1. Restart
    2. Installation attemp, no success, roll back.
    3. Removed remnants.
    4. Checked the above mentioned registry keys, PendingFileRenameOperations existed only in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\
    5. Exported key, deleted it.
    6. Installation attemp, no success, error msg: "Symantec Endpoint Protection has detected that there are pending system changes that require a reboot".
    7. Removed remnants.
    8. Restart.
    9. Checked the above mentioned registry keys, PendingFileRenameOperations existed only in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\
    10. Renamed it with a '2' at the end.
    11. Restart.
    12. Installation attemp, no success, roll back.


  • 10.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 21, 2012 03:23 PM

    Change the environment variable

     %AppData% variable for the SYSTEM account.

    • Open 'regedit' from a run prompt.
    • Navigate to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.
    • Make sure that the AppData string is set to: %USERPROFILE%\Application Data for Windows XP/ Windows Server 2003 or %USERPROFILE%\AppData\Roaming for Windows Vista/ Windows 7/ Windows Server 2008.
      Note: Any other values here that do not have %USERPROFILE% may be incorrect as well and could cause issues.
    • Start install of Symantec Endpoint Protection Client

     

    or right click my comptuer icon, select propeties, try changing the env varivable to c:\temp check if that works



  • 11.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 21, 2012 03:30 PM

    It's in my original post:
    "- Making sure that the value of 'HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData' is '%USERPROFILE%\Application Data'."



  • 12.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 21, 2012 03:54 PM

    under the enviroment variable did you try changing it to c:\tmp and C:\temp

     



  • 13.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 22, 2012 03:15 AM

    Just tried this as well. Thank you for your help, but the same issue appeared.



  • 14.  RE: SEP 11.0.7000.975 installation rolls back

    Posted Nov 23, 2012 02:27 AM

    Any further idea?



  • 15.  RE: SEP 11.0.7000.975 installation rolls back
    Best Answer

    Posted Dec 03, 2012 04:14 AM

    For the record...

    MSXML 4 and 6 was installed on the machine. Both installation got corrupted. I could not even remove them from the control panel Add/Remove Programs as I received an errror message during the removal: 'Fatal Error during installation.'

    The only way I could get rid of them was using Windows Installer Cleanup Utility. After installing them again the SEP installation was working properly.

    Thank you all for the help anyway.