SEP 11.4202.75 Client Re-Install Issues
About two weeks ago, I had to perform a full rebuild of a SEPM 11.4202.75 server. Luckily I was able to restore the DB and the key stores files from the previous install. Following the rebuild, I was able to sucessfully push out 300+ client package installs with the overwrite settings option using the Migration utility. The was successfull on all of my clients with the exception of one member server.
I decided to do a manual uninstall of the client and liveupdate on the server and reboot. Upon completion of the reboot, I ran the CLEANWIPE utility as I have on many occassions in the past. Following the reboots from using CleanWipe, I attempted a manual install of the exported install package on a local console session of the server. The install would appear to run smoothly (based on the progress bar) and would then begin a rollback near the end. The Event Viewer showed where the MSI Installer service starts, followed by the installation of LiveUpdate, then a LiveUpdate "entered running state" event, followed shortly by a LiveUpdate "entered stop state event". Then there are approximately thirty Event ID's 7000 and 7009 where LiveUpdate "didn't start in a timely fashion".
I've been in contact with a Symantec technician who went through all the same troubleshooting information that I was able to find on the Knowledge Base as well as the forums but nothing I do is having changing the nature of this install failure. I've used their troubleshooting tool and sent all of the SEPM_Inst logs to them but they still do not seem to have any clue on what is causing this issue. I should point out that my local install attempts have included a packaged as well as a non-packaged install and have also attempted the install of a non-managed client directly from a SEP CD. In each case I have also tried a local admin as well as a domain admin account when running the packages. I've gone through the manual client uninstall procedure as well to insure that everything in the registry as well as file system are devoid of anything resembling Symantec.
I can install LiveUpdate from the SEP 11 CD successfully and I can start the service. However, when I attempt to stop the service, I get a pop-up stating "Could not stop the LiveUpdate service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, contact your system administrator." . I then click OK and see that the service is still STARTED. I attempt to stop the service a second time, and I get a very slow progress bar where it's attempting to stop the service followed by another pop-up a few minutes later with an Error 1053: The service did not respond to the start or control request in a timely manner". I have tried setting the logon for the service to use an administrative account instead of the System account but the problem is the same.
I have discussed these issues with Symantec support and have Googled every conceivable thing I can think of but nothing seems to be working.
Has anyone run into a brick wall on this issue as I have?
Comments
Hi
Can you post the SEP_INST.log file found under temp directory..
open the file ,look for return value 3 , paste 15 lines above and below of this error message,
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
MSI (s) (B8:78)
MSI (s) (B8:78) [15:39:04:843]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI7F.tmp, Entrypoint: RegWithLiveUpdate
LUCA: RegWithLiveUpdate
LUCA(1157): CustomActionData=Add SESC Virus Definitions Win32 v11 MicroDefsB.CurDefs SymAllLanguages Antivirus and antispyware definitions {C60DC234-65F9-4674-94AE-62158EFCA433} {855BA5F4-6588-4F09-AE61-847E59D08CB0} 3 {DA47E166-7F7A-4039-9768-7AFFB5E99CE8}
Add SESC Virus Definitions Win32 v11 Hub SymAllLanguages Antivirus and antispyware definitions {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B} 0 {DA47E166-7F7A-4039-9768-7AFFB5E99CE8}
Add SESC Submission Control Data 11.0 SymAllLanguages Submission Control signatures {4F889C4A-784D-40de-8539-6A29BAA43139} 0
Add SESC IPS Signatures Win32 11.0 SymAllLanguages Intrusion Prevention signatures {D3769926-05B7-4ad1-9DCF-23051EEE78E3} {855BA5F4-6588-4F09-AE61-847E59D08CB0} 3
Add SESC AntiVirus Client Win32 11.0 English Symantec Endpoint Protection client {678BF7F9-F8E9-468b-B890-F55E159CAA3C} 0
LUCA: HandleLiveUpdateAction
LUCA(874): HandleLiveUpdateAction: Action="Add" Product="SESC Virus Definitions Win32 v11" Version="MicroDefsB.CurDefs" Lang="SymAllLanguages" Description="Antivirus and antispyware definitions" GUID="{C60DC234-65F9-4674-94AE-62158EFCA433}" CallbackCLSID="{855BA5F4-6588-4F09-AE61-847E59D08CB0}" CallbackFlags="3" Group="{DA47E166-7F7A-4039-9768-7AFFB5E99CE8}"
LUCA(1020): Exception calling IluProductReg RegisterProduct
LUCA: HandleLiveUpdateAction: COM Exception:
LUCA: Class not registered
LUCA: Call to HandleLiveUpdateAction FAILED.
Action ended 15:39:04: InstallFinalize. Return value 3.
MSI (s) (B8:A0) [15:39:04:968]: User policy value 'DisableRollback' is 0
MSI (s) (B8:A0) [15:39:04:968]: Machine policy value 'DisableRollback' is 0
MSI (s) (B8:A0) [15:39:05:046]: Executing op: Header(Signature=1397708873,Version=405,Timestamp=996506810,LangId=1033,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
MSI (s) (B8:A0) [15:39:05:046]: Executing op: DialogInfo(Type=0,Argument=1033)
MSI (s) (B8:A0) [15:39:05:046]: Executing op: DialogInfo(Type=1,Argument=Symantec Endpoint Protection)
MSI (s) (B8:A0) [15:39:05:046]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
Action 15:39:05: Rollback. Rolling back action:
Rollback: Updating registration with LiveUpdate
MSI (s) (B8:A0) [15:39:05:046]: Executing op: ActionStart(Name=RegWithLiveUpdate.FF07F38E_78C2_412E_B858_64488E808644,Description=Updating registration with LiveUpdate,)
MSI (s) (B8:A0) [15:39:05:046]: Executing op: ProductInfo(ProductKey={D689B418-235A-4290-A0A5-A75E490E0351},ProductName=Symantec Endpoint Protection,PackageName=Symantec AntiVirus.msi,Language=1033,Version=184553578,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={8E81776A-E189-42D6-ADB7-7DC8AA55E09F},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
Rollback: RegWithLiveUpdate_RB.FF07F38E_78C2_412E_B858_64488E808644
MSI (s) (B8:A0) [15:39:05:046]: Executing op: ActionStart(Name=RegWithLiveUpdate_RB.FF07F38E_78C2_412E_B858_64488E808644,,)
MSI (s) (B8:A0) [15:39:05:046]: Executing op: CustomActionRollback(Action=RegWithLiveUpdate_RB.FF07F38E_78C2_412E_B858_64488E808644,ActionType=1345,Source=BinaryData,Target=RegWithLiveUpdate_RB,CustomActionData=Remove SESC Virus Definitions Win32 v11 MicroDefsB.CurDefs SymAllLanguages Antivirus and antispyware definitions {C60DC234-65F9-4674-94AE-62158EFCA433} {855BA5F4-6588-4F09-AE61-847E59D08CB0} 3 {DA47E166-7F7A-4039-9768-7AFFB5E99CE8}
Remove SESC Virus Definitions Win32 v11 Hub SymAllLanguages Antivirus and antispyware definitions {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B} 0 {DA47E166-7F7A-4039-9768-7AFFB5E99CE8}
Remove SESC Submission Control Data 11.0 SymAllLanguages Submission Control signatures {4F889C4A-784D-40de-8539-6A29BAA43139} 0
Remove SESC IPS Signatures Win32 11.0 SymAllLanguages Intrusion Prevention signatures {D3769926-05B7-4ad1-9DCF-23051EEE78E3} {855BA5F4-6588-4F09-AE61-847E59D08CB0} 3
Remove SESC AntiVirus Client Win32 11.0 English Symantec Endpoint Protection client {678BF7F9-F8E9-468b-B890-F55E159CAA3C} 0
)
MSI (s) (B8:A4) [15:39:05:078]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI80.tmp, Entrypoint: RegWithLiveUpdate_RB
LUCA: RegWithLiveUpdate_RB
LUCA: RegWithLiveUpdate
LUCA(1157): CustomActionData=Remove SESC Virus Definitions Win32 v11 MicroDefsB.CurDefs SymAllLanguages Antivirus and antispyware definitions {C60DC234-65F9-4674-94AE-62158EFCA433} {855BA5F4-6588-4F09-AE61-847E59D08CB0} 3 {DA47E166-7F7A-4039-9768-7AFFB5E99CE8}
Remove SESC Virus Definitions Win32 v11 Hub SymAllLanguages Antivirus and antispyware definitions {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B} 0 {DA47E166-7F7A-4039-9768-7AFFB5E99CE8}
Remove SESC Submission Control Data 11.0 SymAllLanguages Submission Control signatures {4F889C4A-784D-40de-8539-6A29BAA43139} 0
Remove SESC IPS Signatures Win32 11.0 SymAllLanguages Intrusion Prevention signatures {D3769926-05B7-4ad1-9DCF-23051EEE78E3} {855BA5F4-6588-4F09-AE61-847E59D08CB0} 3
Remove SESC AntiVirus Client Win32 11.0 English Symantec Endpoint Protection client {678BF7F9-F8E9-468b-B890-F55E159CAA3C} 0
LUCA: HandleLiveUpdateAction
LUCA(874): HandleLiveUpdateAction: Action="Remove" Product="SESC Virus Definitions Win32 v11" Version="MicroDefsB.CurDefs" Lang="SymAllLanguages" Description="Antivirus and antispyware definitions" GUID="{C60DC234-65F9-4674-94AE-62158EFCA433}" CallbackCLSID="{855BA5F4-6588-4F09-AE61-847E59D08CB0}" CallbackFlags="3" Group="{DA47E166-7F7A-4039-9768-7AFFB5E99CE8}"
LUCA(1080): Exception calling IluProductReg DeleteProduct (LiveUpdate uninstalled?)
LUCA: HandleLiveUpdateAction: COM Exception:
LUCA: Class not registered
LUCA: HandleLiveUpdateAction
LUCA(874): HandleLiveUpdateAction: Action="Remove" Product="SESC Virus Definitions Win32 v11" Version="Hub" Lang="SymAllLanguages" Description="Antivirus and antispyware definitions" GUID="{B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}" CallbackCLSID="" CallbackFlags="0" Group="{DA47E166-7F7A-4039-9768-7AFFB5E99CE8}"
LUCA(1080): Exception calling IluProductReg DeleteProduct (LiveUpdate uninstalled?)
LUCA: HandleLiveUpdateAction: COM Exception:
LUCA: Unknown error 0x802A0014
LUCA: HandleLiveUpdateAction
LUCA(874): HandleLiveUpdateAction: Action="Remove" Product="SESC Submission Control Data" Version="11.0" Lang="SymAllLanguages" Description="Submission Control signatures" GUID="{4F889C4A-784D-40de-8539-6A29BAA43139}" CallbackCLSID="" CallbackFlags="0" Group=""
LUCA(1080): Exception calling IluProductReg DeleteProduct (LiveUpdate uninstalled?)
LUCA: HandleLiveUpdateAction: COM Exception:
LUCA: Unknown error 0x802A0014
LUCA: HandleLiveUpdateAction
LUCA(874): HandleLiveUpdateAction: Action="Remove" Product="SESC IPS Signatures Win32" Version="11.0" Lang="SymAllLanguages" Description="Intrusion Prevention signatures" GUID="{D3769926-05B7-4ad1-9DCF-23051EEE78E3}" CallbackCLSID="{855BA5F4-6588-4F09-AE61-847E59D08CB0}" CallbackFlags="3" Group=""
LUCA(1080): Exception calling IluProductReg DeleteProduct (LiveUpdate uninstalled?)
LUCA: HandleLiveUpdateAction: COM Exception:
LUCA: Unknown error 0x802A0014
LUCA: HandleLiveUpdateAction
LUCA(874): HandleLiveUpdateAction: Action="Remove" Product="SESC AntiVirus Client Win32" Version="11.0" Lang="English" Description="Symantec Endpoint Protection client" GUID="{678BF7F9-F8E9-468b-B890-F55E159CAA3C}" CallbackCLSID="" CallbackFlags="0" Group=""
LUCA(1080): Exception calling IluProductReg DeleteProduct (LiveUpdate uninstalled?)
LUCA: HandleLiveUpdateAction: COM Exception:
LUCA: Unknown error 0x802A0014
LUCA: RemoveLiveUpdateGroups
LUCA(819): RemoveLiveUpdateGroups: Removing group="{DA47E166-7F7A-4039-9768-7AFFB5E99CE8}"
LUCA(834): Exception calling IluProductReg DeleteGroup
LUCA: RemoveLiveUpdateGroups: COM Exception:
LUCA: Unknown error 0x802A0014
LUCA: Call to RemoveLiveUpdateGroups FAILED.
Try this
Troubleshooting Symantec AntiVirus Corporate Edition and Symantec Endpoint Protection installations: Checking rights and permissions
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Check this also
The installation of Symantec Endpoint Protection (SEP) client fails and rolls back around the point of registering with LiveUpdate
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
The document provided by
The document provided by AravindKM above should be able to help you with this issue. In the logs, there is an error 0x802A0014, and the KB above has that error mentioned as one of the symptoms.
Let us know the results.
Aniket
I found the same KB article
I found the same KB article by searching the support site over a week ago. The setting was changed to the advised value and the server was rebooted following that. Several CleanWipes and Install attempts later, the issue remains.
Does anyone know of any Local
Does anyone know of any Local Security Policy settings that can screw around specifically with an SEP install? We've done a fair amount of applying STIG's via Group Policy and some registry changes to achive a moderate amount of OS hardening. However, these sames STIG's and GPO's are applied on many other servers that have had a successfull SEP client re-install. Could the fact that this server is a domain controller have any bearing on the issue?
In Group policy go to
In Group policy go to Computer configuration-->Windows settings--->security settings--->Local policies---->user right assignment Ensure that under both Adjust memory quotas for a process and Replace a process level token network service is present
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Would you like to reply?
Login or Register to post your comment.