Endpoint Protection Small Business Edition

 

Hello together

I have a problem on 3 different servers (1 x W2K8 SBS and 2 x W28K Standard).

My installation steps:

Variation 1 on a simple W2K8 Server (later Terminal Server):
- Standard Windows installation out of the box
- SEP Client installation (unmanaged) without any problem
- Reboot
- The following APPCRASH error message box appears (see below). You can push the OK button - the message appears immediately again.

Variation 2:
- Standard Windows installation out of the box
- SEPM installation without any problem
- SEP Client installation (managed) without any problem (I tried Push and ClientPackages method)
- Reboot
- The following APPCRASH error message box appears (see below). You can push the OK button - the message appears immediately again.

What have I done? I have installed an earlier version (11.0.4202.75) of Symantec Endpoint Protection complete on the W2K8 servers without any problem. But now I have the same problem on a W2K8 SBS server and I haven't an earlier SEP SBS version... so now we have to solve the problem!

Alle servers are fully patched, newest software versions installed and on brand new HP Proliant Hardware.

Incidentally: The Symantec Endpoint Support Tool hasn't found any problems!

Do you have any idea?

Best regards,

Daniel Birrer


Problem signature:
Problem Event Name: APPCRASH
Application Name: SmcGui.exe
Application Version: 12.0.1001.84
Application Timestamp: 4af8d5a7
Fault Module Name: kernel32.dll
Fault Module Version: 6.0.6002.18005
Fault Module Timestamp: 49e041d1
Exception Code: c06d007e
Exception Offset: 00000000000176fd
OS Version: 6.0.6002.2.2.0.305.9
Locale ID: 2055
Additional Information 1: 3149
Additional Information 2: d243f0d209381e65e9a1aacb23676488
Additional Information 3: 2f70
Additional Information 4: 6654fa771a41938d08334dcef2e68d84

Read our privacy statement:

 

http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

Hi,

PLease use the debudiag tool and attach debugger to the process smcgui.exe.

http://www.symantec.com/connect/videos/advanced-troubleshooting-debugdiag

That exe is used for the shieldicon in the system tray. You can use TestSec tool from Symantec to analyze if there are any issues with the permissions on your server.

Aniket

Greetings,

I would try the following:

-Uninstalled Endpoint on the machine
-Reboot
-Open CD1 that you downloaded/received from Symantec
-Open the SEPWin64 folder
-Open x64
-Copy vcredist_x64.exe to the machine having the issue
-Run this file on the machine
-Install Endpoint again
-See if the error occurs

If you are still getting the error, you can attach the installation log to verify it installed properly. You can find it by doing the following:

-Click Start > Run
-Type: %temp%
-Click OK
-Locate and attach SEP_INST.LOG

I would also check and verify that the machines have all critical patches from Microsoft before installed Endpoint.

Hi,

I tried all what I found on the internet - without success. So I have reinstalled the whole server from scratch  - a clean installation!
Right after the windows setup I installed the BESR 2010 and made a image of the server. Then I installed the SEPM without any problem. The SPC_INST.LOG looks as usual (no problems):
 
=== Logging stopped: 30.12.2009  09:55:37 ===
MSI (c) (30:F0) [09:55:37:645]: Note: 1: 1707
MSI (c) (30:F0) [09:55:37:645]: Product: Symantec Protection Center -- Installation operation completed successfully.
MSI (c) (30:F0) [09:55:37:645]: Windows Installer installed the product. Product Name: Symantec Protection Center. Product Version: 12.0.1001.95. Product Language: 1033. Installation success or error status: 0.
MSI (c) (30:F0) [09:55:37:645]: Grabbed execution mutex.
MSI (c) (30:F0) [09:55:37:645]: Cleaning up uninstalled install packages, if any exist
MSI (c) (30:F0) [09:55:37:645]: MainEngineThread is returning 0
=== Verbose logging stopped: 30.12.2009  09:55:37 ===

...then I was starting the client installation (push) and I was ending up in the same problem as usual (smcgui has stopped... again and again and again).

What I found is a strange behavour in the registry. I can't access the following keys (access denied):

- HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client
- HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps
- HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection

I tried the installation and to access the keys as administrator (the account who was build while the windows setup) and as real administrator (who is disabled by default).
I tried to take the ownership of this keys, but I cannot take ownership of all keys (some are protected!???).

I think while the setup is running this keys are not accessable and that's the problem.

Fact: Nothing has changed. The same problem as before on a clean windows 2k8 SBS server.

For any hint I'm happy.

Best regards and a happy new year,

Daniel Birrer

PS: I dont have the TestSec tool.

 

Hi,

I tried also this solution, but I still ending up in the same problem.

The SEPM isn't the problem, the client installation is the problem.
If I install only the unmanged SEP client, I have the same problem.

Right now I deleted the SEP_INST.LOG and run the client setup again.
I found something! Here a part of the SEP_INST.LOG.

MSI (s) (60:94) [15:10:02:129]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE32\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans\Default FullScan Options 3: 2
MSI (s) (60:94) [15:10:02:129]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE32\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans\Default CustomScan Options 3: 2
MSI (s) (60:94) [15:10:02:129]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE32\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans\Defwatch QuickScan Options 3: 2
MSI (s) (60:94) [15:10:02:129]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE32\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\ProductControl 3: 2
MSI (s) (60:94) [15:10:02:132]: Disallowing installation of component: {EC90B503-35C8-412A-BD85-88F7262F5563} since the same component with higher versioned keyfile exists
MSI (s) (60:94) [15:10:02:133]: Disallowing installation of component: {FFEA2FF0-EE54-4A0A-A8B4-331C79B30649} since the same component with higher versioned keyfile exists
MSI (s) (60:94) [15:10:02:136]: skipping installation of assembly component: {BDF6E439-056A-10D7-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:137]: skipping installation of assembly component: {608113E0-F3B6-C6EE-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:137]: skipping installation of assembly component: {68B7C6D9-1DF2-54C1-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:138]: skipping installation of assembly component: {543B9DD3-E71B-0D13-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:139]: skipping installation of assembly component: {9BAE13A2-E7AF-D6C3-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:139]: skipping installation of assembly component: {8731EA9C-B0D8-8F16-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:140]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\Schedule 3: 2
MSI (s) (60:94) [15:10:02:140]: skipping installation of assembly component: {63E949F6-03BC-5C40-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:141]: skipping installation of assembly component: {4F6D20F0-CCE5-1492-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:141]: skipping installation of assembly component: {98CB24AD-52FB-DB5F-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:142]: skipping installation of assembly component: {844EFBA7-1C24-93B2-A01F-C8B3B9A1E18E} since the assembly already exists
MSI (s) (60:94) [15:10:02:144]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC 3: 5
MSI (s) (60:94) [15:10:02:145]: Product: Symantec Endpoint Protection Client -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.

Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
Action ended 15:10:02: CostFinalize. Return value 3.
Action ended 15:10:02: INSTALL. Return value 3.

I think that's really a registry problem! See my first message to above. It must be happen while the symantec setup is running!

Best regards and a happy new year

Daniel Birrer

I think UAC is the culprit here.Try by disabling it.Disable windows defender also. 

Hi,

UAC wasn't the problem, but I found a "solution":

The problem are the registry keys:

- HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client
- HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps
- HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection
- HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

It's a little bit strange but...

- First, I uninstall the SEP client and SEP Center. The 4 registry keys (below) are still in the registry and you can't open it (access denied).

1. I took ownership of the main registry key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec as netadmin (my administrator user with admin rights) = an error message appears: ...not all subkeys are changed... OK
2. Then I added the users "everyone", "system", "netadmin" with full control to the main key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec.
3. Then I added the group "users" with read permissions to the main key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec.
4. Then I deleted all other users/groups and replace the permissions for all subkeys = an error message appears ...not all subkeys are changed...  OK

- the same steps I made with the 4 registry keys (above) and all subkeys (more subkeys appears right after you perform this steps)
- then I deleted all subkeys except the the 4 registry keys
- then I installed the SEP Center and the SEP client without any problem.

It's not really a solution, but it works for me. I tried this with the backups of the first w2k8 sbs installation and it works too.

In my opinion it's a bug in the installer because this 4 registry keys are generated while the setup is running.

Daniel

I am facing the similar problem here.

I installed a new Windows from scratch,  then BESR, then all Windows update available, finally the SEP.

The SEP installation finished smoothly. It prompted for reboot and I did so. But after reboot, SEP was actually not installed. It doesn't exists in the "Program Files" folder, or Windows'  "Uninstall Programs" panel. The only thing the SEP left behind was the registry keys mentioned above.

I tried to install SEP again. An error message said that it couldn't access those registry keys.
I tried to delete those registry keys in regedit.exe, it said I didn't have access right. But I am the Administrator.

I will try Daniel's workaround later, but I would really like to know the cause. e.g. a Windows bug? SEP bug? or incompatibility between SEP and BESR?





================================================ Windows version:
Windows Server 2k8 Standard Edition SP2 x64
Windows Server 2k8 Standard Edition R2 x64

SEP version:
SEP 11 x64 ( I am not quite sure about the exact version)

Backup Exec System Recovery version:
BESR 2010

OK, we found that BESR is the cause of our problem.

SEP must be installed before BESR.

If BESR was installed first, it must be completely removed, including its registry keys (manually delete them in regedit.exe).



Our SEP version: 11.0.5002.333
Our BESR version: 2010.9.0.0.35656

Hello
We have the same problem.  We do not have BESR but we do have Backup Exec for Windows Servers V12.5 Rev 2213.  Does anyone know if there is a conflict here also.  If so it sure is a nuisance and Symantec should come up with a better solution.

Thanks to ahleung - we also had problems installing SEP on a brand-new Win2008R2 server that already had BESR 2010 installed.  Followed ahleung's tip to remove programs and registry keys, then installed SEP followed by BESR.  We also had problems deleting the registry keys and needed to individually take ownership of the subkeys before we able to delete them.

SEP version: 11.0.6000.550
BESR version:  9.0.0.35656