Endpoint Protection

 View Only
Expand all | Collapse all

Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

  • 1.  Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Sep 27, 2010 10:26 AM

    We upgraded client machines from 10.1.5000 to 11.0.4 without any problems (10.1.5000 was not uninstalled and deployment was done by GPO). GPO is configured to 'Upgrade'.

    Upgrading to 11.0.6 resulted in a 20% failure rate.

    (On machines that are new builds or have 11.0.4 only, 11.0.6 installs without any problems.)

    In the Application log the main error is

    Event Type:    Error
    Event Source:    MsiInstaller
    Event Category:    None
    Event ID:    11714
    Date:        22/09/2010
    Time:        17:22:02
    User:        NT AUTHORITY\SYSTEM
    Computer:    SC4290
    Description:
    Product: Symantec Endpoint Protection -- Error 1714.The older version of Symantec Endpoint Protection cannot be removed.  Contact your technical support group.  System Error 1612.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 7b 37 42 33 42 34 43 45   {7B3B4CE
    0008: 35 2d 33 30 30 43 2d 34   5-300C-4
    0010: 44 46 43 2d 38 43 44 31   DFC-8CD1
    0018: 2d 44 39 43 30 45 30 37   -D9C0E07
    0020: 30 31 35 44 31 7d         015D1}  
     

    Uninstalling 11.0.4 does not solve the problem, it is necessary to uninstall 10.1.5000 using MSI Cleanup, which only removes the record from the MSI database (trying to remove 10.1.5000 from appwiz fails).

    A support case was opened with support (412-825-068) but they were not able to resolve the issue.

    The workaround is to use Cleanwipe on the affected machines, reboot and allow the GPO to install 11.0.6.

    Scripting cleanwipe is 'so-so'. To complete the last part of the process requires the machine to be logged into which results in one more reboot, ie. I can run the script remotely but then need to login to each machine to allow it to finish.

    This is not ideal and I was wondering if anyone had any good suggestions/solutions.

    Using the Migration and Deployment Wizard is not an option for us.

    I do not understand why there is this issue with 11.0.6 when 11.0.4 installed without any problems.



  • 2.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Sep 27, 2010 10:37 AM

    what is the complete version of SEP you are trying to install

    11.0.6100 ?



  • 3.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Sep 27, 2010 12:04 PM

    If you are upgrading to 11.0.6100.645, then you need to upgrade to 11.0.6000.550 first.

     

    Symantec Endpoint Protection RU6 MP1 (11.0.6100) provides fixes since the release of RU6 and RU6a. This maintenance patch cannot be installed over any versions of Symantec Endpoint Protection or Symantec Endpoint Protection Manager prior to RU6. It must be installed over RU6 or RU6a.

     

    http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US



  • 4.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Sep 27, 2010 12:17 PM

    To be honest, I don't think there could be any explanation as to why the older version do not get removed...just for the sake of testing, you could see what  happens if you push through migration and deployment wizard? Does that also need a reboot..?



  • 5.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Sep 28, 2010 02:51 AM

    Can you try with auto upgrade feature of SEP?

    Upgrading clients by using AutoUpgrade



  • 6.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Sep 28, 2010 05:25 AM

    I think you need to un-install the old SAV manually with NONAV/cleanwipe symantec tools and then try to push from the SEPM

    Or

     

    Manual uninstallation documents for Symantec Antivirus Client  products

    http://www.symantec.com/business/support/index?page=content&id=TECH99631&locale=en_US



  • 7.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 04, 2010 07:55 AM

    I am trying to upgrade to 11.0.6.550

    AutoUpgrade - We've considered this but it is not appropriate for our environment which is why we use GPO/FRS.

    I tried to push it via the Migration and Deployment Wizard and it installs 11.0.6.550 on the affected machines. However, once they reboot then SEP tries to install via GPO (which is fine, I don't mind a 'double-install' as long as it works). Unfortunately this breaks the SEP installation and in the Application log there are errors like:

    Event Type:    Warning
    Event Source:    MsiInstaller
    Event Category:    None
    Event ID:    1001
    Date:        28/09/2010
    Time:        14:43:37
    User:        domain\username
    Computer:    machinename
    Description:
    Detection of product '{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}', feature 'Rtvscan' failed during request for component '{E5A0A45A-2BE2-4B88-8228-E34EA9F30B5E}'

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    Event Type:    Warning
    Event Source:    MsiInstaller
    Event Category:    None
    Event ID:    1004
    Date:        28/09/2010
    Time:        14:43:33
    User:        domain\username
    Computer:    machinename
    Description:
    Detection of product '{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}', feature 'SAVMain', component '{8B596521-3FF3-47FE-A58E-4DE2141D3E86}' failed.  The resource 'C:\Program Files\Common Files\Symantec Shared\sevinst.exe' does not exist.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
     

    So far, the only solution is to use CleanWipe which isn't great when you have about a 100 machines to do.
     



  • 8.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 04, 2010 08:34 AM

    <<The resource 'C:\Program Files\Common Files\Symantec Shared\sevinst.exe' does not exist>>---Can you copy this file manually in one or two affected PCs and try....



  • 9.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 04, 2010 11:27 AM

    Hi all,

    This thread is now included in the Security Solutions Contest!  Simply solve this thread, or any thread included in the contest, and you could be crowned "King for a Week" and earn a weekly prize.  Read more here: https://www-secure.symantec.com/connect/blogs/security-solutions-contest-be-king-week

    Best,

    Eric



  • 10.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 04, 2010 04:30 PM

    AutoUpgrade - We've considered this but it is not appropriate for our environment which is why we use GPO/FRS.

    * * * * * *

    This would suggest that have installed SEP 11.0.5 and SEP 11.0.4 via GPO as well?

    And now you want to install 11.0.6 through GPO.

    Have you tried placing the 3 install packages on the deployment server?

    In the order of: 11.0.4 - 11.0.5 and 11.0.6

    In your GPO assign the packages and force an update of the GPO.

    Clients should regiter the installation request.

    You can than "force the immediate removal" of 11.0.4 and 11.0.5.

    Keeping the assigned package of 11.0.6... 

    * * * * * * *

    Alternatively, using:

    MSIEXEC /x {product ID} /qn for 11.0.4

    MSIEXEC /x {product ID} /qn for 11.0.5

    * * * * * * * * * *

    To find the PRODUCT ID:

    REGEDIT: HKLM\Software\Microsoft\Windows\Current Version\Unistall

    Search for : "Symantec" or "End Point" and note down the Product ID or copy it straight from the registry key itself and use it for unsinstallation.

    This can be done using remote registry as well.



  • 11.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 05, 2010 12:29 AM

    One question .

    What you mean by 11.0.6.550?

    Is it 11.0.61xx or 11.0.60xx?

    If it is 11.0.61xx you are not suppose to upgrade directly from 11.0.4xxx or 11.0.5xxx .First you have to upgrade to 11.0.60xx .Then you have to upgrade to 11.0.61xx.



  • 12.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 05, 2010 01:52 AM

    please try to repair a SAV first, then try to install a SEP

    i think that it does not matter what a version of SEP do you use



  • 13.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 05, 2010 03:39 AM

    But the upgrade path is important.You cannot directly upgrade to RU6 MP1(11.0.61xx) from older versions other than RU6/RU6a (11.0.60xx) as per symantec docs.This path is not supported and can cause broken installations.....



  • 14.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 06, 2010 10:39 PM

    Hi,

     

    You mentioned that the failure rate is 20%.

    May be you can investigate the exact difference between the machines to figure out what changes are there and that can give a clue to the root cause of the issue.

     

    Aniket



  • 15.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 08, 2010 06:20 AM

    Sorry for the lack of clarity on the exact version.

    We are trying to go to 11.0.6000.550

    - Copying the sevinst.exe to a machine that is 'missing' it doesn't really help since it starts asking for additional files afterwards (quite a lot since the installation process seems to stop).

    - All our SEP installs are via GPO. We did not deploy 11.0.5.

    - Configuring the GPO to uninstall previous versions failed.

    - Repairing SAV or attempting to uninstall it does not solve the problem. It would also require a login to each machine and if I'm going to do that I might as well run Cleanwipe instead. The version of SEP that you install is important, as AravindKM mentioned.

    - The root cause seems to be the old installation of SAV. New builds or ones with 11.0.4 don't suffer from this problem. But again, we were able to upgrade to 11.0.4 without any issues so why is 11.0.6 being difficult? (Support were not able to answer this question, nor did they seem particularly interested.)

    - So far my 'fix' has been to:

    1. Run CleanWipe against a machine remotely.

    2. Login to the machine to allow CleanWipe to complete the last steps.

    3. Check the registry for the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{e8a8cee1-a54f-441d-a45e-5f3c6d2f7869}

    If this doesn't exist, reboot the machine and allow 11.0.6000.550 to install via GPO.

    If it exists, then delete the key, run 'gpupdate /force' and reboot the machine. 11.0.6000.550 will then install via GPO.

     

     



  • 16.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 08, 2010 07:09 AM

    Follow this document while creating the package; the assign it via GPO, lets see if it works.

     

    How to create a client install setting to remove previous logs, policies and reset the client-server communication settings

    http://www.symantec.com/business/support/index?page=content&id=TECH93617&locale=en_US



  • 17.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 08, 2010 07:53 AM

    From the document

    "Policies or communications settings from prior client installs are possibly causing communication issues with SEPM"

    This is not relevant to the problem. This is an upgrade issue, not a communication one. (The currently installed 11.0.4 is working without any problems for starters.)



  • 18.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 08, 2010 08:25 AM

    Yes,but if this remove logs and various things ; sure to be a clean uninstall of other version.

    thats why wanted to create new package with these settings; will see if that installs sucessfully.. 

     



  • 19.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 08, 2010 08:34 AM

    <<- Configuring the GPO to uninstall previous versions failed.>>>--You mean 11.0.4 or SAV

    Whether  you had set any un installation passwords?If yes remove it prior to remove /upgrade...

    What is the OS of affected clients?Is it vista?



  • 20.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 08, 2010 06:28 PM

    Could you please attach the install log from one of the failing installations? the file path should be %temp%\sep_inst.log



  • 21.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 11, 2010 09:24 AM

    Could you please search the computer for the file sep_inst.log ?

    If you cannot find it, you may export a new packet which is set to log the installation. And try this package on the computer separately. Then send the logs to us so that we might help...



  • 22.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 11, 2010 09:31 AM

    Not found.

    The setup.ini already contains

    CmdLine=/qn /l*v "%TEMP%\SEP_INST.LOG" REBOOT=ReallySuppress IDCENABLE=0



  • 23.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 11, 2010 09:33 AM

    No uninstallation passwords.

    XP/SP3 clients.

    sep_inst.log does not appear to be generated.

    Since this is installed by Group Policy I would expect to find it here:

    c:\WINDOWS\system32\config\systemprofile\Local Settings\Temp

    or

    c:\WINDOWS\Temp

    but it is not and not anywhere else on the client.



  • 24.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed



  • 25.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed



  • 26.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

    Posted Oct 16, 2010 12:10 PM

    have you tried a manual unsinstall from the install package directly?

    If you have installed form a GPO, than you must have an MSI package.

    You can place your existing 11.04 MSI package on the network and use:

    MSIEXEC /X [path to msi]\[MSI PACKAGE]

    This shold uninstall the package that is already on the system.



  • 27.  RE: Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed
    Best Answer

    Posted Oct 26, 2010 09:10 AM

    You can use Group Policy to reinstall applications simply by deleting the appropriate registry key and running 'gpupdate /force' on the target machine.

    The links you provided are the ones I used to create the MST in the first place.

    Manual uninstall does not work (I believe I mentioned this earlier in the thread). Either way, the issue is with the SAV being on the target machine not with 11.0.4.

    The only workaround so far is the one that I posted earlier

     

    - So far my 'fix' has been to:

    1. Run CleanWipe against a machine remotely.

    2. Login to the machine to allow CleanWipe to complete the last steps.

    3. Check the registry for the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{e8a8cee1-a54f-441d-a45e-5f3c6d2f7869}

    If this doesn't exist, reboot the machine and allow 11.0.6000.550 to install via GPO.

    If it exists, then delete the key, run 'gpupdate /force' and reboot the machine. 11.0.6000.550 will then install via GPO.

    So I think I will mark this as a solution (it's gone on long enough anyway).