Video Screencast Help

Upgrade from 11.0.4 to 11.0.6 - Older version cannot be removed

Created: 27 Sep 2010 • Updated: 26 Oct 2010 | 26 comments
This issue has been solved. See solution.

We upgraded client machines from 10.1.5000 to 11.0.4 without any problems (10.1.5000 was not uninstalled and deployment was done by GPO). GPO is configured to 'Upgrade'.

Upgrading to 11.0.6 resulted in a 20% failure rate.

(On machines that are new builds or have 11.0.4 only, 11.0.6 installs without any problems.)

In the Application log the main error is

Event Type:    Error
Event Source:    MsiInstaller
Event Category:    None
Event ID:    11714
Date:        22/09/2010
Time:        17:22:02
User:        NT AUTHORITY\SYSTEM
Computer:    SC4290
Description:
Product: Symantec Endpoint Protection -- Error 1714.The older version of Symantec Endpoint Protection cannot be removed.  Contact your technical support group.  System Error 1612.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 37 42 33 42 34 43 45   {7B3B4CE
0008: 35 2d 33 30 30 43 2d 34   5-300C-4
0010: 44 46 43 2d 38 43 44 31   DFC-8CD1
0018: 2d 44 39 43 30 45 30 37   -D9C0E07
0020: 30 31 35 44 31 7d         015D1}  
 

Uninstalling 11.0.4 does not solve the problem, it is necessary to uninstall 10.1.5000 using MSI Cleanup, which only removes the record from the MSI database (trying to remove 10.1.5000 from appwiz fails).

A support case was opened with support (412-825-068) but they were not able to resolve the issue.

The workaround is to use Cleanwipe on the affected machines, reboot and allow the GPO to install 11.0.6.

Scripting cleanwipe is 'so-so'. To complete the last part of the process requires the machine to be logged into which results in one more reboot, ie. I can run the script remotely but then need to login to each machine to allow it to finish.

This is not ideal and I was wondering if anyone had any good suggestions/solutions.

Using the Migration and Deployment Wizard is not an option for us.

I do not understand why there is this issue with 11.0.6 when 11.0.4 installed without any problems.

Comments 26 CommentsJump to latest comment

Rafeeq's picture

what is the complete version of SEP you are trying to install

11.0.6100 ?

Thomas K's picture

If you are upgrading to 11.0.6100.645, then you need to upgrade to 11.0.6000.550 first.

 

Symantec Endpoint Protection RU6 MP1 (11.0.6100) provides fixes since the release of RU6 and RU6a. This maintenance patch cannot be installed over any versions of Symantec Endpoint Protection or Symantec Endpoint Protection Manager prior to RU6. It must be installed over RU6 or RU6a.

 

http://www.symantec.com/business/support/index?pag...

VKalani's picture

To be honest, I don't think there could be any explanation as to why the older version do not get removed...just for the sake of testing, you could see what  happens if you push through migration and deployment wizard? Does that also need a reboot..?

-VKalani

AravindKM's picture

Can you try with auto upgrade feature of SEP?

Upgrading clients by using AutoUpgrade

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Mahesh Roja's picture

I think you need to un-install the old SAV manually with NONAV/cleanwipe symantec tools and then try to push from the SEPM

Or

 

Manual uninstallation documents for Symantec Antivirus Client  products

http://www.symantec.com/business/support/index?page=content&id=TECH99631&locale=en_US

If this Info helps to resolve the issue please Mark as Solution

Thanks

Mark786's picture

I am trying to upgrade to 11.0.6.550

AutoUpgrade - We've considered this but it is not appropriate for our environment which is why we use GPO/FRS.

I tried to push it via the Migration and Deployment Wizard and it installs 11.0.6.550 on the affected machines. However, once they reboot then SEP tries to install via GPO (which is fine, I don't mind a 'double-install' as long as it works). Unfortunately this breaks the SEP installation and in the Application log there are errors like:

Event Type:    Warning
Event Source:    MsiInstaller
Event Category:    None
Event ID:    1001
Date:        28/09/2010
Time:        14:43:37
User:        domain\username
Computer:    machinename
Description:
Detection of product '{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}', feature 'Rtvscan' failed during request for component '{E5A0A45A-2BE2-4B88-8228-E34EA9F30B5E}'

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

Event Type:    Warning
Event Source:    MsiInstaller
Event Category:    None
Event ID:    1004
Date:        28/09/2010
Time:        14:43:33
User:        domain\username
Computer:    machinename
Description:
Detection of product '{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}', feature 'SAVMain', component '{8B596521-3FF3-47FE-A58E-4DE2141D3E86}' failed.  The resource 'C:\Program Files\Common Files\Symantec Shared\sevinst.exe' does not exist.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 

So far, the only solution is to use CleanWipe which isn't great when you have about a 100 machines to do.
 

AravindKM's picture

<<The resource 'C:\Program Files\Common Files\Symantec Shared\sevinst.exe' does not exist>>---Can you copy this file manually in one or two affected PCs and try....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Hear4U's picture

Hi all,

This thread is now included in the Security Solutions Contest!  Simply solve this thread, or any thread included in the contest, and you could be crowned "King for a Week" and earn a weekly prize.  Read more here: https://www-secure.symantec.com/connect/blogs/security-solutions-contest-be-king-week

Best,

Eric

check out the community at www.infoblox.com/community

Jason1222's picture

AutoUpgrade - We've considered this but it is not appropriate for our environment which is why we use GPO/FRS.

* * * * * *

This would suggest that have installed SEP 11.0.5 and SEP 11.0.4 via GPO as well?

And now you want to install 11.0.6 through GPO.

Have you tried placing the 3 install packages on the deployment server?

In the order of: 11.0.4 - 11.0.5 and 11.0.6

In your GPO assign the packages and force an update of the GPO.

Clients should regiter the installation request.

You can than "force the immediate removal" of 11.0.4 and 11.0.5.

Keeping the assigned package of 11.0.6... 

* * * * * * *

Alternatively, using:

MSIEXEC /x {product ID} /qn for 11.0.4

MSIEXEC /x {product ID} /qn for 11.0.5

* * * * * * * * * *

To find the PRODUCT ID:

REGEDIT: HKLM\Software\Microsoft\Windows\Current Version\Unistall

Search for : "Symantec" or "End Point" and note down the Product ID or copy it straight from the registry key itself and use it for unsinstallation.

This can be done using remote registry as well.

AravindKM's picture

One question .

What you mean by 11.0.6.550?

Is it 11.0.61xx or 11.0.60xx?

If it is 11.0.61xx you are not suppose to upgrade directly from 11.0.4xxx or 11.0.5xxx .First you have to upgrade to 11.0.60xx .Then you have to upgrade to 11.0.61xx.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Viachaslau Kabak's picture

please try to repair a SAV first, then try to install a SEP

i think that it does not matter what a version of SEP do you use

AravindKM's picture

But the upgrade path is important.You cannot directly upgrade to RU6 MP1(11.0.61xx) from older versions other than RU6/RU6a (11.0.60xx) as per symantec docs.This path is not supported and can cause broken installations.....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Aniket Amdekar's picture

Hi,

 

You mentioned that the failure rate is 20%.

May be you can investigate the exact difference between the machines to figure out what changes are there and that can give a clue to the root cause of the issue.

 

Aniket

Mark786's picture

Sorry for the lack of clarity on the exact version.

We are trying to go to 11.0.6000.550

- Copying the sevinst.exe to a machine that is 'missing' it doesn't really help since it starts asking for additional files afterwards (quite a lot since the installation process seems to stop).

- All our SEP installs are via GPO. We did not deploy 11.0.5.

- Configuring the GPO to uninstall previous versions failed.

- Repairing SAV or attempting to uninstall it does not solve the problem. It would also require a login to each machine and if I'm going to do that I might as well run Cleanwipe instead. The version of SEP that you install is important, as AravindKM mentioned.

- The root cause seems to be the old installation of SAV. New builds or ones with 11.0.4 don't suffer from this problem. But again, we were able to upgrade to 11.0.4 without any issues so why is 11.0.6 being difficult? (Support were not able to answer this question, nor did they seem particularly interested.)

- So far my 'fix' has been to:

1. Run CleanWipe against a machine remotely.

2. Login to the machine to allow CleanWipe to complete the last steps.

3. Check the registry for the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{e8a8cee1-a54f-441d-a45e-5f3c6d2f7869}

If this doesn't exist, reboot the machine and allow 11.0.6000.550 to install via GPO.

If it exists, then delete the key, run 'gpupdate /force' and reboot the machine. 11.0.6000.550 will then install via GPO.

 

 

Rafeeq's picture

Follow this document while creating the package; the assign it via GPO, lets see if it works.

 

How to create a client install setting to remove previous logs, policies and reset the client-server communication settings

http://www.symantec.com/business/support/index?page=content&id=TECH93617&locale=en_US

Mark786's picture

From the document

"Policies or communications settings from prior client installs are possibly causing communication issues with SEPM"

This is not relevant to the problem. This is an upgrade issue, not a communication one. (The currently installed 11.0.4 is working without any problems for starters.)

Rafeeq's picture

Yes,but if this remove logs and various things ; sure to be a clean uninstall of other version.

thats why wanted to create new package with these settings; will see if that installs sucessfully.. 

 

AravindKM's picture

<<- Configuring the GPO to uninstall previous versions failed.>>>--You mean 11.0.4 or SAV

Whether  you had set any un installation passwords?If yes remove it prior to remove /upgrade...

What is the OS of affected clients?Is it vista?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Bekir's picture

Could you please attach the install log from one of the failing installations? the file path should be %temp%\sep_inst.log

Best regards,
Bekir Burak Durmaz

Mark786's picture

No uninstallation passwords.

XP/SP3 clients.

sep_inst.log does not appear to be generated.

Since this is installed by Group Policy I would expect to find it here:

c:\WINDOWS\system32\config\systemprofile\Local Settings\Temp

or

c:\WINDOWS\Temp

but it is not and not anywhere else on the client.

Bekir's picture

Could you please search the computer for the file sep_inst.log ?

If you cannot find it, you may export a new packet which is set to log the installation. And try this package on the computer separately. Then send the logs to us so that we might help...

Best regards,
Bekir Burak Durmaz

Mark786's picture

Not found.

The setup.ini already contains

CmdLine=/qn /l*v "%TEMP%\SEP_INST.LOG" REBOOT=ReallySuppress IDCENABLE=0

AravindKM's picture

Whether this is the case?

You cannot use Group Policy to reinstall a program in Windows 2000 or Windows 2003

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Jason1222's picture

have you tried a manual unsinstall from the install package directly?

If you have installed form a GPO, than you must have an MSI package.

You can place your existing 11.04 MSI package on the network and use:

MSIEXEC /X [path to msi]\[MSI PACKAGE]

This shold uninstall the package that is already on the system.

Mark786's picture

You can use Group Policy to reinstall applications simply by deleting the appropriate registry key and running 'gpupdate /force' on the target machine.

The links you provided are the ones I used to create the MST in the first place.

Manual uninstall does not work (I believe I mentioned this earlier in the thread). Either way, the issue is with the SAV being on the target machine not with 11.0.4.

The only workaround so far is the one that I posted earlier

 

- So far my 'fix' has been to:

1. Run CleanWipe against a machine remotely.

2. Login to the machine to allow CleanWipe to complete the last steps.

3. Check the registry for the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{e8a8cee1-a54f-441d-a45e-5f3c6d2f7869}

If this doesn't exist, reboot the machine and allow 11.0.6000.550 to install via GPO.

If it exists, then delete the key, run 'gpupdate /force' and reboot the machine. 11.0.6000.550 will then install via GPO.

So I think I will mark this as a solution (it's gone on long enough anyway).

SOLUTION