I have a remote client that was not connecting to the sepm server. I removed the client and tried reinstalling but the silent installer was hanging and would not complete. I created a new interactive installer and copied to his system and when running that it start to write to the registry and then starrts rolling back the install. I've tried installing in multiple user accounts. I performed the cleanwipe on the system to verify that all old files are removed but it fails at the same point.

I have included the SEP_INST.LOG.

any assistance would be appreciated.

Attachment(s)

SEP_INST.txt   4.34 MB 1 version

HI,

Action ended 11:15:25: ExecuteAction. Return value 3

SEP client install rollback. SEP_inst.log show "InstallFinalize. Return Value 3"

Found this:

CustomAction ShowServiceProgress returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 11:02:45: InstallFinalize. Return value 3.

These can be tricky as there could be multiple fixes which may work

What is the OS of the affected machine? Is this an upgrade over an older version?

you can check this blog

https://www-secure.symantec.com/connect/blogs/how-troubleshoot-symantec-endpoint-protection-sep-or-symantec-endpoint-protection-manager-sepm

the original problem was that the client was updating but not showing as connected to the manager. so I tried updating the client from the manager and that did not work.

This is a windows 7 64bit client.

hello,

If sep client showing ofline in sepm console.It's fixed on sep 12.1.2 mp1

Try to replace and update the Sylink.xml of your Client. This will refresh the communication settings of your client to Manager.

Regards,

JM

the client is not installed due to an error message.

the manager was showing the client as online. the problem was the client was not showing as connected to the management point and was stating the virus definitions were out of date even thought they were current.

I do not find any of the errors listed in that tech article which turn the value 3 as an install finalize. I dont think this relates to the issue I am having.

Hello,

Upon checking the Logs, we see the following Errrors:

ScriptGen: ShowServiceProgress() script execution failed.
ScriptGen: ShowServiceProgress() reset script failure event.
ScriptGen: ShowServiceProgress() is returning an error (so close to the end!)
CustomAction ShowServiceProgress returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 11:02:45: InstallFinalize. Return value 3.
MSI (s) (94:44) [11:02:45:532]: User policy value 'DisableRollback' is 0
MSI (s) (94:44) [11:02:45:532]: Machine policy value 'DisableRollback' is 0

To check the root cause, I would require the SIS_INST.log as well... 

By that time, I would recommend you to -

1) Turn off the UAC from the client machine, restart the client machine

2) Install the unmanaged SEP client from the DVD of SEP 12.1 on the client machine.

Symantec_Endpoint_Protection_12.1.2_Part1_Installation_EN\SEP\setup.exe

Install only AV/AS feature only

OR / AND

Deploy a client install package with "Remove all previous logs and policies, and reset the client-server communications settings".

http://www.symantec.com/docs/TECH165801

and check if that is getting installed.

Secondly, check these Threads which refers to the same issue - 

https://www-secure.symantec.com/connect/forums/unable-install-sep-1212-windows-7-32-bit

https://www-secure.symantec.com/connect/forums/sep-121-client-installation-failure

https://www-secure.symantec.com/connect/forums/wizard-was-interrupted-symantec-endpoint-protection-could-be-completely-installed-1

Hope that helps!!

I also installed a package for SEP 10 clients and also back.
I've used a number of ways, and the machine has finished installing.
You can use the SAV10 NoAV.bat in full to delete the entire package to install the symantec.
Then run to Cleanwipe.exe. Reboot the workstation and install SEP proceed.
please send to my mail address to get Nova.bat Tool and Cleanwipe
Wish you success.

This looks like a phishing message. can an admin remove it?

Hi J.durlewanger

Why do you say so.
I have good intentions to help people.
And if you've never done to install SAV version 10 you do not know NoAv.bat file to delete all the symantec install.
You really unprofessional

Excuse me? You've been a member for 6 hours and all your posts say almost the exact same thing on different threads. You are very suspicious.

I cannot find this sis_inst.log. I can only find the sep_inst.log. Can you tell me where it would be located?

I attempted the other steps as well and still have not come to resolution.

You can find C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.201.3937.105\Data\Install\Logs\SIS_INST.LOG.

What logs do I need to gather in order to troubleshoot a failed SEP 12.1 client installation?

Symantec Endpoint Protection 12.1 client install rolls back, returning 1603

Symantec Endpoint Protection (SEP) Client installation fails on LUCHECK 206

I found the sis_inst.log

Attachment(s)

SIS_INST_5.txt   10.37 MB 1 version

Hi, This should fix the issue. Simillar error try this

I raised a ticket with Symantec and together we solved the problem.

The first step was to examine the file C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.XXXX\Data\Install\Logs\SIS_INST.LOG

Where identified the following event:

2013-05-13T18:59:47.741Z INFO  I SIS    Executing action ( 2485 ) - CreateRegistryValue  currentPosition: 1170366
2013-05-13T18:59:47.747Z INFO  I SIS      KEY_NAME=[SYSTEM\CurrentControlSet\services\WinDefend]
2013-05-13T18:59:47.747Z INFO  I SIS      VALUE_NAME=[Start]
2013-05-13T18:59:47.747Z DEBUG I SIS      VALUE_TYPE=[DWORD]
2013-05-13T18:59:47.747Z DEBUG I SIS      VALUE_DATA=[4]
2013-05-13T18:59:47.754Z ERROR I SIS      ZwSetValueKey() failed in thal::RegistryWriteValue()   status: 0xC0000022 = {Access Denied}  A process has requested access to an object, but has not been granted those access rights.  
2013-05-13T18:59:47.754Z ERROR I SIS      RegistryWriteValue() failed. 0xC0000022 = {Access Denied}  A process has requested access to an object, but has not been granted those access rights.  
2013-05-13T18:59:47.754Z ERROR I SIS         
2013-05-13T18:59:47.754Z ERROR I SIS        Dumping action parameters from the script:
2013-05-13T18:59:47.754Z ERROR I SIS          ValueType=[dword]
2013-05-13T18:59:47.754Z ERROR I SIS          ValueData=[4]
2013-05-13T18:59:47.754Z ERROR I SIS          ValueName=[Start]
2013-05-13T18:59:47.754Z ERROR I SIS          Exists=[Overwrite]
2013-05-13T18:59:47.754Z ERROR I SIS          WOW64=[Default]
2013-05-13T18:59:47.754Z ERROR I SIS          Key=[HKLM\SYSTEM\CurrentControlSet\services\WinDefend]
2013-05-13T18:59:47.754Z INFO  I SIS        ExecuteScript() - Successfully set failure event.
2013-05-13T18:59:47.755Z INFO  I SIS    ExecuteScript() returning ACTION_FAILED_WITH_ROLLBACK
 

Showing that there was a problem disabling Windows Defender.

Further trouble shooting showed that Windows Defender was corrupt and couldn't start. I resolved this by uninstalling Microsft Security Essentials. Once Windows Defender was able to start again, I was able to install Symantec (which disables Windows Defender).