upgrade to NOD32 AV 4.2.71.2 not successful

Discussion in 'ESET Server & Remote Administrator' started by rpremuz, Feb 25, 2011.

Thread Status:
Not open for further replies.
  1. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    This is a follow up to a previous thread.

    I still have problems with upgrading NOD32 AV Business Edition 4.2 in a MS Windows domain.
    The PCs have MS Win XP Pro. SP3 with the latest update installed.
    In Eset RA Console ver. 4.0.138.0 I tested the push install using the domain administrator credentials.
    The update was from NOD32 AV BE ver. 4.2.67.10 to ver. 4.2.71.2.

    First, on a PC where no user was logged on, the push installation finished successfully. c:\windows\temp\einstaller.log contained:

    Code:
    [2011-02-25 11:45:53.844] Status 1100, ID 21: ESET Installer (4.0.138) is preparing to install.
    [2011-02-25 11:45:53.844] Status 1451, ID 23: ESET Installer is trying to connect to 'myserver:2224'.
    [2011-02-25 11:45:58.875] Status 1400, ID 25: ESET Installer is creating a temporary file.
    [2011-02-25 11:46:58.874] Status 1400, ID 27: ESET Installer is downloading an installation package 'ESET NOD32 Antivirus 4.2 BE' from server 'myserver:2224'.
    [2011-02-25 11:47:28.312] Status 1300, ID 8: ESET Installer is preparing to install the package.
    [2011-02-25 11:47:28.312] Status 1550, ID 92: ESET Installer is installing the package.
    [2011-02-25 11:49:12.389] Status 1501, ID 96: ESET Installer is trying to reconnect to 'myserver:2224'.
    [2011-02-25 11:49:12.389] Status 1500, ID 94: Reconnected to 'myserver:2224'.
    [2011-02-25 11:49:12.389] Status 2400, ID 9: The package has been successfully installed.
    [2011-02-25 11:49:12.420] Status 1600, ID 105: Service stuff cleanup finished with return code 0.
    
    On another PC, where a normal local user was logged on, the diagnostics of push installation was successful:

    Code:
    pc20.mydomain.local
    Diagnostics user context:                        mydomain\administrator
    Operating System:                                Microsoft Windows XP
    Operating System Version:                        5.1
    ESET Security Product Name:                      ESET NOD32 Antivirus
    ESET Security Product Version:                   4.2.67.10
    ESET Security Product Virus Signature Database:  5905 (20110224)
    
    Push installation simulation steps:
    Setting IPC$ Connection:                                 Result Code: 0 (The operation completed successfully.)
    Remote Registry Connecting (OS Info):                    Result Code: 0 (The operation completed successfully.)
    Remote Registry Opening (OS Info):                       Result Code: 0 (The operation completed successfully.)
    Remote Registry Reading (OS Info):                       Result Code: 0 (The operation completed successfully.)
    Remote Registry Connecting (ESET Security Product Info): Result Code: 0 (The operation completed successfully.)
    Remote Registry Opening (ESET Security Product Info):    Result Code: 0 (The operation completed successfully.)
    Remote Registry Reading (ESET Security Product Info):    Result Code: 0 (The operation completed successfully.)
    Setting ADMIN$ Connection:                               Result Code: 0 (The operation completed successfully.)
    Copying ESET Installer:                                  Result Code: 0 (The operation completed successfully.)
    Setting IPC$ Connection:                                 Result Code: 0 (The operation completed successfully.)
    Registering ESET Installer as a Service:                 Result Code: 0 (The operation completed successfully.)
    Diagnostics conclusion:                                  Result Code: 0 (The operation completed successfully.)
    
    Here is what the "net user username" command returns about the local user:
    Code:
    User name                    test
    Full Name                    test
    Comment
    User's comment
    Country code                 000 (System Default)
    Account active               Yes
    Account expires              Never
    ...
    Local Group Memberships      *Remote Desktop Users *Users
    Global Group memberships     *None
    
    But, the push installation in that case was unsuccessful. c:\windows\temp\einstaller.log contained:

    Code:
    [2011-02-25 13:04:01.068] Status 1100, ID 21: ESET Installer (4.0.138) is preparing to install.
    [2011-02-25 13:04:01.068] Status 1451, ID 23: ESET Installer is trying to connect to 'myserver:2224'.
    [2011-02-25 13:04:06.194] Status 1400, ID 25: ESET Installer is creating a temporary file.
    [2011-02-25 13:05:06.202] Status 1400, ID 27: ESET Installer is downloading an installation package 'ESET NOD32 Antivirus 4.2 BE' from server 'myserver:2224'.
    [2011-02-25 13:05:17.704] Status 1300, ID 8: ESET Installer is preparing to install the package.
    [2011-02-25 13:05:17.719] Status 1550, ID 92: ESET Installer is installing the package.
    [2011-02-25 13:06:19.087] Status 1501, ID 96: ESET Installer is trying to reconnect to 'myserver:2224'.
    [2011-02-25 13:06:19.087] Status 1500, ID 94: Reconnected to 'myserver:2224'.
    [2011-02-25 13:06:19.103] Status 2401, ID 90: Failure during the package install - exit code: 1603, description: Fatal error during installation.
    [2011-02-25 13:06:19.103] Status 1600, ID 105: Service stuff cleanup finished with return code 0.
    
    The user received the following dialog:
    Installation of ESET NOD32 Antivirus will be run after a computer restart. Do you want to restart the computer now?

    In the Event Log there was the following error:
    Code:
    Event Type:	Error
    Event Source:	MsiInstaller
    Event Category:	None
    Event ID:	11923
    Date:		25.02.2011
    Time:		13:06:10
    User:		NT AUTHORITY\SYSTEM
    Computer:	pc20
    Description:
    Product: ESET NOD32 Antivirus -- Error 1923. Service 'ESET Service' (ekrn) could not be installed. 
    Verify that you have sufficient privileges to install system services.
    
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 7b 41 36 36 32 34 32 41   {A66242A
    0008: 31 2d 39 31 30 31 2d 34   1-9101-4
    0010: 32 35 44 2d 39 42 45 35   25D-9BE5
    0018: 2d 44 31 39 41 35 30 45   -D19A50E
    0020: 31 44 30 44 38 7d         1D0D8}  
    
    After the PC was restarted, NOD32 AV BE 4.2.71.2 was installed but with antivirus protection disabled. The NOD32 GUI protection status window said:

    A serious error occurred while starting real-time file system protection. The computer is not protected against threats. The program needs to be reinstalled.
    ESET NOD32 Antivirus has been updated to a newer version. We recommend that you restart the computer.

    After another restart of Windows the AV protection was enabled and working fine.

    I have not been able to find a solution to this issue since I first tried the upgrade to NOD32 AV BE ver. 4.2 in the domain. The issue disturbs our users and hence admins are required to do the upgrade after hours or scheduled (with two scheduled restarts), which is inconvenient.

    -- rpr.
     
    Last edited: Feb 28, 2011
  2. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
  3. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    I've just tried to upgrade NOD32 AV using the upgrade function in ERAC but the result is the same: normal user receives "Installation of ESET NOD32 Antivirus will be run after a computer restart. Do you want to restart the computer now?".

    Error logged in the Event Log:
    Code:
    Event Type:	Error
    Event Source:	MsiInstaller
    Event Category:	None
    Event ID:	11923
    User:		NT AUTHORITY\SYSTEM
    Description:
    Product: ESET NOD32 Antivirus -- Error 1923. Service 'ESET Service' (ekrn) could not be installed.
    Verify that you have sufficient privileges to install system services.
    
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 7b 41 36 36 32 34 32 41   {A66242A
    0008: 31 2d 39 31 30 31 2d 34   1-9101-4
    0010: 32 35 44 2d 39 42 45 35   25D-9BE5
    0018: 2d 44 31 39 41 35 30 45   -D19A50E
    0020: 31 44 30 44 38 7d         1D0D8}
    After restart of Windows the NOD32 GUI protection status window says:
    "A serious error occurred while starting real-time file system protection. The computer is not protected against threats. The program needs to be reinstalled.
    ESET NOD32 Antivirus has been updated to a newer version. We recommend that you restart the computer."

    After another restart of Windows the AV protection was enabled and working fine.

    -- rpr.
     
  4. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    I've seen this on a system once. Only solution was using the uninstaller in safe mode for me. Perhaps you should contact your local support about this issue.
     
  5. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    ^^^^ - this is correct. When it got this broken on a couple of installs I have done, the only way forwards was to safe-mode boot - run the ESET uninstaller - restart into normal windows mode, then do a clean installation.
     
  6. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    I tried your suggestion but to no avail:
    - Run Eset uninstaller in safe mode and rebooted.
    - Installed Eset NOD32 AV v. 4.2.67.10 and applied the configuration saved in XML file.
    - A normal user logged on to MS Windows XP.
    - From ERAC initiated the upgrade to NOD32 AV 4.2.71.2 using the upgrade function.
    - The user received "Installation of ESET NOD32 Antivirus will be run after a computer restart. Do you want to restart the computer now?".
    - After restart the AV protection was disabled. Another restart was required to finish installation and to make NOD32 work.

    -- rpr.
     
  7. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    You know, there was one isolated case I had where I actually had to run the uninstaller twice, because after the first time the pending installation actually performed the upgrade after reboot leaving the system with a half working program. Could you try the uninstaller again, reboot, and verify that everything eset is gone, and then run the uninstaller again in safe mode to make absolutely sure?
     
  8. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    dmaasland, I've done another test of the upgrade but with the same result as before.

    The procedure was as follows:
    - Run ESETUninstaller.exe in safe mode (see ~ESETUninstaller1.log for details) and restarted Windows.
    - Entered the safe mode again and run ESETUninstaller.exe the second time. The uninstaller reported there is no Eset product to uninstall (see ~ESETUninstaller2.log for details). Restarted Windows.
    - Installed Eset NOD32 AV v. 4.2.67.10 manually using eavbe_nt32_enu.msi and applied the configuration saved in an XML file. Updated the virus signature database.
    - A normal user logged on to MS Windows XP. Also started the Process Monitor (procmon.exe), using an administrator account, to capture the processes' activities during the upgrade. The saved log can be found at http://www.hotshare.net/file/361151-60998790ee.html
    - From ERAC 4.0.138.0 initiated the upgrade to NOD32 AV 4.2.71.2 using the upgrade function.
    - The user received "Installation of ESET NOD32 Antivirus will be run after a computer restart. Do you want to restart the computer now?". An error from MsiInstaller (event ID 11923) was logged in the Event Log (as reported previously).
    - After Windows restart the AV protection in NOD32 AV 4.2.71.2 was disabled (see the attached image).
    - Another restart of Windows was required to finish installation and to make NOD32 work.

    -- rpr.
     

    Attached Files:

  9. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    What account is your ERAS server running under? It seems to me like you might be having trouble with the account the ERAS server is using to do the remote installs.
     
  10. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    The ESET Remote Administrator Server is running as the local system account on a MS Windows Server 2003 SP2, which is the default IMHO (I haven't changed the user account of any of the Eset services on any of the Eset installations in the domain).

    It seems that the upgrade process on the clients also runs as the local system account as the error produced by the MsiInstaller says that the user account was "NT AUTHORITY\SYSTEM".

    The question that should be answered by the Eset developers is why the upgrade process succeeds when no user or an administrator is logged on at the client, while the process doesn't succeed when a normal user is logged on.

    -- rpr.
     
  11. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    if you go to the trouble of safe-mode removal - why not just install 4.2.71.2 to begin with instead of going THROUGH .67 first??
     
  12. gdonlon

    gdonlon Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    12
    I'm not sure if it helps you or not, but when I've had these issues in the past I go into the registry and look for the installer registry key.

    I've had a bear of a time removing/reinstalling ESET NOD32 because for whatever reason an upgrade failed, won't move forward, etc.

    Uninstalling in safe mode doesn't help me either. The only way I found works is by going into the installer key and manually deleting the package from the hive then reinstalling.

    HKEY_CLASSES_ROOT\Installer\Products\F23E9E05A360A214697255D3D55AC771

    That's the registry key on my machine that I remove. From there I usually don't have a problem reinstalling at all. Since we push out NOD32 on our company domain via GPO with this key lingering it causes issues as NOD32 never reinstalls correctly for user accounts but upon every boot up the computer tries to run the installer everytime as Nod32 isn't detected on the machine.....it makes for a long bootup process.
     
  13. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    Folks, you haven't read my previous posts carefully. The problem I've been struggling with is the upgrade process to a newer version of NOD32 AV v. 4.* while the users in the Windows domain are logged on to their PCs (the users mostly do not have admin rights in Windows as they do not need it -- if they had, it would be another source of problems, my experience confirms it strongly).

    A sound enterprise antivirus software should provide the system administrator an easy upgrade procedure that does not disturb the users or require the administrator some after hours work.

    dmaasland suggested I should double run the Eset uninstaller in safe mode as that would fix things and make the upgrade possible. To test the suggestion, I first installed an earlier version (4.2.67.10) and then tried the upgrade to the current version (4.2.71.2) but I've got the same errors again.

    -- rpr.
     
  14. gdonlon

    gdonlon Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    12
    RpRemuz,

    Your post was read correctly and responded to appropriately. I've had the same issues as you as I posted previously. The only reason that I could find that caused this issues is that registry key still existed for the installer while performing the upgrade. If I delete this key first and run the upgrade or reinstall the software I don't seem to have to reboot.

    That's been my experience. On a personal note the reboot really wouldn't bother me, what does bother me is when the issue happens via a GPO push the software always tries to install on every boot unsuccessfully. Pushing the software via ERA shows the same exact issues that you have when upgrading.
     
  15. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    I had a machine that I upgraded today following the steps that you outlined. The computer is running Windows XP SP3 with ESET 4.2.64.12. I logged into the machine with a standard user account and confirmed ESET was running. I then did a push Upgrade via ERAS 4.0.138.0 of version 4.2.71.2. A couple minutes later the green ESET icon disappeared and a few minutes after that ESET started up with a yellow icon. The status message stated that ESET had been updated and recommended a restart.

    I would recommend changing the account that the ERAS service runs under to a Domain Admin account and try the same push install or upgrade.
     
  16. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    rockshox, I've tried your suggestion but to no avail (I've got the same errors again).

    Observing the installation process in Process Explorer showed that msiexec.exe (Windows Installer v. 3.01.4001.5512) still runs as "NT AUTHORITY\SYSTEM". I expected that because changing the user account the ERAS runs under does not change the way the upgrade process is started on the client machine.

    -- rpr.
     
  17. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    I've done another test of NOD32 AV upgrade. Prior to the upgrade the key you specified was not present in the Registry. Still, the upgrade produced the errors mentioned above if normal local user was logged on in Windows.

    -- rpr.
     
Thread Status:
Not open for further replies.