none
Security Compliance Manager installer is just terrible

    Allgemeine Diskussion

  • First of all, if you try to install SCM on a domain controller it will fail.  Why? Because the installer will go and automatically download SQL Express 2008 and install it with default options that includes trying to use a local system account, which you can't do on a DC.

    Fine, I thought.  I'll just download and manually install SQL Express and configure it to use a domain account.  Which works just fine except that the SCM installer doesn't even bother to check to see if you already have SQL installed.  It insists on installing it itself, which of course causes it to fail.

    There should at least be an option during the SCM installation to either specify an already existing instance of SQL, or to configure settings such a service accounts manually.

    So I'm forced to install it on a Windows 7 machine, where I've already got SQL Express 2008 R2 installed, which of course the installer doesn't care about and forces me to install SQL Express 2008.

    Just.. terrible.

    Freitag, 19. November 2010 08:28

Alle Antworten

  • I second this...
    Samstag, 20. November 2010 12:00
  • I found this issue too. I spend several hours to install SCM on my Win 7, where SQL Express 2008 R2 was already installed. At the end I did this: 1. Launched the SCM setup executable 2. Found in in %temp% the log file for SCM installation 3. From the log file found temporary folder,where installation files were stored and copied them to temp folder. 4. Found file appconfiginfo.xml and replaced the string: <DatabaseInfo DatabaseName="Xtans" DatabaseServerName="\\.\pipe\SQLLocal\scm" DatabaseAuthenticationType="" with <DatabaseInfo DatabaseName="Xtans" DatabaseServerName="\\.\pipe\sqlexpress\scm" DatabaseAuthenticationType="" cause my instance of SQL Express called sqlexpress but not SQLLocal 5. After that I launched the scmsetup_x64.msi directly and if finally got installed.
    Freitag, 26. November 2010 08:55
  • Ouch! Sorry folks. I'll take the blame on this one! We didn't do a great job on setup in version 1, I fully admit it. We are working hard on version 2 right now and we have added an option to point to an existing SQL server.

    My blog post also discusses this:
    http://blogs.technet.com/b/secguide/archive/2010/11/18/new-version-of-scm-causes-peace-on-earth.aspx

    Thanks for hanging in there with us and using SCM! :) 

    Jeff dot Sigman at microsoft dot com
    {Programmer Dude}
    Microsoft | Solution Accelerators

    Mittwoch, 1. Dezember 2010 23:07
  • Howdy Jeff,


    One more thing which is rather annoying which can hopefully be rectified for the next release.

    If you have .NET 4 installed as well as .NET 3.5 SP1 the SCM installer will not detect that .NET 3.5 SP1 is installed.

    I had to uninstall .NET 4 on my Windows Server 2008 R2 server because I kept on getting the error message that .NET 3.5SP1 was not installed during SCM installation.

    After uninstalling .NET 4, the SCM install works fine, bar the issues above (I already had SQL 2008 SP1 installed but that wasn't detected), then I reinstalled .NET 4 afterwards.

    I am going to try rnedosekin's workaround now as I am getting an error message when trying to duplicate baselines with SQL 2005 express.

    Cheers

    Gareth

     

     

    Freitag, 24. Dezember 2010 09:34
  • hmmm,

    well I uninstalled SQL 2005 express and then tried to point the SCM setup program to the SQL 2008 SP1 installation. I updated appconfiginfo.xml by updating "DatabaseServerName=\\.\pipe\sql\query" but that didn't work either.

    I eventually uninstalled SQL 2008 SP1 and just ran the installation with SQL 2008 express.

    All good now,

    Thanks

     

     

    Freitag, 24. Dezember 2010 15:28
  • Hi Jeff,

    I too struggled with that truly UGLY SCM installer for HOURS and HOURS .... 

    I was used to use the previous version of the Security Compliance Manager without SQL before (including that cool GPO Accelerator) for the same purpose (i.e. generating Baseline GPOs in a Lab environment) and that worked fine :-). But that version can't be used for Office 2010, because it supports Office 2007 only ...

    rnedosekin's workaround didn't work for me, although the sql server 2008 express install on my DC worked fine.

    I used "SQLDownloadPathTo=%SYSTEMDRIVE%\SQLEXPRESS\SQLEXPR_x64_ENU.exe" as mentioned in the setup.ini of the extracted scm installer bits to point to sql express installer and modified appconfiginfo.xml appropriately too, but the scmsetup_x64.msi on my Server 2008 R2 Standard server DC finally died silently.

    Now I give it up and am waiting for the next version as you (Jeff) mentioned:

    "We are working hard on version 2 right now and we have added an option to point to an existing SQL server."

    So please tell us when this version is ready and available :-)

    with regards from Germany

    Rainer

    PS.: btw.: all SQL server version's installers are crazy / ugly / terrible too, this applies since the appearance of SQl Server 5, where I started to use that database server(s). Never seen a more wacky "quirks mode" install "routine" than those of SQL servers, applies to full and express versions :-)

     

     


    Vista TAP-RD Partner and IT Architect
    Donnerstag, 30. Dezember 2010 09:32
  • Hey Gareth! Wow, again – sorry about the trouble. If it makes you feel better I’m running a very very early build of SCM v2.0 right now and it resolves both of these problems. J We now depend on the .net fx 4 client (as we are now compiling against the latest stuff) and the install dependency is GONE. 

    I know your next question – when can you get it?! Hopefully in as little as a month we will have a preview of the new GPO Import feature we are so excited about. Keep your eyes on the blog – I’ll announce there and ask for help testing it out. 

    Cheers! 

    Jeff dot Sigman at microsoft dot com
    {Programmer Dude}
    Microsoft | Solution Accelerators

    Dienstag, 4. Januar 2011 16:20
  • Hey Rainer in Germany! J I’ll again take the blame again (I’m pretty good at that). Installing SCM on a domain controller is complicated because currently SCM 1.x requires SQL Express to be installed and this isn’t straightforward on a domain controller. I need to write this up on our TechNet Wiki as there are some workarounds to get it going. SCM 2.x handles this as it does not require an install of SQL express (you can point it at an existing instance of SQL).

    I predict we will have a “CTP” or Customer Technology Preview of v2.0 in a month from now. The first feature we want feedback on is GPO Import – as it is our biggest change in the next version and we want to make sure we got it right.

    Cheers!

     

    Jeff dot Sigman at microsoft dot com
    {Programmer Dude}
    Microsoft | Solution Accelerators

    Dienstag, 4. Januar 2011 16:30
  • HI there.

     

    I suffered from the same problem with the installer croaking on a domain controller.

    I started out by installing mssqlexpress 2008 r2 and then using rnedosekin's instructions but i got the silent failure that Rainer P was experiencing.

    Not one to give up too easily i ran the msi from a command line like this:

    scmsetup_x64.msi /lv newlog.txt

    that gave me a log file of some 115 kb showing me that it stopped when looking for a db instance named MicrosoftSCM

     

    SetSqlProperties: STARTED.
    SetSqlProperties: Got SQL Server instance property. lpc:XXXXXXXXXXX\MicrosoftSCM
    SetSqlProperties: Successfully parsed the instance name. MicrosoftSCM
    GetSqlInstanceRegNodeName: Loop opening registry key that contains the SQL instance registry IDs.
    GetSqlInstanceRegNodeName: Opening registry key. SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL
    GetSqlInstanceRegNodeName: First registry key open failed; trying non-redirected key. Error Code: 0x80070002.
    GetSqlInstanceRegNodeName: Opening registry key. SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL
    GetSqlInstanceRegNodeName: Success opening registry key; reading node ID registry value. MicrosoftSCM
    GetSqlInstanceRegNodeName: Failed reading registry value. Error Code: 0x80070002.
    GetSqlInstanceRegNodeName: Second registry key value read failed. Error Code: 0x80070002.
    GetSqlInstanceRegNodeName: Failed to get instance's registry node ID. Error Code: 0x80070003. MicrosoftSCM
    SearchRegKeyForSqlServer: Instance is not installed. Error Code: 0x80070003. MicrosoftSCM
    SetSqlProperties: Selected INSTALL_MODE property. TRUE
    SetSqlProperties: SQL Server instance not found. Aborting. Error Code: 0x80070490.

     

    at this point i installed a fresh db instance with the correct name and ran the installer again with the same switch, it went by quickly and silently but after checking the newly created log file i saw the following happy message

     

    MSI (c) (4C:AC) [17:01:58:750]: Product: Microsoft Security Compliance Manager -- Installation completed successfully.

     

    So I am all set now, it works great.

    I hope this will help someone.

     

     

    Thanks

     

    Magnus Hansson

    www.fouredge.se

     

    Mittwoch, 5. Januar 2011 08:50
  • Awesome, thanks for the info Magnus. I’ll use this to help me write the TechNet Wiki post on this (unless you want to do that J).

    Cheers!

     

    Jeff dot Sigman at microsoft dot com
    {Programmer Dude}
    Microsoft | Solution Accelerators

    Dienstag, 11. Januar 2011 16:03
  • Hi

    I'm doing some POC as the momment and have a SQL instance installed on my dev machine and don't want to go through installing SQL again. Might do what Magnus did:-)

    Can anyone tell me where i can get the 64bit installer please? And is there an offline database we can use as there will not be an internet connection in our environment.

    Many thanks in advance

    Mittwoch, 16. Februar 2011 16:40
  • I agree with 143MHD. I am using this in a "internetless" environment as well. I have the SQL Express installer downloaded, but using the SCM installer to point to already-downloaded SQL Express installer it fails. Can't wait for the next version of the installer.
    Donnerstag, 10. März 2011 18:03
  • SCM CTP 2.0 is still asking to install SQL Express. How can I install SCM and use another SQL server ?

    Thanks

    Donnerstag, 7. April 2011 15:26
  • Yes, but now it's optional. :) The setup UI now allows you to point SCM to an existing SQL instance. Did you not see this UI?

    -jeff

    Donnerstag, 7. April 2011 17:41
  • Ok, I found it...I just missed that I have to install SCM locally on the SQL server. I thought it was possible to install SCM on a server and then choose to install database on a remote SQL server.

    Freitag, 8. April 2011 07:27
  • I have had a similar experience on v2 as well.  Turns out, you can't have the Sql native client installed when installing SCM. 


    Jason Yates
    Montag, 2. Mai 2011 22:18
  • I am attempting to do the scm on an xp sp3 device.  Clean build off the network to keep it clean.  I have installed msi 4.5 and framework 3.5  SCM then asks for the location of my sql server express installed, I have had it point to 3 seperate files SQLEXPR32_x86_ENU, SQLEXPRWT_x86_ENU, and SQLEXPRADV_x86_ENU, which I just downloaded from MS, and it still says these are incompatible.  What seems to be the issue.  Is their a way that you can install scm without connection to the network?

    Thank You

    Glen

    Freitag, 15. Juli 2011 20:45
  • I've just installed SCM v2 on my Win 7 x64 machine successfully. It didn't work initially from the SCM installer, kept getting installation error when it tried installing SQL Express. However I downloaded an x64 version of SQL Express and then installed it separately, then ran the SCM installer again and had no issues whatsoever.

     

    Hope this helps.


    Thanks, Patrick Leathen
    Dienstag, 4. Oktober 2011 07:18
  • I also assumed this would be the case. Has anyone figured out how to get SCM to connect to a remote database yet? In our environment it would make sense to host the SCM database on a shared sql server and have multiple engineers connect to it in order to review and build policies. Due to separation of duties we cannot log in to the sql server to work on SCM, nor does it seem sensible to each have our own install of SCM and export/import the policies.

    - also I had to install the sqlexpress instance on a separate volume, there is no option to do this in the install process. As a work around it is possible to change the reg value 'ProgramFilesDir' under hklm\software\microsoft\windows\currentversion\ to the required volume, reboot, extract the sqlexpress install files using the /x switch then run the sqlexpress setup. For some reason if you run the self extracting version it ignores the value of the programfilesdir and continues to install under "c:\program files". Perhaps that behaviour is unique to my machine.

    Donnerstag, 6. Oktober 2011 00:30
  • thanks Patrick, that's good to know


    Kurt Dillard http://www.kurtdillard.com
    Donnerstag, 6. Oktober 2011 15:05
  • Jeff, Before I get too far into the install of SCM v2, can it be installed on a DC?  So far just in our test environment, my DC there is Win2003 Standard Edition SP2.  When we test it fully, production is Win2008 R2 SP1. So in test so far I needed to install WIC and .Net 4.0.  Now I try to run setup.exe and get a message "Unable to find a version of the runtime to run this application."  The title of this dialog box is "SCMSetup.exe - .NEt Framework Initialization Error."  When I double check add/remove programs for .NET I've got MS .NET Framework 4 Client Profile and MS .NET Framework 4 Extended.  Do I need a different .NET install?  Or am I running into trouble due to some other reason.  Thanks.

    -W


    Ok, well...I've gotten a little further.  I installed SQL Express and .NET 2.0 and can get a little further with the installer.  On the Instillation Requirements, there is an X next to Microsoft Installer version.  My DC doesn't have internet access so I cannot read the details behind this error since the installer just closes at this point.  I tried capturing the standard error from the command line to no avail.  Any suggestions are welcome. 

    run from cmd line, similar to Magnus.

    Desktop>Security_Compliance_Manager_Setup.exe /lv 2> c:.\log.txt

    Welp...found a link that gave me system requirements...which helped...all set now.

    http://terrytlslau.tls1.cc/2011/11/comparing-group-policy-by-security.html

    Freitag, 3. Februar 2012 15:28
  • Hi Guys,

    What a pain to install, if you are trying to deploy this a few things to note.

    If you have previously attempted to deploy check your sql directory for existing databases and delete them if they exist. x.trans.mdf and x.trans_log.ldf

    In my case path is C:\Program Files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\DATA

    I am trying to script the msi install via sccm to make it available to IT dept staff. One undocumented property is very helpful for this and can be used in the msi install command.  SQLSVR_INSTANCE=localhost\MicrosoftSCM

    Replace localhost\microsoftSCM with your database instance name.

    My working command line is:

    msiexec /i scmsetupx64.msi /l c:\temp\scmog.txt SQLSVR_INSTANCE=localhost\MicrosoftSCM


    Mittwoch, 8. Februar 2012 11:14
  • I don't know what you guys call a fix, or a working program I have tried everything to get SCM to work on my windows 7 computer but all I get are errors or fail to install

    The Microsoft Security Compliance Manager Setup Wizard failed while installing the microsoft Security Compliance Manager

    An Error occured in the setup wizard. Please close all open applications and retry the setup wizard

    ErrorCode=1603

    I don't know about you but if I installed my systems the way you guys come up with these programs and then fixes for your programs I would be out of business. You need to tell Gates to get of his royal behind and make a working operating system. I think you guys need to go back to 3.1.1 and start agian. Maybe the second time around you will get it right. If only I chose not to use Windows.

    Freitag, 29. Juni 2012 23:52
  • Very much same here.

    There seems to be a trend with all Microsoft's products - nothing works out of the box. You need to spend time babysitting the automation and end up doing everything manually with shaman dances to the sound of the tambourine.

    The setup constantly fails with Error 1603.

    Freitag, 25. Oktober 2013 02:01
  • Same issues
    Freitag, 6. Dezember 2013 16:28
  • Thanks. Let me check it out.
    Freitag, 6. Dezember 2013 16:29
  • Version 3.0.60.0 has fixed all the issues above - finally!!!
    Freitag, 6. Dezember 2013 17:25
  • I have the same issue. We have a dedicated SQL server that ALL databases must be installed to. We are not allowed local installs of SQL of any kind for compliance reasons. How do we install SCM and setup the database on our Enterprise SQL server. Why you would want to install Express on a Domain Controller is beyond me. We want SCM on the DC but the Database on a Database Server, as per best practices
    Mittwoch, 8. Januar 2014 22:56
  • I wish I could agree with JLM1's post (12/6/13).  Has support for XP been removed from SCM 3.0?  The download says just "Windows 7, Windows 8," and I've never had any success getting it installed on my main Admin machine.  Also, I get this:

    Checking Security Compliance Manager Installation Prerequisite...
    Node - <pcname>
    ERROR:
    Code = 0x80041001
    Description = Generic failure
    Facility = <pcname>

    Installing Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

    Then:  A newer version of Microsoft Visual C++ 2010 Redistributable has been detected on the machine.

    Why can't a piece of software from Microsoft account for subsequent patches and updates for a run-time library which are, presumably, to overcome bugs/problems in the earlier edition?

    My time is limited, so I'm not as willing as many, here, to tweak and tune my reliable system to accommodate broken software from what was, once, a reliable source.  Color me disappointed, again!

    --Carol Anne



    • Bearbeitet CAOgdin192 Donnerstag, 23. Januar 2014 00:58 add detail
    Donnerstag, 23. Januar 2014 00:44
  • Any suggestions on how to deploy Security Compliance Manager 3 with ConfigMgr 2012?

    Freitag, 7. März 2014 15:35