none
Unable to install FEP 2010 Update Rollup 1

    Question

  • Hi there!

    I always get an error message while installing this update (kb 2551095). I found only one line in the log files which conatains

     "Enabled MSI runner. Error code: 1603.

    Setup has failed and has been rolled back."

    This means "Fatal error during installation". I had no problems with the prerequisite fix, so where can I go now? Rebooted the server several times, no update is missing.

    My environment is: W2k8 x86 with SP2, SCCM2k7R3, FEP2010 with fix Kb2554364

    Thanks four your help in advance.

    Istvan

     



    Friday, July 08, 2011 8:24 AM

All replies

  • Hi,

    The error 1603 is general and can have many causes. Start by disabling the UAC then try again. In plus look at these link http://support.microsoft.com/kb/834484/en-us ; http://www.symantec.com/connect/articles/understanding-error-1603-fatal-error-during-installation


    Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/ | Time zone : GMT+1
    Saturday, July 09, 2011 4:22 PM
  • Hi Bechir!

    I've checked the reg key anf flush the TEMP directories but no success same error. But I also checked the .msp log and I found a couple of interesting stuff like:

    MSI (s) (30:14) [12:45:39:594]: Note: 1: 2262 2: Error 3: -2147287038

    CAQuietExec:  Error 0x80070001: Command line returned an error.
    CAQuietExec:  Error 0x80070001: CAQuietExec Failed

    Search a bit on the Net so looks like there is an IIS related error is happening. Stucked :( 

    Appreciate any help!

    Istvan

    Tuesday, July 12, 2011 11:00 AM
  • MSI (s) (30:14) [12:45:39:594]: Note: 1: 2262 2: Error 3: -2147287038

     


    Hi,

    This can occur when you run the installation program from a security restricted folder or partition. So, move the source to another folder or partition witout security restrictions, or move it locally if it is a netwotk share, and try again.


    Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/ | Time zone : GMT+1
    Tuesday, July 12, 2011 11:49 AM
  • Hi,

    Copied the installation files to the system drive, same failure. UAC is off, the account is member of the local and domain admins groups. Part of the log file:

    MSI (s) (40:54) [17:07:06:829]: Product: Microsoft Forefront Endpoint Protection 2010 Server - Update 'Update Rollup 1 for Microsoft Forefront Endpoint Protection 2010 Server (KB2551095)' could not be installed. Error code 1603. Additional information is available in the log file C:\ProgramData\Microsoft Forefront\Support\Server\FEP2010-FEPEXT-KB2551095-x86-ENU.msp_12072011_170448.log.
    
    MSI (s) (40:54) [17:07:06:830]: Windows Installer installed an update. Product Name: Microsoft Forefront Endpoint Protection 2010 Server. Product Version: 2.1.1116.0. Product Language: 1033. Update Name: Update Rollup 1 for Microsoft Forefront Endpoint Protection 2010 Server (KB2551095). Installation success or error status: 1603.
    
    MSI (s) (40:54) [17:07:06:830]: Note: 1: 1729 
    MSI (s) (40:54) [17:07:06:830]: Product: Microsoft Forefront Endpoint Protection 2010 Server -- Configuration failed.
    
    MSI (s) (40:54) [17:07:06:831]: Windows Installer reconfigured the product. Product Name: Microsoft Forefront Endpoint Protection 2010 Server. Product Version: 2.1.1116.0. Product Language: 1033. Reconfiguration success or error status: 1603.
    
    MSI (s) (40:54) [17:07:06:832]: Attempting to delete file C:\Windows\Installer\15d22f89.msp
    MSI (s) (40:54) [17:07:06:835]: Deferring clean up of packages/files, if any exist
    MSI (s) (40:54) [17:07:06:835]: Attempting to delete file C:\Windows\Installer\15d22f89.msp
    MSI (s) (40:54) [17:07:06:835]: Unable to delete the file outside of the engine. LastError = 2
    MSI (s) (40:54) [17:07:06:835]: MainEngineThread is returning 1603
    MSI (s) (40:F4) [17:07:06:836]: RESTART MANAGER: Session closed.
    MSI (s) (40:F4) [17:07:06:836]: No System Restore sequence number for this installation.
    === Logging stopped: 2011.07.12. 17:07:06 ===
    MSI (s) (40:F4) [17:07:06:839]: User policy value 'DisableRollback' is 0
    MSI (s) (40:F4) [17:07:06:839]: Machine policy value 'DisableRollback' is 0
    MSI (s) (40:F4) [17:07:06:839]: Incrementing counter to disable shutdown. Counter after increment: 0
    MSI (s) (40:F4) [17:07:06:839]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
    MSI (s) (40:F4) [17:07:06:868]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
    MSI (s) (40:F4) [17:07:06:870]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
    MSI (s) (40:F4) [17:07:06:870]: Restoring environment variables
    MSI (s) (40:F4) [17:07:06:871]: Destroying RemoteAPI object.
    MSI (s) (40:30) [17:07:06:871]: Custom Action Manager thread ending.
    MSI (c) (E4:70) [17:07:06:891]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
    MSI (c) (E4:70) [17:07:06:891]: MainEngineThread is returning 1603
    === Verbose logging stopped: 2011.07.12. 17:07:06 ===
    

    Istvan

    Tuesday, July 12, 2011 3:14 PM
  • MSI (s) (40:54) [17:07:06:835]: Unable to delete the file outside of the engine. LastError = 2

    You need to delete all files/keys/... related to the previous installation. Therefore, donwload then run Windows Installer CleanUp http://www.softpedia.com/get/Security/Secure-cleaning/Windows-Installer-CleanUp-Utility.shtml and remove FEP if it's in the list, reboot the server and try again.


    Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/ | Time zone : GMT+1
    Tuesday, July 12, 2011 4:26 PM
  • What dou you mean remove FEP? There is a lot of FEP components in the list:

    - Microsoft Antimalware

    - FEP Console

    - FEP Reporting

    - FEP Server

    Istvan

     

    Wednesday, July 13, 2011 8:33 AM
  • I mean FEP Rollup 1 if it's in the list.
    Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/ | Time zone : GMT+1
    Wednesday, July 13, 2011 9:03 AM
  • No it is not :)

     

    Wednesday, July 13, 2011 10:21 AM
  • Another weird thing in the log:

    CAQuietExec:  SmsAdminUISnapIn Information: 1 : Refresh of SCF successful
    CAQuietExec:  SmsAdminUISnapIn Information: 1 : Initializer '{3F32691E-24B1-4b1e-9915-37B633F39392}', will no be run, unsupported application type
    CAQuietExec:  13:23:55.602 WqlConnectionManager connection open
    CAQuietExec:  13:23:55.621 Input SCCM bin path 'D:\Program Files\Microsoft Configuration Manager\AdminUI\bin\'
    CAQuietExec:  13:23:55.634 Computer is joined to the domain: XXXXX
    CAQuietExec:  13:23:55.635 Looking for host SCCMSRV in LDAP://XXXXX
    CAQuietExec:  13:23:55.635   Query: (&(objectclass=computer)(objectCategory=computer)(cn=DBPSCCM))
    CAQuietExec:  13:24:16.677 Operation failed: The server is not operational.
    CAQuietExec: 
    CAQuietExec:  SmsAdminUISnapIn Information: 1 : Executing static method SMS_SiteControlFile.ReleaseSessionHandle()
    CAQuietExec:  SmsAdminUISnapIn Information: 1 : Setting parameter 'SessionHandle', type 'String' to '{2c55bc6c-f607-40fb-b402-b98c55962aec}'
    CAQuietExec:  SmsAdminUISnapIn Information: 1 :
    instance of __PARAMETERS
    {
     ReturnValue = 0;
    };


    Wednesday, July 13, 2011 11:34 AM
  • Any idea?

    Tuesday, July 19, 2011 8:33 PM
  • Hi, I ran into the same problem when installing FEP 2010 Update rollup 1:

    [7/27/2011 10:48:49 AM][Verbose]  Enabled MSI runner. Error code: 1603
    [7/27/2011 10:48:49 AM][Verbose]  Could not send Watson report. Failure reason: 'Fail'. Watson message: Forefront Endpoint Protection 2010 failed to install a component

    My environment: Windows 2008 SP2 64bit, SCCM2007 R3, FEP 2010 with the prerequisite KB2554364

    Can MS FEP 2010 team provide any suggestions?

    Thanks,

    Dean


    Dean Chen
    Wednesday, July 27, 2011 6:21 PM
  • Another weird thing in the log:

    CAQuietExec:  SmsAdminUISnapIn Information: 1 : Refresh of SCF successful
    CAQuietExec:  SmsAdminUISnapIn Information: 1 : Initializer '{3F32691E-24B1-4b1e-9915-37B633F39392}', will no be run, unsupported application type
    CAQuietExec:  13:23:55.602 WqlConnectionManager connection open
    CAQuietExec:  13:23:55.621 Input SCCM bin path 'D:\Program Files\Microsoft Configuration Manager\AdminUI\bin\'
    CAQuietExec:  13:23:55.634 Computer is joined to the domain: XXXXX
    CAQuietExec:  13:23:55.635 Looking for host SCCMSRV in LDAP://XXXXX
    CAQuietExec:  13:23:55.635   Query: (&(objectclass=computer)(objectCategory=computer)(cn=DBPSCCM))
    CAQuietExec:  13:24:16.677 Operation failed: The server is not operational.
    CAQuietExec: 
    CAQuietExec:  SmsAdminUISnapIn Information: 1 : Executing static method SMS_SiteControlFile.ReleaseSessionHandle()
    CAQuietExec:  SmsAdminUISnapIn Information: 1 : Setting parameter 'SessionHandle', type 'String' to '{2c55bc6c-f607-40fb-b402-b98c55962aec}'
    CAQuietExec:  SmsAdminUISnapIn Information: 1 :
    instance of __PARAMETERS
    {
     ReturnValue = 0;
    };



    My production server has the exactly same error as the above. I also have a lab environment that is similar to my production server. the installation worked fine. Checked the log in the lab server, the query found the LDAP entry and RegisterFepComponent got working. However, in the production server, it didn't find the LDAP entry. Can FEP 2010 experts or Microsoft FEP 2010 team provide some hints or take a look at this issue? Thanks.

    CAQuietExec:  16:27:51.904 WqlConnectionManager connection open
    CAQuietExec:  16:27:51.923 Input SCCM bin path 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminUI\bin\'
    CAQuietExec:  16:27:51.934 Computer is joined to the domain: xxx
    CAQuietExec:  16:27:51.934 Looking for host xxxxxxx in LDAP://xxx
    CAQuietExec:  16:27:51.934   Query: (&(objectclass=computer)(objectCategory=computer)(cn=xxxxxxx))
    CAQuietExec:  16:27:52.343 Found entry: LDAP://xxx/CN=xxxxxxx,CN=Computers,DC=xxx,DC=LOCAL
    CAQuietExec:  16:27:52.353 AD query contains 'objectSid'. Value: 'S-1-5-21-3559636632-2590825308-968772477-7924'
    CAQuietExec:  16:27:52.360 SID successfully translated to a NT account name. Account Name: XXX\XXXXXXX$
    CAQuietExec:  16:27:52.743 07/21/2011 16:27:52 Start installing component: RegisterFepComponent
    CAQuietExec:  SmsAdminUISnapIn Information: 0 : Registering component Server in site control file

     


    Dean Chen
    Wednesday, July 27, 2011 11:53 PM
  • Hi there!

    I always get an error message while installing this update (kb 2551095). I found only one line in the log files which conatains

     "Enabled MSI runner. Error code: 1603.

    Setup has failed and has been rolled back."

    This means "Fatal error during installation". I had no problems with the prerequisite fix, so where can I go now? Rebooted the server several times, no update is missing.

    My environment is: W2k8 x86 with SP2, SCCM2k7R3, FEP2010 with fix Kb2554364

    Thanks four your help in advance.

    Istvan

     




    I saw similar issues which ended up being lack of prmissions from SQL. Maybe check over your SQL permissions and ensure you have SA access before doing the upgrade.
    Thursday, July 28, 2011 3:11 AM
  • Hi there!

    I always get an error message while installing this update (kb 2551095). I found only one line in the log files which conatains

     "Enabled MSI runner. Error code: 1603.

    Setup has failed and has been rolled back."

    This means "Fatal error during installation". I had no problems with the prerequisite fix, so where can I go now? Rebooted the server several times, no update is missing.

    My environment is: W2k8 x86 with SP2, SCCM2k7R3, FEP2010 with fix Kb2554364

    Thanks four your help in advance.

    Istvan

     




    I saw similar issues which ended up being lack of prmissions from SQL. Maybe check over your SQL permissions and ensure you have SA access before doing the upgrade.

    I have SA rights on my SQL server but the upgrade failed too. Thanks for your suggestion though.
    Dean Chen
    Thursday, July 28, 2011 3:51 PM
  • Anyone had any luck finding out how to fix this?

    The prerequiste hotfix installed fine (although it wasnt apparent that i needed to reboot from the GUI, whereas the logs said that a reboot was required but suppressed - wish i'd known that before trying the actual install.... maybe part of the problem here)

    Running into the same problem myself :( Annoying as I wanted to get it in-place as im updating a Win7 image presently.

    Setup is:
    - SCCM site server is: Srv2008 x64
    - SCCM / FEP DB on a different server, also running Srv 2008 x64

    Dont see any entries in Add/Remove for FEP 2010 CU1 - in either normal programs list or the Updates list :(

    Any thoughts or anyone fixed it, please post, and i'll be buying you a pint :)

    Cheers
    Nath.


    Nathan H ICT Messaging & Security Development Officer - CCC (gov)
    Thursday, August 04, 2011 5:07 PM
  • Anyone had any luck finding out how to fix this?

    The prerequiste hotfix installed fine (although it wasnt apparent that i needed to reboot from the GUI, whereas the logs said that a reboot was required but suppressed - wish i'd known that before trying the actual install.... maybe part of the problem here)

    Running into the same problem myself :( Annoying as I wanted to get it in-place as im updating a Win7 image presently.

    Setup is:
    - SCCM site server is: Srv2008 x64
    - SCCM / FEP DB on a different server, also running Srv 2008 x64

    Dont see any entries in Add/Remove for FEP 2010 CU1 - in either normal programs list or the Updates list :(

    Any thoughts or anyone fixed it, please post, and i'll be buying you a pint :)

    Cheers
    Nath.


    Nathan H ICT Messaging & Security Development Officer - CCC (gov)

    Well, I gave it up at this point, and maybe waiting for MS FEP team to release new update to fix it. it seems three cases were reported here are identical and the servers are Windows 2008 (Non R2, either x86 or x64 platform).

    My lab server shows me that once it was installed successfully, the FEP components's installation dates got updated. hope this helps.


    Dean Chen
    • Proposed as answer by Nathan H Thursday, October 20, 2011 11:34 AM
    • Unproposed as answer by Nathan H Thursday, October 20, 2011 11:34 AM
    Thursday, August 04, 2011 5:15 PM
  • I don't know what is causing this, but I ran into it and found a work around for the issue. In my case the LDAP query in the log was resolving to a non-dc server. We added a HOST file entry to force that name to resolve to the IP of a DC and then the setup completed as expected.

    I should make note that I don't know what the long term impact of this is and I'm still trying to figure it out, but I wanted to share with the community in case it helps narrow things down.

    • Proposed as answer by tarquelatwork Thursday, October 20, 2011 11:19 AM
    • Unproposed as answer by tarquelatwork Thursday, October 20, 2011 11:33 AM
    • Proposed as answer by tarquelatwork Thursday, October 20, 2011 11:34 AM
    Thursday, September 15, 2011 2:48 AM
  • Just to mention it but in passing, i thought i'd try to point out this thread out by way of a comment on their blog post regarding the update:

    http://blogs.technet.com/b/clientsecurity/archive/2011/06/28/forefront-endpoint-protection-2010-update-rollup-1.aspx

    and for some reason, i was told (aside from contactting support) to take a look at the FEP forum..... aka what i was pointing out in the first place - a thread regarding an install issue on the forementioned forums.... talk about vicious circle :( And also the commenting has been disabled (at least for me) on that blog post. Very helpful there... (not)

    Anyhow, I'll cut out their blogs and online forums, and head straight for MS PSS i think next week - given its pretty pointless if you want any real answers.

    Will update the thread if i find out anything of use :)

    Friday, October 14, 2011 2:49 PM
  • Mike Griswold's has the answer.

    Just tried adding a HOSTS file entry like this:

    x.x.x.x  YYYYYYYYY

    where x.x.x.x is a IP address of one of your DC's and YYYYYYYYY is what is found in the log file here:

    CAQuietExec: 11:57:50.200 WqlConnectionManager connection open
    CAQuietExec: 11:57:50.341 Input SCCM bin path <SCCMINSTALLDIR>\AdminUI\bin\'
    CAQuietExec: 11:57:50.935 Computer is joined to the domain: YYYYYYYYY
    CAQuietExec: 11:57:51.044 Looking for host SCCMSERVER in LDAP://YYYYYYYYY
    CAQuietExec: 11:57:51.044 Query: (&(objectclass=computer)(objectCategory=computer)(cn=YOURSCCMSITESERVER))
    CAQuietExec: 11:57:52.544 Operation failed: The server is not operational.

    YYYYYYYYY in our case was the netbios name of the domain name (aka not in FQDN format)

    This is how it seems to have worked out for me, so hope that works the same for you if you are stuck :)

    Must be some bug in their querying / package that only shows for rare / minor cases.

    Hope it helps :)


    Nathan H ICT Messaging & Security Development Officer - CCC (gov)
    Thursday, October 20, 2011 11:34 AM
  • Mike Griswold's has the answer.

    Just tried adding a HOSTS file entry like this:

    x.x.x.x  YYYYYYYYY

    where x.x.x.x is a IP address of one of your DC's and YYYYYYYYY is what is found in the log file here:

    CAQuietExec: 11:57:50.200 WqlConnectionManager connection open
    CAQuietExec: 11:57:50.341 Input SCCM bin path <SCCMINSTALLDIR>\AdminUI\bin\'
    CAQuietExec: 11:57:50.935 Computer is joined to the domain: YYYYYYYYY
    CAQuietExec: 11:57:51.044 Looking for host SCCMSERVER in LDAP://YYYYYYYYY
    CAQuietExec: 11:57:51.044 Query: (&(objectclass=computer)(objectCategory=computer)(cn=YOURSCCMSITESERVER))
    CAQuietExec: 11:57:52.544 Operation failed: The server is not operational.

    YYYYYYYYY in our case was the netbios name of the domain name (aka not in FQDN format)

    This is how it seems to have worked out for me, so hope that works the same for you if you are stuck :)

    Must be some bug in their querying / package that only shows for rare / minor cases.

    Hope it helps :)


    Nathan H ICT Messaging & Security Development Officer - CCC (gov)

     

    I am having this same problem but I don't know what log file you are refering to..

    What log file has this info:   CAQuietExec: 11:57:51.044 Looking for host SCCMSERVER in LDAP://YYYYYYYYY ??


     

    Tuesday, November 08, 2011 9:06 PM
  • The setup log thats created when running the update I think :)

    Mine was called something like FEP2010-FEPEXT-KB2551095-x64-ENU.msp_20102011_115547.log (or one of them was) but theres a link to it right on the end page as i recall that you can load up and save out.

    EDIT: Found it... the setup and update logs are found here: C:\Users\All Users\Microsoft Forefront\Support\Server\

    I used trace32 [from the SCCM toolkit] to look through it as I remember just for readability to find that part in it, but nowt wrong with your normal notepad of choice too of course.

    Good luck :)


    Nathan H - CCC (gov)
    • Edited by Nathan H Wednesday, November 09, 2011 9:27 AM
    Wednesday, November 09, 2011 8:41 AM
  • I faced the same problem and its SOLVED yes by this step to add domain name in hosts file !!!!!
    Thursday, February 16, 2012 6:26 AM
  • MNayel, please post details
    Friday, March 02, 2012 6:20 AM
  • Hi, I attached the details of the resolution, I hope can help
    1. Check latest logs on C:\ProgramData\Microsoft
      Forefront\Support\Server
    2. Search a log file called FEP2010-FEPUX-KB2551095-x86-ENU.msp_05032012_224928.log
    3. Search into this log the following
      words:     Looking for host XXHOSTXX  In LDAP://NETBIOS_DOMAIN_NAME
    4. Check what is the NetBIOS domain
      name, not found
    5. Ping this domain NetBIOS name (the ping must not reply, or maybe the IP is wrong)
    6. Execute nslookup from command
      prompt, and resolve a local domain controller.
    7. Check this IP Address of domain
      controller.
    8. Open Notepad with Administrative
      rights
    9. Open the Host File with notepad
      (located in C:\Windows\System32\drivers\etc)
    10. Write this IP Address with NETBIOS_DOMAIN_NAME
      and save.
    11. Execute again the Update rollup FEP
      2010.
    Regards.

    Donato

    Tuesday, March 06, 2012 5:51 AM