none
UAG SP1 Fails - 1603 Error - How to identify custom endpoint policies? RRS feed

  • Question

  • Hi everyone,

    We have a UAG environment that works really well. However, I've been unable to install SP1, getting the dreaded 1603 error. This is now becoming urgent for us, as the current DA cert is expiring soon and we want to replace it with our Wildcard cert, which requires SP1. 

    From my reading over the last 6 months, it seems that the general consensus is that any Endpoint Policies which have been customised might be blocking the install.

    I believe we may still have some custom TMG rules created directly in the TMG console as well. I've removed a lot of the ones I had identified, transferring the functionality into the System Policy in TMG which I believe is the supported way of doing things. But there's still a few "PublishingRule::xxx " rules that I'm a bit sceptical of - I'm not sure if UAG has created them, or if they've been copied from UAG-created rules and then modified.

    The environment was built for us by an external consultant over a year ago. Of course, we did not receive any documentation about the solution from said consultant, so we're flying blind. I know that we have a number of customisations applied to the Endpoint Policies, but I've got no idea where they are or how to go about reverting them. We don't have any additional policies defined - IE, we have "Default Privileged Endpoint" that's been customised, as opposed to leaving the defaults alone and creating a "Company-modified Privileged Endpoint" policy.

    So my question is, how can I identify any custom endpoint policies that may be in play, or any customisations made to the default policies? Is there an easy way to do this?

    Alternatively, is there an easy way to see where/why the SP1 upgrade is failing, and address the situation that way? I've been through the logs in C:\ProgramData\Microsoft\UAG\Logs\Setup.xxyyzz.UAGsp1.log , but it's not really that informative (at least to me).

    Any help would be most graciously accepted.

    Thanks in advance,


    Matto Cairns, QLD, AUS
    • Edited by Matto-FNQ Thursday, September 29, 2011 6:51 AM
    Thursday, September 29, 2011 6:50 AM

All replies

  • It might be worth extracting the SP first, and then running it from the extracted destination; this has solved some 1603 errors for me in the past...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, September 29, 2011 8:46 AM
    Moderator
  • As Jason said in the post above, use the following steps to extract and run:

     

    1. Run the EXE of the SP1 with the parameter <UAG Update>.exe /t:C:\extracted_files\ /c

    2. Run the MSI that’s been output using the MSI parameters: <uag sp1 MSP> /l*vx ExtraVerbose.log

    Unfortunately the 1603 error is very generic......

     


    Thursday, September 29, 2011 9:07 AM
  • Thanks guys.

    Sorry for not getting back to you sooner. I'm currently scheduling in a window to have a shot at this again - will post back with the results. The UAG box is our primary remote access gateway, so we've got to do all the work out of hours.

    I appreciate the assistance.


    Matto Cairns, QLD, AUS
    Tuesday, October 4, 2011 10:46 PM
  • Hi All,

    Sorry for the delay in getting back to you about this - we had some urgent problems raise their ugly heads.

    I've re-run the MSP file as directed above, and I now have a large (26Mb) ExtraVerbose.log file. I've had a quick look through, and about the only thing I can find that looks relevant is :

     

    UAG CA (Info): Debug: Incremented reference count for id: Hybrid_Default_Upload.
    MSI (s) (58!2C) [18:08:45:167]: Closing MSIHANDLE (28329) of type 790531 for thread 7980
    MSI (s) (58!2C) [18:08:45:182]: Creating MSIHANDLE (28330) of type 790531 for thread 7980
    UAG CA (Info): Error: Caught error (will rethrow after rollback): System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
       at System.ThrowHelper.ThrowKeyNotFoundException()
       at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
       at Microsoft.UAG.Transformer.Core.PolicyConverter.ProcessTrunk(String trunkName, XmlNode trunkNode, String policySettingsNodeXPath)
       at Microsoft.UAG.Transformer.Core.PolicyConverter.ConvertData()
       at Microsoft.UAG.Transformer.Core.SchemaConversionRuntime.Run()
    MSI (s) (58!2C) [18:08:45:182]: Closing MSIHANDLE (28330) of type 790531 for thread 7980
    MSI (s) (58!2C) [18:08:45:182]: Creating MSIHANDLE (28331) of type 790531 for thread 7980
    UAG CA (Info): Info: Firing ProgressChanged event: Step: 0%, Description: 'Conversion aborted due to error, Rolling back.'.

     

    Keep in mind though, I'm not exactly sure what I should be looking for.  That's about the first mention of anything going wrong though. Is there anything particular that I should be looking for inside that file? It's certainly "Extra verbose"!!!

    Thanks again for all the help.


    Matto Cairns, QLD, AUS
    • Edited by Matto-FNQ Monday, October 31, 2011 8:27 AM
    Monday, October 31, 2011 8:27 AM