locked
ATA Gateway Installation Failure 0x8006043 RRS feed

  • Question

  • The ATA Gateway has failed to install. I have removed all registry items for ATA GW. I have removed the directory. I have verified there is no duplicate in the ATA center. Installation fails at the end with 0x8006043. This is on a Server 2012 R2 installation that is fully updated.

    MATAGW LOG File

    [03EC:092C][2017-10-26T12:08:13]i001: Burn v3.11.0.1701, Windows v6.3 (Build 9600: Service Pack 0), path: C:\Users\User~1.ADM\AppData\Local\Temp\{2785110D-487C-446C-A6FA-48AB187730A2}\.cr\Microsoft ATA Gateway Setup.exe
    [03EC:092C][2017-10-26T12:08:13]i000: Initializing string variable 'InstallationConfigurationFilePath' to value '[WixBundleOriginalSourceFolder]\GatewayInstallationConfiguration.json'
    [03EC:092C][2017-10-26T12:08:13]i000: Initializing hidden variable 'ConsoleAccountPassword'
    [03EC:092C][2017-10-26T12:08:13]i000: Initializing hidden variable 'ManagementAuthenticationToken'
    [03EC:092C][2017-10-26T12:08:13]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value '/passive /showrmui'
    [03EC:092C][2017-10-26T12:08:13]i009: Command Line: '"-burn.clean.room=C:\Temp\Microsoft ATA Gateway Setup.exe" -burn.filehandle.attached=288 -burn.filehandle.self=296'
    [03EC:092C][2017-10-26T12:08:13]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Temp\Microsoft ATA Gateway Setup.exe'
    [03EC:092C][2017-10-26T12:08:13]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Temp\'
    [03EC:092C][2017-10-26T12:08:13]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813.log'
    [03EC:092C][2017-10-26T12:08:13]i000: Setting string variable 'WixBundleName' to value 'Microsoft Advanced Threat Analytics Gateway'
    [03EC:092C][2017-10-26T12:08:13]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'
    [03EC:092C][2017-10-26T12:08:13]i000: Loading managed bootstrapper application.
    [03EC:092C][2017-10-26T12:08:14]i000: Creating BA thread to run asynchronously.
    [03EC:092C][2017-10-26T12:08:14]i100: Detect begin, 7 packages
    [03EC:092C][2017-10-26T12:08:14]i000: 2017-10-26 16:08:14.2400 1004 1   Debug [\[]DeploymentModel[\]] DetectBegin [\[]Installed=False[\]]
    [03EC:092C][2017-10-26T12:08:14]i000: Setting string variable 'NetFrameworkRegistryValue' to value '394271'
    [03EC:092C][2017-10-26T12:08:14]i000: Setting string variable 'ServerLevelsServerCoreRegistryValue' to value '1'
    [03EC:092C][2017-10-26T12:08:14]i000: Setting string variable 'ServerLevelsServerGuiShellRegistryValue' to value '1'
    [03EC:092C][2017-10-26T12:08:14]i000: Setting numeric variable 'KB3047154Exists' to value 1
    [03EC:092C][2017-10-26T12:08:14]i052: Condition 'NetFrameworkRegistryValue >= 394254' evaluates to true.
    [03EC:092C][2017-10-26T12:08:14]i052: Condition 'NetFrameworkRegistryValue >= 394254' evaluates to true.
    [03EC:092C][2017-10-26T12:08:14]i052: Condition 'KB3047154Exists' evaluates to true.
    [03EC:092C][2017-10-26T12:08:14]i101: Detected package: NetFrameworkPackageServer, state: Present, cached: None
    [03EC:092C][2017-10-26T12:08:14]i101: Detected package: NetFrameworkPackageServerCore, state: Present, cached: None
    [03EC:092C][2017-10-26T12:08:14]i101: Detected package: KB3047154Package, state: Present, cached: Complete
    [03EC:092C][2017-10-26T12:08:14]i101: Detected package: VcRedistributable2013Package, state: Absent, cached: Complete
    [03EC:092C][2017-10-26T12:08:14]i101: Detected package: PefNdisDriver, state: Absent, cached: None
    [03EC:092C][2017-10-26T12:08:14]i101: Detected package: BundleActionsPackage, state: Absent, cached: None
    [03EC:092C][2017-10-26T12:08:14]i101: Detected package: MsiPackage, state: Absent, cached: None
    [03EC:092C][2017-10-26T12:08:14]i199: Detect complete, result: 0x0
    [03EC:03DC][2017-10-26T12:08:14]i000: 2017-10-26 16:08:14.2556 1004 5   Debug [\[]DeploymentModel[\]] [\[]DeploymentAction=Install[\]]
    [03EC:03DC][2017-10-26T12:08:14]i000: 2017-10-26 16:08:14.3494 1004 5   Debug [\[]DeploymentModel[\]] [\[]IsAfterRestartAndConfigured=False[\]]
    [03EC:03DC][2017-10-26T12:08:56]i000: 2017-10-26 16:08:56.2586 1004 5   Error [\[]DeploymentModel[\]] Failed management authentication [\[]CurrentlyLoggedOnUser=DOMAIN\User.adminStatus=FailedAuthentication Exception=[\]]
    [03EC:03DC][2017-10-26T12:08:59]i000: 2017-10-26 16:08:59.2821 1004 5   Error [\[]DeploymentModel[\]] Failed management authentication [\[]CurrentlyLoggedOnUser=DOMAIN\User.adminStatus=FailedAuthentication Exception=[\]]
    [03EC:03DC][2017-10-26T12:09:31]i000: Setting string variable 'IsConfigured' to value 'True'
    [03EC:03DC][2017-10-26T12:09:31]i000: Setting string variable 'InstallationPath' to value 'E:\Program Files\Microsoft Advanced Threat Analytics\Gateway'
    [03EC:03DC][2017-10-26T12:09:31]i000: Setting hidden variable 'ManagementAuthenticationToken'
    [03EC:03DC][2017-10-26T12:09:31]i000: Setting string variable 'BundleActionsConfiguration' to value 'ewAiAEQAZQBwAGwAbwB5AG0AZQBuAHQAQQBjAHQAaQBvAG4AIgA6ACIASQBuAHMAdABhAGwAbAAiACwAIgBJAHMARQBtAGIAZQBkAGQAZQBkAFUAbgBpAG4AcwB0AGEAbABsAGEAdABpAG8AbgAiADoAZgBhAGwAcwBlAH0A'
    [03EC:092C][2017-10-26T12:09:31]i200: Plan begin, 7 packages, action: Install
    [03EC:092C][2017-10-26T12:09:31]i052: Condition 'ServerLevelsServerCoreRegistryValue <> 1 OR ServerLevelsServerGuiShellRegistryValue = 1' evaluates to true.
    [03EC:092C][2017-10-26T12:09:31]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServer
    [03EC:092C][2017-10-26T12:09:31]i052: Condition 'ServerLevelsServerCoreRegistryValue = 1 AND ServerLevelsServerGuiShellRegistryValue <> 1' evaluates to false.
    [03EC:092C][2017-10-26T12:09:31]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServerCore
    [03EC:092C][2017-10-26T12:09:31]i052: Condition 'VersionNT64 = v6.3 AND ((NTProductType <> 2) OR (ServerLevelsServerCoreRegistryValue = 1 AND ServerLevelsServerGuiShellRegistryValue <> 1))' evaluates to true.
    [03EC:092C][2017-10-26T12:09:31]w321: Skipping dependency registration on package with no dependency providers: KB3047154Package
    [03EC:092C][2017-10-26T12:09:31]w321: Skipping dependency registration on package with no dependency providers: VcRedistributable2013Package
    [03EC:092C][2017-10-26T12:09:31]i000: Setting string variable 'WixBundleLog_VcRedistributable2013Package' to value 'C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_000_VcRedistributable2013Package.log'
    [03EC:092C][2017-10-26T12:09:31]i052: Condition 'VersionNT64 = v6.1 OR VersionNT64 = v6.2' evaluates to false.
    [03EC:092C][2017-10-26T12:09:31]w321: Skipping dependency registration on package with no dependency providers: BundleActionsPackage
    [03EC:092C][2017-10-26T12:09:31]i000: Setting string variable 'WixBundleLog_BundleActionsPackage' to value 'C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_001_BundleActionsPackage.log'
    [03EC:092C][2017-10-26T12:09:31]i000: Setting string variable 'WixBundleRollbackLog_BundleActionsPackage' to value 'C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_001_BundleActionsPackage_rollback.log'
    [03EC:092C][2017-10-26T12:09:31]i000: Setting string variable 'WixBundleRollbackLog_MsiPackage' to value 'C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_002_MsiPackage_rollback.log'
    [03EC:092C][2017-10-26T12:09:31]i000: Setting string variable 'WixBundleLog_MsiPackage' to value 'C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_002_MsiPackage.log'
    [03EC:092C][2017-10-26T12:09:31]i201: Planned package: NetFrameworkPackageServer, state: Present, default requested: Present, ba requested: Present, execute: None, rollback: None, cache: No, uncache: No, dependency: None
    [03EC:092C][2017-10-26T12:09:31]i201: Planned package: NetFrameworkPackageServerCore, state: Present, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
    [03EC:092C][2017-10-26T12:09:31]i201: Planned package: KB3047154Package, state: Present, default requested: Present, ba requested: Present, execute: None, rollback: None, cache: No, uncache: No, dependency: None
    [03EC:092C][2017-10-26T12:09:31]i201: Planned package: VcRedistributable2013Package, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: None, cache: No, uncache: No, dependency: None
    [03EC:092C][2017-10-26T12:09:31]i201: Planned package: PefNdisDriver, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
    [03EC:092C][2017-10-26T12:09:31]i201: Planned package: BundleActionsPackage, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: None
    [03EC:092C][2017-10-26T12:09:31]i201: Planned package: MsiPackage, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
    [03EC:092C][2017-10-26T12:09:31]i299: Plan complete, result: 0x0
    [03EC:092C][2017-10-26T12:09:31]i300: Apply begin
    [03EC:092C][2017-10-26T12:09:31]i010: Launching elevated engine process.
    [03EC:092C][2017-10-26T12:09:31]i011: Launched elevated engine process.
    [03EC:092C][2017-10-26T12:09:31]i012: Connected to elevated engine.
    [08C4:0994][2017-10-26T12:09:31]i358: Pausing automatic updates.
    [08C4:0994][2017-10-26T12:09:31]i359: Paused automatic updates.
    [08C4:0994][2017-10-26T12:09:31]i360: Creating a system restore point.
    [08C4:0994][2017-10-26T12:09:31]i362: System restore disabled, system restore point not created.
    [08C4:0994][2017-10-26T12:09:31]i370: Session begin, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2a723738-bd45-44b9-97c0-50917a579be5}, options: 0x7, disable resume: No
    [08C4:0994][2017-10-26T12:09:31]i000: Caching bundle from: 'C:\Users\User~1.ADM\AppData\Local\Temp\{CCECE3A8-AA17-4495-A1DD-E79CF824BD6F}\.be\Microsoft ATA Gateway Setup.exe' to: 'C:\ProgramData\Package Cache\{2a723738-bd45-44b9-97c0-50917a579be5}\Microsoft ATA Gateway Setup.exe'
    [08C4:0994][2017-10-26T12:09:31]i320: Registering bundle dependency provider: {2a723738-bd45-44b9-97c0-50917a579be5}, version: 1.8.6765.36693
    [08C4:0994][2017-10-26T12:09:31]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2a723738-bd45-44b9-97c0-50917a579be5}, resume: Active, restart initiated: No, disable resume: No
    [08C4:0A90][2017-10-26T12:09:32]i304: Verified existing payload: VcRedistributable2013Package at path: C:\ProgramData\Package Cache\8BF41BA9EEF02D30635A10433817DBB6886DA5A2\vcredist_x64.exe.
    [08C4:0A90][2017-10-26T12:09:32]e000: Error 0x80070002: Failed to find payload: BundleActionsPackage in working path: C:\Users\User~1.ADM\AppData\Local\Temp\{CCECE3A8-AA17-4495-A1DD-E79CF824BD6F}\BundleActionsPackage and unverified path: C:\ProgramData\Package Cache\.unverified\BundleActionsPackage
    [08C4:0A90][2017-10-26T12:09:32]e000: Error 0x80070002: Failed to cache payload: BundleActionsPackage
    [03EC:05F4][2017-10-26T12:09:32]e314: Failed to cache payload: BundleActionsPackage from working path: C:\Users\User~1.ADM\AppData\Local\Temp\{CCECE3A8-AA17-4495-A1DD-E79CF824BD6F}\BundleActionsPackage, error: 0x80070002.
    [03EC:05F4][2017-10-26T12:09:32]e349: Application requested retry of payload: BundleActionsPackage, encountered error: 0x80070002. Retrying...
    [08C4:0A90][2017-10-26T12:09:32]i305: Verified acquired payload: BundleActionsPackage at path: C:\ProgramData\Package Cache\.unverified\BundleActionsPackage, moving to: C:\ProgramData\Package Cache\608F6E75E8474A5ED141E4485A161DD02F752D4C\Microsoft.Tri.Gateway.Deployment.Bundle.Actions.exe.
    [08C4:0A90][2017-10-26T12:09:32]e000: Error 0x80070002: Failed to find payload: MsiPackage in working path: C:\Users\User~1.ADM\AppData\Local\Temp\{CCECE3A8-AA17-4495-A1DD-E79CF824BD6F}\MsiPackage and unverified path: C:\ProgramData\Package Cache\.unverified\MsiPackage
    [08C4:0A90][2017-10-26T12:09:32]e000: Error 0x80070002: Failed to cache payload: MsiPackage
    [03EC:05F4][2017-10-26T12:09:32]e314: Failed to cache payload: MsiPackage from working path: C:\Users\User~1.ADM\AppData\Local\Temp\{CCECE3A8-AA17-4495-A1DD-E79CF824BD6F}\MsiPackage, error: 0x80070002.
    [03EC:05F4][2017-10-26T12:09:32]e349: Application requested retry of payload: MsiPackage, encountered error: 0x80070002. Retrying...
    [08C4:0A90][2017-10-26T12:09:33]i305: Verified acquired payload: MsiPackage at path: C:\ProgramData\Package Cache\.unverified\MsiPackage, moving to: C:\ProgramData\Package Cache\{0EDCA61F-E10A-4EB3-90FB-D8810FDF2BB4}v1.8.6765.36693\Microsoft.Tri.Gateway.Deployment.Package.msi.
    [08C4:0994][2017-10-26T12:09:33]i301: Applying execute package: VcRedistributable2013Package, action: Install, path: C:\ProgramData\Package Cache\8BF41BA9EEF02D30635A10433817DBB6886DA5A2\vcredist_x64.exe, arguments: '"C:\ProgramData\Package Cache\8BF41BA9EEF02D30635A10433817DBB6886DA5A2\vcredist_x64.exe" /quiet /norestart'
    [03EC:092C][2017-10-26T12:09:34]i319: Applied execute package: VcRedistributable2013Package, result: 0x0, restart: None
    [08C4:0994][2017-10-26T12:09:34]i301: Applying execute package: BundleActionsPackage, action: Install, path: C:\ProgramData\Package Cache\608F6E75E8474A5ED141E4485A161DD02F752D4C\Microsoft.Tri.Gateway.Deployment.Bundle.Actions.exe, arguments: '"C:\ProgramData\Package Cache\608F6E75E8474A5ED141E4485A161DD02F752D4C\Microsoft.Tri.Gateway.Deployment.Bundle.Actions.exe" Configuration="ewAiAEQAZQBwAGwAbwB5AG0AZQBuAHQAQQBjAHQAaQBvAG4AIgA6ACIASQBuAHMAdABhAGwAbAAiACwAIgBJAHMARQBtAGIAZQBkAGQAZQBkAFUAbgBpAG4AcwB0AGEAbABsAGEAdABpAG8AbgAiADoAZgBhAGwAcwBlAH0A" LogPath="C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_001_BundleActionsPackage.log"'
    [03EC:092C][2017-10-26T12:09:35]i319: Applied execute package: BundleActionsPackage, result: 0x0, restart: None
    [08C4:0994][2017-10-26T12:09:35]i323: Registering package dependency provider: {0EDCA61F-E10A-4EB3-90FB-D8810FDF2BB4}, version: 1.8.6765.36693, package: MsiPackage
    [08C4:0994][2017-10-26T12:09:35]i301: Applying execute package: MsiPackage, action: Install, path: C:\ProgramData\Package Cache\{0EDCA61F-E10A-4EB3-90FB-D8810FDF2BB4}v1.8.6765.36693\Microsoft.Tri.Gateway.Deployment.Package.msi, arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7" InstalledVersion="" InstallationConfigurationFilePath="C:\Temp\\GatewayInstallationConfiguration.json" InstallationPath="E:\Program Files\Microsoft Advanced Threat Analytics\Gateway" ManagementAuthenticationToken="*****"'
    [08C4:0994][2017-10-26T12:09:57]e000: Error 0x80070643: Failed to install MSI package.
    [08C4:0994][2017-10-26T12:09:57]e000: Error 0x80070643: Failed to execute MSI package.
    [03EC:092C][2017-10-26T12:09:57]e000: Error 0x80070643: Failed to configure per-machine MSI package.
    [03EC:092C][2017-10-26T12:09:57]i000: 2017-10-26 16:09:57.8955 1004 1   Error [\[]DeploymentProgress[\]] [\[]methodName=BootstrapperApplication_ExecutePackageComplete status=-2147023293 exception=[\]]
    [03EC:092C][2017-10-26T12:09:57]i319: Applied execute package: MsiPackage, result: 0x80070643, restart: None
    [03EC:092C][2017-10-26T12:09:57]e000: Error 0x80070643: Failed to execute MSI package.
    [08C4:0994][2017-10-26T12:09:57]i318: Skipped rollback of package: MsiPackage, action: Uninstall, already: Absent
    [03EC:092C][2017-10-26T12:09:57]i319: Applied rollback package: MsiPackage, result: 0x0, restart: None
    [08C4:0994][2017-10-26T12:09:57]i329: Removed package dependency provider: {0EDCA61F-E10A-4EB3-90FB-D8810FDF2BB4}, package: MsiPackage
    [08C4:0994][2017-10-26T12:09:57]i351: Removing cached package: MsiPackage, from path: C:\ProgramData\Package Cache\{0EDCA61F-E10A-4EB3-90FB-D8810FDF2BB4}v1.8.6765.36693\
    [08C4:0994][2017-10-26T12:09:57]i301: Applying rollback package: BundleActionsPackage, action: Uninstall, path: C:\ProgramData\Package Cache\608F6E75E8474A5ED141E4485A161DD02F752D4C\Microsoft.Tri.Gateway.Deployment.Bundle.Actions.exe, arguments: '"C:\ProgramData\Package Cache\608F6E75E8474A5ED141E4485A161DD02F752D4C\Microsoft.Tri.Gateway.Deployment.Bundle.Actions.exe" IsUninstallation="True" Configuration="ewAiAEQAZQBwAGwAbwB5AG0AZQBuAHQAQQBjAHQAaQBvAG4AIgA6ACIASQBuAHMAdABhAGwAbAAiACwAIgBJAHMARQBtAGIAZQBkAGQAZQBkAFUAbgBpAG4AcwB0AGEAbABsAGEAdABpAG8AbgAiADoAZgBhAGwAcwBlAH0A" LogPath="C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_001_BundleActionsPackage.log"'
    [03EC:092C][2017-10-26T12:09:59]i319: Applied rollback package: BundleActionsPackage, result: 0x0, restart: None
    [08C4:0994][2017-10-26T12:09:59]i351: Removing cached package: BundleActionsPackage, from path: C:\ProgramData\Package Cache\608F6E75E8474A5ED141E4485A161DD02F752D4C\
    [08C4:0994][2017-10-26T12:09:59]i329: Removed package dependency provider: {A80C7085-B5D8-421B-B27D-EB0FE8335996}, package: PefNdisDriver
    [08C4:0994][2017-10-26T12:09:59]i372: Session end, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2a723738-bd45-44b9-97c0-50917a579be5}, resume: None, restart: None, disable resume: No
    [08C4:0994][2017-10-26T12:09:59]i330: Removed bundle dependency provider: {2a723738-bd45-44b9-97c0-50917a579be5}
    [08C4:0994][2017-10-26T12:09:59]i352: Removing cached bundle: {2a723738-bd45-44b9-97c0-50917a579be5}, from path: C:\ProgramData\Package Cache\{2a723738-bd45-44b9-97c0-50917a579be5}\
    [08C4:0994][2017-10-26T12:09:59]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2a723738-bd45-44b9-97c0-50917a579be5}, resume: None, restart initiated: No, disable resume: No
    [03EC:092C][2017-10-26T12:09:59]i399: Apply complete, result: 0x80070643, restart: None, ba requested restart:  No
    [03EC:03DC][2017-10-26T12:10:38]i000: 2017-10-26 16:10:38.3302 1004 5   Debug [\[]GatewayBootstrapperApplication[\]] Engine.Quit [\[]deploymentResultStatus=-2147023293 isRestartRequired=False[\]]
    [03EC:092C][2017-10-26T12:10:38]i500: Shutting down, exit code: 0x80070643
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: BundleActionsConfiguration = ewAiAEQAZQBwAGwAbwB5AG0AZQBuAHQAQQBjAHQAaQBvAG4AIgA6ACIASQBuAHMAdABhAGwAbAAiACwAIgBJAHMARQBtAGIAZQBkAGQAZQBkAFUAbgBpAG4AcwB0AGEAbABsAGEAdABpAG8AbgAiADoAZgBhAGwAcwBlAH0A
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: InstallationConfigurationFilePath = C:\Temp\\GatewayInstallationConfiguration.json
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: InstallationPath = E:\Program Files\Microsoft Advanced Threat Analytics\Gateway
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: IsConfigured = True
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: KB3047154Exists = 1
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: ManagementAuthenticationToken = *****
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: NetFrameworkCommandLineArguments = /passive /showrmui
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: NetFrameworkRegistryValue = 394271
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: NTProductType = 3
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: ServerLevelsServerCoreRegistryValue = 1
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: ServerLevelsServerGuiShellRegistryValue = 1
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: VersionNT64 = 6.3.0.0
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleAction = 5
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleElevated = 1
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleLog = C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813.log
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleLog_BundleActionsPackage = C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_001_BundleActionsPackage.log
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleLog_MsiPackage = C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_002_MsiPackage.log
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleLog_VcRedistributable2013Package = C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_000_VcRedistributable2013Package.log
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleManufacturer = Microsoft Corporation
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleName = Microsoft Advanced Threat Analytics Gateway
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleOriginalSource = C:\Temp\Microsoft ATA Gateway Setup.exe
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleOriginalSourceFolder = C:\Temp\
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleProviderKey = {2a723738-bd45-44b9-97c0-50917a579be5}
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleRollbackLog_BundleActionsPackage = C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_001_BundleActionsPackage_rollback.log
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleRollbackLog_MsiPackage = C:\Users\User~1.ADM\AppData\Local\Temp\Microsoft Advanced Threat Analytics Gateway_20171026120813_002_MsiPackage_rollback.log
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleSourceProcessFolder = C:\Temp\
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleSourceProcessPath = C:\Temp\Microsoft ATA Gateway Setup.exe
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleTag = 
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleUILevel = 4
    [03EC:092C][2017-10-26T12:10:38]i410: Variable: WixBundleVersion = 1.8.6765.36693
    [03EC:092C][2017-10-26T12:10:38]i007: Exit code: 0x80070643, restarting: No


    Thursday, October 26, 2017 4:24 PM

Answers

  • Just to update the forum for completeness:

    deleting the folder "C:\Windows\System32\Tasks\Microsoft\Windows\PLA\Microsoft ATA Gateway" resolved the issue.

    • Marked as answer by bradob34 Friday, February 15, 2019 3:29 PM
    Thursday, November 16, 2017 2:48 PM

All replies

  • We need the MsiPackage log from the temp folder to find out what happened. 

    see

    https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshooting-ata-using-logs#ata-deployment-logs

    Thursday, October 26, 2017 9:20 PM
  • The log is too long to post: 

    here are the last few lines

    === Logging stopped: 11/14/2017  15:11:03 ===
    MSI (s) (F4:1C) [15:11:03:098]: Note: 1: 1708 
    MSI (s) (F4:1C) [15:11:03:098]: Note: 1: 2205 2:  3: Error 
    MSI (s) (F4:1C) [15:11:03:098]: Note: 1: 2228 2:  3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708 
    MSI (s) (F4:1C) [15:11:03:114]: Note: 1: 2205 2:  3: Error 
    MSI (s) (F4:1C) [15:11:03:114]: Note: 1: 2228 2:  3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709 
    MSI (s) (F4:1C) [15:11:03:114]: Product: Microsoft Advanced Threat Analytics Gateway -- Installation failed.

    MSI (s) (F4:1C) [15:11:03:114]: Windows Installer installed the product. Product Name: Microsoft Advanced Threat Analytics Gateway. Product Version: 1.8.6765.36693. Product Language: 0. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

    MSI (s) (F4:1C) [15:11:03:132]: Deferring clean up of packages/files, if any exist
    MSI (s) (F4:1C) [15:11:03:132]: MainEngineThread is returning 1603
    MSI (s) (F4:F0) [15:11:03:132]: RESTART MANAGER: Session closed.
    MSI (s) (F4:F0) [15:11:03:132]: No System Restore sequence number for this installation.
    MSI (s) (F4:F0) [15:11:03:132]: User policy value 'DisableRollback' is 0
    MSI (s) (F4:F0) [15:11:03:132]: Machine policy value 'DisableRollback' is 0
    MSI (s) (F4:F0) [15:11:03:132]: Incrementing counter to disable shutdown. Counter after increment: 0
    MSI (s) (F4:F0) [15:11:03:132]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
    MSI (s) (F4:F0) [15:11:03:132]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
    MSI (s) (F4:F0) [15:11:03:132]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
    MSI (s) (F4:F0) [15:11:03:148]: Destroying RemoteAPI object.
    MSI (s) (F4:34) [15:11:03:148]: Custom Action Manager thread ending.
    MSI (c) (E0:10) [15:11:03:148]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
    MSI (c) (E0:10) [15:11:03:148]: MainEngineThread is returning 1603
    === Verbose logging stopped: 11/14/2017  15:11:03 ===

    Tuesday, November 14, 2017 8:17 PM
  • can you zip it and email it to me: atashare at microsoft com?

    refer to this thread in the email please.

    Tuesday, November 14, 2017 8:51 PM
  • I followed up w/ an email

    Thanks

    Wednesday, November 15, 2017 5:21 PM
  • Just to update the forum for completeness:

    deleting the folder "C:\Windows\System32\Tasks\Microsoft\Windows\PLA\Microsoft ATA Gateway" resolved the issue.

    • Marked as answer by bradob34 Friday, February 15, 2019 3:29 PM
    Thursday, November 16, 2017 2:48 PM
  • Really, that simple?

    deleting the file Eli suggested worked for me too. After seeing the lightweight package failing with error 0x8006043, it finally completed the installation successfully. 

    Thank you, Eli!


    Mario.

    Tuesday, November 21, 2017 10:27 PM
  • I'm also having the same issues.  Installation failed. Error code: 0x80070643

    The folder "C:\Windows\System32\Tasks\Microsoft\Windows\PLA\Microsoft ATA Gateway" did not exist for me.

    I'm attempting to install the 1.9 lightweight gateway.  Below are the errors I see in the MsiPackage log.  If needed I can supply the full file, just let me know, thanks!

    Action start 23:44:58: InstallFinalize.
    MSI (s) (E0:14) [23:44:58:637]: Executing op: ProductInfo(ProductKey={F17AF5AA-17A0-4CE6-BACF-C09732B3A296},ProductName=Microsoft Advanced Threat Analytics Gateway,PackageName=Microsoft.Tri.Gateway.Deployment.Package.msi,Language=0,Version=17374352,Assignment=1,ObsoleteArg=0,,,PackageCode={85F8F0B0-4E3B-44AC-8BF6-9C2F33AD062C},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
    MSI (s) (E0:14) [23:44:58:637]: Executing op: DialogInfo(Type=0,Argument=0)
    MSI (s) (E0:14) [23:44:58:637]: Executing op: DialogInfo(Type=1,Argument=Microsoft Advanced Threat Analytics Gateway)
    MSI (s) (E0:14) [23:44:58:637]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
    MSI (s) (E0:14) [23:44:58:637]: Executing op: SetBaseline(Baseline=0,)
    MSI (s) (E0:14) [23:44:58:637]: Executing op: SetBaseline(Baseline=1,)
    MSI (s) (E0:14) [23:44:58:637]: Executing op: ActionStart(Name=InstallFinalizeCustomAction,,)
    MSI (s) (E0:14) [23:44:58:650]: Executing op: CustomActionSchedule(Action=InstallFinalizeCustomAction,ActionType=1025,Source=BinaryData,Target=InstallFinalize,CustomActionData=InstallationConfigurationFilePath=C:\Users\user\Desktop\Microsoft ATA Gateway Setup-1.9\\GatewayInstallationConfiguration.json;InstallationPath=C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\;ManagementAuthenticationToken=AQAAANCMnd8BFdERjHoAwE_Cl-sBAAAAYpso5CnPOE-ZWcU9L1rwOgAAAAACAAAAAAAQZgAAAAEAACAAAABifHvcGyWC_oMme7ofEzUdwo0tJgzrcTf4dJ4vCcwgYgAAAAAOgAAAAAIAACAAAABOZ_TjE4mM5AkGC5DpP20CIDKFKHDH1cos0kpMfmmescAAAABrBTJuVJmp_laEpMeOpjrewbRieMMq8-yqkhRbhW0SZ2dmb7DX5ByrQcz8qgGHiCq9mc3GR7PLuvquEyLPExIZRNFb3C7wQmDmQskRds1_VG5COZyy0PXkQd-hNB8Plm5L7liJTJhboh_bYtD2P64SkroOMwsNtrqmUKwlQ9wvzqFvNVvCxFfm8kx9KpmwtIGw3IdsOXID_vu3z24kyZ2KurVP95xNZPEqSH_tcJrwEWMNUhHvDY58kbNTr5B4NZlAAAAAEU6ox8gRzcFbex7uxr_cAwmc9kpsEPCZV-5XAMFiDW6HTsmgk50LtHHNSp3GLrFFZF96TqleMw0fBRl-zf94Ag;DataCollectorSetName=Microsoft ATA Gateway;DataCollectorSetPerformanceCounterCategoryNames=Microsoft ATA Gateway;;Microsoft ATA Gatewa
    MSI (s) (E0:18) [23:44:58:650]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI72C8.tmp, Entrypoint: InstallFinalize
    SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSI72C8.tmp-\
    SFXCA: Binding to CLR version v4.0.30319
    Calling custom action Microsoft.Tri.Gateway.Deployment.Package.Actions!Microsoft.Tri.Gateway.Deployment.Package.Actions.CustomActions.InstallFinalize
    2018-12-05 04:45:02.2437 6212 1   Debug [CustomActions] InstallFinalize started
    2018-12-05 04:45:02.9625 6212 1   Debug [DataCollectorSetActions] DataCollectorSetActions Uninstall failed [exception=System.Runtime.InteropServices.COMException (0x80030002):  could not be found. (Exception from HRESULT: 0x80030002 (STG_E_FILENOTFOUND))
       at PlaLibrary.IDataCollectorSet.Query(String name, String Server)
       at Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.IsExists(String name)
       at Microsoft.Tri.Deployment.Package.Actions.DataCollectorSetActions.Uninstall(String name)]
    2018-12-05 04:45:03.0406 6212 1   Debug [DataCollectorSetActions] DataCollectorSetActions Install succeeded
    2018-12-05 04:45:33.4033 6212 1   Debug [CustomActions] CreateSelfSignedCertificate succeeded
    2018-12-05 04:46:16.4720 6212 10  Error [HttpClientExtension] Microsoft.Tri.Infrastructure.Extensions.ExtendedHttpRequestException: Response status code does not indicate success: 500 (Internal Server Error). ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 500 (Internal Server Error).
       at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
       at Microsoft.Tri.Infrastructure.Extensions.HttpClientExtension.EnsureSuccessStatusCodeExtended(HttpResponseMessage httpResponseMessage)
       --- End of inner exception stack trace ---
       at Microsoft.Tri.Infrastructure.Extensions.HttpClientExtension.EnsureSuccessStatusCodeExtended(HttpResponseMessage httpResponseMessage)
       at async Microsoft.Tri.Infrastructure.Extensions.HttpClientExtension.PostAsync[](?)
       at async Microsoft.Tri.Common.Management.ManagementClient.<>c__DisplayClass10_0.<RegisterGatewayAsync>b__0(?)
    2018-12-05 04:46:16.4720 6212 1   Debug [CustomActions] RegisterGatewayAsync failed
    CustomAction InstallFinalizeCustomAction returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (E0:14) [23:46:16:612]: Note: 1: 2265 2:  3: -2147287035 
    MSI (s) (E0:14) [23:46:16:612]: User policy value 'DisableRollback' is 0
    MSI (s) (E0:14) [23:46:16:612]: Machine policy value 'DisableRollback' is 0
    Action ended 23:46:16: InstallFinalize. Return value 3.
    MSI (s) (E0:14) [23:46:16:612]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1300544928,LangId=0,Platform=589824,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (E0:14) [23:46:16:612]: Executing op: DialogInfo(Type=0,Argument=0)
    MSI (s) (E0:14) [23:46:16:612]: Executing op: DialogInfo(Type=1,Argument=Microsoft Advanced Threat Analytics Gateway)
    MSI (s) (E0:14) [23:46:16:612]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
    MSI (s) (E0:14) [23:46:16:628]: Executing op: ActionStart(Name=InstallFinalizeCustomAction,,)
    MSI (s) (E0:14) [23:46:16:628]: Executing op: ProductInfo(ProductKey={F17AF5AA-17A0-4CE6-BACF-C09732B3A296},ProductName=Microsoft Advanced Threat Analytics Gateway,PackageName=Microsoft.Tri.Gateway.Deployment.Package.msi,Language=0,Version=17374352,Assignment=1,ObsoleteArg=0,,,PackageCode={85F8F0B0-4E3B-44AC-8BF6-9C2F33AD062C},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
    MSI (s) (E0:14) [23:46:16:628]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
    MSI (s) (E0:14) [23:46:16:628]: Error in rollback skipped. Return: 5


    Wednesday, December 5, 2018 1:06 PM
  • Check the Center log for the error that happened there at the same time.
    Wednesday, December 5, 2018 1:16 PM
  • I am getting the following error in the Center log:

    2018-12-05 04:46:16.4099 1204 40  Error [NCryptNative] [message=WebApi action failed [ActionArguments={
      "request": {
        "Certificate": {
          "RawData": "MIIC+jCCAeKgAwIBAgIQQWIolpSKD5ZCG6RqbhKHjDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApBVEFHYXRld2F5MB4XDTE4MTIwNDA0NDUwM1oXDTIwMTIwNTA0NDUwM1owFTETMBEGA1UEAwwKQVRBR2F0ZXdheTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLOVMpgQk5JE7BDycG8EpAj/9c5ZURhwlwq/o9hiIvmwbp5DxxQhWUVKzR8IE//G1bn/BEWzXy2po4NEXukQ0IPaSiAvY6F8O1ivCyuL99UiV1tPAGaSFk4fTdLtvEKvbabNJhPamFJ4KSNaT8hgufygLIMCrEaazEMmH+gsD+WUIWtXBkPAWF3IK/XKmOv3JYECfhtuler0oetjvtqyglO9NbryxV/l7/UtisZwaOOGRn8jPhCf36ZGUQeSuuaZF9eIRaHpUg2zb9qQSwnzzuBrIcFFEaNrgbS184CUjO7JCkypVwBK6tQqXFsvXYxPV6LzZCjSRuy5Ff8u1FOmhMCAwEAAaNGMEQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFJzr6MtLSuIicuTXZjvBe+jfbwX8MA4GA1UdDwEB/wQEAwIFIDANBgkqhkiG9w0BAQsFAAOCAQEAUuAH/UsyJ000u3Z/kS+K//Hez9QRilfxa6qXdRNuFgYUq00Y5rGsC9ERpR5lJO8zN0s0+R6+peI5BKK+KDrGwBhRQpKgqQmeoTKThek13rrum5H+zChb/ohJI789UxcHeOTXuOQoCBGJNoYuX1moE+6Uwh8V0IWQUBJreRa/EcaD45eVlQn8jVneUroujBjyLi8lhVpwXq/0WywScPS/ndrnU2lIhXk/qeVFJsbfsoXZ5abt7oOoPKaabg/m+2PfD3AAnY1MFxr7IFWE57qbtn5A1KOY+n8YKckCQx7K6TDOA1R5Eaj4hcG0/mnqhav0kLB863s4MDMSEqLb5cnVpg=="
        },
        "DnsName": "DC1.TEST.EDU",
        "IsDomainController": true,
        "NetbiosName": "DC1",
        "NetworkAdapters": [
          {
            "Id": "{4A90C614-C05D-4BEC-B6C3-47754E3A0A61}",
            "Name": "Ethernet",
            "State": "EnabledConnected",
            "IpAddresses": [
              "10.5.5.5"
            ]
          }
        ],
        "Version": "1.9.7312.32791"
      }
    }]] System.Security.Cryptography.CryptographicException: The parameter is incorrect.

       at System.Security.Cryptography.NCryptNative.EncryptData[T](SafeNCryptKeyHandle key, Byte[] data, T& paddingInfo, AsymmetricPaddingMode paddingMode, NCryptEncryptor`1 encryptor)
       at System.Security.Cryptography.NCryptNative.EncryptDataOaep(SafeNCryptKeyHandle key, Byte[] data, String hashAlgorithm)
       at System.Security.Cryptography.RSACng.Encrypt(Byte[] data, RSAEncryptionPadding padding)
       at Microsoft.Tri.Infrastructure.Utils.EncryptionHelper.Encrypt(Byte[] data, X509Certificate2 certificate)
       at Microsoft.Tri.Common.Utils.EncryptedPassword.ReencryptPassword(X509Certificate2 destinationCertificate)
       at Microsoft.Tri.Common.Data.Configurations.GatewayConfiguration.Update(CenterWebClientConfiguration centerWebClientConfiguration, GatewayCommonConfiguration gatewayCommonConfiguration, X509Certificate2 gatewayCertificate)
       at System.Collections.Generic.List`1.ForEach(Action`1 action)
       at async Microsoft.Tri.Center.Management.Controllers.SystemProfileController.GetGatewaySystemProfilesAsync(?)
       at async Microsoft.Tri.Center.Management.Controllers.SystemProfileController.GetGatewaySystemProfileAsync(?)
       at async Microsoft.Tri.Center.Management.Controllers.SystemProfileController.RegisterGatewaySystemProfileAsync(?)
       at async System.Threading.Tasks.TaskHelpersExtensions.CastToObject[](?)
       at async System.Web.Http.Controllers.ApiControllerActionInvoker.InvokeActionAsyncCore(?)
       at async System.Web.Http.Controllers.ActionFilterResult.ExecuteAsync(?)
       at async System.Web.Http.Filters.AuthorizationFilterAttribute.ExecuteAuthorizationFilterAsyncCore(?)
       at async System.Web.Http.Filters.AuthorizationFilterAttribute.ExecuteAuthorizationFilterAsyncCore(?)
       at async System.Web.Http.Controllers.ExceptionFilterResult.ExecuteAsync(?)


    • Edited by Bob22212 Monday, December 10, 2018 3:38 PM
    Thursday, December 6, 2018 1:05 PM
  • Check if there is an existing GW profile listed in the GW list in the console UI for this machine.

    If there is one, delete it from the portal, and then try again.

    If it still fails the same, check if we are hitting the same error again or not.

    Thursday, December 6, 2018 1:24 PM
  • I do see the gateway on the list, I deleted the gateway in the console.

    I deleted C:\Program Files\Microsoft Advanced Threat Analytics on DC1 and installed again.

    Getting the same errors in MsiPackage Log
    Getting the same errors in Microsoft.Tri.Center Log
    Thursday, December 6, 2018 2:40 PM
  • What do you mean by deleting the folder? why don't you remove it using "add remove programs' ?

    Also, I just remembered I have seen something similar in the past here:

    https://social.technet.microsoft.com/Forums/en-US/1947cf06-c302-4bbc-bb87-8a3f7a4db4ae/cant-change-url-or-certificate-errorslog-shows-cryptographicexception-the-parameter-is?forum=mata

    Can you try my suggestions from there and let me know if it helped?

    Thursday, December 6, 2018 10:25 PM