"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
00000067 is a generic error code returned when a component or sub-component has failed to install.
It is not possible to identify the cause (and therefore the resolution) directly from this error code. This error code signifies that something has gone wrong but determining the cause requires further investigation.
This article provides you with a series of troubleshooting steps which will help you to identify the specific errors and ultimately a cause of the problem.
After installing, upgrading or updating one or more components of Sophos Endpoint Security and Control you see any of the following errors:
00000067 The MSI has failed.
This error code can be shown in the console or locally on the endpoint computer.
Important: It is not possible to identify the cause (and therefore the resolution) directly from this error code. This error code signifies that something has gone wrong but determining the cause requires further investigation. There will be more information recorded in the installation logs that will allow further troubleshooting. The steps below will help you identify the specific errors and ultimately a cause of the problem.
First seen on Sophos Endpoint Security and Control
This is a generic error code returned when a component or sub-component has failed to install.
You can attempt to identify the problem yourself or run the Sophos Diagnostic Utility on the computer reporting the error then open a support ticket and attach the output file. To troubleshoot the issue yourself follow the steps below.
You need to check the installation logs and locate a more precise error, then search the knowledgebase for that code/error/phrase.
The installation logs are located in either the Windows temporary folder or the temporary folder of the user account that was used to install the software.
Note: When protecting an endpoint computer from the console some installation logs are saved under the temporary folder for the Windows account used in the Protect computers wizard.
The relevant log will depend on the failed component. For example if the Sophos Anti-Virus Component failed then you will need to look for the log titled 'Sophos Anti-Virus Install Log_yyyymmdd_hhmmss.txt'. If you are not sure which component failed then you will need to check each of the install log files. The below lists some of the common install log file names:
Further information on endpoint generated log files can be found in article 43391 Details of server component logs can be found in article 116523
If you have local access to the endpoint computer, or can log onto to the computer remotely the folders to check are:
If you are unable to log on to the computer locally or use Remote Desktop you can still access the installation logs of an endpoint by browsing through the C$ share ('C dollar share') if set up - this hidden share is normally accessible by all domain administrators. If you have a Workgroup ('peer to peer') network you may not have the share set up.
To access the local folders of an endpoint computer:
Full MSI logs always have the line 'Product: [SophosProduct] -- Installation completed successfully.' or 'Product: [SophosProduct] -- Installation failed.' near the bottom. Examples:
MSI (s) (7C:D0) [TIME]: Product: Sophos Patch Agent -- Installation operation failed.
Note: Use Windows Notepad.exe or a similar text editor to open the file.
If the message shown at the bottom does not show success and the log is recent you have the correct file to troubleshoot further...
return value 3
That phrase will appear at the end of the 'section' that failed. Hence you then have to look at the lines just above the error and see what is recorded - maybe several lines depending on what the installer was trying to do. Some of our installers have 'custom actions' (like the Sophos Anti-Virus.msi installer) and hence checking the corresponding custom action log (the log file name will mention the phrase 'CustomActions Log') is also useful and may show the best error and/or highlight the problem.
If you find another error phrase or code you can search the knowledgebase for that error. If you do not find any information you can contact Sophos Technical Support for further advice.
When checking log files that are not generated by the Microsoft Installer program it generally takes experience in reading the particular log files so you understand what to look for. Generally you can check for the first mentions of the phrases 'fail', 'failed', 'error' or ' E ' (with spaces before and after the letter).
If you cannot locate a more precise error run the Sophos Diagnostic Utility on the endpoint computer and forward to Sophos Technical Support.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.