"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
At the end of the installation you see the following error:
Unable to install Management Server The MSI terminated unexpectedly.
Note: If you have not already done so please also read the parent article to this issue for related/similar errors to ensure this article applies: Sophos Enterprise Console...Installation Failed.
The error message shown in the 'Sophos_Server32|64msi [date] [time].log' which can be found in:
Sophos_Server32|64msi [date] [time].log'
will state that the custom action CreateCDLTask is failing. For example:
MSI (s) (1C:60) [11:05:57:670]: Executing op: ActionStart(Name=CreateCDLTask,,) MSI (s) (1C:60) [11:05:57:670]: Executing op: CustomActionSchedule(Action=CreateCDLTask,ActionType=1025,Source=BinaryData,Target=CreateScheduledTask,CustomActionData=Sophos Patch Feed;C:\Program Files\Sophos\Patch\PatchDataLoader\\PatchDataLoader.exe;;0;;true;DOMAIN\SophosDBUser;UzBwaDBaTTRuYWczTmVudA==;false) MSI (s) (1C:54) [11:05:57:686]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIDE39.tmp, Entrypoint: CreateScheduledTask CreateScheduledTask: Initialized. CreateScheduledTask: Error 0x80070569: Error encountered while creating scheduled task. CreateScheduledTask: Error 0x80070569: Failed to create scheduled task. MSI (s) (1C:60) [11:05:58:108]: User policy value 'DisableRollback' is 0 MSI (s) (1C:60) [11:05:58:108]: Machine policy value 'DisableRollback' is 0 Action ended 11:05:58: InstallFinalize. Return value 3.
First seen in
There was a failure to create the scheduled tasks required by the Sophos Patch component. This can occur for a variety of reasons. The Sophos Enterprise Console installation logs will present an error which can help to identify the cause. It may be a permissions issue or the result of a restrictive security setting.
View the Sophos_Server32|64msi [date] [time].log and search for value 3 to find the error message generated during installation. An error code will be displayed above the value 3 result which will highlight the reason for the failure shown in red above.
Sophos_Server32|64msi [date] [time].log
This failure is caused by the following policy being configured on the computer:
"Network access: Do not allow storage of passwords and credentials for network authentication"
This policy setting results in the following registry key being set to 1:
This setting must be disabled for the installation of the Enterprise Console to continue. More information on this setting can be found here: http://technet.microsoft.com/en-us/library/dd349805(WS.10).aspx#BKMK_39
This suggests that the installer is unable to connect to the Windows Task Scheduler service. Ensure that the service is started:
If the service fails to start, contact Microsoft support for further assistance.
This error code confirms that the user account selected during the installation is unable to run a scheduled task. This may be due to either a local security policy or group policy restricting the 'Log on as batch jobs' permission.
This error code means the installer is getting 'access denied' when trying to create the scheduled tasks. This may be due to incorrect permissions on the tasks folder itself. It can also be caused by a local security policy or group policy restricting the creation of scheduled tasks.
In the event that the security tab of the folder properties cannot be accessed, the following Microsoft tool can be used to apply the required permissions: SubInACL - http://www.microsoft.com/en-gb/download/details.aspx?id=23510. For assistance with this tool, see the Microsoft knowledge base.
Disable New Task Creation
For more information see: http://technet.microsoft.com/library/Cc940083
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.