Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 8621 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Network Threat Protection Fails to install service

Kevin R

When installing Sophos Endpoint it fails at the end when trying to install Network Threat Protection. I checked the log and see an error "WixQuitExec64: failed. Error code: 0x800f0203. I have checked what I can from previous posts but have been unable to get past this. Any ideas? 



This thread was automatically locked due to age.
Parents
  • 0

    Check if you see specific error codes such as error 1721, 1612, 1920, etc. in the most recent Sophos NTP Install logs in %localappdata%\Temp (or C:\Windows\Temp).

    What is the OS of this machine? IS this Sophos Central Endpoint or the on-premise version?

    Please check out the recommendations in this article: https://sophos.com/kb/126957

  • 0 in reply to DianneY

    The unit is running Windows 7 Embedded Standard and it is Sophos Central and the error code returned is 1603.

  • 0 in reply to Kevin R

    I tried to update C++ and C++ 2013 and it didn't resolve the issue. 

  • 0 in reply to Kevin R

    Does the NTP install log show any other error codes? 1603 is very generic.

    Also, is the BFE service (Base Filtering Engine) service started/running on this machine?

  • 0 in reply to DianneY

    I get a few other errors and yes the BFE is running.

     

    SchedSecureObjectsRollback:  Failed to store ACL rollback information with error 0x80070424 - continuing

    MSI (s) (04:54) [10:36:36:331]: Executing op: ServiceInstall(Name=SntpService,DisplayName=Sophos Network Threat Protection,ImagePath="C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe",ServiceType=16,StartType=2,ErrorControl=32769,,Dependencies=bfe[~]rpcss[~]sntp[~][~][~],,StartName=NT AUTHORITY\LocalService,Password=**********,Description=Detects network-based threats.,,)

    WixQuietExec64:  ..failed. Error code: 0x800f0203.

    WixQuietExec64:  Error 0x80070203: Command line returned an error.

    WixQuietExec64:  Error 0x80070203: QuietExec64 Failed

    WixQuietExec64:  Error 0x80070203: Failed in ExecCommon method

    DIFXAPP: ERROR:  Unable to revert to a previous driver store for service 'sntp'.

    DIFXAPP: ERROR:  Will attempt to uninstall the driver.

    DIFXAPP: ERROR: Rollback failed with error 0x2

    CustomAction MsiRollbackInstall returned actual error code 1603 but will be translated to success due to continue marking

     

Reply
  • 0 in reply to DianneY

    I get a few other errors and yes the BFE is running.

     

    SchedSecureObjectsRollback:  Failed to store ACL rollback information with error 0x80070424 - continuing

    MSI (s) (04:54) [10:36:36:331]: Executing op: ServiceInstall(Name=SntpService,DisplayName=Sophos Network Threat Protection,ImagePath="C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe",ServiceType=16,StartType=2,ErrorControl=32769,,Dependencies=bfe[~]rpcss[~]sntp[~][~][~],,StartName=NT AUTHORITY\LocalService,Password=**********,Description=Detects network-based threats.,,)

    WixQuietExec64:  ..failed. Error code: 0x800f0203.

    WixQuietExec64:  Error 0x80070203: Command line returned an error.

    WixQuietExec64:  Error 0x80070203: QuietExec64 Failed

    WixQuietExec64:  Error 0x80070203: Failed in ExecCommon method

    DIFXAPP: ERROR:  Unable to revert to a previous driver store for service 'sntp'.

    DIFXAPP: ERROR:  Will attempt to uninstall the driver.

    DIFXAPP: ERROR: Rollback failed with error 0x2

    CustomAction MsiRollbackInstall returned actual error code 1603 but will be translated to success due to continue marking

     

Children
  • 0 in reply to Kevin R

    Initially this started out a legacy issue with Microsoft Security Center. It was not installed but there were traces of it in the registry and a couple of files. The files and a few registry keys were locked but I was finally able to remove them. I had 4 units having this issue and when I cleaned up the registry and removed the two files, two of the units came online with all services running. I still have two units, this being one of them where that didn't work.

  • 0 in reply to Kevin R

    From what I've seen with related issues, sometimes the C++ redist runtime file has issues. Replacing the file may help, can you please see if this works:

    1. Rename the existing msvcr120.dll file located under C:\Windows\System32\
    2. Copy the msvcr120.dll file from C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ntp64\System\ to C:\Windows\System32\ 
    3. Reboot the machine.
    4. Try installing Sophos again

    If the issue persists, please raise a Support case for further assistance on this. The whole SDU log bundle may be reviewed further, and maybe a Process Monitor log of the install process would need to be looked at by Support as well.

Unfiltered HTML