Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Subscribers 6 subscribers
  • Views 39127 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Product installtion failed:Sophos system protection:0x80070643

ajinkya nikam

We have recently rolled out preview subscription on our 500 endpoints for enhance tamper protection.

all our 500 plus endpoint reporting update failed. SEC version 5.4.1

we have checked the acl.logs we have error --Product installtion failed:Sophos system protection:0x80070643

we further investigate windows\temp\sophossystemprotection logs for error

following are the errors 


SetupSspUserAccount: LoadAccount(SophosSSPUser) failed (error 1332)

SetupShsUserAccount: Granting permissions to user "NT SERVICE\sophossps"
MSI (s) (84:20) [04:47:16:041]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=1300000)
MSI (s) (84:20) [04:47:16:041]: Executing op: ServiceControl(,Name=sophossps,Action=1,Wait=1,)
MSI (s) (84:20) [04:51:16:283]: Product: Sophos System Protection -- Error 1920. Service 'Sophos System Protection Service' (sophossps) failed to start. Verify that you have sufficient privileges to start system services.              

log file SophosSystemProtectionSetup_170119_111714.log

 

StartService: Initialized.
StartService: Error 0x8007041d: Service rejected start request.

 

MSI (s) (84:20) [04:51:46:689]: Windows Installer reconfigured the product. Product Name: Sophos System Protection. Product Version: 1.3.1. Product Language: 1033. Manufacturer: Sophos Limited. Reconfiguration success or error status: 1603.

 

Please provide the solution for the issue



This thread was automatically locked due to age.
  • 0 in reply to QC

    Yaa sure we will test with verbos logging on.let see what we can find.

     

    We have troubleshooted yesterday and we suspect the GPO might be the cause which causing the errors.it might be preventing the services to start and stop

    but we are not sure how to confirm that which GPO might be the cause of the issue.

    Any thoughts on GPO part?

  • 0 in reply to ajinkya nikam

    Hello ajinkya nikam,

    preventing the services to start and stop
    well, it's stop and start here [;)]. Seriously, the normal SSP.log should show that (or if) the service is stopped at this point. And apparently it can be started (though only with a fresh install).

    which GPO
    funny question [:D] - seriously, for many if not most settings there's no direct mapping from a symptom to the setting. There's one difference in my updating logs I'd like to point out (not far from Action start: hh:mm:ss InstallValidate:
    RESTART MANAGER: Will attempt to shut down and restart applications in no UI modes.
    RESTART MANAGER: Detected that the service sophossps will be stopped due to a service control action authored in the package before the files are updated. So, we will not attempt to stop this service using Restart Manager

    dunno if this is significant. There's BTW a Prohibit use of Restart Manager setting in the Administrative Templates for the Installer but when set you get:
    RESTART MANAGER: Disabled by DisableAutomaticApplicationShutdown system policy; Windows Installer will use the built-in FilesInUse functionality.
    the upgrade is nevertheless successful, so this isn't the one.

    Christian 

  • 0 in reply to QC

    I wonder if the service can't notify the SCM it has started?

    In an admin command prompt can you run:

    sc sdshow SCMANAGER

    and supply the output?  It might be worth comparing the SDDL on a failing/working computer.

    Regards,

    Jak

  • 0 in reply to ajinkya nikam

    Any news on this issue?

    We have the same problem with about 120 clients since last week...

  • 0 in reply to arnold teuben

    What is the output of:

    sc sdshow SCMANAGER

    when run from an administrative command prompt from a working and non-working computer of the same OS.

  • 0 in reply to jak

    sc sdshow SCMANAGER gives the following output on 2 pc's

    not working pc:
    D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;B
    A)

    working pc:
    D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;B
    A)

  • 0

    Hi, 

    I have the same problem on my domain (~100 computers).

    Find this KB on Sophos, but does not help : https://community.sophos.com/kb/en-us/124021

    My msiexec version is 5.0.7601.23593 so higher than explain in KB...

    Try a new full protection, still the same issue...

    Did you find a solution ?

     

    Regards

  • 0 in reply to Georges BACQUE

    still the same here.
    I know the article, our msiexec has a higher version too, so that was not it.
    Removing system protection service and reinstall sophos from the console is working for us, but that's not what i want to do with 100+ pc's.
    Sophos is taking a look this afternoon. I'll keep you informed.

  • 0 in reply to arnold teuben

    Okay.

    Same for us, I delete regedit Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sophossps\Security to delete the service "sc delete sophossps" then reinstall...

    Even with GPO, it's really annoying because computer need a restart :(

    Hope Sophos will find the answer :-)

  • 0 in reply to Georges BACQUE

    can you try this?
    C:\ProgramData\Sophos\AutoUpdate\Cache\ssp>msiexec /x{1093B57D-A613-47F3-90CF-0F
    D5C5DCFFE6}

    this version seems to gives the problem with us.
    If this is removed Sophos SSP should restore itself without reboot.
    Let me know.

Unfiltered HTML