Endpoint Agent Failing on Windows Server 2003

Hello Adam,

there must be some other location in the Uninstall log with an error that mentions or near a UninstallBootDriverFromInf. This part is "just" a rollback error.

Anyway, I knew I have seen the SetupOpenInfFile() before (at least two typos in my post). Found another post and it seems that there's not really a solution apart from the mentioned Fix-It. Guess the .inf files are still there.

Christian

Hi Christian

You are correct about the UninstallBootDriverFromInf error:

Executing op: CustomActionSchedule(Action=UninstallBootDriver,ActionType=1025,Source=BinaryData,Target=UninstallBootDriverFromInf,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\SOPHOSBOOTDRIVER.INF)
MSI (s) (A0:C8) Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI334.tmp, Entrypoint: UninstallBootDriverFromInf
MSI (s) (A0:60) User policy value 'DisableRollback' is 0
MSI (s) (A0:60) Machine policy value 'DisableRollback' is 0
Action ended: InstallFinalize. Return value 3.

That file is also missing from C:\Program Files\Sophos\Sophos Anti-Virus\

The Fix-It mentioned in your other post appears to be for Windows 7, 8 and 10 so not sure if it will work on Server 2003?

Adam

"That file is also missing from C:\Program Files\Sophos\Sophos Anti-Virus\"

NB: The folder itself exists (and contains other files) but the .inf file is missing.

Hello Adam,

the .inf file is missing
in this case please copy the .inf files (from the \wxp_i386\ subdirectories) to the Program directory and try again. I'm not sure if this will resolve the issue - normally a missing file results in a different error message but who knows.

As for the Fix-It, can't say if it will refuse to install or run. Technically it doesn't matter whether a desktop or server OS. It does no harm to try - you get a prompt to select the products for which to remove the Installer information before it modifies something.

Christian

Hi Christian

I've copied the .inf files as suggested and that seems to have resolved that particular error but the uninstall process is still failing with error 1603. The only error I can find in the log files is this one (in the Uninstall log):

MSI (s) (58:E8) Note: 1: 1402 2: UNKNOWN\Products\5B3B929D6C65CC643B3A1A7A48BC8B4E\Usage 3: 6
MSI (s) (58:E8) Error in rollback skipped.    Return: 3
Info 1402.Could not open key: UNKNOWN\Products\5B3B929D6C65CC643B3A1A7A48BC8B4E\Usage.  System error 6.  Verify that you have sufficient access to that key, or contact your support personnel.

I had the same thought as you with regards to the Fix-It but it appears that the Server 2003 OS does not recognise the .diagcab extension.

Adam.

Hello Adam,

the only error
as "last time" this is the rollback error, there should be somewhere "farther up" a Return value 3 following the actual error. I know, a tedious process.

Christian

Hi Christian

We finally have success!

I'd missed a couple of .inf files when I transferred the SOPHOSBOOTDRIVER.INF earlier. After transferring these missing files the AutoUpdate routine successfully removed version 10.3.15 and installed 10.7.2.49. I just need to reboot the server tonight as the updating log (alc.log) shows a restart is now needed before a 'normal' AutoUpdate can be run.

Thank you so much for your patience and help with this, your guidance has been invaluable.

Kind regards,

Adam

Hello Adam,

good to hear it works.
a restart is now needed
not immediately, but as new components have been installed and some replaced, full functionality is only given after a reboot. A simple example: Assume there's a DLL which is loaded by certain or all processes and this DLL is replaced with a new version. Already running processes will continue to use the old one. In order to have them use the updated version you have to restart these processes. To be sure all processes are using the new version a reboot is the best option. 

You should eventually reboot but it will continue to update the 10.7.2 (if it stops updating then because 2003 has been retired). If up- and downgraded (several times in succession) endpoints that had the reboot required without a reboot in between. Very rarely I've seen the AutoUpdate refuses to upgrade to a higher version - detection data updates always work (well, perhaps not for years but definitely for months).
Thus if reboot would be a pain set it aside for now.

Christian

Hi Christian

Thanks for the explanation. An out-of-hours reboot shouldn't be an issue now but it's good to know that there is an option to postpone it if needed. It seems a slight shame to have achieved victory when support is due to end so soon but the learning process has definitely been worthwhile.

Adam

Hi Christian

I may have celebrated slightly prematurely.

I rebooted the server last night and, although AutoUpdate is working correctly, on-access scanning is now showing a status of 'Unknown' (it was working before the reboot) and the following error has appeared in the Event Log:

Failed to connect to the on-access driver (0x80070002)

I found this article but the registry keys it mentions do not exist and running the Virus Removal Tool doesn't find anything.

Sorry to bother you again but do you have any suggestions (other than uninstalling and re-installing the SAV)?

Adam