This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to uninstall Sophos Management Server SEC 5.3.1

Hi there,

I'm just having some trouble uninstalling the Sophos Management Server application on our Windows Server 2012 R2. I have been following https://community.sophos.com/kb/en-us/12360 for the uninstall process, and am getting stuck at this application. It appears to run the install, freezes for a moment and then rolls back. The domain of this server has changed recently, so the original installing account would've been from the previous domain - not sure if this could have something to do with it. 

I've tried running the installer directly with the uninstall key found in the registry (MsiExec.exe /X{E9366D3F-ED09-42D1-BAFF-1EF2E3BF8A37}), however the same issue. These events appear in the event log:

Event 8025, Sophos Management Service: There is no database connection. Management Service will be shut down.

Event 8004, Sophos Management Service: 

Initialization failed.

Step: Creating a database connection
Error: std::runtime_error
Data: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified

I gave it a crack installing the ODBC driver 11 for SQL server from https://www.microsoft.com/en-au/download/details.aspx?id=36434 but that hasn't had an effect. 

I've run the Sophos diagnostic utility in case anyone's interested in having a dig through there. If there's anything I can provide or if anyone's been a similar situation before, I'd love to hear from you! 

Cheers,

Christian



This thread was automatically locked due to age.
Parents
  • I suspect the domain change is related.

    Do you have an MSI uninstall log to check?

    I assume it's just the Sophos Management Server component that's you're having issues with removing?

    I would probably follow: https://support.microsoft.com/en-us/help/223300/how-to-enable-windows-installer-logging to ensure Window Installer is logging.

    Perform the uninstall and then harvest the uninstall log.  Feel free to link it here.

    Note: you can also use the switches to Msiexec for the uninstall:

    /L*V "C:\windows\temp\msilog.txt"


  • Hey Jak,

    Thanks for your reply. That's right it's that component I'm having trouble removing.

    I've enabled the logging and attached the msilog.txt file that was produced during uninstall: msilog.zip

    Please feel free to let me know if you have any questions!

    Cheers,

    Christian

  • MSI (s) (40:70) [13:24:15:414]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIADF8.tmp, Entrypoint: MessageQueuingExecuteUninstall
    MSI (s) (40:EC) [13:24:15:414]: Generating random cookie.
    MSI (s) (40:EC) [13:24:15:416]: Created Custom Action Server with PID 15032 (0x3AB8).
    MSI (s) (40:A4) [13:24:15:446]: Running as a service.
    MSI (s) (40:A4) [13:24:15:448]: Hello, I'm your 32bit Elevated Non-remapped custom action server.
    MessageQueuingExecuteUninstall: Entering MessageQueuingExecuteUninstall in C:\Windows\Installer\MSIADF8.tmp, version 3.5.2519.0
    MessageQueuingExecuteUninstall: Error 0x80070032: Domain SIDs not supported
    MessageQueuingExecuteUninstall: Error 0x80070032: Failed to get SID for account name
    MessageQueuingExecuteUninstall: Error 0x80070032: Failed to remove message queue permission
    MessageQueuingExecuteUninstall: Error 0x80070032: Failed to remove message queue permissions
    CustomAction MessageQueuingExecuteUninstall returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (40:14) [13:24:15:469]: Note: 1: 2265 2: 3: -2147287035
    MSI (s) (40:14) [13:24:15:469]: User policy value 'DisableRollback' is 0
    MSI (s) (40:14) [13:24:15:469]: Machine policy value 'DisableRollback' is 0
    Action ended 13:24:15: InstallExecute. Return value 3.

    Looks like the issue.  The custom action MessageQueuingExecuteUninstall is failing.

    Based on the article:

    https://community.sophos.com/kb/en-us/117710

    The issue does seem to be related to the values of the registry entries under:

    HKLM\SOFTWARE\[Wow6432node]\Sophos\EE\Management Tools\DatabaseUser

    This makes sense with the recent changes you made.

    Hopefully you can use this information to fix it up.

    If you're still struggling, I know that Microsoft Message Queueing (MSMQ) - the Windows component is added to support the Sophos Patch server side component.

    You can remove/add MSMQ as follows:

    Windows 2012

    • Open Server Manager
    • From the manage menu, click the Remove Roles and Features
    • This will open the "Remove Roles and Features" Wizard
    • Click Next until the Features option is shown
    • Scroll down and deselect the Message Queuing option and then click Next
    • Click the Remove Button to complete the removal.

    You could try removing it, if that would take the CA down a different path but I would try and fix up the registry keys to reference the account.

    Regards,

    Jak

     

     

     

  • Hey Jak,

    Thanks for your help! Thanks to that registry location you showed me, we were able to compare it to another server and create some keys with the right details. Uninstall worked perfectly straight after that.

    Greatly appreciated, cheers!

    Christian

Reply Children
No Data