SVE Guest Agent Install fail

Hi Emineminem,

Could you please share the SVE Guest Agent installation logs. You can find the logs in user temp folder (Run -> %temp%).

Also check if you have any event entries in eventviewer for SVE?  refer the below screenshot.

Hi, there is no Sophos Folder in the event viewer.

This is the only information that I get from the txt file.

094C:11B0][2018-01-30T10:54:23]e000: Error 0x80070643: Failed to install MSI package.
[094C:11B0][2018-01-30T10:54:23]e000: Error 0x80070643: Failed to execute MSI package.
[0A40:146C][2018-01-30T10:54:23]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[0A40:146C][2018-01-30T10:54:23]i319: Applied execute package: SGVMManagementService64.msi, result: 0x80070643, restart: None
[0A40:146C][2018-01-30T10:54:23]e000: Error 0x80070643: Failed to execute MSI package.

UPDATE: I was also unable to install on another server that was using .NET Framework 4.7

So, I'm not sure that .NET Framework 4.7.1. is the problem.

Any ideas on  Error 0x80070643: Failed to install MSI package. ?

Hi Emineminem,

Can you please share the complete log or you can even DM the logs to me. Also, I would like to know the OS in which you are facing this issue.

Hello again,

thanks for your help.

I received a full explanation and fix eventually from Sophos support.

There is a known issue whereby the SSL/TLS Ciphers that we need to install the Guest Agent are missing. 

It included a Regedit.

Thank you once again..
 

Hi,

What needed to be enabled? I'm getting this issue on two of our servers.

thanks

Hi,

What needed to be enabled? I'm getting this issue on two of our servers.

thanks

Hi,

This advice worked for me.

Hello , There is a known issue whereby the SSL/TLS Ciphers that we need to install the Guest Agent are missing.  Please could you try the below procedure. To fix this:

On the Affected Machine press Windows key + R to bring up the Run dialogue box. Enter regedit to open the Registry Editor

• Go to the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
• Right click on the Functions value to Modify it
• Amend the ciphers added to the end of the current comma separated list previously: Windows 10 & Windows Server 2016 · TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Other supported Windows platform: ·         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 · Click OK and restart the machine

Don't forget to add a comma before adding the text.

Emineminem,

Thanks for posting this, I have a support ticket open with Sophos for the same issue but I'm getting zero response from them.

I want to try your fix but I don't the Functions value you mention, on any of our servers.  Am I missing something? I'd be willing to manually add the Functions value to test (can always roll back from a snaphot).

I don't think the function exists until you try and run the agent install.

Try running the agent install and see it fail. then check if the function exists.

Tried that - no joy.  I think I have other issues.

Thanks anyway!

Any luck?  I'm having the exact same issue.

I also have the same issue, tried on a couple of VM's a w2k12r2 and a w2k16 get the same issue on both.  I've had to reinstall our security VM so have to reinstall all of the agents on my guest VM's and can't get them working!

same here the functions value isn't there even after you install and wait for the installation to fail

I figured it out over here.  Maybe this will help someone. I had to do the following:

1. Log in to the appliance's console and enable SSH (this is really only for convenience)
2. I enabled SSH to start at boot (Again, just for convenience)
3. I reset the smb passwords for the sophos account and the sophospublic account.
4. Restart the appliance or restart SMB.  At this point SMB was working and I could install the .MSI
5. I went ahead and turned on guest access for the two shares.  I didn't want to sign in to them and I didn't figure they were protecting an important info.  The conf file to edit is at /etc/samba/smb.conf and I added the share definitions to the following:
   
   

   [public]
       comment = Public Share
       path = /public
       browsable = yes
       valid users = sophospublic sophos username nobody
       guest ok = yes
       guest only = yes
       guest account = nobody
       read only = yes
       directory mode = 0774
   
   [logs]
       comment = Log Share
       path = /logs
       browsable = yes
       valid users = sophos nobody
       guest ok = yes
       guest account = nobody
       guest only = yes
       read only = yes
       directory mode = 0774

If anyone has any input on why this is a horrible idea I would be open to hearing what you have to say.

sounds a right pain!

This fixed it for us with Server 2012 R2 and Exchange 2013. Thanks! As mentioned later here is the Sophos KB article about it. https://community.sophos.com/kb/en-us/126188

The difference in this article is it mentions 

 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010000  We did not have that key, but we did have 00010002 as mentioned by Emineminem, so I updated that key, rebooted and then the installer worked.