SVE Guest Agent Install fail

SVE Guest Agent Install fails when Microsoft.NET Framework 4.7.1 is installed

Works OK with 4.7

Any ideas.

  • Hi Emineminem,

    Could you please share the SVE Guest Agent installation logs. You can find the logs in user temp folder (Run -> %temp%).

    Also check if you have any event entries in eventviewer for SVE?  refer the below screenshot.

  • In reply to Gowtham Mani:

    Hi, there is no Sophos Folder in the event viewer.

    This is the only information that I get from the txt file.

     

    094C:11B0][2018-01-30T10:54:23]e000: Error 0x80070643: Failed to install MSI package.
    [094C:11B0][2018-01-30T10:54:23]e000: Error 0x80070643: Failed to execute MSI package.
    [0A40:146C][2018-01-30T10:54:23]e000: Error 0x80070643: Failed to configure per-machine MSI package.
    [0A40:146C][2018-01-30T10:54:23]i319: Applied execute package: SGVMManagementService64.msi, result: 0x80070643, restart: None
    [0A40:146C][2018-01-30T10:54:23]e000: Error 0x80070643: Failed to execute MSI package.

     

     

  • In reply to Emineminem:

    UPDATE: I was also unable to install on another server that was using .NET Framework 4.7

    So, I'm not sure that .NET Framework 4.7.1. is the problem.

    Any ideas on  Error 0x80070643: Failed to install MSI package. ?

  • In reply to Emineminem:

    Hi Emineminem,

    Can you please share the complete log or you can even DM the logs to me. Also, I would like to know the OS in which you are facing this issue.

  • In reply to Gowtham Mani:

    Hello again,

    thanks for your help.

    I received a full explanation and fix eventually from Sophos support.

    There is a known issue whereby the SSL/TLS Ciphers that we need to install the Guest Agent are missing. 

    It included a Regedit.

    Thank you once again..
     

  • In reply to Emineminem:

    Hi,

    What needed to be enabled? I'm getting this issue on two of our servers.

    thanks

  • In reply to Adam Barnes:

    Hi,

    This advice worked for me.

    Hello , There is a known issue whereby the SSL/TLS Ciphers that we need to install the Guest Agent are missing.  Please could you try the below procedure. To fix this:

    On the Affected Machine press Windows key + R to bring up the Run dialogue box. Enter regedit to open the Registry Editor

    • Go to the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
    • Right click on the Functions value to Modify it
    • Amend the ciphers added to the end of the current comma separated list previously: Windows 10 & Windows Server 2016 · TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Other supported Windows platform: ·         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 · Click OK and restart the machine

    Don't forget to add a comma before adding the text.

  • In reply to Emineminem:

    Emineminem,

    Thanks for posting this, I have a support ticket open with Sophos for the same issue but I'm getting zero response from them.

    I want to try your fix but I don't the Functions value you mention, on any of our servers.  Am I missing something? I'd be willing to manually add the Functions value to test (can always roll back from a snaphot).

  • In reply to IT Manager2:

    I don't think the function exists until you try and run the agent install.

    Try running the agent install and see it fail. then check if the function exists.

  • In reply to Emineminem:

    Tried that - no joy.  I think I have other issues.

    Thanks anyway!

  • In reply to IT Manager2:

    Any luck?  I'm having the exact same issue.

  • In reply to Michael Kennedy:

    I also have the same issue, tried on a couple of VM's a w2k12r2 and a w2k16 get the same issue on both.  I've had to reinstall our security VM so have to reinstall all of the agents on my guest VM's and can't get them working!

  • In reply to IT Manager2:

    same here the functions value isn't there even after you install and wait for the installation to fail

  • In reply to fancyabrew:

    I figured it out over here.  Maybe this will help someone. I had to do the following:

    1. Log in to the appliance's console and enable SSH (this is really only for convenience)
    2. I enabled SSH to start at boot (Again, just for convenience)
    3. I reset the smb passwords for the sophos account and the sophospublic account.
    4. Restart the appliance or restart SMB.  At this point SMB was working and I could install the .MSI
    5. I went ahead and turned on guest access for the two shares.  I didn't want to sign in to them and I didn't figure they were protecting an important info.  The conf file to edit is at /etc/samba/smb.conf and I added the share definitions to the following:

      [public]
          comment = Public Share
          path = /public
          browsable = yes
          valid users = sophospublic sophos username nobody
          guest ok = yes
          guest only = yes
          guest account = nobody
          read only = yes
          directory mode = 0774
      
      [logs]
          comment = Log Share
          path = /logs
          browsable = yes
          valid users = sophos nobody
          guest ok = yes
          guest account = nobody
          guest only = yes
          read only = yes
          directory mode = 0774

    If anyone has any input on why this is a horrible idea I would be open to hearing what you have to say.

  • In reply to Michael Kennedy1:

    sounds a right pain!