Upgrade from 5.5.1 to 5.5.2 fails

Hi folks,

today i've tried updating Enterprise Console from 5.5.1 to 5.5.2.

 

At first i've upgraded the databases on our cluster, with no errors.

 

After that i've started the SEC-Setup an it fails when trying to install server64.msi. MSI-Log tells the following error:

Action ended 14:45:09: FormatInteger. Return value 1.
MSI (s) (BC:B4) [14:45:09:101]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2429.tmp, Entrypoint: DeobfuscatePassword
Action start 14:45:09: DeobfuscatePassword.
DeobfuscatePassword:  Initialized.
DeobfuscatePassword:  Deobfuscating: REGISTRYSERVERPASSWORD to SERVER_USERNAMEPASSWORD
DeobfuscatePassword:  Deobfuscation skipped: REGISTRYSUMPASSWORD to SUM_USERNAMEPASSWORD
MSI (s) (BC:00) [14:45:09:148]: Doing action: SetServerUserNamePasswordFromCommandLineValue
Action ended 14:45:09: DeobfuscatePassword. Return value 1.
Action start 14:45:09: SetServerUserNamePasswordFromCommandLineValue.
MSI (s) (BC:00) [14:45:09:148]: Doing action: SetServerUserNameDomainFromCommandLineValue
Action ended 14:45:09: SetServerUserNamePasswordFromCommandLineValue. Return value 1.
Action start 14:45:09: SetServerUserNameDomainFromCommandLineValue.
MSI (s) (BC:00) [14:45:09:148]: Doing action: SetServerUserNameFromCommandLineValue
Action ended 14:45:09: SetServerUserNameDomainFromCommandLineValue. Return value 1.
Action start 14:45:09: SetServerUserNameFromCommandLineValue.
MSI (s) (BC:00) [14:45:09:148]: Skipping action: CredStore.GetDBCredentials (condition is false)
MSI (s) (BC:00) [14:45:09:148]: Skipping action: SetSUMUserNamePasswordFromCommandLineValue (condition is false)
MSI (s) (BC:00) [14:45:09:148]: Skipping action: SetSUMUserNameFromCommandLineValue (condition is false)
MSI (s) (BC:00) [14:45:09:148]: Doing action: CredStore.GetSUMCredentials
Action ended 14:45:09: SetServerUserNameFromCommandLineValue. Return value 1.
MSI (s) (BC:00) [14:45:09:163]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2459.tmp, Entrypoint: GetSumCredentialsFromCredStore
Action start 14:45:09: CredStore.GetSUMCredentials.
GetSumCredentialsFromCredStore:  Initialized.
GetSumCredentialsFromCredStore:  GetUsername operation results: 80131577
GetSumCredentialsFromCredStore:  Error 0x80131577: Failed to get username
CustomAction CredStore.GetSUMCredentials returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 14:45:09: CredStore.GetSUMCredentials. Return value 3.
Action ended 14:45:09: INSTALL. Return value 3.

 

Anyone else facing the same problem or has any clue to solve this issue?

 

Best regards,

 

R. Gorek

  • Hello R. Gorek,

    is the Sophos Credential Store service installed and running? If so, there should be an associated log in %ProgramData%\Sophos\Credential Store\.

    Christian

  • In reply to QC:

    Heres the content from the log (XXXX is my admin-account):

     

    Logging Started 5180 2020-03-05@14-42-13-184
    2020-03-05 14:42:13.934 [INF] Service is starting...
    2020-03-05 14:42:13.950 [INF] Check that DP API is functioning correctly
    2020-03-05 14:42:13.981 [INF] DP API check succeeeded
    2020-03-05 14:42:13.981 [INF] Service has started
    2020-03-05 14:42:21.512 [INF] Read credential from store
    2020-03-05 14:42:21.512 [INF] 0 credential(s) found
    2020-03-05 14:42:21.528 [INF] Query store: 'Sophos Policy Evaluation Tool' - '2.2.3'
    2020-03-05 14:42:21.544 [INF] Get user name: 'SEC.DBUser' by 'NT-AUTORITÄT\SYSTEM'
    2020-03-05 14:42:21.544 [WAR] Credential not found: 'SEC.DBUser'
    2020-03-05 14:42:21.559 [INF] Query store: 'Sophos Policy Evaluation Tool' - '2.2.3'
    2020-03-05 14:42:21.559 [INF] Get user name: 'SEC.DBUser' by 'NT-AUTORITÄT\SYSTEM'
    2020-03-05 14:42:21.559 [WAR] Credential not found: 'SEC.DBUser'
    2020-03-05 14:42:21.575 [INF] Query store: 'Sophos Policy Evaluation Tool' - '2.2.3'
    2020-03-05 14:42:21.575 [INF] Get password: 'SEC.DBUser' by 'NT-AUTORITÄT\SYSTEM'
    2020-03-05 14:42:21.575 [WAR] Credential not found: 'SEC.DBUser'
    2020-03-05 14:43:32.800 [INF] Query store: 'SEC.Bootstrapper' - '5.5.2'
    2020-03-05 14:43:32.800 [INF] Get user name: 'SEC.DBUser' by 'xxxxxx'
    2020-03-05 14:43:32.800 [WAR] Credential not found: 'SEC.DBUser'
    2020-03-05 14:43:32.832 [INF] Query store: 'SEC.Bootstrapper' - '5.5.2'
    2020-03-05 14:43:32.847 [INF] Get password: 'SEC.DBUser' by 'xxxxxxx'
    2020-03-05 14:43:32.847 [WAR] Credential not found: 'SEC.DBUser'
    2020-03-05 14:45:09.226 [INF] Query store: 'SEC.ServerCA' - '5.5.2'
    2020-03-05 14:45:09.226 [INF] Get user name: 'SEC.SUMUser' by 'xxxxxx'
    2020-03-05 14:45:09.226 [WAR] Credential not found: 'SEC.SUMUser'
    2020-03-05 15:30:20.485 [INF] Query store: 'SEC.Bootstrapper' - '5.5.2'
    2020-03-05 15:30:20.501 [INF] Get user name: 'SEC.DBUser' by 'xxxxxx'
    2020-03-05 15:30:20.501 [WAR] Credential not found: 'SEC.DBUser'
    2020-03-05 15:30:20.532 [INF] Query store: 'SEC.Bootstrapper' - '5.5.2'
    2020-03-05 15:30:20.532 [INF] Get password: 'SEC.DBUser' by 'xxxxxx'
    2020-03-05 15:30:20.532 [WAR] Credential not found: 'SEC.DBUser'

  • In reply to Gorek:

    Hello R.Gorek,

    did I say this is new stuff?
    The line
    DeobfuscatePassword:  Deobfuscation skipped: REGISTRYSUMPASSWORD to SUM_USERNAMEPASSWORD
    is suspect, it shouldn't say skipped. Can't say why it did this. I assume with REGISTRYSUMPASSWORD it's referring to the value SumUserData in HKLM\SOFTWARE\Wow6432Node\Sophos\EE\Management Tools\.
    I think the logic in the MSI try to obtain the password from the registry as it existed pre-552, if there is none it tries the Credential Store. If the Server64msi has already been run successfully the credentials have been moved. But in your case this was the first run of the Server64msi, wasn't it?

    Christian

  • In reply to QC:

    Yes, it was the first run.

     

    I've checked the registry path you mentioned and the credentials there look valid, but are different from the credentials with wich i want to perform the upgrade.

     

    Maybe i try the upgrade with that user?

  • In reply to QC:

    Okay, installation with an other user has the same effect.

     

    Is unistalling the credential store an option?

  • In reply to Gorek:

    Hello R.Gorek,

    different from the credentials with wich i want to perform the upgrade
    ??? These should be the credentials (the password is obfuscated) for the SUM account, the account in the updating policies. Anyway, thinking about it - has 5.5.1 already been uninstalled? I.e. is the Sophos Management Server still in Programs and Features? I assume at least the Console is still there (with version 5.5.1). If the Management Server is not there re-run setup.exe, it will upgrade the console (at least that's what I've written yesterday) and with the next run it'll let you select the Management Server - it might then prompt you for the credentials.

    Christian

  • In reply to QC:

    Nope, 5.5.1 ist still there. Under programs and features i find the Management Console and the Server with version 5.5.1.

  • In reply to Gorek:

    Hello R.Gorek,

    didn't see this one before I replied.
    setup.exe will likely reinstall the Credential Store if you uninstall it but I think it's working as it should. So 5.5.1 is still there but Deobfuscation skips the SUM credentials .... hm ... I think only Support/Dev can tell what this signifies. The only idea I have is to follow the How to change ... article (don't actually change the password, of course use the one configured in the policies) in the hope it will then pick up the credentials.

    Christian

  • In reply to QC:

    Hi Christian,

     

    i've already tried that, but it didn't make a change.

     

    I will escalate it to the Sophos Support now and give feedback when they find a solution.

     

    Greets,

     

    Robby

  • In reply to Gorek:

    Hello Robby,

    i've already tried that
    I'll aim to be more creative next time ;). As it stubbornly refuses to play nice and 5.5.1 is working it's better to wait what Support has to say. I'm curious about the cause.

    Christian,

  • In reply to Gorek:

    Hi  

    Could you please PM me the case details you have registered with Support? 

  • In reply to QC:

    I also tried to upgrade from 5.5.1. to 5.5.2 and i get exactly the same error.

     

    GetSumCredentialsFromCredStore: No Sophos Credential Store Service found: 80070005
    GetSumCredentialsFromCredStore: Error 0x80004005: Failed to get username
    CustomAction CredStore.GetSUMCredentials returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    Action ended 16:19:05: CredStore.GetSUMCredentials. Return value 3.

     

    ogging Started 3020 2020-03-05@16-19-00-902
    2020-03-05 16:19:01.011 [INF] Service is starting...
    2020-03-05 16:19:01.027 [INF] Check that DP API is functioning correctly
    2020-03-05 16:19:01.058 [INF] DP API check succeeeded
    2020-03-05 16:19:01.058 [INF] Service has started
    2020-03-05 17:11:27.585 [INF] Read credential from store
    2020-03-05 17:11:27.585 [INF] 0 credential(s) found
    2020-03-05 17:11:27.585 [INF] Query store: 'Sophos Policy Evaluation Tool' - '2.2.3'
    2020-03-05 17:11:27.601 [INF] Get user name: 'SEC.DBUser' by 'NT AUTHORITY\SYSTEM'
    2020-03-05 17:11:27.601 [WAR] Credential not found: 'SEC.DBUser'

  • In reply to Eren777:

    Hello Eren777,

    i get exactly the same error
    I beg to differ Wink  a little bit- at least it's not exactly - but you're probably right regarding the precondition. Gorek posted
    Action start 14:45:09: CredStore.GetSUMCredentials.
    GetSumCredentialsFromCredStore:  Initialized.
    GetSumCredentialsFromCredStore:  GetUsername operation results: 80131577
    GetSumCredentialsFromCredStore:  Error 0x80131577: Failed to get username
    whereas in your case it's
    GetSumCredentialsFromCredStore: No Sophos Credential Store Service found: 80070005
    GetSumCredentialsFromCredStore: Error 0x80004005: Failed to get username

    While the consequence is the same in the former case the service could be contacted but the credentials were not yet available. This is actually not an error as they are initially stored when 5.5.2 has been installed. The issue is that the installer failed to load them from the registry.
    In your case the installer fails to contact the service - somewhat surprising as it is apparently running. IIRC (can't check my logs right now) the installer should fetch the credentials from the registry and not try to contact the service. This path should only be taken after Server 5.5.2 has been installed and setup.exe is re-run (for whatever reason). You didn't post the part from Server64msi.log that precedes the error - did you get the same Deobfuscation skipped? I assume you've already retried, haven't you? If so, please contact Support. BTW - is your database on the default  local instance?

    Christian

  • In reply to QC:

    Hi Christian,

     

    SI (s) (68:60) [16:19:05:246]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA28D.tmp, Entrypoint: FormatInteger
    Action start 16:19:05: FormatInteger.
    MSI (s) (68!24) [16:19:05:277]: PROPERTY CHANGE: Modifying SERVER_FEEDBACKENABLED property. Its current value is '#0'. Its new value: '0'.
    FormatInteger: Initialized.
    MSI (s) (68:B8) [16:19:05:277]: Doing action: DeobfuscatePassword
    Action ended 16:19:05: FormatInteger. Return value 1.
    MSI (s) (68:C8) [16:19:05:277]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA2AD.tmp, Entrypoint: DeobfuscatePassword
    Action start 16:19:05: DeobfuscatePassword.
    DeobfuscatePassword: Initialized.
    DeobfuscatePassword: Deobfuscating: REGISTRYSERVERPASSWORD to SERVER_USERNAMEPASSWORD
    DeobfuscatePassword: Deobfuscation skipped: REGISTRYSUMPASSWORD to SUM_USERNAMEPASSWORD
    MSI (s) (68:B8) [16:19:05:308]: Doing action: SetServerUserNamePasswordFromCommandLineValue
    Action ended 16:19:05: DeobfuscatePassword. Return value 1.

     

    MSI (s) (68:B8) [16:19:05:464]: Note: 1: 1708
    MSI (s) (68:B8) [16:19:05:464]: Product: Sophos Management Server -- Installation failed.

    MSI (s) (68:B8) [16:19:05:464]: Windows Installer installed the product. Product Name: Sophos Management Server. Product Version: 5.5.2. Product Language: 1033. Manufacturer: Sophos Limited. Installation success or error status: 1603.

    MSI (s) (68:B8) [16:19:05:480]: Deferring clean up of packages/files, if any exist
    MSI (s) (68:B8) [16:19:05:480]: MainEngineThread is returning 1603
    MSI (s) (68:2C) [16:19:05:480]: No System Restore sequence number for this installation.

     

    I already tried to reinstall , but than i get the error "Installer has detected different versions of the components installed"

    The Database is on the default local instance.

    I already contacted the support.

  • In reply to Eren777:

    Hello Eren777,

    different versions
    expected for a local database as it has already been upgraded. So no use to retry.

    Can you still use and work with5.5.1, are you able to open the console? Guess you don't want SEC to be unavailable while you're waiting for a reply.

    Christian