Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 13386 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fails to install SAVXP : The MSI has failed

AndrewPargeter

Hi,

I wonder if anybody has had this issue below that was taken from the Sophos Anti-Virus Major Install Log....

CAQuietExec:  Entering CAQuietExec in C:\Windows\Installer\MSI6D6D.tmp, version 3.5.2519.0
CAQuietExec:  "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_di.exe" -r "C:\Windows\TEMP\SwiRebootRequired.txt" "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_callout.inf"
CAQuietExec:  driverInstaller
CAQuietExec: 
CAQuietExec:  Installation error: The driver package is not signed.
CAQuietExec:  error:1
CAQuietExec:  Error 0x80070001: Command line returned an error.
CAQuietExec:  Error 0x80070001: CAQuietExec Failed
CustomAction SwiCalloutInstall.11DACB83_28A7_4FA6_AF5B_C006E340C101 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

This has happened on a particular server pushing out the major April update.

Everything is managed on Sophos enterprise console(v5.2.1).

it appears to be related to the web intelligence driver install with an error of ‘CAQuietExec:  Installation error: The driver package is not signed.’ And then it rolls back.

Would appreciate any advice of what maybe causing this.

Thanks

AP



This thread was automatically locked due to age.
  • 0

    Hi i have this exact same problem on a single machine, have you made any progress with this?

    Mine has gone all the way to 3rd line support at Sophos.

  • 0 in reply to RitchieScholten

    Hi Ritchie,

    3rd line support yeah? Pleased to hear somebody else has experienced this frustrating issue as thought it was just me!

    We haven't made any progress unfortunately and it is logged woth Sophos support but they have only just received the log files at this stage.

    We tried everything we could think of to get it working.

    It happened when we pushed the April update out from the console, it originally affected two servers but strangely on one it randomly installed the AV on the 26th automated attempt.

    The issue still remains though on this one particular server though.

    I seem to think it is a particular piece of software on the server stopping the AV MSI from going through.

    What did Sophos 1st & 2nd line support get you to try?

    Cheers

  • 0 in reply to AndrewPargeter

    So basically, we have ripped out the installation several times, and removed all elements from the registry and used revo to completely wipe it out.

    The we have;

    • Installed from the share
    • Deployed from the console
    • Taken SDU logs and submitted to 3rd line

    That was the last i heard, teh guy said he thought it was something to do with security certificates but didnt want to elaborate until he had checked with 3rd line.

    I have been trying this morning to disable driver signing policies locally to no avail.

    I only have this on one machine...mine. So its entirely possible its software on my machine stopping it but so far i have checked and disabled all 3rd party anti malware software. Ran as admin etc. before the April update all was fine and i keep getting clients popping up in my console with errors but a forced update from there seems to mostly clear them out.

  • 0 in reply to RitchieScholten

    We also tried to disable driver signing policies on the server but it didn't work for us either.

    We have tried to uninstall, remove all elements from the registry but haven't used revo or another product specific to clear all remaining entries of it.

    We tried installing from the share and letting the console push it back at.

    We even tried to run the MSI through admin cmd.

    It is strange because on the first server where it failed and eventually worked, it worked first time no problem on an exact same spec of that server.

    Seems like you are a lot more further along with your support call so hopefully next time 3rd line support come back to you it will be a resolution.

    Please let me know if you have any luck and I will post in here should if by some miracle I find a fix.

  • 0 in reply to AndrewPargeter

    Hi Ritchie,

    Just in case you are still having issues with AV installing or anybody else who runs into this issue.

    We have been working with the Sophos Support Development Team and found a solution to what was affecting 6 specific servers in the end.

    We have to perform the following on each affected machine....

    1. Open up the registry

    2. Navigate to '[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing]'

    3. Look for the key "State"=dword:"

    4. Modify the following key to '00023c00' if it isn't set to that already.

    5. It should then read '0x00023c00 (146432)'

    6. Reboot the machine.

    7. Run the script to perform the install once again or simply right click the Sophos client menu and update.

    This worked a treat for us on every server and Sophos claimed it was due to this....

    https://support.microsoft.com/en-us/kb/2715304

    I did point out to the Sophos development team that none of the affected servers had that particular update installed on the servers.

    The only thing in common that each of these machines have is Oracle software and we think this could have somehow corrupted the key within the registry when it was installed after AV went onto each machine at a clean OS state.

    We ran into this overall issue when the major April update came out.

Unfiltered HTML