Symantec Endpoint Protection 12.1 RU4 installation or migration on Windows fails due to outdated root certificate

book

Article ID: 159244

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Migration from Symantec Endpoint Protection (SEP) 12.1 RU3 Client or older to SEP 12.1 RU4 fails on Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 due to outdated Windows root certificate. Due to the outdated root certificate signature verification for sis.dll fails and the migration attempts to roll back to the previous SEP Client version

The SEP_INST.LOG contains a "value 3" error.  The cause of the value 3 is a timeout loading SIS.dll. Following is an example of how the error will be presented in the SEP_INST.LOG.

MSI (s) (##:##) [HH:MM:SS:sss]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI24E.tmp, Entrypoint: ShowServiceProgress
ScriptGen: ShowServiceProgress() MSIRUNMODE_SCHEDULED
ScriptGen: ShowServiceProgress() calling WaitForSingleObject(scriptStarted) ...
ScriptGen: ShowServiceProgress() WaitForSingleObject(scriptStarted) returned WAIT_TIMEOUT
ScriptGen: ShowServiceProgress() Look for timeout starting SepMasterService or other failure loading SIS.dll.
ScriptGen: CancelInstallation() instructed SIS to rollback
ScriptGen: ShowServiceProgress() returning early due to previous error.
MSI (s) (##:##) [HH:MM:SS:sss]: User policy value 'DisableRollback' is 0
MSI (s) (##:##) [HH:MM:SS:sss]: Machine policy value 'DisableRollback' is 0
Action ended HH:MM:SS: InstallFinalize. Return value 3.

In the above example note the timestamps for "Invoking remote custom action" and "Action ended".  In the Windows Event Viewer Application Log you will see the following events occurring between these timestamps.

Event Type: Information
Event Source: Symantec Migration Service
Event ID: 34
Description:
The description for Event ID ( 34 ) in Source (Symantec Migration Service) cannot be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following information is part of the event: SepMasterServiceMig.

Event Type: Information
Event Source: Symantec Migration Service
Event ID: 35
Description:
The description for Event ID ( 35 ) in Source (Symantec Migration Service) cannot be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following information is part of the event: SepMasterServiceMig. 

Cause

Failure to validate signature on SIS.DLL due to outdated root certificates on operating system.

Resolution

The Root certificates must be installed.

Review the Microsoft document "How to get a Root Certificate update for Windows"  - It indicates the link where to download the “Update for Root Certificates”:
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=root%20certificate%20update > this will bring you to the Windows Update Catalog.

Note: Root update packages are cumulative. Therefore, you only need to install the latest package to receive all root certificates in the program.


Applies To

Windows Server 2003, Windows 2008, and Windows 2008 R2

Symantec Endpoint Protection Client 12.1 RU4 migration