Unable to install the Endpoint agent on Windows 10; error "OpenSCManager failed: Access is denied".
search cancel

Unable to install the Endpoint agent on Windows 10; error "OpenSCManager failed: Access is denied".

book

Article ID: 163301

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

When you try to install the DLP Endpoint agent on Windows 10, the install fails with the error "OpenSCManager failed: Access is denied."

The installer fails and displays the error "OpenSCManager failed: Access is denied."  Looking in the installagent.log file, you see the following lines:


MSI (s) (C0:5C) [11:52:23:685]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI8620.tmp, Entrypoint: PreInstallCleanup
Action start 11:52:23: PreInstallCleanup.
PreInstallCleanup(): strAgentSvcName: EDPA, strWDSvcName: WDP
2016-05-27 11:52:23 | PreInstallCleanup | WARNING | FindAndRemoveAgentService(): OpenSCManager failed: Access is denied.
2016-05-27 11:52:23 | PreInstallCleanup | WARNING | FindAndRemoveAgentService(): OpenSCManager failed: Access is denied.
MSI (s) (C0!08) [11:52:23:810]: Product: AgentInstall64 -- 2016-05-27 11:52:23 | PreInstallCleanup | SEVERE | FindAndRemoveDriver(): OpenSCManager failed: Access is denied.

2016-05-27 11:52:23 | PreInstallCleanup | SEVERE | FindAndRemoveDriver(): OpenSCManager failed: Access is denied.
MSI (s) (C0!08) [11:52:23:810]: Product: AgentInstall64 -- 2016-05-27 11:52:23 | PreInstallCleanup | SEVERE | FindAndRemoveDriver(): OpenSCManager failed: Access is denied.

2016-05-27 11:52:23 | PreInstallCleanup | SEVERE | FindAndRemoveDriver(): OpenSCManager failed: Access is denied.
CustomAction PreInstallCleanup returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 11:52:23: PreInstallCleanup. Return value 3.
Action ended 11:52:23: INSTALL. Return value 3.

<snip>

MSI (s) (C0:98) [11:52:23:841]: Note: 1: 1708
MSI (s) (C0:98) [11:52:23:857]: Product: AgentInstall64 -- Installation operation failed.

MSI (s) (C0:98) [11:52:23:857]: Windows Installer installed the product. Product Name: AgentInstall64. Product Version: 14.0.2000.01056. Product Language: 1033. Manufacturer: Symantec Corp.. Installation success or error status: 1603.

MSI (s) (C0:98) [11:52:23:872]: Deferring clean up of packages/files, if any exist
MSI (s) (C0:98) [11:52:23:872]: MainEngineThread is returning 1603
MSI (s) (C0:E8) [11:52:23:872]: RESTART MANAGER: Session closed.
MSI (s) (C0:E8) [11:52:23:872]: No System Restore sequence number for this installation.
=== Logging stopped: 5/27/2016  11:52:23 ===
MSI (s) (C0:E8) [11:52:23:872]: User policy value 'DisableRollback' is 0
MSI (s) (C0:E8) [11:52:23:872]: Machine policy value 'DisableRollback' is 0
MSI (s) (C0:E8) [11:52:23:872]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C0:E8) [11:52:23:872]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C0:E8) [11:52:23:872]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C0:E8) [11:52:23:872]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (s) (C0:E8) [11:52:23:872]: Destroying RemoteAPI object.
MSI (s) (C0:D0) [11:52:23:872]: Custom Action Manager thread ending.
MSI (c) (50:50) [11:52:23:872]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (50:50) [11:52:23:872]: MainEngineThread is returning 1603

Environment

Originally seen in legacy DLP versions, but could still occur if privileges are not .

Cause

In Windows 10, only the process that's directly invoked gains elevated privileges. That is, only the app that you right click and choose "run as administrator" gains elevated privileges. Right clicking on install_agent.bat and running as admin causes the .bat file to run as an administrator. But when it calls msiexec to run the install, msiexec is run with user privilege, rather than the administrator.

Resolution

Run the command prompt as administrator, navigate to the install files and run install_agent.bat through the command prompt.

  1. In the Search/Cortana bar, type cmd to access the Command Prompt app.
  2. Right click on the app and choose "Run as administrator". This action prompts you for an administrator user name and password. The account that is used here must have local admin privileges. The command prompt then opens.
  3. Check Task Manager and confirm cmd.exe is running as that account you specified (Task Manager -> More Details -> Details Tab -> cmd.exe -> check the User name shown). Leave the Task Manager open to this page.
  4. In the command prompt, navigate to the install files.
  5. Once you've navigated to that directory, run install_agent.bat. The install GUI opens.
  6. Leave it open, but don't click "Next" or anything else.
  7. Go back to the Task Manager page and locate the copies of msiexec.exe that are running. You are likely to see three or more instances of msiexec.exe. Only one should show a user, and that user should be the same one we saw in step 2.
  8. Click through the installer like normal.
Powered by Wolken Software