You upgrade an existing Symantec Endpoint Protection (SEP) client and find there is no network connectivity after a reboot. Ipconfig shows there are no installed network adapters.The issue mainly occurs on systems where Cisco AnyConnect is or was installed.
teeferInstall.log:
ERROR: Call to installNetComponent() failed: 0x8007007e
SIS_INST.LOG:
CreateProcess Return Value: 8007007E = The specified module could not be found.
Process Monitor boot logging, similar to:
7:37:07.9571150 PM NetCfgNotifyObjectHost.exe 1804 2040 IRP_MJ_CREATE C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\drv\acnamfdbctl.dll PATH NOT FOUND
7:37:47.8109596 PM installTeefer.exe 5888 6116 IRP_MJ_CREATE C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\drv\acnamfdbctl.dll PATH NOT FOUND
7:37:47.9417175 PM installTeefer.exe 5888 5844 Process Exit SUCCESS Exit Status: -2147024770
or
7:37:07.9571150 PM NetCfgNotifyObjectHost.exe 1804 2040 IRP_MJ_CREATE C:\Windows\System32\acnamfdbctl.dll FILE NOT FOUND
7:37:47.8109596 PM installTeefer.exe 5888 6116 IRP_MJ_CREATE C:\Windows\System32\acnamfdbctl.dll FILE NOT FOUND
7:37:47.9417175 PM installTeefer.exe 5888 5844 Process Exit SUCCESS Exit Status: -2147024770
Note: A different third-party driver may be indicated by the Process Monitor logging, with a similar series of events.
setupapi.dev.log: (The following error may be present if there is an issue with Cisco AnyConnect. In some cases the error will not appear until the NIC drivers are updated or reinstalled.)
!!! ndv: Error 1460: This operation returned because the timeout period expired.
The installation and removal of the SEP Firewall driver is a complex process that is dependent on the proper functioning of Windows' network configuration interface (INetCfg). INetCfg provides methods to initialize, uninitialize, apply changes to, cancel changes to and retrieve information regarding network configuration.
When one or more libraries INetCfg depends on are either missing or corrupted, or a third-party library –e.g. acnamfdbctl.dll ("Cisco AnyConnect Network Access Manager Bind Controller")– is tied to it but missing and/or no longer properly registered, calling its methods may result in unexpected behavior and network configuration damage. Due to an issue in affected versions of Windows 10, corruption may occur when Cisco AnyConnect is upgraded.
Other than the above mentioned INetCfg-related issues, teeferInstall.exe may also fail due to registry settings, GPOs or other software hampering its execution.
Verify the following files are present in both C:\Windows\System32 and C:\Windows\SysWOW64 and not corrupted (e.g. by comparing their file hashes with known good versions on a system where you do not experience the issue):
devrtl.dll |
NetSetupApi.dll |
NetSetupEngine.dll |
NetSetupShim.dll |
nsi.dll |
tcpipcfg.dll |
winnsi.dll |
ws2_32.dll |
Note that, due to the ever-changing nature of Windows, this may not be an exhaustive list of libraries required to perform INetCfg functions. If in doubt, contact Microsoft.
Enter the following command (a blank result will be returned if teefer2 has no binding):
netcfg -b symc_teefer2
Enter the following command, which will show if the teefer2 service exists or is started:
sc query teefer2
The issue may sometimes be worked around in the following manner:
If the issue continues to persist, run CleanWipe and reinstall SEP.
Note: If the issue is related to a prior or existing install of Cisco AnyConnect, please contact Cisco technical support for assistance in confirming the issue and to obtain a tool which will fix the corruption and allow proper registration of the SEP Firewall driver. Refer to Cisco bug CSCvb59209 for details and assistance.
Let customer connect with Cisco to get the tool and run the below steps:
1. Download the SignedPurgeObjects.zip
2. Extract the contents to c:\temp
3. Launch the Admin Command prompt and execute the command:
4. C:\windows\system32> cd\temp
5. c:\temp> purgenotifyobejects.exe > output.txt
In the list output , look for anything Cisco or acnamfd and if we have it, then execute:
1. c:\temp> PurgeNotifyObjects.exe -confirmdelete
2. Reboot the device
After login, check the Network Adapter.