When you attempt to install, uninstall or upgrade a DLP Agent prior to version 15.7 it may fail with errors similar to the following observed in the installAgent.log, uninstallAgent.log or upgradeAgent.log file:

Chrome Examples

v15.1

MSI (s) (C4:20) [13:04:04:158]: Invoking remote custom action. DLL: C:\windows\Installer\MSIA342.tmp, Entrypoint: UnInstallChromeDependencies
Action start 13:04:04: UnInstallChromeDependencies.
2021-02-16 13:04:04 | InstallChromeDependencies | INFO | DoesKeyExist: Specified key not found
RemoveChromeExtension: Error getting enum value for registry key while adding into GPO, 234
InstallChromeLGPO: Error setting/deletig value for registry key while modifying GPO, 234
CustomAction UnInstallChromeDependencies returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 13:04:04: UnInstallChromeDependencies. Return value 3.
Action ended 13:04:04: INSTALL. Return value 3.

v15.5

MSI (s) (C4:20) [12:59:27:158]: Invoking remote custom action. DLL: C:\windows\Installer\MSIA342.tmp, Entrypoint: UnInstallChromeDependencies
Action start 12:59:27: UnInstallChromeDependencies.
2021-04-07 12:59:27 | InstallChromeDependencies | INFO | DoesKeyExist: Specified key not found
InstallChromeLGPO: Error opening local GPO, -2147467259
CustomAction UnInstallChromeDependencies returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 12:59:27: UnInstallChromeDependencies. Return value 3.
Action ended 12:59:27: INSTALL. Return value 3.
CustomAction  returned actual error code 1603

Office Example

FINEST  | plginst | RemoveEntriesFromCrashedAddinsList::CrashedAddins:- Get values of the keyS-1-5-18\SOFTWARE\Microsoft\Office\16\PowerPoint\Resiliency\CrashingAddinList
FINEST | plginst | InstallLGPO: Error opening local GPO, -2147467259

DLP 15.x

DLP Agent 15.7 and higher are able to continue past local GPO errors during plugin/extension installation and uninstallation. This is especially important for the installation case where we want to get around the environmental issue and let the agent provide as many of its Endpoint protection features as possible. Agents that are unable to deploy extensions due to LGPO corruption will present an alert in the Enforce console that clearly indicates any plugin/extension that is not deployed as expected so that the customer can resolve any environmental issue. See Detecting Local Group Policy corruption

You might encounter a situation where the agent doesn't complete installation when upgrading an existing agent that is prior to version 15.7, since during the upgrade the cached MSI for the current version (with the previous code design which exits when the agent is unable to enumerate the ExtensionInstallForceList key) is used to perform the uninstall portion.

Pre 15.7 Workarounds

Option 1

Temporarily set the Chrome policy "Configure the list of force-installed apps and extensions" to "Not configured" during the uninstallation or upgrade process. It can be re-enabled after upgrading to a post 15.7 agent.

Option 2

If you are already on a 15.5 MP2 agent, prior to HF22, you can use the following as a workaround to upgrade the agent to 15.7 or higher:

1. Use the patch method to get the 15.5 MP2 agent to HF22 using the patch steps from this KB: DLP Agent installation general overview
2. Upgrade to the final desired agent version, e.g. 15.7, 15.8, etc.

See also: DLP Agent Chrome and Edge browser extension management

See also: Detecting Local Group Policy corruption

See also: DLP Agent installation general overview

See also: New or Changed GPO List Processing