ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endpoint Protection clients may become self-managed after AutoUpgrade if MSI file missing from system

book

Article ID: 212696

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Upgrading Symantec Endpoint Protection (SEP) clients via Auto upgrade when the SEP MSI file is missing from c:\windows\installer may result in the SEP client becoming unmanaged.

Cause

It is not recommended to delete the MSI file, but there may be instances where the file ends up being removed.  In these situations, upgrading using the default auto upgrade settings will result in the client becoming self managed.

This occurs because the during the MSI portion of the upgrade during the upgrade process the SEP installer needs to open and read the cached MSI file in C:\Windows\installer in order to do the following:

  • Build a table of files to remove
  • Build a table of files to migrate

If this file is missing the upgrade process cannot build these tables and the upgrade defaults to using the unmanaged sylink.xml contained in the Auto upgrade package.

NOTE: The client package that is downloaded from the SEPM contains an unmanaged sylink.xml as the upgrade will use the current sylink.xml on the client.

Environment

Release : 14.x 

Component :AutoUpgrade

Resolution

Use one of the following methods to upgrade the SEP client.

  • Repair the existing install prior to upgrading

Repair the SEP client installation by running c:\windows\System32\msiexec.exe /f "c:\programdata\symantec\symantec endpoint protection\currentversion\data\cachedinstall\sep64.msi" /q for silent repair.  This will put a new sep msi file in c:windows\installer and the SEP client will stay managed after the upgrade

  • Export a managed SEP install package from the SEPM and choose an install settings that has upgrade option 'Remove all previous logs and policies, and reset the client-server communications settings'  selected.  You can then deploy this using software deployment tools such as Altiris, SCCM, etc.

 

  • Export a managed SEP install package from the SEPM and use the Auto Upgrade option Download from a web server.
    • You will need to choose an install settings that has the option 'Remove all previous logs and policies, and reset the client-server communications settings'  selected.  
    • During the upgrade that setting will change the 'Keep Previous' option in the SetAid.ini from 1 to 0, and the sylink.xml from the exported install package will be used.  This will result in the client becoming managed after the upgrade.
    • For more information on Auto upgrade, see Upgrading client software with AutoUpgrade

Additional Information

Excerpts from SEP_Inst.log

broken Upgrade
.......
ScriptGen: Action start MigrateAppData 21:16:55.233
MSI (s) (40!94) [21:16:55:233]: Note: 1: 2203 2: C:\Windows\Installer\23f63.msi 3: -2147287038
ScriptGen: Unable to open C:\Windows\Installer\23f63.msi for product code {8097EE64-FDE1-409A-B25D-3DFD862871E1}
MSI (s) (40!94) [21:16:55:233]: Note: 1: 2203 2: C:\Windows\Installer\23f63.msi 3: -2147287038
ScriptGen: ScriptBuilder::CMigrateAppData::InstallUnable to get active database from handle: 0
ScriptGen: Unable to open C:\Windows\Installer\23f63.msi for product code {8097EE64-FDE1-409A-B25D-3DFD862871E1}
ScriptGen: ScriptBuilder::CMigrateAppData::Install - Unable to get cached MSI database: 0
ScriptGen: Action end MigrateAppData 21:16:55.233
ScriptGen:  
........

Working upgrade:


ScriptGen: ----------------------------
ScriptGen: Action start DeleteOldCOM 21:31:24.176
ScriptGen:  ScriptBuilder::CSymDeleteOldCOMAction::createActionsForProduct begin
ScriptGen:  Creating actions for product {3DCB7A99-79F6-4FC5-93F4-55DB5D275F12}
ScriptGen:  Opening cached msi file: C:\Windows\Installer\274dd.msi
........
ScriptGen: Start Evaluating expression "DING: ""=="""
ScriptGen: Start Evaluating expression ""
ScriptGen: Start Evaluating expression "DING:  0==2 | 0==3 | 0==4 | 0==5 "
ScriptGen: Processing SymMigration table entry: C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\CmnClnt\ccSubSDK\*
ScriptGen: Processing SymMigration table entry: C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\IRON\Iron.db
ScriptGen: data type is not ccSet11 >>> generating CopyFile or CopyFolder action
ScriptGen: Processing SymMigration table entry: C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\SRTSP\SRTSPSE.dat
ScriptGen: data type is not ccSet11 >>> generating CopyFile or CopyFolder action
ScriptGen: Processing SymMigration table entry: C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\SymELAM\symelam.dat
ScriptGen: data type is ccSet11, migrating from is NOT ccSet11, and transform flag set >>> generating a ReplaceccSettingsFile action for a Single File
ScriptGen: Processing SymMigration table entry: C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Install\Scripts\{F7BE9C8A-C2E6-470D-B703-0A1845E6FF8C}.rus
ScriptGen: data type is not ccSet11 >>> generating CopyFile or CopyFolder action
ScriptGen: Processing SymMigration table entry: C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Config\Lue.dat
ScriptGen: data type is ccSet11, migrating from is NOT ccSet11, and transform flag set >>> generating a ReplaceccSettingsFile action for a Single File
ScriptGen: Processing SymMigration table entry: C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Config\ProfileManagement.dat
ScriptGen: data type is ccSet11, migrating from is NOT ccSet11, and transform flag set >>> generating a ReplaceccSettingsFile action for a Single File
ScriptGen: Processing SymMigration table entry: C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Config\syLink.xml
ScriptGen: data type is not ccSet11 >>> generating CopyFile or CopyFolder action