Installing a DLP Agent Hotfix fails due to MainEngineThread is returning 1603. SecureRepair Failed, Note: 1: 2203
MSI (s) (CC:DC) [11:49:43:682]: Note: 1: 2203 2: C:\temp\Data Loss Prevention 15.5 MP2 Hotfix 218\AgentInstall-x64_15_5MP2.msi 3: -2147287038
MSI (s) (CC:DC) [11:49:43:682]: Note: 1: 1316 2: C:\temp\Data Loss Prevention 15.5 MP2 Hotfix 218\AgentInstall-x64_15_5MP2.msi
MSI (s) (CC:DC) [11:49:43:682]: SECREPAIR: Error determining package source type
MSI (s) (CC:DC) [11:49:43:682]: SECUREREPAIR: SecureRepair Failed. Error code: 52449BE3820
Action start 11:49:43: ProcessComponents.
MSI (s) (CC:DC) [11:49:43:682]: Note: 1: 2265 2: 3: -2147287035
MSI (s) (CC:DC) [11:49:43:682]: Machine policy value 'DisableRollback' is 0
Action ended 11:49:43: ProcessComponents. Return value 3.
This issue occurs if the MSI file name being referenced in the hotfix installation command line does not match the file name that was used for the previous installation.
When using the REINSTALL=ALL REINSTALLMODE=vomus parameters, be certain also that the MSI file name is the same as the file name that was used to install the previous version of the agent. Failing to do so will result in a cryptic 1603 failure, with a "return value 3" reference to an MSI filename that is different than the one you are using.
In the MSI logs, we can see that it is attempting to find MSI file named "AgentInstall-x64_15_5MP2.msi"
MSI (s) (CC:DC) [11:49:43:682]:2: C:\temp\Data Loss Prevention 15.5 MP2 Hotfix 218\ 3: -2147287038
In order for the Hotfix installation to succeed, rename the Hotfix MSI from the default of AgentInstall-x64_15_5.msi to exactly the same file name that you see in the log file, i.e.
The change in this example would be:
msiexec /i AgentInstall-x64_15_5.msi /qn REINSTALL=ALL REINSTALLMODE=vomus /L*v %SystemDrive%\patchAgent.log
msiexec /i AgentInstall-x64_15_5MP2.msi /qn REINSTALL=ALL REINSTALLMODE=vomus /L*v %SystemDrive%\patchAgent.log