Agent Upgrade Fails Due to Presence Of Reg Keys From Previous Versions
search cancel

Agent Upgrade Fails Due to Presence Of Reg Keys From Previous Versions

book

Article ID: 286558

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Upgrade Error returned to Console similar to:
    Agent upgrade: Failed executing Installer[C:\ProgramData\Bit9\Parity Agent\ParityHostAgent.msi] 
    Cmdline[/qN /i "C:\ProgramData\Bit9\Parity Agent\ParityHostAgent.msi" /l*v+ "\\?\globalroot\device\harddiskvolume3\programdata\bit9\parity agent\logs\ParityHostAgentInstall_TIMESTAMP.log"]. Fatal error during installation.
  • The ParityHostAgentInstall_TIMESTAMP.log includes errors such as:
    B9_UPGRADING_BLOCKED = {PRODUCT GUID}
    
    (FAILURE) Agent cannot be installed per-user.
    
    Product: Bit9 Agent -- Error 1714.The older version of Bit9 Agent cannot be removed. Contact your technical support group. System Error 1612.

Environment

  • App Control Windows Agent: 8.7.x and higher
  • App Control Console: All Supported Versions

Cause

  • One of the previous versions of the Agent installer MSI files was not persisted on the system.
  • Typically such files are cached by the Windows installer in "C:\Windows\Installer\" folder or when deployed via SCCM in the "Ccmcache" folder.
  • When deploying via Intune or SCCM one must ensure that the option to persist the installation media is enabled.
  • If the previous installation media was removed, on the next agent upgrade attempt, the Windows Installer will only partially remove the previous agent files and registry keys which will result in a corruption and inability to upgrade successfully going forward.

Resolution

Verify the Presence of Leftover Registry Keys

  1. Confirm the file version of the Agent that is installed via CMD: 
    "C:\Program Files (x86)\Bit9\Parity Agent\DasCLI.exe" status
    
    Example output:
    Version Information
        CLI:        8.7.8.787 6/17/2022 5:00:17 PM
        Agent:      8.7.8.787 6/17/2022 5:00:17 PM
        Kernel:     8.7.8.787 6/17/2022 5:00:17 PM
  2. Navigate to the following Registry Key, or run this in CMD:
    reg query HKEY_CLASSES_ROOT\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9
  3. The Registry Key should contain a single Package Code, matching the Agent version installed on the system. Example:
    • GOOD registry shows only the Package Code for the currently installed Agent 8.7.8: C56DE352F399D2544A140184D1CFDFA9
    • BAD registry shows multiple Package Codes for the current, and older agent versions
  4. WARNING: If none of the Package Codes in this registry path matches the current Agent version listed in "dascli status" then the Agent registry keys have been corrupted

    Although the agent is fully operational, it will not be possible to upgrade it until it has been cleaned using the Agent Uninstall Tool ONLY.

Cleanup the Registry Keys

WARNING: Do not delete the Registry Keys for the currently installed Agent version, as this will corrupt it, and the Uninstall Tool will be required.

 

Option 1: Manual or Batch Script Cleanup

  1. Use the steps above to verify which Package Code & Agent Version combination is preventing the upgrade.
  2. Delete the corrupted registry keys from the previous Agent versions in the bellow Registry locations
    • Replace PACKAGECODEHERE with the previous agent package code found in Step 1, for example:
      reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\95E4D2F9825022B46B466A0B8B4B28EE /f &
  3. Run the following commands manually in CMD or save them as a batch script and execute it via GPO or other deployment method:
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\PACKAGECODEHERE /f &
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\PACKAGECODEHERE /f &
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\PACKAGECODEHERE /f &
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\PACKAGECODEHERE /f &
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\PACKAGECODEHERE /f &
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
    reg delete HKEY_CLASSES_ROOT\Installer\Features\PACKAGECODEHERE /f &
    reg delete HKEY_CLASSES_ROOT\Installer\Products\PACKAGECODEHERE /f &
    reg delete HKEY_CLASSES_ROOT\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
    reg delete HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Features\PACKAGECODEHERE /f &
    reg delete HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\PACKAGECODEHERE /f &
    reg delete HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
    reg delete HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\Features\PACKAGECODEHERE /f &
    reg delete HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\Products\PACKAGECODEHERE /f &
    reg delete HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
  4. Attempt the Agent Upgrade once more.

Option 2: PowerShell Script Cleanup

  1. A PowerShell script to assist in the automated cleanup of these registry entries is attached to this article.
  2. It will verify the current Agent version, and delete registry entries for any unrelated version.
    1. The script should be tested only on a small subset of machines first.
    2. After downloading the file to the machine it may be required to: Right click the file > Properties > Unblock.
    3. The script is designed to create a CSV log entry of deleted entries on the desktop by default, this path is customizable by editing the script first in a text editor.
    4. This is a workaround to the preventable, core issue of the installer file not being persisted on the endpoint.
    5. This script will require PowerShell version 2.0 or newer (Server 2008 R2/Windows 7 or higher).
    •  

Additional Information

Attachments

AgentRegClean.zip get_app