Agent Upgrade Fails Due to Presence Of Reg Keys From Previous Versions
Article ID: 286558
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Upgrade Error returned to Console similar to:
Agent upgrade: Failed executing Installer[C:\ProgramData\Bit9\Parity Agent\ParityHostAgent.msi] Cmdline[/qN /i "C:\ProgramData\Bit9\Parity Agent\ParityHostAgent.msi" /l*v+ "\\?\globalroot\device\harddiskvolume3\programdata\bit9\parity agent\logs\ParityHostAgentInstall_TIMESTAMP.log"]. Fatal error during installation.
- The ParityHostAgentInstall_TIMESTAMP.log includes errors such as:
B9_UPGRADING_BLOCKED = {PRODUCT GUID}(FAILURE) Agent cannot be installed per-user.
Product: Bit9 Agent -- Error 1714.The older version of Bit9 Agent cannot be removed. Contact your technical support group. System Error 1612.
Environment
- App Control Windows Agent: 8.7.x and higher
- App Control Console: All Supported Versions
Cause
- One of the previous versions of the Agent installer MSI files was not persisted on the system.
- Typically such files are cached by the Windows installer in "C:\Windows\Installer\" folder or when deployed via SCCM in the "Ccmcache" folder.
- When deploying via Intune or SCCM one must ensure that the option to persist the installation media is enabled.
- If the previous installation media was removed, on the next agent upgrade attempt, the Windows Installer will only partially remove the previous agent files and registry keys which will result in a corruption and inability to upgrade successfully going forward.
Resolution
Verify the Presence of Leftover Registry Keys
- Confirm the file version of the Agent that is installed via CMD:
"C:\Program Files (x86)\Bit9\Parity Agent\DasCLI.exe" status Example output: Version Information CLI: 8.7.8.787 6/17/2022 5:00:17 PM Agent: 8.7.8.787 6/17/2022 5:00:17 PM Kernel: 8.7.8.787 6/17/2022 5:00:17 PM
- Navigate to the following Registry Key, or run this in CMD:
reg query HKEY_CLASSES_ROOT\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9
- The Registry Key should contain a single Package Code, matching the Agent version installed on the system. Example:
- GOOD registry shows only the Package Code for the currently installed Agent 8.7.8: C56DE352F399D2544A140184D1CFDFA9
- BAD registry shows multiple Package Codes for the current, and older agent versions
- GOOD registry shows only the Package Code for the currently installed Agent 8.7.8: C56DE352F399D2544A140184D1CFDFA9
- WARNING: If none of the Package Codes in this registry path matches the current Agent version listed in "dascli status" then the Agent registry keys have been corrupted
Although the agent is fully operational, it will not be possible to upgrade it until it has been cleaned using the Agent Uninstall Tool ONLY.
Cleanup the Registry Keys
| WARNING: Do not delete the Registry Keys for the currently installed Agent version, as this will corrupt it, and the Uninstall Tool will be required. |
Option 1: Manual or Batch Script Cleanup
- Use the steps above to verify which Package Code & Agent Version combination is preventing the upgrade.
- Delete the corrupted registry keys from the previous Agent versions in the bellow Registry locations
- Replace PACKAGECODEHERE with the previous agent package code found in Step 1, for example:
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\95E4D2F9825022B46B466A0B8B4B28EE /f &
- Replace PACKAGECODEHERE with the previous agent package code found in Step 1, for example:
- Run the following commands manually in CMD or save them as a batch script and execute it via GPO or other deployment method:
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\PACKAGECODEHERE /f &
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\PACKAGECODEHERE /f &
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\PACKAGECODEHERE /f &
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\PACKAGECODEHERE /f &
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\PACKAGECODEHERE /f &
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
reg delete HKEY_CLASSES_ROOT\Installer\Features\PACKAGECODEHERE /f &
reg delete HKEY_CLASSES_ROOT\Installer\Products\PACKAGECODEHERE /f &
reg delete HKEY_CLASSES_ROOT\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
reg delete HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Features\PACKAGECODEHERE /f &
reg delete HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\PACKAGECODEHERE /f &
reg delete HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f &
reg delete HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\Features\PACKAGECODEHERE /f &
reg delete HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\Products\PACKAGECODEHERE /f &
reg delete HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9 /v PACKAGECODEHERE /f & - Attempt the Agent Upgrade once more.
Option 2: PowerShell Script Cleanup
- A PowerShell script to assist in the automated cleanup of these registry entries is attached to this article.
- It will verify the current Agent version, and delete registry entries for any unrelated version.
- The script should be tested only on a small subset of machines first.
- After downloading the file to the machine it may be required to: Right click the file > Properties > Unblock.
- The script is designed to create a CSV log entry of deleted entries on the desktop by default, this path is customizable by editing the script first in a text editor.
- This is a workaround to the preventable, core issue of the installer file not being persisted on the endpoint.
- This script does not work on Windows Server 2008/7 or lower.
Additional Information
- If the Agent upgrade was forced through by temporarily disabling Tamper Protection on the endpoint a partial upgrade could occur that will require the Agent Uninstall Utility.
- Please check to be sure the SCCM Package is properly configured to persist the files on the endpoint, as outlined in the Agent Installation Guide.
- For more information about the SCCM Cache Folder and how to handle MSI installs please check the following external KB.
Attachments
Feedback
Yes
No
Powered by
