Thursday, July 7, 2011

Can't get SEP to install?

Just had the most frustrating/bizarre/nightmare SEP installation issue. Been working on it all night and FINALLY got it to work. Thought I’d share what finally got it to work for me.

It all started with user who had SEP installed, but virus definitions hadn’t been updated in a couple months. When I tried to run LiveUpdate it gave me errors. Uninstalled LiveUpdate and reinstalled and LiveUpdate still gave me same errors. Decided to remove SEP and re-install to try and fix and then SEP wouldn’t install!

All the errors I received along the way:

Eventvwr:

“The description for Event ID 101 from source AutomaticLiveUpdate Scheduler cannot be found”

“Product: Symantec Endpoint Protection -- Error 1606.Couldnot access network location %APPDATA%\.”

“LiveUpdate returned a non-critical error. Availablecontent updates may have failed to install.”

“Windows Installer installed the product. Product Name:Symantec Endpoint Protection. Product Version: 11.0.6300.803.Product Language: 1033. Manufacturer: Symantec Corporation.Installation success or error status: 1603.” (NOT a successM$)

“Product: Symantec Endpoint Protection -- SymantecEndpoint Protection has detected that there are pending systemchanges that require a reboot. Please reboot the system and rerunthe installation.”

“Failed to connect to server. Error: 0x800401F0”

SEPInst.log:

“Failed unregistering service.”

“serviceIsRunning: OpenService FAILED with error 1060” ( Original Live Update Error I think, can’t remember at this point)

Resolution:

All these steps may not be required, but I had already tried clean wipe several times and a lot of different Google’d steps and none in themselves worked so I did all of these before trying another install.

#1 (VERY IMPORTANT) Block any SEP install GPO for JUST the computer you are working on. If you don’t SEP will try to re-install on every reboot.

Deleted the following registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmcService\SymantecManagement Client

Deleted the following folders (if they exist):

C:\Program Files\Symantec

C:\Program Files\Symantec Antivirus

C:\Documents and Settings\All Users\ApplicationData\Symantec\LiveUpdate (Win XP)
C:\program data\symantec\liveupdate (Windows 7 or Windows Server2008)

C:\Program Files\Common Files\Symantec Shared

C:\Users\%username%\AppData\Local\Symantec

Ran this M$ FixIt

Removed Deny permissions for “Everyone” group on“C:\Users\All Users\Application Data” (Hint: have to dothrough advanced permissions) – Although this is just a junction point, I also saw errors saying Access Denied to that folder so Ifigured it wouldn’t hurt.

I then found this link which walks through the manual uninstall of SEP. Most of the stuff was already deleted by CleanWipe so it didn’t take much longer.

Finally after this I was rebooted, re-enabled SEP GPO forcomputer, did a “gpupdate /force”, rebooted again andcrossed my fingers and it worked!