Forum Discussion

NetComOscar's avatar
NetComOscar
Copper Contributor
Sep 24, 2023

Defender for Identity sensor install failed. error code 0x80070643

Deploying Defender for Identity Sensors on 3 Domain Controllers, DC1 (server 2012R2) - success, DC2 (server 2019) - success, DC3 (server 2012R2) - failed error code 0x80070643.  Any guidance would be much appreciated.  MSI Log here:

 

=== Verbose logging started: 9/24/2023 17:44:32 Build type: SHIP UNICODE 5.00.9600.00 Calling process: C:\Windows\Temp\{1E65615E-30AF-4372-A355-0F74946A97D6}\.be\Azure ATP Sensor Setup.exe ===
MSI (c) (A8:34) [17:44:32:318]: Resetting cached policy values
MSI (c) (A8:34) [17:44:32:318]: Machine policy value 'Debug' is 0
MSI (c) (A8:34) [17:44:32:318]: ******* RunEngine:
******* Product: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi
******* Action:
******* CommandLine: **********
MSI (c) (A8:34) [17:44:32:318]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (A8:34) [17:44:32:318]: Grabbed execution mutex.
MSI (c) (A8:34) [17:44:32:771]: Cloaking enabled.
MSI (c) (A8:34) [17:44:32:771]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (A8:34) [17:44:32:771]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (D8:98) [17:44:32:802]: Running installation inside multi-package transaction C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi
MSI (s) (D8:98) [17:44:32:802]: Grabbed execution mutex.
MSI (s) (D8:E0) [17:44:32:802]: Resetting cached policy values
MSI (s) (D8:E0) [17:44:32:802]: Machine policy value 'Debug' is 0
MSI (s) (D8:E0) [17:44:32:802]: ******* RunEngine:
******* Product: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi
******* Action:
******* CommandLine: **********
MSI (s) (D8:E0) [17:44:32:802]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (D8:E0) [17:44:32:802]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (D8:E0) [17:44:32:802]: SRSetRestorePoint skipped for this transaction.
MSI (s) (D8:E0) [17:44:32:802]: File will have security applied from OpCode.
MSI (s) (D8:E0) [17:44:32:818]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi' against software restriction policy
MSI (s) (D8:E0) [17:44:32:818]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi has a digital signature
MSI (s) (D8:E0) [17:44:32:896]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (D8:E0) [17:44:32:896]: MSCOREE not loaded loading copy from system32
MSI (s) (D8:E0) [17:44:32:912]: End dialog not enabled
MSI (s) (D8:E0) [17:44:32:912]: Original package ==> C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi
MSI (s) (D8:E0) [17:44:32:912]: Package we're running from ==> C:\Windows\Installer\119e6fe.msi
MSI (s) (D8:E0) [17:44:32:912]: APPCOMPAT: Compatibility mode property overrides found.
MSI (s) (D8:E0) [17:44:32:912]: APPCOMPAT: looking for appcompat database entry with ProductCode '{06A3F555-04E7-47C3-A86C-930693F51E65}'.
MSI (s) (D8:E0) [17:44:32:912]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (D8:E0) [17:44:32:943]: Machine policy value 'TransformsSecure' is 1
MSI (s) (D8:E0) [17:44:32:943]: Note: 1: 2205 2: 3: MsiFileHash
MSI (s) (D8:E0) [17:44:32:943]: Machine policy value 'DisablePatch' is 0
MSI (s) (D8:E0) [17:44:32:943]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (D8:E0) [17:44:32:943]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (D8:E0) [17:44:32:943]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (D8:E0) [17:44:32:943]: APPCOMPAT: looking for appcompat database entry with ProductCode '{06A3F555-04E7-47C3-A86C-930693F51E65}'.
MSI (s) (D8:E0) [17:44:32:943]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (D8:E0) [17:44:32:943]: Transforms are not secure.
MSI (s) (D8:E0) [17:44:32:943]: Note: 1: 2205 2: 3: Control
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage.log'.
MSI (s) (D8:E0) [17:44:32:943]: Command Line: ARPSYSTEMCOMPONENT=1 MSIFASTINSTALL=7 ACCESSKEY=********** DelayedUpdate= InstallationPath=C:\Program Files\Azure Advanced Threat Protection Sensor InstalledVersion= LogsPath= PROXYCONFIGURATION=********** WixBundleOriginalSourceFolder=C:\Users\oscar\Downloads\Azure ATP Sensor Setup\ REBOOT=ReallySuppress CURRENTDIRECTORY=C:\Users\oscar\Downloads\Azure ATP Sensor Setup CLIENTUILEVEL=3 MSICLIENTUSESEXTERNALUI=1 CLIENTPROCESSID=4520
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{0E0519CF-3FAE-4AD3-B0B5-B83475FB7D82}'.
MSI (s) (D8:E0) [17:44:32:943]: Product Code passed to Engine.Initialize: ''
MSI (s) (D8:E0) [17:44:32:943]: Product Code from property table before transforms: '{06A3F555-04E7-47C3-A86C-930693F51E65}'
MSI (s) (D8:E0) [17:44:32:943]: Product Code from property table after transforms: '{06A3F555-04E7-47C3-A86C-930693F51E65}'
MSI (s) (D8:E0) [17:44:32:943]: Product not registered: beginning first-time install
MSI (s) (D8:E0) [17:44:32:943]: Product {06A3F555-04E7-47C3-A86C-930693F51E65} is not managed.
MSI (s) (D8:E0) [17:44:32:943]: MSI_LUA: Credential prompt not required, user is an admin
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (D8:E0) [17:44:32:943]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (D8:E0) [17:44:32:943]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (D8:E0) [17:44:32:943]: Adding new sources is allowed.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (D8:E0) [17:44:32:943]: Package name extracted from package path: 'Microsoft.Tri.Sensor.Deployment.Package.msi'
MSI (s) (D8:E0) [17:44:32:943]: Package to be registered: 'Microsoft.Tri.Sensor.Deployment.Package.msi'
MSI (s) (D8:E0) [17:44:32:943]: Note: 1: 2205 2: 3: Error
MSI (s) (D8:E0) [17:44:32:943]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (D8:E0) [17:44:32:943]: Machine policy value 'DisableMsi' is 1
MSI (s) (D8:E0) [17:44:32:943]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (D8:E0) [17:44:32:943]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (D8:E0) [17:44:32:943]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (D8:E0) [17:44:32:943]: Running product '{06A3F555-04E7-47C3-A86C-930693F51E65}' with elevated privileges: Product is assigned.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding ARPSYSTEMCOMPONENT property. Its value is '1'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding MSIFASTINSTALL property. Its value is '7'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding ACCESSKEY property. Its value is '**********'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding INSTALLATIONPATH property. Its value is 'C:\Program Files\Azure Advanced Threat Protection Sensor'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding WIXBUNDLEORIGINALSOURCEFOLDER property. Its value is 'C:\Users\oscar\Downloads\Azure ATP Sensor Setup\'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\oscar\Downloads\Azure ATP Sensor Setup'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding MSICLIENTUSESEXTERNALUI property. Its value is '1'.
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '4520'.
MSI (s) (D8:E0) [17:44:32:943]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is 'b4e85ffed3b2674bba1f85fdcfb20dd6'.
MSI (s) (D8:E0) [17:44:32:943]: RESTART MANAGER: Session opened.
MSI (s) (D8:E0) [17:44:32:943]: TRANSFORMS property is now:
MSI (s) (D8:E0) [17:44:32:943]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '500'.
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\Favorites
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\Documents
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Recent
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\SendTo
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Templates
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Local
MSI (s) (D8:E0) [17:44:32:943]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\Pictures
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\Users\oscar\Desktop
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (s) (D8:E0) [17:44:32:959]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (D8:E0) [17:44:32:959]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Employee'.
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Microsoft Corporation'.
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Windows\Installer\119e6fe.msi'.
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi'.
MSI (s) (D8:E0) [17:44:32:959]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (s) (D8:E0) [17:44:32:959]: EEUI - Disabling MsiEmbeddedUI due to existing external or embedded UI
MSI (s) (D8:E0) [17:44:32:959]: EEUI - Disabling MsiEmbeddedUI for service because it's not a quiet/basic install
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (D8:E0) [17:44:32:959]: Machine policy value 'DisableRollback' is 0
MSI (s) (D8:E0) [17:44:32:959]: User policy value 'DisableRollback' is 0
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding MsiUISourceResOnly property. Its value is '1'.
=== Logging started: 9/24/2023 17:44:32 ===
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (D8:E0) [17:44:32:959]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (s) (D8:E0) [17:44:32:959]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (D8:E0) [17:44:32:959]: Doing action: INSTALL
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 2205 2: 3: ActionText
Action start 17:44:32: INSTALL.
MSI (s) (D8:E0) [17:44:32:959]: Running ExecuteSequence
MSI (s) (D8:E0) [17:44:32:959]: Doing action: FindRelatedProducts
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 2205 2: 3: ActionText
Action start 17:44:32: FindRelatedProducts.
MSI (s) (D8:E0) [17:44:32:959]: Doing action: LaunchConditions
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:32: FindRelatedProducts. Return value 1.
Action start 17:44:32: LaunchConditions.
MSI (s) (D8:E0) [17:44:32:959]: Doing action: ValidateProductID
MSI (s) (D8:E0) [17:44:32:959]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:32: LaunchConditions. Return value 1.
Action start 17:44:32: ValidateProductID.
MSI (s) (D8:E0) [17:44:32:974]: Doing action: CostInitialize
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:32: ValidateProductID. Return value 1.
MSI (s) (D8:E0) [17:44:32:974]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Patch
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Patch
Action start 17:44:32: CostInitialize.
MSI (s) (D8:E0) [17:44:32:974]: Doing action: FileCost
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:32: CostInitialize. Return value 1.
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: MsiAssembly
Action start 17:44:32: FileCost.
MSI (s) (D8:E0) [17:44:32:974]: Doing action: CostFinalize
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:32: FileCost. Return value 1.
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Patch
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Condition
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
MSI (s) (D8:E0) [17:44:32:974]: Target path resolution complete. Dumping Directory table...
MSI (s) (D8:E0) [17:44:32:974]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (D8:E0) [17:44:32:974]: Dir (target): Key: TARGETDIR , Object: C:\
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is '1'.
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: MsiAssembly
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?
Action start 17:44:32: CostFinalize.
MSI (s) (D8:E0) [17:44:32:974]: Doing action: MigrateFeatureStates
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:32: CostFinalize. Return value 1.
Action start 17:44:32: MigrateFeatureStates.
MSI (s) (D8:E0) [17:44:32:974]: Doing action: InstallValidate
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:32: MigrateFeatureStates. Return value 0.
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is 'b4e85ffed3b2674bba1f85fdcfb20dd6'.
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Dialog
MSI (s) (D8:E0) [17:44:32:974]: Feature: ProductFeature; Installed: Absent; Request: Local; Action: Local
MSI (s) (D8:E0) [17:44:32:974]: Component: ProductComponent; Installed: Absent; Request: Local; Action: Local
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Registry
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: BindImage
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: ProgId
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Extension
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Font
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Class
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Icon
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: TypeLib
Action start 17:44:32: InstallValidate.
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: MsiFileHash
MSI (s) (D8:E0) [17:44:32:974]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Registry
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: BindImage
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: ProgId
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Extension
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Font
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Class
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: Icon
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: TypeLib
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2727 2:
MSI (s) (D8:E0) [17:44:32:974]: Note: 1: 2205 2: 3: FilesInUse
MSI (s) (D8:E0) [17:44:32:990]: Note: 1: 2727 2:
MSI (s) (D8:E0) [17:44:32:990]: Doing action: InstallInitialize
MSI (s) (D8:E0) [17:44:32:990]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:32: InstallValidate. Return value 1.
MSI (s) (D8:E0) [17:44:32:990]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (D8:E0) [17:44:32:990]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (D8:E0) [17:44:32:990]: BeginTransaction: Locking Server
MSI (s) (D8:E0) [17:44:32:990]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (D8:E0) [17:44:32:990]: SRSetRestorePoint skipped for this transaction.
MSI (s) (D8:E0) [17:44:32:990]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (D8:E0) [17:44:32:990]: Server not locked: locking for product {06A3F555-04E7-47C3-A86C-930693F51E65}
Action start 17:44:32: InstallInitialize.
MSI (s) (D8:E0) [17:44:33:132]: Doing action: InstallCustomAction
MSI (s) (D8:E0) [17:44:33:132]: Note: 1: 2205 2: 3: ActionText
Action ended 17:44:33: InstallInitialize. Return value 1.
MSI (s) (D8:68) [17:44:33:132]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIE846.tmp, Entrypoint: Install
MSI (s) (D8:2C) [17:44:33:132]: Generating random cookie.
MSI (s) (D8:2C) [17:44:33:132]: Created Custom Action Server with PID 3956 (0xF74).
MSI (s) (D8:28) [17:44:33:147]: Running as a service.
MSI (s) (D8:28) [17:44:33:147]: Hello, I'm your 64bit Impersonated custom action server.
Action start 17:44:33: InstallCustomAction.
SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIE846.tmp-\
SFXCA: Binding to CLR version v4.0.30319
Calling custom action Microsoft.Tri.Sensor.Deployment.Package.Actions!Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.Install
2023-09-24 21:44:34.4610 Debug CustomActions RunActionGroup InstallActionGroup started
2023-09-24 21:44:34.4766 Debug InstallActionGroup Apply started
2023-09-24 21:44:34.4766 Debug CreateDirectoryDeploymentAction Apply started [suppressFailure=False]
2023-09-24 21:44:34.4766 Debug CreateDirectoryDeploymentAction Apply finished
2023-09-24 21:44:34.4766 Debug DownloadMinorDeploymentPackageBytesAction Apply started [suppressFailure=False]
2023-09-24 21:44:36.1699 Debug DownloadMinorDeploymentPackageBytesAction Apply finished
2023-09-24 21:44:36.1699 Debug UnpackDeploymentPackageBytesAction Apply started [suppressFailure=False]
2023-09-24 21:44:36.8264 Debug UnpackDeploymentPackageBytesAction Apply finished
2023-09-24 21:44:36.8264 Debug RunDeployerMajorDeploymentAction Apply started [suppressFailure=False]
2023-09-24 21:44:36.8576 Info RunDeployerMajorDeploymentAction ApplyInternal started [filePath=3Gyh0yeWeuQHp/tzlP/oBA== _arguments=kkZ6VqB3WbnOkSspYitMVw==]
2023-09-24 21:45:00.8076 Info RunDeployerMajorDeploymentAction ApplyInternal finished [isSuccessful=False]
2023-09-24 21:45:00.8076 Debug InstallActionGroup Revert started
2023-09-24 21:45:00.8076 Warn InstallActionGroup Revert reverting [rollbackAction=UnpackDeploymentPackageBytesAction index=0 count=3]
2023-09-24 21:45:00.8076 Debug UnpackDeploymentPackageBytesAction Revert started
2023-09-24 21:45:00.8702 Debug UnpackDeploymentPackageBytesAction Revert finished
2023-09-24 21:45:00.8702 Warn InstallActionGroup Revert reverting [rollbackAction=DownloadMinorDeploymentPackageBytesAction index=1 count=3]
2023-09-24 21:45:00.8702 Debug DownloadMinorDeploymentPackageBytesAction Revert started
2023-09-24 21:45:00.8702 Debug DownloadMinorDeploymentPackageBytesAction Revert finished
2023-09-24 21:45:00.8702 Warn InstallActionGroup Revert reverting [rollbackAction=CreateDirectoryDeploymentAction index=2 count=3]
2023-09-24 21:45:00.8702 Debug CreateDirectoryDeploymentAction Revert started
2023-09-24 21:45:00.8702 Debug CreateDirectoryDeploymentAction Revert finished
2023-09-24 21:45:00.8858 Debug InstallActionGroup Revert finished
2023-09-24 21:45:00.9014 Error DeploymentAction Failed to apply InstallActionGroup
Microsoft.Tri.Infrastructure.ExtendedException: Apply failed [Type=RunDeployerMajorDeploymentAction]
at Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.RunActionGroup(DeploymentActionGroup deploymentActionGroup, Session session)
2023-09-24 21:45:00.9014 Debug CustomActions RunActionGroup InstallActionGroup finished [result=Failure]
CustomAction InstallCustomAction returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (D8:E0) [17:45:00:948]: Note: 1: 2265 2: 3: -2147287035
MSI (s) (D8:E0) [17:45:00:948]: Machine policy value 'DisableRollback' is 0
MSI (s) (D8:E0) [17:45:00:948]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
Action ended 17:45:00: InstallCustomAction. Return value 3.
MSI (s) (D8:E0) [17:45:00:948]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (D8:E0) [17:45:00:948]: No System Restore sequence number for this installation.
MSI (s) (D8:E0) [17:45:00:948]: Unlocking Server
Action ended 17:45:00: INSTALL. Return value 3.
Property(S): UpgradeCode = {EDFB49E0-16FA-4535-B268-BD1B81B15DC2}
Property(S): TARGETDIR = C:\
Property(S): ALLUSERS = 1
Property(S): Manufacturer = Microsoft Corporation
Property(S): ProductCode = {06A3F555-04E7-47C3-A86C-930693F51E65}
Property(S): ProductLanguage = 1033
Property(S): ProductName = Azure Advanced Threat Protection Sensor
Property(S): ProductVersion = 2.214.17110.17401
Property(S): SecureCustomProperties = WIX_DOWNGRADE_DETECTED;WIX_UPGRADE_DETECTED
Property(S): MsiHiddenProperties = ACCESSKEY;PROXYCONFIGURATION
Property(S): MsiLogFileLocation = C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage.log
Property(S): PackageCode = {0E0519CF-3FAE-4AD3-B0B5-B83475FB7D82}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): MSIFASTINSTALL = 7
Property(S): ACCESSKEY = **********
Property(S): INSTALLATIONPATH = C:\Program Files\Azure Advanced Threat Protection Sensor
Property(S): WIXBUNDLEORIGINALSOURCEFOLDER = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = C:\Users\oscar\Downloads\Azure ATP Sensor Setup
Property(S): CLIENTUILEVEL = 3
Property(S): MSICLIENTUSESEXTERNALUI = 1
Property(S): CLIENTPROCESSID = 4520
Property(S): VersionDatabase = 500
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): VersionNT64 = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 2
Property(S): MsiNTSuiteDataCenter = 1
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\Windows\system32\
Property(S): SystemFolder = C:\Windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\oscar\AppData\Local\Temp\
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\oscar\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\oscar\Favorites\
Property(S): NetHoodFolder = C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\oscar\Documents\
Property(S): PrintHoodFolder = C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\oscar\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\oscar\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\oscar\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\oscar\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 8192
Property(S): VirtualMemory = 7609
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = oscar
Property(S): UserSID = S-1-5-21-2124621320-94492188-1522688669-1139
Property(S): UserLanguageID = 1033
Property(S): ComputerName = DC3
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 23
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 17:45:00
Property(S): Date = 9/24/2023
Property(S): MsiNetAssemblySupport = 4.8.3761.0
Property(S): MsiWin32AssemblySupport = 6.3.9600.20876
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Employee
Property(S): COMPANYNAME = Microsoft Corporation
Property(S): DATABASE = C:\Windows\Installer\119e6fe.msi
Property(S): OriginalDatabase = C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi
Property(S): UILevel = 2
Property(S): MsiUISourceResOnly = 1
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = C:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): INSTALLLEVEL = 1
MSI (s) (D8:E0) [17:45:00:964]: Note: 1: 1708
MSI (s) (D8:E0) [17:45:00:964]: Note: 1: 2205 2: 3: Error
MSI (s) (D8:E0) [17:45:00:964]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708
MSI (s) (D8:E0) [17:45:00:964]: Note: 1: 2205 2: 3: Error
MSI (s) (D8:E0) [17:45:00:964]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
MSI (s) (D8:E0) [17:45:00:964]: Product: Azure Advanced Threat Protection Sensor -- Installation failed.

MSI (s) (D8:E0) [17:45:00:964]: Windows Installer installed the product. Product Name: Azure Advanced Threat Protection Sensor. Product Version: 2.214.17110.17401. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

MSI (s) (D8:E0) [17:45:00:979]: Deferring clean up of packages/files, if any exist
MSI (s) (D8:E0) [17:45:00:979]: MainEngineThread is returning 1603
MSI (s) (D8:98) [17:45:00:979]: RESTART MANAGER: Session closed.
MSI (s) (D8:98) [17:45:00:979]: No System Restore sequence number for this installation.
=== Logging stopped: 9/24/2023 17:45:00 ===
MSI (s) (D8:98) [17:45:00:979]: User policy value 'DisableRollback' is 0
MSI (s) (D8:98) [17:45:00:979]: Machine policy value 'DisableRollback' is 0
MSI (s) (D8:98) [17:45:00:979]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (D8:98) [17:45:00:979]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (D8:98) [17:45:00:979]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (D8:98) [17:45:00:979]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (D8:98) [17:45:00:979]: Destroying RemoteAPI object.
MSI (s) (D8:2C) [17:45:00:979]: Custom Action Manager thread ending.
MSI (c) (A8:34) [17:45:00:979]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (A8:34) [17:45:00:979]: MainEngineThread is returning 1603
=== Verbose logging stopped: 9/24/2023 17:45:00 ===

 

9 Replies

    • NetComOscar's avatar
      NetComOscar
      Copper Contributor
      Sep 27, 2023
      Eli, thank you for your response, additional logs below:

      Azure Advanced Threat Protection Sensor_20230924174403

      [1204:1260][2023-09-24T17:44:03]i001: Burn v3.11.2.4516, Windows v6.3 (Build 9600: Service Pack 0), path: C:\Windows\Temp\{6C488131-3836-42FC-8CD9-73645EC88656}\.cr\Azure ATP Sensor Setup.exe
      [1204:1260][2023-09-24T17:44:03]i000: Initializing hidden variable 'AccessKey'
      [1204:1260][2023-09-24T17:44:03]i000: Initializing hidden variable 'ProxyConfiguration'
      [1204:1260][2023-09-24T17:44:03]i000: Initializing hidden variable 'ProxyUserPassword'
      [1204:1260][2023-09-24T17:44:03]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value '/passive /showrmui'
      [1204:1260][2023-09-24T17:44:03]i009: Command Line: '"-burn.clean.room=C:\Users\oscar\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe" -burn.filehandle.attached=396 -burn.filehandle.self=400'
      [1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\oscar\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe'
      [1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\oscar\Downloads\Azure ATP Sensor Setup\'
      [1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403.log'
      [1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleName' to value 'Azure Advanced Threat Protection Sensor'
      [1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'
      [1204:1260][2023-09-24T17:44:03]i000: Loading managed bootstrapper application.
      [1204:1260][2023-09-24T17:44:03]i000: Creating BA thread to run asynchronously.
      [1204:1260][2023-09-24T17:44:04]i100: Detect begin, 5 packages
      [1204:1260][2023-09-24T17:44:04]i000: 2023-09-24 21:44:04.5661 Debug DeploymentModel DetectDeploymentAction DetectBegin [\[]Installed=False[\]]
      [1204:1260][2023-09-24T17:44:04]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2'
      [1204:1260][2023-09-24T17:44:04]i000: Setting numeric variable 'Kb4019990Windows2008R2Exists' to value 0
      [1204:1260][2023-09-24T17:44:04]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.2.1.1'
      [1204:1260][2023-09-24T17:44:04]i000: Setting numeric variable 'Kb4019990Windows2012Exists' to value 0
      [1204:1260][2023-09-24T17:44:04]i000: Setting string variable 'NetFrameworkRegistryValue' to value '528049'
      [1204:1260][2023-09-24T17:44:04]i000: Setting string variable 'ServerLevelsServerCoreRegistryValue' to value '1'
      [1204:1260][2023-09-24T17:44:04]i000: Setting string variable 'ServerLevelsServerGuiShellRegistryValue' to value '1'
      [1204:1260][2023-09-24T17:44:04]i052: Condition 'Kb4019990Windows2008R2Exists' evaluates to false.
      [1204:1260][2023-09-24T17:44:04]i052: Condition 'Kb4019990Windows2012Exists' evaluates to false.
      [1204:1260][2023-09-24T17:44:04]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
      [1204:1260][2023-09-24T17:44:04]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
      [1204:1260][2023-09-24T17:44:04]i101: Detected package: Kb4019990Windows2008R2Package, state: Absent, cached: None
      [1204:1260][2023-09-24T17:44:04]i101: Detected package: Kb4019990Windows2012Package, state: Absent, cached: None
      [1204:1260][2023-09-24T17:44:04]i101: Detected package: NetFrameworkPackageServer, state: Present, cached: None
      [1204:1260][2023-09-24T17:44:04]i101: Detected package: NetFrameworkPackageServerCore, state: Present, cached: None
      [1204:1260][2023-09-24T17:44:04]i101: Detected package: MsiPackage, state: Absent, cached: None
      [1204:1260][2023-09-24T17:44:04]i199: Detect complete, result: 0x0
      [1204:0270][2023-09-24T17:44:04]i000: 2023-09-24 21:44:04.5973 Debug DeploymentModel .ctor [\[]DeploymentAction=Install[\]]
      [1204:0270][2023-09-24T17:44:04]i000: 2023-09-24 21:44:04.6755 Debug DeploymentModel .ctor [\[]IsAfterRestartAndConfigured=False[\]]
      [1204:0270][2023-09-24T17:44:29]i000: 2023-09-24 21:44:29.6319 Info Model ValidateAsync ValidateCreateSensorAsync returned [\[]validateCreateSensorResult=Success[\]]
      [1204:0270][2023-09-24T17:44:29]i000: Setting string variable 'IsConfigured' to value 'True'
      [1204:0270][2023-09-24T17:44:29]i000: Setting hidden variable 'AccessKey'
      [1204:0270][2023-09-24T17:44:29]i000: Unsetting variable 'DelayedUpdate'
      [1204:0270][2023-09-24T17:44:29]i000: Unsetting variable 'LogsPath'
      [1204:0270][2023-09-24T17:44:29]i000: Setting hidden variable 'ProxyConfiguration'
      [1204:0270][2023-09-24T17:44:29]i000: Setting string variable 'InstallationPath' to value 'C:\Program Files\Azure Advanced Threat Protection Sensor'
      [1204:1260][2023-09-24T17:44:29]i200: Plan begin, 5 packages, action: Install
      [1204:1260][2023-09-24T17:44:29]i052: Condition 'VersionNT64 = v6.1' evaluates to false.
      [1204:1260][2023-09-24T17:44:29]w321: Skipping dependency registration on package with no dependency providers: Kb4019990Windows2008R2Package
      [1204:1260][2023-09-24T17:44:29]i052: Condition 'VersionNT64 = v6.2' evaluates to false.
      [1204:1260][2023-09-24T17:44:29]w321: Skipping dependency registration on package with no dependency providers: Kb4019990Windows2012Package
      [1204:1260][2023-09-24T17:44:29]i052: Condition 'ServerLevelsServerCoreRegistryValue <> 1 OR ServerLevelsServerGuiShellRegistryValue = 1' evaluates to true.
      [1204:1260][2023-09-24T17:44:29]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServer
      [1204:1260][2023-09-24T17:44:29]i052: Condition 'ServerLevelsServerCoreRegistryValue = 1 AND ServerLevelsServerGuiShellRegistryValue <> 1' evaluates to false.
      [1204:1260][2023-09-24T17:44:29]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServerCore
      [1204:1260][2023-09-24T17:44:29]i000: Setting string variable 'WixBundleRollbackLog_MsiPackage' to value 'C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage_rollback.log'
      [1204:1260][2023-09-24T17:44:29]i000: Setting string variable 'WixBundleLog_MsiPackage' to value 'C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage.log'
      [1204:1260][2023-09-24T17:44:29]i201: Planned package: Kb4019990Windows2008R2Package, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
      [1204:1260][2023-09-24T17:44:29]i201: Planned package: Kb4019990Windows2012Package, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
      [1204:1260][2023-09-24T17:44:29]i201: Planned package: NetFrameworkPackageServer, state: Present, default requested: Present, ba requested: Present, execute: None, rollback: None, cache: No, uncache: No, dependency: None
      [1204:1260][2023-09-24T17:44:29]i201: Planned package: NetFrameworkPackageServerCore, state: Present, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
      [1204:1260][2023-09-24T17:44:29]i201: Planned package: MsiPackage, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
      [1204:1260][2023-09-24T17:44:29]i299: Plan complete, result: 0x0
      [1204:1260][2023-09-24T17:44:29]i300: Apply begin
      [1204:1260][2023-09-24T17:44:29]i010: Launching elevated engine process.
      [1204:1260][2023-09-24T17:44:30]i011: Launched elevated engine process.
      [1204:1260][2023-09-24T17:44:30]i012: Connected to elevated engine.
      [11A8:0948][2023-09-24T17:44:30]i358: Pausing automatic updates.
      [11A8:0948][2023-09-24T17:44:32]i359: Paused automatic updates.
      [11A8:0948][2023-09-24T17:44:32]i360: Creating a system restore point.
      [11A8:0948][2023-09-24T17:44:32]i362: System restore disabled, system restore point not created.
      [11A8:0948][2023-09-24T17:44:32]i370: Session begin, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c594ebb0-6384-4672-9f40-374ba46b8ffb}, options: 0x7, disable resume: No
      [11A8:0948][2023-09-24T17:44:32]i000: Caching bundle from: 'C:\Windows\Temp\{1E65615E-30AF-4372-A355-0F74946A97D6}\.be\Azure ATP Sensor Setup.exe' to: 'C:\ProgramData\Package Cache\{c594ebb0-6384-4672-9f40-374ba46b8ffb}\Azure ATP Sensor Setup.exe'
      [11A8:0948][2023-09-24T17:44:32]i320: Registering bundle dependency provider: {c594ebb0-6384-4672-9f40-374ba46b8ffb}, version: 2.214.17110.17401
      [11A8:0948][2023-09-24T17:44:32]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c594ebb0-6384-4672-9f40-374ba46b8ffb}, resume: Active, restart initiated: No, disable resume: No
      [11A8:12F0][2023-09-24T17:44:32]i305: Verified acquired payload: MsiPackage at path: C:\ProgramData\Package Cache\.unverified\MsiPackage, moving to: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi.
      [11A8:12F0][2023-09-24T17:44:32]i305: Verified acquired payload: cab9C68882706A1052319FE6C1B5DE23439 at path: C:\ProgramData\Package Cache\.unverified\cab9C68882706A1052319FE6C1B5DE23439, moving to: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\1.
      [11A8:0948][2023-09-24T17:44:32]i323: Registering package dependency provider: {06A3F555-04E7-47C3-A86C-930693F51E65}, version: 2.214.17110.17401, package: MsiPackage
      [11A8:0948][2023-09-24T17:44:32]i301: Applying execute package: MsiPackage, action: Install, path: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi, arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7" ACCESSKEY="*****" DelayedUpdate="" InstallationPath="C:\Program Files\Azure Advanced Threat Protection Sensor" InstalledVersion="" LogsPath="" PROXYCONFIGURATION="*****" WixBundleOriginalSourceFolder="C:\Users\oscar\Downloads\Azure ATP Sensor Setup\"'
      [11A8:0948][2023-09-24T17:45:00]e000: Error 0x80070643: Failed to install MSI package.
      [11A8:0948][2023-09-24T17:45:00]e000: Error 0x80070643: Failed to execute MSI package.
      [1204:1260][2023-09-24T17:45:00]e000: Error 0x80070643: Failed to configure per-machine MSI package.
      [1204:1260][2023-09-24T17:45:00]i000: 2023-09-24 21:45:00.9796 Error Model LogError [\[]methodName=BootstrapperApplication_ExecutePackageComplete status=-2147023293 exception=[\]]
      [1204:1260][2023-09-24T17:45:00]i319: Applied execute package: MsiPackage, result: 0x80070643, restart: None
      [1204:1260][2023-09-24T17:45:00]e000: Error 0x80070643: Failed to execute MSI package.
      [11A8:0948][2023-09-24T17:45:00]i318: Skipped rollback of package: MsiPackage, action: Uninstall, already: Absent
      [1204:1260][2023-09-24T17:45:00]i319: Applied rollback package: MsiPackage, result: 0x0, restart: None
      [11A8:0948][2023-09-24T17:45:00]i329: Removed package dependency provider: {06A3F555-04E7-47C3-A86C-930693F51E65}, package: MsiPackage
      [11A8:0948][2023-09-24T17:45:00]i351: Removing cached package: MsiPackage, from path: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\
      [11A8:0948][2023-09-24T17:45:00]i372: Session end, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c594ebb0-6384-4672-9f40-374ba46b8ffb}, resume: None, restart: None, disable resume: No
      [11A8:0948][2023-09-24T17:45:00]i330: Removed bundle dependency provider: {c594ebb0-6384-4672-9f40-374ba46b8ffb}
      [11A8:0948][2023-09-24T17:45:00]i352: Removing cached bundle: {c594ebb0-6384-4672-9f40-374ba46b8ffb}, from path: C:\ProgramData\Package Cache\{c594ebb0-6384-4672-9f40-374ba46b8ffb}\
      [11A8:0948][2023-09-24T17:45:00]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c594ebb0-6384-4672-9f40-374ba46b8ffb}, resume: None, restart initiated: No, disable resume: No
      [1204:1260][2023-09-24T17:45:00]i399: Apply complete, result: 0x80070643, restart: None, ba requested restart: No
      [1204:0270][2023-09-24T17:57:23]i000: 2023-09-24 21:57:23.5839 Debug SensorBootstrapperApplication Run Engine.Quit [\[]deploymentResultStatus=-2147023293 isRestartRequired=False[\]]
      [1204:1260][2023-09-24T17:57:23]i500: Shutting down, exit code: 0x80070643
      [1204:1260][2023-09-24T17:57:23]i410: Variable: AccessKey = *****
      [1204:1260][2023-09-24T17:57:23]i410: Variable: InstallationPath = C:\Program Files\Azure Advanced Threat Protection Sensor
      [1204:1260][2023-09-24T17:57:23]i410: Variable: IsConfigured = True
      [1204:1260][2023-09-24T17:57:23]i410: Variable: Kb4019990Windows2008R2Exists = 0
      [1204:1260][2023-09-24T17:57:23]i410: Variable: Kb4019990Windows2012Exists = 0
      [1204:1260][2023-09-24T17:57:23]i410: Variable: NetFrameworkCommandLineArguments = /passive /showrmui
      [1204:1260][2023-09-24T17:57:23]i410: Variable: NetFrameworkRegistryValue = 528049
      [1204:1260][2023-09-24T17:57:23]i410: Variable: RebootPending = 0
      [1204:1260][2023-09-24T17:57:23]i410: Variable: ServerLevelsServerCoreRegistryValue = 1
      [1204:1260][2023-09-24T17:57:23]i410: Variable: ServerLevelsServerGuiShellRegistryValue = 1
      [1204:1260][2023-09-24T17:57:23]i410: Variable: VersionNT64 = 6.3.0.0
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleAction = 5
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleElevated = 1
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleLog = C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403.log
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleLog_MsiPackage = C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage.log
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleManufacturer = Microsoft Corporation
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleName = Azure Advanced Threat Protection Sensor
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleOriginalSource = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleOriginalSourceFolder = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleProviderKey = {c594ebb0-6384-4672-9f40-374ba46b8ffb}
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleRollbackLog_MsiPackage = C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage_rollback.log
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleSourceProcessFolder = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleSourceProcessPath = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleTag =
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleUILevel = 4
      [1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleVersion = 2.214.17110.17401
      [1204:1260][2023-09-24T17:57:23]i007: Exit code: 0x80070643, restarting: No

      Microsoft.Tri.Sensor.Deployment.Deployer_20230924214436

      2023-09-24 21:44:37.6235 Info Program Main Deployer started [arguments=kkZ6VqB3WbnOkSspYitMVw==]
      2023-09-24 21:44:37.6704 Warn PcapLibraryHelper IsCaptureDriverExist Did not found capture driver npf or npcap
      2023-09-24 21:44:37.6704 Debug InstallActionGroup Apply started
      2023-09-24 21:44:37.6704 Debug CreateCertificateAction Apply started [suppressFailure=False]
      2023-09-24 21:44:57.7417 Debug CreateCertificateAction Apply finished
      2023-09-24 21:44:57.7417 Debug CreateSensorAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.0542 Debug CreateSensorAction Apply finished
      2023-09-24 21:44:58.0542 Debug TestCertificateAndProxyAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.1636 Debug TestCertificateAndProxyAction Apply finished
      2023-09-24 21:44:58.1636 Debug SaveSensorMandatoryConfigurationAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.1948 Debug SaveSensorMandatoryConfigurationAction Apply finished
      2023-09-24 21:44:58.1948 Debug CreateServicesActionGroup Apply started
      2023-09-24 21:44:58.1948 Debug CreateServiceAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2104 Debug CreateServiceAction Apply finished
      2023-09-24 21:44:58.2104 Debug SetServiceDescriptionAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2104 Debug SetServiceDescriptionAction Apply finished
      2023-09-24 21:44:58.2104 Debug ConfigureServiceAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2261 Debug ConfigureServiceAction Apply finished
      2023-09-24 21:44:58.2261 Debug SetServicePreshutdownTimeoutAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2261 Debug SetServicePreshutdownTimeoutAction Apply finished
      2023-09-24 21:44:58.2261 Debug CreateServiceAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2261 Debug CreateServiceAction Apply finished
      2023-09-24 21:44:58.2261 Debug SetServiceDescriptionAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2417 Debug SetServiceDescriptionAction Apply finished
      2023-09-24 21:44:58.2417 Debug ConfigureServiceAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2417 Debug ConfigureServiceAction Apply finished
      2023-09-24 21:44:58.2417 Debug SetServicePreshutdownTimeoutAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2417 Debug SetServicePreshutdownTimeoutAction Apply finished
      2023-09-24 21:44:58.2417 Debug CreateServicesActionGroup Apply finished
      2023-09-24 21:44:58.2417 Debug ConfigureVirtualServiceAccountAction Apply started [suppressFailure=False]
      2023-09-24 21:44:58.2730 Debug ConfigureVirtualServiceAccountAction Apply finished
      2023-09-24 21:44:58.2730 Debug InstallNpcapAction Apply started [suppressFailure=False]
      2023-09-24 21:45:00.4481 Debug InstallActionGroup Revert started
      2023-09-24 21:45:00.4481 Warn InstallActionGroup Revert reverting [rollbackAction=ConfigureVirtualServiceAccountAction index=0 count=6]
      2023-09-24 21:45:00.4481 Debug ConfigureVirtualServiceAccountAction Revert started
      2023-09-24 21:45:00.4481 Debug ConfigureVirtualServiceAccountAction Revert finished
      2023-09-24 21:45:00.4481 Warn InstallActionGroup Revert reverting [rollbackAction=CreateServicesActionGroup index=1 count=6]
      2023-09-24 21:45:00.4481 Debug CreateServicesActionGroup Revert started
      2023-09-24 21:45:00.4481 Warn CreateServicesActionGroup Revert reverting [rollbackAction=SetServicePreshutdownTimeoutAction index=0 count=8]
      2023-09-24 21:45:00.4481 Debug SetServicePreshutdownTimeoutAction Revert started
      2023-09-24 21:45:00.4481 Debug SetServicePreshutdownTimeoutAction Revert finished
      2023-09-24 21:45:00.4481 Warn CreateServicesActionGroup Revert reverting [rollbackAction=ConfigureServiceAction index=1 count=8]
      2023-09-24 21:45:00.4481 Debug ConfigureServiceAction Revert started
      2023-09-24 21:45:00.4481 Debug ConfigureServiceAction Revert finished
      2023-09-24 21:45:00.4481 Warn CreateServicesActionGroup Revert reverting [rollbackAction=SetServiceDescriptionAction index=2 count=8]
      2023-09-24 21:45:00.4481 Debug SetServiceDescriptionAction Revert started
      2023-09-24 21:45:00.4481 Debug SetServiceDescriptionAction Revert finished
      2023-09-24 21:45:00.4481 Warn CreateServicesActionGroup Revert reverting [rollbackAction=CreateServiceAction index=3 count=8]
      2023-09-24 21:45:00.4481 Debug CreateServiceAction Revert started
      2023-09-24 21:45:00.4638 Debug ServiceControllerExtension DeleteService succeeded [name=AATPSensor]
      2023-09-24 21:45:00.4638 Debug CreateServiceAction Revert finished
      2023-09-24 21:45:00.4638 Warn CreateServicesActionGroup Revert reverting [rollbackAction=SetServicePreshutdownTimeoutAction index=4 count=8]
      2023-09-24 21:45:00.4638 Debug SetServicePreshutdownTimeoutAction Revert started
      2023-09-24 21:45:00.4638 Debug SetServicePreshutdownTimeoutAction Revert finished
      2023-09-24 21:45:00.4638 Warn CreateServicesActionGroup Revert reverting [rollbackAction=ConfigureServiceAction index=5 count=8]
      2023-09-24 21:45:00.4638 Debug ConfigureServiceAction Revert started
      2023-09-24 21:45:00.4638 Debug ConfigureServiceAction Revert finished
      2023-09-24 21:45:00.4638 Warn CreateServicesActionGroup Revert reverting [rollbackAction=SetServiceDescriptionAction index=6 count=8]
      2023-09-24 21:45:00.4638 Debug SetServiceDescriptionAction Revert started
      2023-09-24 21:45:00.4638 Debug SetServiceDescriptionAction Revert finished
      2023-09-24 21:45:00.4638 Warn CreateServicesActionGroup Revert reverting [rollbackAction=CreateServiceAction index=7 count=8]
      2023-09-24 21:45:00.4638 Debug CreateServiceAction Revert started
      2023-09-24 21:45:00.4950 Debug ServiceControllerExtension DeleteService succeeded [name=AATPSensorUpdater]
      2023-09-24 21:45:00.4950 Debug CreateServiceAction Revert finished
      2023-09-24 21:45:00.4950 Debug CreateServicesActionGroup Revert finished
      2023-09-24 21:45:00.4950 Warn InstallActionGroup Revert reverting [rollbackAction=SaveSensorMandatoryConfigurationAction index=2 count=6]
      2023-09-24 21:45:00.4950 Debug SaveSensorMandatoryConfigurationAction Revert started
      2023-09-24 21:45:00.4950 Debug SaveSensorMandatoryConfigurationAction Revert finished
      2023-09-24 21:45:00.4950 Warn InstallActionGroup Revert reverting [rollbackAction=TestCertificateAndProxyAction index=3 count=6]
      2023-09-24 21:45:00.4950 Debug TestCertificateAndProxyAction Revert started
      2023-09-24 21:45:00.4950 Debug TestCertificateAndProxyAction Revert finished
      2023-09-24 21:45:00.4950 Warn InstallActionGroup Revert reverting [rollbackAction=CreateSensorAction index=4 count=6]
      2023-09-24 21:45:00.4950 Debug CreateSensorAction Revert started
      2023-09-24 21:45:00.6827 Debug CreateSensorAction Revert finished
      2023-09-24 21:45:00.6827 Warn InstallActionGroup Revert reverting [rollbackAction=CreateCertificateAction index=5 count=6]
      2023-09-24 21:45:00.6827 Debug CreateCertificateAction Revert started
      2023-09-24 21:45:00.6982 Debug CreateCertificateAction Revert finished
      2023-09-24 21:45:00.6982 Debug InstallActionGroup Revert finished
      2023-09-24 21:45:00.7607 Error DeploymentAction Deployer failed [arguments=kkZ6VqB3WbnOkSspYitMVw==]
      Microsoft.Tri.Infrastructure.ExtendedException: Apply failed [Type=InstallNpcapAction]
      at void Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(bool suppressFailure)
      at void Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(bool suppressFailure)
      at int Microsoft.Tri.Sensor.Deployment.Deployer.Program.Main(string[] commandLineArguments)

      any suggestion on cause of failure would be greatly appreciated.
      • EliOfek's avatar
        EliOfek
        Icon for Microsoft rankMicrosoft
        Sep 27, 2023
        Npcap failed to install.
        Try to install it manually using the npcap installer provided in the zip as well, and collect it's logs to understand why it is failing.
        make sure to install it with proper parameters:
        npcap-1.00-oem.exe /loopback_support=no /winpcap_mode=yes /admin_only=no /S
        Details:
        https://aka.ms/mdi/npcap

Resources