Forum Discussion
Defender for Endpoint | Onboarding 2012R2 via local script | md4ws.msi with error id 15
Hi guys,
we onboarded ~70 servers and everything went great so far.
Our last 2012 R2 gets an error related to the sense service:
event viewer:
ms document:
msi error:
MSI (s) (28:F4) [18:42:41:915]: Executing op: CustomActionSchedule(Action=RollbackInstallSecFilter,ActionType=3393,Source=BinaryData,Target=UninstallDriver,CustomActionData=c:\Windows\Inf\mssecflt.inf)
MSI (s) (28:F4) [18:42:41:915]: Executing op: ActionStart(Name=InstallSecFilter,,)
Aktion 18:42:41: InstallSecFilter.
MSI (s) (28:F4) [18:42:41:915]: Executing op: CustomActionSchedule(Action=InstallSecFilter,ActionType=3073,Source=BinaryData,Target=InstallDriver,CustomActionData=c:\Windows\Inf\mssecflt.inf)
MSI (s) (28:44) [18:42:41:915]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI864A.tmp, Entrypoint: InstallDriver
MpWixCA [18:42:41:931] installdriver.cpp(98): BEGIN InstallDriver, pid=0x35e0, tid=0x3764
MpWixCA [18:42:41:931] msiutil.cpp(37): 0: HrMsiGetProperty(0xae, 'CustomActionData', 'c:\Windows\Inf\mssecflt.inf')
MpWixCA [18:42:41:978] installdriver.cpp(76): SetupInstallServicesFromInfSectionW(,DefaultInstall.Services,0) failed, hr=0x80070005
MpWixCA [18:42:41:993] installdriver.cpp(98): END InstallDriver, hr=0x80070005
CustomAction InstallSecFilter returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
sadly nothing helps, all prerequisites are given (server are managed and on the same state)
and the sense service will not start.
maybe someone has an idea on this?
(btw. this is the new onboarding method in preview, not the old SCEP/MMA method)
thanks a lot.
E: I already opened a MS case for this a week ago, and they are still trying to solve this, but no success yet.
regards
Patrick
- Had this problem on multiple servers and traced to WinDefend service taking a long time to start added the following to the registry temporarily
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"ServicesPipeTimeout"=dword:00075300
after a reboot ran md4ws manually (elevated) and it installed fine every time.
- akvabelloBrass Contributor
So in my case, I just solved this in the following manner. The issue was it couldn't install the service because there was already a registry key for the service in place. I believe this was due to a previously failed rollback of the MSI attempting to be installed. I had to manually delete the registry key for the windefend service in HKLM\SYSTEM\CurrentControlSet\Services\Windefend. I tried using sc delete windefend, but always got access denied, even in safe mode. Once I removed the registry key, I rebooted. The service no longer showed in the services MMC. I could then run the install successfully.
- Joachim_LuengasBrass ContributorIt was helpful for me.
- KevinWBrownCopper ContributorHad this problem on multiple servers and traced to WinDefend service taking a long time to start added the following to the registry temporarily
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"ServicesPipeTimeout"=dword:00075300
after a reboot ran md4ws manually (elevated) and it installed fine every time.- Petr_CahlkCopper ContributorIt helped us as well. Thank you a lot.
- carlux1Copper ContributorHi PAtrick,
do you have received a feedback from Microsoft?
regards
Carsten- PatrickElCopper Contributor
Hi Carsten,
we tried a bunch of KB installations (were already installed) and all of this:
https://github.com/microsoft/mdefordownlevelserver
there was no solution in sight, so we went back to MMA and SCEP.
Maybe the Link helps you? 🙂
Regards
Patrick
- carlichtCopper Contributor
Hi PatrickEl,
thanks for your quick answer. I'll check the link you provide. But I believe we have to do the same way as you described.
Thx
carsten