Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

LoicM · ‎Jun 27 2022

Hello,

We have some 2012 R2 servers which failed to install the new onboarding package.

Error code 1603.

Message is Verify that you have sufficient privileges to install system services.

Didn't found anything in the know issues related to that, any idea?

Thank you,

LoicM

S_FARVARDIN · ‎Jun 28 2022

with another Admin account test it(Local / Domain/...).

LoicM · ‎Jul 06 2022

Same thing, tried with 2 account no success.

Ruben_Schoups · ‎Jul 06 2022

Did you use the 2012R2 installer and right click run as administrator?
Disabled your old AV?

AndyAxthelm · ‎Jul 06 2022

Same issue here, it seems that the Security Essentials Tool Software doesnt allow to override the current settings.

LoicM · ‎Jul 27 2022

So far no luck on those machines for us too, we tried to disable 3rd party AV with no luck and support representative have not being really helpful to investigate the root cause.

Ruben_Schoups · ‎Jul 27 2022

@LoicM did you disable or remove the av? Its recommended to remove it! What does the log say?

Yong Rhee · ‎Jul 28 2022

Hi @LoicM,

Step 1) Go to Add/Remove Programs (AppWiz.cpl) and make sure that there are no other Antimalware (e.g. SCEP) and/or EDR products installed.

Step 2) Have you tried installing using the "Installer script" documented here:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/server-migration?view=o365...

Step 3) Make sure that you have the latest* MDE installation package for Windows Server 2012 R2.
Note: * = (installs version 10.8048.22439.1065)

Which is documented here:
Microsoft Defender for Endpoint update for EDR Sensor
https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f6...

and which points to https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/defu/2022/03/updatesensecl...

Step 4) If none of these help, please open a Microsoft support ticket (case).
Have the following handy:
aka.ms/MDEClientAnalyzer

A verbose MSI log
https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-management/enable-windows-i...

A Process Monitor (ProcMon) while trying to install MDE
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-performance-i...

Thanks,
Yong Rhee - MSFT

LoicM · ‎Aug 22 2022

None of this worked for us, most of the time we are able to install after 2 or 3 retries.
1st install fails,
1st retry it will detect Windefend service, try to uninstall it,
Reboot needed
2nd retry, it works or we have to go again for another reboot and after that it works.

Upgrading on 2016 having been really easy and we have around 500 servers with unified onboarding without need for manual intervention.
2012 R2 we are at 75 servers and we had to manually install and multiple reboot due to this issues on almost 50% of servers.

It's not the end of the story, we just discovered MSSense high cpu usage on some 2012 R2 servers and first analysis from procmon show endless "Query Directory" C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\*.cat

To be honest, right now we are reconsidering switch to defender for 2012 R2 as it seems not reliable.

Yong Rhee · ‎Aug 22 2022

@LoicM, sorry to hear about the challenges with the 2012 R2 install.
Regarding the high cpu in MSSense and .cat, can you please open a Microsoft support ticket, it's something that we should be able to take care of.
Thx,
Yong - MSFT

pwitkowski · ‎Oct 05 2022

I have received this error when installing Defender on Server 2012R2 that appear to have Defender previously uninstalled. If you open up Services, and open the description of the Microsoft Defender Antivirus service, you will see its description as "<Failed to Read Description. Error Code 2>. If you see this, open the registry and delete HKLM\SYSTEM\CurrentControlSet\Services\WinDefend. Reboot the server - you will now be able to install Defender.

Justin_Ray · ‎Nov 01 2022

The ‎Microsoft Defender for Endpoint‎ Deployment Guide provides thorough coverage for deployment of ‎Microsoft Defender for Endpoint‎ including view and configure features, take advantage of preventative protection, post-breach detection, automated investigation, and response.

Learn how to make use of deployment rings, support onboarding tools based on the type of endpoint, and configure available capabilities with this table. Select this link to go directly to the onboarding topic in the setup guide.

Please note that the Microsoft Defender for Endpoint‎ Deployment Guide is located in the M365 Admin Center, so you will need to login with a Tenant Admin account to view this deployment guide.

Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Re: Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Defender for Endpoint - Unified onboarding failed on 2012 R2 - MpAsDesc.dll 310