Unable to reinstall sensor after uninstalling from Domain controller.

Copper Contributor

Unable to reinstall sensor after uninstalling from Domain controller.. Please help me.

find below the error pic and Azure Advanced Threat Protection Sensor_20230318141134_000_MsiPackage logs.

 

=== Verbose logging started: 3/18/2023 14:12:03 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\Windows\Temp\{0DB5C90F-3B7D-45A2-A5A2-49711564FB3E}\.be\Azure ATP Sensor Setup.exe ===
MSI (c) (10:04) [14:12:03:523]: Resetting cached policy values
MSI (c) (10:04) [14:12:03:523]: Machine policy value 'Debug' is 0
MSI (c) (10:04) [14:12:03:523]: ******* RunEngine:
******* Product: C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
******* Action:
******* CommandLine: **********
MSI (c) (10:04) [14:12:03:523]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (10:04) [14:12:03:523]: Grabbed execution mutex.
MSI (c) (10:04) [14:12:03:570]: Cloaking enabled.
MSI (c) (10:04) [14:12:03:570]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (10:04) [14:12:03:570]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C8:24) [14:12:03:632]: Running installation inside multi-package transaction C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
MSI (s) (C8:24) [14:12:03:632]: Grabbed execution mutex.
MSI (s) (C8:B8) [14:12:03:632]: Resetting cached policy values
MSI (s) (C8:B8) [14:12:03:632]: Machine policy value 'Debug' is 0
MSI (s) (C8:B8) [14:12:03:632]: ******* RunEngine:
******* Product: C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
******* Action:
******* CommandLine: **********
MSI (s) (C8:B8) [14:12:03:632]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (C8:B8) [14:12:03:632]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (C8:B8) [14:12:03:632]: SRSetRestorePoint skipped for this transaction.
MSI (s) (C8:B8) [14:12:03:632]: File will have security applied from OpCode.
MSI (s) (C8:B8) [14:12:03:648]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi' against software restriction policy
MSI (s) (C8:B8) [14:12:03:648]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi has a digital signature
MSI (s) (C8:B8) [14:12:03:757]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (C8:B8) [14:12:03:757]: MSCOREE not loaded loading copy from system32
MSI (s) (C8:B8) [14:12:03:773]: End dialog not enabled
MSI (s) (C8:B8) [14:12:03:773]: Original package ==> C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
MSI (s) (C8:B8) [14:12:03:773]: Package we're running from ==> C:\Windows\Installer\3510f.msi
MSI (s) (C8:B8) [14:12:03:773]: APPCOMPAT: Compatibility mode property overrides found.
MSI (s) (C8:B8) [14:12:03:913]: APPCOMPAT: looking for appcompat database entry with ProductCode '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}'.
MSI (s) (C8:B8) [14:12:03:913]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'TransformsSecure' is 1
MSI (s) (C8:B8) [14:12:04:116]: Note: 1: 2205 2: 3: MsiFileHash
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'DisablePatch' is 0
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (C8:B8) [14:12:04:116]: APPCOMPAT: looking for appcompat database entry with ProductCode '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}'.
MSI (s) (C8:B8) [14:12:04:116]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (C8:B8) [14:12:04:116]: Transforms are not secure.
MSI (s) (C8:B8) [14:12:04:116]: Note: 1: 2205 2: 3: Control
MSI (s) (C8:B8) [14:12:04:116]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\VISHAL~1.SHA\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230318141134_000_MsiPackage.log'.
MSI (s) (C8:B8) [14:12:04:116]: Command Line: ARPSYSTEMCOMPONENT=1 MSIFASTINSTALL=7 ACCESSKEY=********** DelayedUpdate= InstallationPath=C:\Program Files\Azure Advanced Threat Protection Sensor InstalledVersion= LogsPath= PROXYCONFIGURATION=********** WixBundleOriginalSourceFolder=C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)\ REBOOT=ReallySuppress CURRENTDIRECTORY=C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3) CLIENTUILEVEL=3 MSICLIENTUSESEXTERNALUI=1 CLIENTPROCESSID=4624
MSI (s) (C8:B8) [14:12:04:116]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{6D02F763-A791-48E9-BBED-436245543ECD}'.
MSI (s) (C8:B8) [14:12:04:116]: Product Code passed to Engine.Initialize: ''
MSI (s) (C8:B8) [14:12:04:116]: Product Code from property table before transforms: '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}'
MSI (s) (C8:B8) [14:12:04:116]: Product Code from property table after transforms: '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}'
MSI (s) (C8:B8) [14:12:04:116]: Product not registered: beginning first-time install
MSI (s) (C8:B8) [14:12:04:116]: Product {E3C41AF2-E5F9-4B85-AA7C-2D793C046962} is not managed.
MSI (s) (C8:B8) [14:12:04:116]: MSI_LUA: Credential prompt not required, user is an admin
MSI (s) (C8:B8) [14:12:04:116]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (C8:B8) [14:12:04:116]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (C8:B8) [14:12:04:116]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (C8:B8) [14:12:04:116]: Adding new sources is allowed.
MSI (s) (C8:B8) [14:12:04:116]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:116]: Package name extracted from package path: 'Microsoft.Tri.Sensor.Deployment.Package.msi'
MSI (s) (C8:B8) [14:12:04:116]: Package to be registered: 'Microsoft.Tri.Sensor.Deployment.Package.msi'
MSI (s) (C8:B8) [14:12:04:116]: Note: 1: 2205 2: 3: Error
MSI (s) (C8:B8) [14:12:04:132]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (C8:B8) [14:12:04:132]: Machine policy value 'DisableMsi' is 1
MSI (s) (C8:B8) [14:12:04:132]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (C8:B8) [14:12:04:132]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (C8:B8) [14:12:04:132]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (C8:B8) [14:12:04:132]: Running product '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}' with elevated privileges: Product is assigned.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding ARPSYSTEMCOMPONENT property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding MSIFASTINSTALL property. Its value is '7'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding ACCESSKEY property. Its value is '**********'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding INSTALLATIONPATH property. Its value is 'C:\Program Files\Azure Advanced Threat Protection Sensor'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding WIXBUNDLEORIGINALSOURCEFOLDER property. Its value is 'C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)\'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding MSICLIENTUSESEXTERNALUI property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '4624'.
MSI (s) (C8:B8) [14:12:04:148]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0
MSI (s) (C8:B8) [14:12:04:148]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is '2d5a47d35c22394cb27d386f01fce008'.
MSI (s) (C8:B8) [14:12:04:148]: RESTART MANAGER: Session opened.
MSI (s) (C8:B8) [14:12:04:148]: TRANSFORMS property is now:
MSI (s) (C8:B8) [14:12:04:148]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '500'.
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\Favorites
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\Documents
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Recent
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\SendTo
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Templates
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Local
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\Pictures
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\Desktop
MSI (s) (C8:B8) [14:12:04:179]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (s) (C8:B8) [14:12:04:179]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (C8:B8) [14:12:04:179]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Windows User'.
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Windows\Installer\3510f.msi'.
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi'.
MSI (s) (C8:B8) [14:12:04:179]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (s) (C8:B8) [14:12:04:179]: EEUI - Disabling MsiEmbeddedUI due to existing external or embedded UI
MSI (s) (C8:B8) [14:12:04:179]: EEUI - Disabling MsiEmbeddedUI for service because it's not a quiet/basic install
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (C8:B8) [14:12:04:179]: Machine policy value 'DisableRollback' is 0
MSI (s) (C8:B8) [14:12:04:179]: User policy value 'DisableRollback' is 0
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding MsiUISourceResOnly property. Its value is '1'.
=== Logging started: 3/18/2023 14:12:04 ===
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (C8:B8) [14:12:04:179]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: INSTALL
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action start 14:12:04: INSTALL.
MSI (s) (C8:B8) [14:12:04:195]: Running ExecuteSequence
MSI (s) (C8:B8) [14:12:04:195]: Doing action: FindRelatedProducts
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action start 14:12:04: FindRelatedProducts.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: LaunchConditions
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: FindRelatedProducts. Return value 1.
Action start 14:12:04: LaunchConditions.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: ValidateProductID
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: LaunchConditions. Return value 1.
Action start 14:12:04: ValidateProductID.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: CostInitialize
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: ValidateProductID. Return value 1.
MSI (s) (C8:B8) [14:12:04:195]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: Patch
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: Patch
Action start 14:12:04: CostInitialize.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: FileCost
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: CostInitialize. Return value 1.
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: MsiAssembly
Action start 14:12:04: FileCost.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: CostFinalize
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: FileCost. Return value 1.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: Patch
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: Condition
MSI (s) (C8:B8) [14:12:04:210]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
MSI (s) (C8:B8) [14:12:04:210]: Target path resolution complete. Dumping Directory table...
MSI (s) (C8:B8) [14:12:04:210]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (C8:B8) [14:12:04:210]: Dir (target): Key: TARGETDIR , Object: C:\
MSI (s) (C8:B8) [14:12:04:210]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: MsiAssembly
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?
Action start 14:12:04: CostFinalize.
MSI (s) (C8:B8) [14:12:04:210]: Doing action: MigrateFeatureStates
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: CostFinalize. Return value 1.
Action start 14:12:04: MigrateFeatureStates.
MSI (s) (C8:B8) [14:12:04:210]: Doing action: InstallValidate
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: MigrateFeatureStates. Return value 0.
MSI (s) (C8:B8) [14:12:04:210]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is '2d5a47d35c22394cb27d386f01fce008'.
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Dialog
MSI (s) (C8:B8) [14:12:04:210]: Feature: ProductFeature; Installed: Absent; Request: Local; Action: Local
MSI (s) (C8:B8) [14:12:04:210]: Component: ProductComponent; Installed: Absent; Request: Local; Action: Local
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Registry
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: BindImage
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: ProgId
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Extension
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Font
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Class
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Icon
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: TypeLib
Action start 14:12:04: InstallValidate.
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: MsiFileHash
MSI (s) (C8:B8) [14:12:04:210]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Registry
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: BindImage
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: ProgId
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Extension
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Font
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Class
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Icon
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: TypeLib
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2727 2:
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: FilesInUse
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2727 2:
MSI (s) (C8:B8) [14:12:04:226]: Doing action: InstallInitialize
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: InstallValidate. Return value 1.
MSI (s) (C8:B8) [14:12:04:226]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (C8:B8) [14:12:04:226]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (C8:B8) [14:12:04:226]: BeginTransaction: Locking Server
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (C8:B8) [14:12:04:226]: SRSetRestorePoint skipped for this transaction.
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (C8:B8) [14:12:04:226]: Server not locked: locking for product {E3C41AF2-E5F9-4B85-AA7C-2D793C046962}
Action start 14:12:04: InstallInitialize.
MSI (s) (C8:B8) [14:12:04:226]: Doing action: InstallCustomAction
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: InstallInitialize. Return value 1.
MSI (s) (C8:2C) [14:12:04:241]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI5370.tmp, Entrypoint: Install
MSI (s) (C8:18) [14:12:04:257]: Generating random cookie.
MSI (s) (C8:18) [14:12:04:257]: Created Custom Action Server with PID 4384 (0x1120).
MSI (s) (C8:28) [14:12:04:320]: Running as a service.
MSI (s) (C8:28) [14:12:04:320]: Hello, I'm your 64bit Impersonated custom action server.
Action start 14:12:04: InstallCustomAction.
SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSI5370.tmp-\
SFXCA: Binding to CLR version v4.0.30319
Calling custom action Microsoft.Tri.Sensor.Deployment.Package.Actions!Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.Install
2023-03-18 18:12:08.2419 Debug CustomActions RunActionGroup InstallActionGroup started
2023-03-18 18:12:08.2575 Debug InstallActionGroup Apply started
2023-03-18 18:12:08.2731 Debug CreateDirectoryDeploymentAction Apply started [suppressFailure=False]
2023-03-18 18:12:08.2731 Debug CreateDirectoryDeploymentAction Apply finished
2023-03-18 18:12:08.2731 Debug DownloadMinorDeploymentPackageBytesAction Apply started [suppressFailure=False]
2023-03-18 18:12:10.8669 Debug DownloadMinorDeploymentPackageBytesAction Apply finished
2023-03-18 18:12:10.8669 Debug UnpackDeploymentPackageBytesAction Apply started [suppressFailure=False]
2023-03-18 18:12:12.5544 Debug UnpackDeploymentPackageBytesAction Apply finished
2023-03-18 18:12:12.5544 Debug RunDeployerMajorDeploymentAction Apply started [suppressFailure=False]
2023-03-18 18:12:12.6325 Info RunDeployerMajorDeploymentAction ApplyInternal started [filePath=felCqxODCIh7Xr8hQDBBjA== _arguments=9W6jRxvdYmoRns3w6NAKrA==]
2023-03-18 18:12:17.4451 Info RunDeployerMajorDeploymentAction ApplyInternal finished [isSuccessful=False]
2023-03-18 18:12:17.4451 Debug InstallActionGroup Revert started
2023-03-18 18:12:17.4451 Warn InstallActionGroup Revert reverting [rollbackAction=UnpackDeploymentPackageBytesAction index=0 count=3]
2023-03-18 18:12:17.4451 Debug UnpackDeploymentPackageBytesAction Revert started
2023-03-18 18:12:17.4919 Debug UnpackDeploymentPackageBytesAction Revert finished
2023-03-18 18:12:17.4919 Warn InstallActionGroup Revert reverting [rollbackAction=DownloadMinorDeploymentPackageBytesAction index=1 count=3]
2023-03-18 18:12:17.4919 Debug DownloadMinorDeploymentPackageBytesAction Revert started
2023-03-18 18:12:17.4919 Debug DownloadMinorDeploymentPackageBytesAction Revert finished
2023-03-18 18:12:17.4919 Warn InstallActionGroup Revert reverting [rollbackAction=CreateDirectoryDeploymentAction index=2 count=3]
2023-03-18 18:12:17.5075 Debug CreateDirectoryDeploymentAction Revert started
2023-03-18 18:12:17.5075 Debug CreateDirectoryDeploymentAction Revert finished
2023-03-18 18:12:17.5075 Debug InstallActionGroup Revert finished
2023-03-18 18:12:17.5388 Error DeploymentAction Failed to apply InstallActionGroup
Microsoft.Tri.Infrastructure.ExtendedException: Apply failed [Type=RunDeployerMajorDeploymentAction]
at Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.RunActionGroup(DeploymentActionGroup deploymentActionGroup, Session session)
2023-03-18 18:12:17.5388 Debug CustomActions RunActionGroup InstallActionGroup finished [result=Failure]
CustomAction InstallCustomAction returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (C8:B8) [14:12:17:632]: Note: 1: 2265 2: 3: -2147287035
MSI (s) (C8:B8) [14:12:17:632]: Machine policy value 'DisableRollback' is 0
MSI (s) (C8:B8) [14:12:17:632]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
Action ended 14:12:17: InstallCustomAction. Return value 3.
MSI (s) (C8:B8) [14:12:17:632]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C8:B8) [14:12:17:632]: No System Restore sequence number for this installation.
MSI (s) (C8:B8) [14:12:17:632]: Unlocking Server
Action ended 14:12:17: INSTALL. Return value 3.
Property(S): UpgradeCode = {EDFB49E0-16FA-4535-B268-BD1B81B15DC2}
Property(S): TARGETDIR = C:\
Property(S): ALLUSERS = 1
Property(S): Manufacturer = Microsoft Corporation
Property(S): ProductCode = {E3C41AF2-E5F9-4B85-AA7C-2D793C046962}
Property(S): ProductLanguage = 1033
Property(S): ProductName = Azure Advanced Threat Protection Sensor
Property(S): ProductVersion = 2.199.16251.32043
Property(S): SecureCustomProperties = WIX_DOWNGRADE_DETECTED;WIX_UPGRADE_DETECTED
Property(S): MsiHiddenProperties = ACCESSKEY;PROXYCONFIGURATION
Property(S): MsiLogFileLocation = C:\Users\VISHAL~1.SHA\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230318141134_000_MsiPackage.log
Property(S): PackageCode = {6D02F763-A791-48E9-BBED-436245543ECD}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): MSIFASTINSTALL = 7
Property(S): ACCESSKEY = **********
Property(S): INSTALLATIONPATH = C:\Program Files\Azure Advanced Threat Protection Sensor
Property(S): WIXBUNDLEORIGINALSOURCEFOLDER = C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)\
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)
Property(S): CLIENTUILEVEL = 3
Property(S): MSICLIENTUSESEXTERNALUI = 1
Property(S): CLIENTPROCESSID = 4624
Property(S): VersionDatabase = 500
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): VersionNT64 = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 2
Property(S): MsiNTSuiteDataCenter = 1
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\Windows\system32\
Property(S): SystemFolder = C:\Windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\VISHAL~1.SHA\AppData\Local\Temp\
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\vishal.sharma\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\vishal.sharma\Favorites\
Property(S): NetHoodFolder = C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\vishal.sharma\Documents\
Property(S): PrintHoodFolder = C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\vishal.sharma\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\vishal.sharma\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 8192
Property(S): VirtualMemory = 7374
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = vishal.sharma
Property(S): UserSID = S-1-5-21-1035065021-3698315187-3387987873-9864
Property(S): UserLanguageID = 1033
Property(S): ComputerName = PA01-DC01P
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 28
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): MsiTabletPC = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 14:12:17
Property(S): Date = 3/18/2023
Property(S): MsiNetAssemblySupport = 4.7.3062.0
Property(S): MsiWin32AssemblySupport = 6.3.14393.5582
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Windows User
Property(S): DATABASE = C:\Windows\Installer\3510f.msi
Property(S): OriginalDatabase = C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
Property(S): UILevel = 2
Property(S): MsiUISourceResOnly = 1
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = C:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): INSTALLLEVEL = 1
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 1708
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 2205 2: 3: Error
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 2205 2: 3: Error
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
MSI (s) (C8:B8) [14:12:17:648]: Product: Azure Advanced Threat Protection Sensor -- Installation failed.

MSI (s) (C8:B8) [14:12:17:648]: Windows Installer installed the product. Product Name: Azure Advanced Threat Protection Sensor. Product Version: 2.199.16251.32043. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

MSI (s) (C8:B8) [14:12:17:663]: Deferring clean up of packages/files, if any exist
MSI (s) (C8:B8) [14:12:17:663]: MainEngineThread is returning 1603
MSI (s) (C8:24) [14:12:17:663]: RESTART MANAGER: Session closed.
MSI (s) (C8:24) [14:12:17:663]: No System Restore sequence number for this installation.
=== Logging stopped: 3/18/2023 14:12:17 ===
MSI (s) (C8:24) [14:12:17:663]: User policy value 'DisableRollback' is 0
MSI (s) (C8:24) [14:12:17:663]: Machine policy value 'DisableRollback' is 0
MSI (s) (C8:24) [14:12:17:663]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C8:24) [14:12:17:663]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C8:24) [14:12:17:663]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C8:24) [14:12:17:663]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (C8:24) [14:12:17:663]: Destroying RemoteAPI object.
MSI (s) (C8:18) [14:12:17:663]: Custom Action Manager thread ending.
MSI (c) (10:04) [14:12:17:663]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (10:04) [14:12:17:663]: MainEngineThread is returning 1603
=== Verbose logging stopped: 3/18/2023 14:12:17 ===

 

 

Error picture.jpeg 

2 Replies
Be sure that the sensor is also deleted in Microsoft 365. If the sensor still exists in the cloud, the API request to create a new sensor in the cloud fails and you get the same error message. So, go to "security.microsoft.com / Settings / Identities / Sensors" and be sure the sensor is deleted there as well.