Mar 20 2023 12:20 AM
Unable to reinstall sensor after uninstalling from Domain controller.. Please help me.
find below the error pic and Azure Advanced Threat Protection Sensor_20230318141134_000_MsiPackage logs.
=== Verbose logging started: 3/18/2023 14:12:03 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\Windows\Temp\{0DB5C90F-3B7D-45A2-A5A2-49711564FB3E}\.be\Azure ATP Sensor Setup.exe ===
MSI (c) (10:04) [14:12:03:523]: Resetting cached policy values
MSI (c) (10:04) [14:12:03:523]: Machine policy value 'Debug' is 0
MSI (c) (10:04) [14:12:03:523]: ******* RunEngine:
******* Product: C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
******* Action:
******* CommandLine: **********
MSI (c) (10:04) [14:12:03:523]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (10:04) [14:12:03:523]: Grabbed execution mutex.
MSI (c) (10:04) [14:12:03:570]: Cloaking enabled.
MSI (c) (10:04) [14:12:03:570]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (10:04) [14:12:03:570]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C8:24) [14:12:03:632]: Running installation inside multi-package transaction C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
MSI (s) (C8:24) [14:12:03:632]: Grabbed execution mutex.
MSI (s) (C8:B8) [14:12:03:632]: Resetting cached policy values
MSI (s) (C8:B8) [14:12:03:632]: Machine policy value 'Debug' is 0
MSI (s) (C8:B8) [14:12:03:632]: ******* RunEngine:
******* Product: C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
******* Action:
******* CommandLine: **********
MSI (s) (C8:B8) [14:12:03:632]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (C8:B8) [14:12:03:632]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (C8:B8) [14:12:03:632]: SRSetRestorePoint skipped for this transaction.
MSI (s) (C8:B8) [14:12:03:632]: File will have security applied from OpCode.
MSI (s) (C8:B8) [14:12:03:648]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi' against software restriction policy
MSI (s) (C8:B8) [14:12:03:648]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi has a digital signature
MSI (s) (C8:B8) [14:12:03:757]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (C8:B8) [14:12:03:757]: MSCOREE not loaded loading copy from system32
MSI (s) (C8:B8) [14:12:03:773]: End dialog not enabled
MSI (s) (C8:B8) [14:12:03:773]: Original package ==> C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
MSI (s) (C8:B8) [14:12:03:773]: Package we're running from ==> C:\Windows\Installer\3510f.msi
MSI (s) (C8:B8) [14:12:03:773]: APPCOMPAT: Compatibility mode property overrides found.
MSI (s) (C8:B8) [14:12:03:913]: APPCOMPAT: looking for appcompat database entry with ProductCode '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}'.
MSI (s) (C8:B8) [14:12:03:913]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'TransformsSecure' is 1
MSI (s) (C8:B8) [14:12:04:116]: Note: 1: 2205 2: 3: MsiFileHash
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'DisablePatch' is 0
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (C8:B8) [14:12:04:116]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (C8:B8) [14:12:04:116]: APPCOMPAT: looking for appcompat database entry with ProductCode '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}'.
MSI (s) (C8:B8) [14:12:04:116]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (C8:B8) [14:12:04:116]: Transforms are not secure.
MSI (s) (C8:B8) [14:12:04:116]: Note: 1: 2205 2: 3: Control
MSI (s) (C8:B8) [14:12:04:116]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\VISHAL~1.SHA\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230318141134_000_MsiPackage.log'.
MSI (s) (C8:B8) [14:12:04:116]: Command Line: ARPSYSTEMCOMPONENT=1 MSIFASTINSTALL=7 ACCESSKEY=********** DelayedUpdate= InstallationPath=C:\Program Files\Azure Advanced Threat Protection Sensor InstalledVersion= LogsPath= PROXYCONFIGURATION=********** WixBundleOriginalSourceFolder=C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)\ REBOOT=ReallySuppress CURRENTDIRECTORY=C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3) CLIENTUILEVEL=3 MSICLIENTUSESEXTERNALUI=1 CLIENTPROCESSID=4624
MSI (s) (C8:B8) [14:12:04:116]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{6D02F763-A791-48E9-BBED-436245543ECD}'.
MSI (s) (C8:B8) [14:12:04:116]: Product Code passed to Engine.Initialize: ''
MSI (s) (C8:B8) [14:12:04:116]: Product Code from property table before transforms: '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}'
MSI (s) (C8:B8) [14:12:04:116]: Product Code from property table after transforms: '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}'
MSI (s) (C8:B8) [14:12:04:116]: Product not registered: beginning first-time install
MSI (s) (C8:B8) [14:12:04:116]: Product {E3C41AF2-E5F9-4B85-AA7C-2D793C046962} is not managed.
MSI (s) (C8:B8) [14:12:04:116]: MSI_LUA: Credential prompt not required, user is an admin
MSI (s) (C8:B8) [14:12:04:116]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (C8:B8) [14:12:04:116]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (C8:B8) [14:12:04:116]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (C8:B8) [14:12:04:116]: Adding new sources is allowed.
MSI (s) (C8:B8) [14:12:04:116]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:116]: Package name extracted from package path: 'Microsoft.Tri.Sensor.Deployment.Package.msi'
MSI (s) (C8:B8) [14:12:04:116]: Package to be registered: 'Microsoft.Tri.Sensor.Deployment.Package.msi'
MSI (s) (C8:B8) [14:12:04:116]: Note: 1: 2205 2: 3: Error
MSI (s) (C8:B8) [14:12:04:132]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (C8:B8) [14:12:04:132]: Machine policy value 'DisableMsi' is 1
MSI (s) (C8:B8) [14:12:04:132]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (C8:B8) [14:12:04:132]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (C8:B8) [14:12:04:132]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (C8:B8) [14:12:04:132]: Running product '{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}' with elevated privileges: Product is assigned.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding ARPSYSTEMCOMPONENT property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding MSIFASTINSTALL property. Its value is '7'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding ACCESSKEY property. Its value is '**********'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding INSTALLATIONPATH property. Its value is 'C:\Program Files\Azure Advanced Threat Protection Sensor'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding WIXBUNDLEORIGINALSOURCEFOLDER property. Its value is 'C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)\'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding MSICLIENTUSESEXTERNALUI property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:132]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '4624'.
MSI (s) (C8:B8) [14:12:04:148]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0
MSI (s) (C8:B8) [14:12:04:148]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is '2d5a47d35c22394cb27d386f01fce008'.
MSI (s) (C8:B8) [14:12:04:148]: RESTART MANAGER: Session opened.
MSI (s) (C8:B8) [14:12:04:148]: TRANSFORMS property is now:
MSI (s) (C8:B8) [14:12:04:148]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '500'.
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\Favorites
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\Documents
MSI (s) (C8:B8) [14:12:04:148]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Recent
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\SendTo
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Templates
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Local
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\Pictures
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (s) (C8:B8) [14:12:04:163]: SHELL32::SHGetFolderPath returned: C:\Users\vishal.sharma\Desktop
MSI (s) (C8:B8) [14:12:04:179]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (s) (C8:B8) [14:12:04:179]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (C8:B8) [14:12:04:179]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Windows User'.
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Windows\Installer\3510f.msi'.
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi'.
MSI (s) (C8:B8) [14:12:04:179]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (s) (C8:B8) [14:12:04:179]: EEUI - Disabling MsiEmbeddedUI due to existing external or embedded UI
MSI (s) (C8:B8) [14:12:04:179]: EEUI - Disabling MsiEmbeddedUI for service because it's not a quiet/basic install
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (C8:B8) [14:12:04:179]: Machine policy value 'DisableRollback' is 0
MSI (s) (C8:B8) [14:12:04:179]: User policy value 'DisableRollback' is 0
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
MSI (s) (C8:B8) [14:12:04:179]: PROPERTY CHANGE: Adding MsiUISourceResOnly property. Its value is '1'.
=== Logging started: 3/18/2023 14:12:04 ===
MSI (s) (C8:B8) [14:12:04:179]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (C8:B8) [14:12:04:179]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: INSTALL
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action start 14:12:04: INSTALL.
MSI (s) (C8:B8) [14:12:04:195]: Running ExecuteSequence
MSI (s) (C8:B8) [14:12:04:195]: Doing action: FindRelatedProducts
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action start 14:12:04: FindRelatedProducts.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: LaunchConditions
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: FindRelatedProducts. Return value 1.
Action start 14:12:04: LaunchConditions.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: ValidateProductID
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: LaunchConditions. Return value 1.
Action start 14:12:04: ValidateProductID.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: CostInitialize
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: ValidateProductID. Return value 1.
MSI (s) (C8:B8) [14:12:04:195]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: Patch
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: Patch
Action start 14:12:04: CostInitialize.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: FileCost
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: CostInitialize. Return value 1.
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: MsiAssembly
Action start 14:12:04: FileCost.
MSI (s) (C8:B8) [14:12:04:195]: Doing action: CostFinalize
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: FileCost. Return value 1.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: Patch
MSI (s) (C8:B8) [14:12:04:195]: Note: 1: 2205 2: 3: Condition
MSI (s) (C8:B8) [14:12:04:210]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
MSI (s) (C8:B8) [14:12:04:210]: Target path resolution complete. Dumping Directory table...
MSI (s) (C8:B8) [14:12:04:210]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (C8:B8) [14:12:04:210]: Dir (target): Key: TARGETDIR , Object: C:\
MSI (s) (C8:B8) [14:12:04:210]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is '1'.
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: MsiAssembly
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?
Action start 14:12:04: CostFinalize.
MSI (s) (C8:B8) [14:12:04:210]: Doing action: MigrateFeatureStates
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: CostFinalize. Return value 1.
Action start 14:12:04: MigrateFeatureStates.
MSI (s) (C8:B8) [14:12:04:210]: Doing action: InstallValidate
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: MigrateFeatureStates. Return value 0.
MSI (s) (C8:B8) [14:12:04:210]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is '2d5a47d35c22394cb27d386f01fce008'.
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Dialog
MSI (s) (C8:B8) [14:12:04:210]: Feature: ProductFeature; Installed: Absent; Request: Local; Action: Local
MSI (s) (C8:B8) [14:12:04:210]: Component: ProductComponent; Installed: Absent; Request: Local; Action: Local
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Registry
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: BindImage
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: ProgId
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Extension
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Font
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Class
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Icon
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: TypeLib
Action start 14:12:04: InstallValidate.
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: MsiFileHash
MSI (s) (C8:B8) [14:12:04:210]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Registry
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: BindImage
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: ProgId
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Extension
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Font
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Class
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: Icon
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: TypeLib
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2727 2:
MSI (s) (C8:B8) [14:12:04:210]: Note: 1: 2205 2: 3: FilesInUse
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2727 2:
MSI (s) (C8:B8) [14:12:04:226]: Doing action: InstallInitialize
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: InstallValidate. Return value 1.
MSI (s) (C8:B8) [14:12:04:226]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (C8:B8) [14:12:04:226]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (C8:B8) [14:12:04:226]: BeginTransaction: Locking Server
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (C8:B8) [14:12:04:226]: SRSetRestorePoint skipped for this transaction.
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (C8:B8) [14:12:04:226]: Server not locked: locking for product {E3C41AF2-E5F9-4B85-AA7C-2D793C046962}
Action start 14:12:04: InstallInitialize.
MSI (s) (C8:B8) [14:12:04:226]: Doing action: InstallCustomAction
MSI (s) (C8:B8) [14:12:04:226]: Note: 1: 2205 2: 3: ActionText
Action ended 14:12:04: InstallInitialize. Return value 1.
MSI (s) (C8:2C) [14:12:04:241]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI5370.tmp, Entrypoint: Install
MSI (s) (C8:18) [14:12:04:257]: Generating random cookie.
MSI (s) (C8:18) [14:12:04:257]: Created Custom Action Server with PID 4384 (0x1120).
MSI (s) (C8:28) [14:12:04:320]: Running as a service.
MSI (s) (C8:28) [14:12:04:320]: Hello, I'm your 64bit Impersonated custom action server.
Action start 14:12:04: InstallCustomAction.
SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSI5370.tmp-\
SFXCA: Binding to CLR version v4.0.30319
Calling custom action Microsoft.Tri.Sensor.Deployment.Package.Actions!Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.Install
2023-03-18 18:12:08.2419 Debug CustomActions RunActionGroup InstallActionGroup started
2023-03-18 18:12:08.2575 Debug InstallActionGroup Apply started
2023-03-18 18:12:08.2731 Debug CreateDirectoryDeploymentAction Apply started [suppressFailure=False]
2023-03-18 18:12:08.2731 Debug CreateDirectoryDeploymentAction Apply finished
2023-03-18 18:12:08.2731 Debug DownloadMinorDeploymentPackageBytesAction Apply started [suppressFailure=False]
2023-03-18 18:12:10.8669 Debug DownloadMinorDeploymentPackageBytesAction Apply finished
2023-03-18 18:12:10.8669 Debug UnpackDeploymentPackageBytesAction Apply started [suppressFailure=False]
2023-03-18 18:12:12.5544 Debug UnpackDeploymentPackageBytesAction Apply finished
2023-03-18 18:12:12.5544 Debug RunDeployerMajorDeploymentAction Apply started [suppressFailure=False]
2023-03-18 18:12:12.6325 Info RunDeployerMajorDeploymentAction ApplyInternal started [filePath=felCqxODCIh7Xr8hQDBBjA== _arguments=9W6jRxvdYmoRns3w6NAKrA==]
2023-03-18 18:12:17.4451 Info RunDeployerMajorDeploymentAction ApplyInternal finished [isSuccessful=False]
2023-03-18 18:12:17.4451 Debug InstallActionGroup Revert started
2023-03-18 18:12:17.4451 Warn InstallActionGroup Revert reverting [rollbackAction=UnpackDeploymentPackageBytesAction index=0 count=3]
2023-03-18 18:12:17.4451 Debug UnpackDeploymentPackageBytesAction Revert started
2023-03-18 18:12:17.4919 Debug UnpackDeploymentPackageBytesAction Revert finished
2023-03-18 18:12:17.4919 Warn InstallActionGroup Revert reverting [rollbackAction=DownloadMinorDeploymentPackageBytesAction index=1 count=3]
2023-03-18 18:12:17.4919 Debug DownloadMinorDeploymentPackageBytesAction Revert started
2023-03-18 18:12:17.4919 Debug DownloadMinorDeploymentPackageBytesAction Revert finished
2023-03-18 18:12:17.4919 Warn InstallActionGroup Revert reverting [rollbackAction=CreateDirectoryDeploymentAction index=2 count=3]
2023-03-18 18:12:17.5075 Debug CreateDirectoryDeploymentAction Revert started
2023-03-18 18:12:17.5075 Debug CreateDirectoryDeploymentAction Revert finished
2023-03-18 18:12:17.5075 Debug InstallActionGroup Revert finished
2023-03-18 18:12:17.5388 Error DeploymentAction Failed to apply InstallActionGroup
Microsoft.Tri.Infrastructure.ExtendedException: Apply failed [Type=RunDeployerMajorDeploymentAction]
at Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.RunActionGroup(DeploymentActionGroup deploymentActionGroup, Session session)
2023-03-18 18:12:17.5388 Debug CustomActions RunActionGroup InstallActionGroup finished [result=Failure]
CustomAction InstallCustomAction returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (C8:B8) [14:12:17:632]: Note: 1: 2265 2: 3: -2147287035
MSI (s) (C8:B8) [14:12:17:632]: Machine policy value 'DisableRollback' is 0
MSI (s) (C8:B8) [14:12:17:632]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
Action ended 14:12:17: InstallCustomAction. Return value 3.
MSI (s) (C8:B8) [14:12:17:632]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C8:B8) [14:12:17:632]: No System Restore sequence number for this installation.
MSI (s) (C8:B8) [14:12:17:632]: Unlocking Server
Action ended 14:12:17: INSTALL. Return value 3.
Property(S): UpgradeCode = {EDFB49E0-16FA-4535-B268-BD1B81B15DC2}
Property(S): TARGETDIR = C:\
Property(S): ALLUSERS = 1
Property(S): Manufacturer = Microsoft Corporation
Property(S): ProductCode = {E3C41AF2-E5F9-4B85-AA7C-2D793C046962}
Property(S): ProductLanguage = 1033
Property(S): ProductName = Azure Advanced Threat Protection Sensor
Property(S): ProductVersion = 2.199.16251.32043
Property(S): SecureCustomProperties = WIX_DOWNGRADE_DETECTED;WIX_UPGRADE_DETECTED
Property(S): MsiHiddenProperties = ACCESSKEY;PROXYCONFIGURATION
Property(S): MsiLogFileLocation = C:\Users\VISHAL~1.SHA\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230318141134_000_MsiPackage.log
Property(S): PackageCode = {6D02F763-A791-48E9-BBED-436245543ECD}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): MSIFASTINSTALL = 7
Property(S): ACCESSKEY = **********
Property(S): INSTALLATIONPATH = C:\Program Files\Azure Advanced Threat Protection Sensor
Property(S): WIXBUNDLEORIGINALSOURCEFOLDER = C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)\
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = C:\Users\vishal.sharma\Desktop\Azure ATP Sensor Setup (3)
Property(S): CLIENTUILEVEL = 3
Property(S): MSICLIENTUSESEXTERNALUI = 1
Property(S): CLIENTPROCESSID = 4624
Property(S): VersionDatabase = 500
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): VersionNT64 = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 2
Property(S): MsiNTSuiteDataCenter = 1
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\Windows\system32\
Property(S): SystemFolder = C:\Windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\VISHAL~1.SHA\AppData\Local\Temp\
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\vishal.sharma\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\vishal.sharma\Favorites\
Property(S): NetHoodFolder = C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\vishal.sharma\Documents\
Property(S): PrintHoodFolder = C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\vishal.sharma\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\vishal.sharma\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\vishal.sharma\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 8192
Property(S): VirtualMemory = 7374
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = vishal.sharma
Property(S): UserSID = S-1-5-21-1035065021-3698315187-3387987873-9864
Property(S): UserLanguageID = 1033
Property(S): ComputerName = PA01-DC01P
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 28
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): MsiTabletPC = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 14:12:17
Property(S): Date = 3/18/2023
Property(S): MsiNetAssemblySupport = 4.7.3062.0
Property(S): MsiWin32AssemblySupport = 6.3.14393.5582
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Windows User
Property(S): DATABASE = C:\Windows\Installer\3510f.msi
Property(S): OriginalDatabase = C:\ProgramData\Package Cache\{E3C41AF2-E5F9-4B85-AA7C-2D793C046962}v2.199.16251.32043\Microsoft.Tri.Sensor.Deployment.Package.msi
Property(S): UILevel = 2
Property(S): MsiUISourceResOnly = 1
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = C:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): INSTALLLEVEL = 1
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 1708
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 2205 2: 3: Error
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 2205 2: 3: Error
MSI (s) (C8:B8) [14:12:17:648]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
MSI (s) (C8:B8) [14:12:17:648]: Product: Azure Advanced Threat Protection Sensor -- Installation failed.
MSI (s) (C8:B8) [14:12:17:648]: Windows Installer installed the product. Product Name: Azure Advanced Threat Protection Sensor. Product Version: 2.199.16251.32043. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.
MSI (s) (C8:B8) [14:12:17:663]: Deferring clean up of packages/files, if any exist
MSI (s) (C8:B8) [14:12:17:663]: MainEngineThread is returning 1603
MSI (s) (C8:24) [14:12:17:663]: RESTART MANAGER: Session closed.
MSI (s) (C8:24) [14:12:17:663]: No System Restore sequence number for this installation.
=== Logging stopped: 3/18/2023 14:12:17 ===
MSI (s) (C8:24) [14:12:17:663]: User policy value 'DisableRollback' is 0
MSI (s) (C8:24) [14:12:17:663]: Machine policy value 'DisableRollback' is 0
MSI (s) (C8:24) [14:12:17:663]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C8:24) [14:12:17:663]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C8:24) [14:12:17:663]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C8:24) [14:12:17:663]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (C8:24) [14:12:17:663]: Destroying RemoteAPI object.
MSI (s) (C8:18) [14:12:17:663]: Custom Action Manager thread ending.
MSI (c) (10:04) [14:12:17:663]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (10:04) [14:12:17:663]: MainEngineThread is returning 1603
=== Verbose logging stopped: 3/18/2023 14:12:17 ===
Mar 21 2023 05:19 AM
Mar 21 2023 06:16 AM