Endpoint Protection

 View Only

Troubleshooting installation errors using MSI logs 

Oct 06, 2009 07:09 PM

Troubleshooting installation errors using MSI logs

During the installation of Symantec   products ( SEP , SAV , SPC ), you may get errors that provide insufficient information about what has occurred. As all Symantec  products for Windows use MSIs to perform the installation, it is very useful to check the MSI installer logs to gather more information about the error.
 

 
 
The install creates  msi logs, which by default are created in the Temp directory.


This can be located by typing %temp% into the address bar in Windows Explorer.




The files to look at :

SEP_Inst.log ( For Symantec Endpoint Protection Client )
SEPM_Inst.log ( For Symantec Endpoint Protection Manger)
SPC_Inst.log ( For Symantec Protection Center SEP 12)
SAV_Inst.log ( For Symantec Antivirus)
 

 
Understanding MSI log files



1.     It is a good idea to read the file from the bottom up, as the error will have occurred nearer the end of the file.



2.     You will notice that an MSI log is split into two categories; 'Properties', which are displayed at the end of the article and 'Actions'.



3.     An Action looks like:

         Action ended 12:07:04: INSTALL. Return value 3.


4.     A Property looks like:

       Property(S): SYSTEM32TEMP = C:\WINDOWS\TEMP\Symantec\System32\


5.     Focus on the Actions as opposed to Properties. Each action makes up a part of the installation procedure.


 
6.     To determine which action has failed during the installation, search for the error generated during installation.




7.     When you have located the error, look at the Action that was performed just before the error. A return value code is written in the log to show if the action completed successfully or not. One of the following will be displayed:
 
o    Return Value 1 – The Action completed successfully
o    Return Value 2 – The user terminated the action
o    Return Value 3 – The Action failed (will cause the installation to terminate)
 


 
8.     Make a note of which of the actions gives a return value of 3, and record any additional error information in the log file that may not have been displayed in the on-screen error.
 

 
9.     With the above information, you can perform certain troubleshooting yourself.




Once we get the Return Value 3, Look at the lines above Value 3 it will help us to locate the reason for the failure.
 
 
 
 
Example :
 
-- DECABI_LOGGING --   LiveUpdate registration failed. (HRESULT=-2147221164)
Action ended 14:51:00: InstallFinalize. Return value 3.
 
 
 
MSI (s) (70:38) [13:06:09:074]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI176.tmp, Entrypoint: InstallLiveUpdate
LUCA: InstallLiveUpdate enter.
LUCA: C:\DOCUME~1\srmadmin\LOCALS~1\Temp\ZOKHEVPH\LiveUpdate\lucheck.exe
LUCA: InstallLiveUpdate exit.
Action ended 13:07:15: InstallFinalize. Return value 3.
 

 
 
LUCA: InstallLiveUpdate enter.
LUCA: D:\DOCUME~1\Sarah\LOCALS~1\Temp\JMPQMZLG\LiveUpdate\lucheck.exe
LUCA: InstallLiveUpdate exit.
MSI (s) (20:48) [23:26:41:390]: User policy value 'DisableRollback' is 0
MSI (s) (20:48) [23:26:41:390]: Machine policy value 'DisableRollback' is 0
Action ended 23:26:41: InstallFinalize. Return value 3.
 
 

 
Error 2318.File does not exist: E:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\localhost_log.2008-04-12.txt.
MSI (c) (1C:AC) [16:07:00:812]: Product: Symantec Endpoint Protection Manager -- Error 2318.File does not exist: E:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\localhost_log.2008-04-12.txt.
 Action ended 16:07:00: InstallWelcome. Return value 3.
 

 
 
LUCA: C:\DOCUME~1\ADMINI~1.CAI\LOCALS~1\Temp\AWVRXHIT\LiveUpdate\lucheck.exe
LUCA: InstallLiveUpdate : CreateProcessAndWait( LUCHECK.EXE ) returned 206
Action ended 13:41:27: InstallFinalize. Return value 3.
 
 

 
SESM CA: RunCommandFromBin End
SESM CA: Failure in IIsConfig.vbs script - See the Windows Event Viewer application log for the failure event.
SESM CA: InstallIISConfig End
Action ended 11:01:41: InstallFinalize. Return value 3.
 

 
 
LUCA: C:\DOCUME~1\Neil\LOCALS~1\Temp\NCGKYZFS\LiveUpdate\lucheck.exe
LUCA: InstallLiveUpdate : CreateProcessAndWait( LUCHECK.EXE ) returned 100
Action ended 10:31:38: InstallFinalize. Return value 3.
 

 
 
Error 1304.Error writing to file C:\WINDOWS\system32\Drivers\symndis.sys. Verify that you have access to that directory.
MSI (s) (E8:38) [17:31:17:171]: Product: Symantec Endpoint Protection -- Error 1304.Error writing to file C:\WINDOWS\system32\Drivers\symndis.sys. Verify that you have access to that directory.
 Info 2835.The control ErrorIcon was not found on dialog SetupError.
Are you sure you want to cancel?
Action ended 17:31:18: InstallFinalize. Return value 3.
 
 
 
MSI (c) (94:20) [11:26:05:904]: Product: Symantec Endpoint Protection -- Symantec Endpoint Protection has detected that there are pending system changes that require a reboot. Please reboot the system and rerun the installation.
 Action ended 11:26: LaunchConditions. Return value 3.

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jan 20, 2012 02:09 AM

What is the name of the log file in SEP 12.1?

And is the location the same?

Sep 24, 2010 11:19 AM

Thanks, informative article. I never knew what the return values were , and usually ignored them when troubleshooting MSI errors.

Nov 12, 2009 12:10 PM

What OS are you using???


Title: 'Error 1304: Error Writing to file C:\program files \ Symantec\Symantec Endpoint Protection while install/uninstalling SEPM on Windows 2008 server'
Document ID: 2009010108434148
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009010108434148?Open&seg=ent

Nov 12, 2009 07:08 AM

HI PRACHAND,

We are getting the same error while installing SEP 11.0.3

Error 1304.Error writing to file C:\WINDOWS\system32\Drivers\symndis.sys. Verify that you have access to that directory.
MSI (s) (E8:38) [17:31:17:171]: Product: Symantec Endpoint Protection -- Error 1304.Error writing to file C:\WINDOWS\system32\Drivers\symndis.sys. Verify that you have access to that directory.
 Info 2835.The control ErrorIcon was not found on dialog SetupError.
Are you sure you want to cancel?
Action ended 17:31:18: InstallFinalize. Return value 3.

Regards
Praveen

Nov 02, 2009 11:47 AM

thanks for clearing this...
best regards...

Related Entries and Links

No Related Resource entered.