Jump to content

after upgrade Agent to v7 old Agent is also visible


Recommended Posts

Quote

ESET Security Management Center (7.0.66.1)

  • In some cases, the “ESET Remote Administrator Component Upgrades task” will leave registry entries of ERA Agent version 6.5 despite successfully installing version 7 Management Agent, resulting in a state when both versions are reported and version check status will incorrectly report outdated installations, even when they are not present.

Hello Forum,

2 of my Clients have the Problem. What can i do, to solve the wrong reporting.

 

Thanks Maik

 

Link to comment
Share on other sites

  • Administrators

I assume that currently it's only possible to manually delete the appropriate registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

Link to comment
Share on other sites

  • ESET Staff
5 hours ago, maiki said:

Hello Forum,

2 of my Clients have the Problem. What can i do, to solve the wrong reporting.

Thanks Maik

 

Could you please verify that executing following BAT script:

reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /f "ESET Remote Administrator Agent" /s > temp.temp

set "lineNr=1"
set /a lineNr-=1
for /f  %%G in (temp.temp) DO (
  setlocal ENABLEDELAYEDEXPANSION
  set line=%%G
  echo "!line!"
  reg delete "!line!" /f
  del temp.temp
  goto :leave
)
:leave

will resolve issue on clients? It should remove registries of all ERA (not ESMC) agents found on client.

Link to comment
Share on other sites

  • ESET Staff

Or maybe even better, could you verify this registry keys actually points to ERA Agent:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"

If so, running "Run command" ESMC task with command line:

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f 

directly from console on affected clients should clean old registries:

Link to comment
Share on other sites

10 hours ago, MartinK said:

Or maybe even better, could you verify this registry keys actually points to ERA Agent:


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"

If so, running "Run command" ESMC task with command line:


reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f 

directly from console on affected clients should clean old registries:

Shouldn't this be run in upgrade procedure and not by user/admin alone?

Link to comment
Share on other sites

  • ESET Staff
Just now, bbahes said:

Shouldn't this be run in upgrade procedure and not by user/admin alone?

Actually those registries should be removed automatically, but for some unknown reason, specific installed files are registered as if they were installed with multiple products, and thus they are not removed (i.e. there is some kind of reference counting). Manual removal of those registries is just temporary solution until issue is properly fixed.

Link to comment
Share on other sites

16 hours ago, MartinK said:

Or maybe even better, could you verify this registry keys actually points to ERA Agent:


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"

If so, running "Run command" ESMC task with command line:


reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f 

 directly from console on affected clients should clean old registries:

I had the same problem of the 2 agent versions (v6 and v7) being reported, but running this registry command immediately solved the problem. Thanks!!

Link to comment
Share on other sites

I just ran the ESMC upgrade on my old ERA Server. After that I ran the Security Management Center Components Upgrade as well as an Update for the Rogue Detection Sensor

Now the ESMC Reports that the Server has the following installed:

Remote Administrator Agent 6.5.522.0
Remote Administrator Server 6.5.522.0
Management Agent 7.0.553.0
Security Management Center Server 7.0.553.0
Rogue Detection Sensor 1.1.693.0
 

I do see the previously specified Registry Entries for the ERA Agent, as well as similar entries with the ID FF4A76B03E71D144183AEA3C39576B29 for the ERA Server.

So I would guess that while the upgrade was successful (it does Show me the new GUI at least, and I suppose it wouldnt really work with both versions actually installed) the same uninstallation error can also happen with the ERA Server.

 

Link to comment
Share on other sites

Confirming that this is the same issue and solution affecting my agent upgrades; the two reg keys just need to be deleted.

 

edit:  Just deployed agent update to 9 machines using PDQ Deploy rather than a Run Program task in ESET or a manual install and none exhibited this behavior.  I am going to continue deployments using this method.

Edited by Cousin Vinny
Link to comment
Share on other sites

I created a dynamic group with, contains Agents v7 AND v6 are both installed, then run 2 x Run Commands (1 for each of the reg deletes) when clients joined the group.

This resolved the issue for me 95% of the time, i did have to manually rerun the task a few times and had to manually remove one of the reg entries as it was being stubborn and not deleting on at least two machines.

Link to comment
Share on other sites

  • 2 weeks later...

Hi jonathan.deane_UK

could you please sent Expression for your Dynamic group for filtering clients with both installed agents?

Thank you.

Link to comment
Share on other sites

  • 1 month later...

Hi

I'm seeing this on all our clients (70+). Any indication as to whether or not this is affects performance? If not I'm content to leave until ESET supply a fix - would be interested to know if one is on the horizon.

Thanks

Link to comment
Share on other sites

  • ESET Staff

Hello,

We are currently investigating the issue to determine the best solution and cause of this issue. We would appreciate the output of diagnostic tool (dumps installer registry related to Agent).

In attachment is a new version of the diagnostic tool and .bat file which runs the diagnostic tool with required parameters.

Please PM me resulting registry dumps (preferably from several computers so we have greater statistics)

Thanks in advance

Diagnostic.Agent.7.1.91.0_x64.zip

Link to comment
Share on other sites

13 hours ago, Mirek S. said:

Hello,

We are currently investigating the issue to determine the best solution and cause of this issue. We would appreciate the output of diagnostic tool (dumps installer registry related to Agent).

In attachment is a new version of the diagnostic tool and .bat file which runs the diagnostic tool with required parameters.

Please PM me resulting registry dumps (preferably from several computers so we have greater statistics)

Thanks in advance

Diagnostic.Agent.7.1.91.0_x64.zip

Hi

Attachment unavailable.

Capture.PNG

Link to comment
Share on other sites

  • ESET Staff

Sorry,

I forgot users are not allowed to download attachments.

For the time being please PM me for the tool (it will be part of next hotfix release)

Thanks in advance.

 

Edited by Mirek S.
Link to comment
Share on other sites

  • 2 weeks later...

HI,

What about the keys in

  • HKEY_CLASSES_ROOT\Installer\Products\07F21F149AF55F34494F355BE44BEE4C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07F21F149AF55F34494F355BE44BEE4C

? They should be deleted as well ? I'm also concerned if this may generate problems when updating the agent in the future and if this issue will be fixed in a next release ?

Link to comment
Share on other sites

  • ESET Staff

Hello,

Recommended is to leave registry as they are for now. Upcoming service release should correct issues caused by the previous version.

Specifically installations affected with

  1. 7.0 version being installed while being reported as 6.X from installer point of view - upgrade will update installer registry to match what is really installed.
  2. both 6.X and 7.0 version being reported as installed - upgrade will remove both previous versions

For upgrade to succeed previous version(s) installation package file is required. We backup installation package within Agent. Windows backups currently installed applications packages in windows specific directories. Original location (from where installation was run) is also used to find msi package if previous lookups failed.

For GPO deploys it's therefore recommended to keep previous packages(s) on distribution point and only add new versions instead of replacing them.

For those potentionally affected by missing installation package, it's possible to select those in installation UI mode.

HTH

Link to comment
Share on other sites

  • Administrators

To share a file for the others, it is necessary to upload it to a file sharing service for instance and post a download link. Direct access to attachments is available only to moderators for security reasons.

Link to comment
Share on other sites

Thank you Mirek, so we will not delete any of the registry keys and wait for a new version of the agent. Any idea on the approximate schedule release ?

Link to comment
Share on other sites

  • 4 weeks later...
On 11/26/2018 at 8:40 AM, satellite360 said:

Pleased to report that upgrading to Management Agent 7.0.577.0 resolved the problem.  Thanks.

I also had issues with persistent old ERA entry and no new v7 product would install. Additionally uninstall of v6 ERA failed even manually.

But the new ERA .577 installed just fine after clearing the above posted reg-keys and after that Endpoint Sec. also installed without a hitch. Finally!

Link to comment
Share on other sites

I had also some clients with this, easiest way: Old Installer right click uninstall over context menu (after this all was clean)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...