Jump to content

Archived

This topic is now archived and is closed to further replies.

Michał Mielech

Cannot uninstall ESET Management Agent 7 deployed via GPO

Recommended Posts

Hi,

I have got a bit problem

According to https://support.eset.com/kb6864/?locale=en_US&viewlocale=en_US i have deployed ESET Management Agent 7 to more than 100 workstations

I have to remove them because m server supports older version 6.5

But I cannot do that on any machine

I receive error "a critical error occured ...". In log file I do not find anything special that could help me investigate this problem.

 

Please dont't tell me that I have to use ESETremover on every machine ....

 

Regards

Michał

Share this post


Link to post
Share on other sites

Is there any reason why you don't want to upgrade ERA v6.5 to ESMC but you have upgraded the agent? Given that you have installed agent via GPO, isn't it possible to uninstall it via GPO?

You could try manually running the agent msi installer with the "/lvx* uninstlog.txt" parameter, uninstall it and provide the log should it fail.

Share this post


Link to post
Share on other sites

I have ERA Server v.6, a lot of xp machines and servers 2003

But it is not the problem, the problem is that I cannot uninstall management agent. Why it does not want to uninstall via GPO ? I don't really know, but  I shoul have possibility to remove an app.

I ran what you told me on xp machine - "agent_x86.msi /lvx* uninstlog.txt" - there is only repair option, but still an error

Can you help me with this ?

I also attached uninstall log file

Regards Michał

uninstlog_rys21.txt

Share this post


Link to post
Share on other sites

ERROR: (DbInsertCertAuthContent) CStatementSerializerBase: Failed to open file C:\Documents and Settings\All Users\Dane aplikacji\ESET\RemoteAdministrator\Agent\SetupData\Database\SQLite\SetupScripts\Install\2_do_install.sql

Please copy the following commands to a batch file and run it:

Quote

reg export HKCR\Installer\UpgradeCodes\786A20824144DB1449FA500C3A98D88D temp_product.reg

set "lineNr=4"
set /a lineNr-=1
for /f "usebackq delims=" %%a in (`more +%lineNr% temp_product.reg`) DO (
  set line=%%a
  setlocal ENABLEDELAYEDEXPANSION
  set line1=%line:"=%
  set line2=HKCR\Installer\Features\!line1:~0,-1!
  reg delete "!line2!" /f
  set line2=HKCR\Installer\Products\!line1:~0,-1!
  reg delete "!line2!" /f
  del temp_product.reg
  reg delete HKCR\Installer\UpgradeCodes\786A20824144DB1449FA500C3A98D88D /f
  reg delete HKLM\SOFTWARE\ESET\RemoteAdministrator\Agent /f
  goto :leave
)
:leave

 

Share this post


Link to post
Share on other sites

There was no C:\Documents and Settings\All Users\Dane aplikacji\ESET\RemoteAdministrator folder, only ESET Endpoint Antivirus

I ran that script, everything what name was ESET *.* is missing from add/remove programs :)

Now gpupdate /force /boot - will write back if it was succesful or not

Share this post


Link to post
Share on other sites

Great, Management Agent x86 installed via GPO

ESET Endpoint AV missing from add/remove programs - but it is not a big problem - maybe I will have notices from other sofftware about that, but will reinstall

Thanks Marcos for your support - please answer on extra questions :

1. You think I should upgrade ERA to ESMC ? Will it support older windows xp workstations ?

2. What I did wrong with my GPO ?

Share this post


Link to post
Share on other sites

On Windows 10 workstations will this bat file work too ?

As I remember on W10 there was warning about "not enough priviliges"

Share this post


Link to post
Share on other sites

It still doesn't work. I thought that there was a success ...

Still cannot uninstall ESET Remote Management Agent from workstations. Now I see that there is something else in log.txt

Cannot get access to file because it is in use by other process ...

What now ?

 

ERROR: boost::filesystem::remove: (0x20), Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces: "C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db"
MSI (s) (94!F0) [11:38:25:788]: Closing MSIHANDLE (55) of type 790531 for thread 10480
MSI (s) (94!F0) [11:38:25:788]: Creating MSIHANDLE (56) of type 790531 for thread 10480
ERROR: (DbCreate) boost::filesystem::remove: (0x20), Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces: "C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db"
MSI (s) (94!F0) [11:38:25:789]: Closing MSIHANDLE (56) of type 790531 for thread 10480
MSI (s) (94!F0) [11:38:25:789]: Creating MSIHANDLE (57) of type 790531 for thread 10480
INFO: Successful GET property 'P_SILENT' with value - 
MSI (s) (94!F0) [11:38:25:789]: Closing MSIHANDLE (57) of type 790531 for thread 10480
MSI (s) (94!F0) [11:38:25:789]: Creating MSIHANDLE (58) of type 790531 for thread 10480
Error 30000. A critical error occurred. Please see the installation log for more information. Enabling the log is described at the ESET knowledge base website:
support.eset.com/kb406/
    
MSI (s) (94!F0) [11:38:33:338]: Product: ESET Remote Administrator Agent -- Error 30000. A critical error occurred. Please see the installation log for more information. Enabling the log is described at the ESET knowledge base website:
support.eset.com/kb406/

uninstlog_tomek.txt

Share this post


Link to post
Share on other sites
2 hours ago, Michał Mielech said:

It still doesn't work. I thought that there was a success ...

Still cannot uninstall ESET Remote Management Agent from workstations. Now I see that there is something else in log.txt

Cannot get access to file because it is in use by other process ...

What now ?

 

ERROR: boost::filesystem::remove: (0x20), Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces: "C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db"
MSI (s) (94!F0) [11:38:25:788]: Closing MSIHANDLE (55) of type 790531 for thread 10480
MSI (s) (94!F0) [11:38:25:788]: Creating MSIHANDLE (56) of type 790531 for thread 10480
ERROR: (DbCreate) boost::filesystem::remove: (0x20), Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces: "C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db"
MSI (s) (94!F0) [11:38:25:789]: Closing MSIHANDLE (56) of type 790531 for thread 10480
MSI (s) (94!F0) [11:38:25:789]: Creating MSIHANDLE (57) of type 790531 for thread 10480
INFO: Successful GET property 'P_SILENT' with value - 
MSI (s) (94!F0) [11:38:25:789]: Closing MSIHANDLE (57) of type 790531 for thread 10480
MSI (s) (94!F0) [11:38:25:789]: Creating MSIHANDLE (58) of type 790531 for thread 10480
Error 30000. A critical error occurred. Please see the installation log for more information. Enabling the log is described at the ESET knowledge base website:
support.eset.com/kb406/
    
MSI (s) (94!F0) [11:38:33:338]: Product: ESET Remote Administrator Agent -- Error 30000. A critical error occurred. Please see the installation log for more information. Enabling the log is described at the ESET knowledge base website:
support.eset.com/kb406/

uninstlog_tomek.txt

Can You also provide Agent logs from same time You tried uninstallation?

I assume Agent restarted somehow and enabled self-defense.

Share this post


Link to post
Share on other sites

These logs are taken during uninstall process (I ran agent_x64.msi /lvx* uninstlog.txt). Should I do something else ?

I have to mention that on some workstations (W10 ?) on the beginning of uninstall process I got information about lack of privileges, it is not possible, I'm domain admin.

Share this post


Link to post
Share on other sites

Not enough rights (access denied) is (usually) caused by Agent self-defense mechanism.

I meant Agent trace logs if we can pair them with installation logs we should know more about the issue.

 

Share this post


Link to post
Share on other sites

C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs (note they may contain sensitive information, so PM them to me)

Thanks.

Share this post


Link to post
Share on other sites

Was there ever a Solution to this?
I have run into the extract same issue but using SCCM instead of GPO.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×