Troubleshooting problem SEP client installs

I had my first ever need to put a call into Symantec enterprise support for a SEP client that just would not install on one of my corporate Win7 desktops. This particular problem proved troublesome to figure out but with Symantec’s help we got there. I also learned a few other tricks along the way that will help with troubleshooting regular enterprise client installs.
After trying multiple installation methods that usually work, all we would get was an ultimate failure with “error status 1603” logged in the application events.
Looking through the SEP installer log in c:\windows\temp\sep_inst.txt, we noticed that the installer was failing to access the network location for %APPDATA%.
Hmmm, ok let’s check the registry and see what’s up. Navigate to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. Notice how the value for AppData doesn’t look like the others? It should be prefixed with a %USERPROFILE% wildcard value but isn’t. The installer can’t find %APPDATA%.
This is the proper value that should be here:
The tech mentioned that they had this problem in Vista but had not seen it in 7. This particular user could be running some ancient software that changed this value, I really don’t know. This is the only box I’ve seen this happen on.
Another trick I learned along the way is how to get around the pesky reboot requirement before you can install the SEP client. To do this, simply delete the following items in the registry. Note the key paths at the bottom of each window:

Once the registry edits have been made you can rerun your client install without having to reboot. One other thing the tech had me do was export my enterprise install package to expose all the bits. This is done via the Endpoint Protection Manager Console. Navigate to your client install packages under Admin\ Install Packages, choose the package you want to export, right-click, choose export.
Select a location for the dump to go, UNcheck “create a single .EXE…”, choose your customized installation settings and features, then select the top level “my company”. The other defaults are fine. This will take a few minutes.
Once the export is complete you will see the contents of your deployment package. Install Live Update first (LUSETUP.exe) then run the installer MSI (Symantec AntiVirus.msi). This is the full non-silent yet customized client install so you can see every step. You AV client should now be installed with no problems.
Symantec KB103109

No comments:

Powered by Blogger.