Forum Discussion

Martin-B's avatar
Martin-B
Level 3
11 years ago

BE2014 Agent Install Fails

I have recently installed Backupexec 2014 on Windows Server 2012.  No matter what I do the agent install fails when I try to push it out.

There are some that I have been able to manually install the agent on and then add them to the list of servers and create backup jobs for them, but many fail even then.  It appears to be when the install trys to push the agent (and C++) to the client servers.

I have tried changing UAC but with no success.  There does seem to be some conflict with a Windows update KB2918614 but even this does not seem to affect all the servers that are problematic.  The client servers are a variety of Windows Server 2003, Windows Server 2008R2 and Windows Server 2012R2.

Can anyone help?

  • Either install the agent locally or remove the KB2918614.

    Installing it locally then restarting worked in most cases.  Not sure what will happen when an update is required.  Hopefully Symantec will have sorted it by then.

    Sophos was affected by the same Microsoft patch, but have worked out a solution.  Come on Symantec!

  • Try a local install of the Remote agent. Copy the RAWS & VCRedist folders to the root of the C:\ on the remote server and install the agent.

    Would recommend to install SP1 as well on the BE media server and then try push install. SP1 can be be downloaded from - http://www.symantec.com/business/support/index?page=content&id=TECH216178

    Additionally does uninstalling KB2918614 help for certain servers ?

    Lastly, if running an AV, set exclusions to allow push install of the agent.

  • Uninstalling that patch did help, but it is not recommended (security patch for Windows Update Service) and my boss won't allow it as an option.

    The AV (Sophos) does allow it.  We are only having issues since installing BE2014 on a new Server 2012R2 box.  The old Server 2008R2 with BE2012 worked ok (now turned off).

    Will try the SP1, although the hotfix 218257 is already installed.

    The local install "works" but when adding the server to the BE console, it tries to install the agent again and fails.

  • Thanks Laurie.  That is where I saw about removing the patch, but it is not practical with 102 servers and opens a security gap that we are not happy with.  The article does talk about language and regional settings which all of ours are set to English.

    There is also no explaination of why when a manual install is completed, the console still tries to install and fails.

    The patch does affect the UAC.  I tried completely disabling the Windows UAC but this makes no difference to the end result.

  • Martin-B,

    Let me reach out to some internal resources and see what I can find out for you.

  • Martin-B,

    I have done some digging and it basically comes down to the Microsoft Hotfix 2962490 in relation to the Microsoft Security Bulletin MS14-049. As stated in Microsoft documentation “The security update addresses the vulnerability by correcting the way that the Windows Installer service handles installation and repair scenarios”. This has caused Symantec, and many others issues with MSI installations and UAC prompts, as stated here.

    Realizing that the workaround provided is not practical, and with 102 servers time consuming without a doubt, there is no other solution to my knowledge to date. Unfortunately at this time we are at the mercy of Microsoft releasing a fix which is in hopes of being released sometime in October?

    “Microsoft patch KB 2918614 triggers 'key not valid for use,' more errors”

     

  • Hi Martin-B !

    In install log error 1603 and this string 09-17-2014,15:19:28 : FATAL ERROR: Key not valid for use in specified state.

     

    In my case, I have this error if on the target system account from under which maked the installation did not have local profile.

    Best regards,

       ub40.

     

  • Either install the agent locally or remove the KB2918614.

    Installing it locally then restarting worked in most cases.  Not sure what will happen when an update is required.  Hopefully Symantec will have sorted it by then.

    Sophos was affected by the same Microsoft patch, but have worked out a solution.  Come on Symantec!