CLOUD SOLUTIONS

BEST deployments errors on Windows machines

Bitdefender Endpoint Security Tools deployment tasks might encounter different errors while executing. This section provides an overview of the most common cases of unsuccessful deployment tasks and useful tips on how to fix the errors.

In general, the deployment tasks fail if the target systems are not compliant with the deployment prerequisites presented in section the BEST installation prerequisites KB article. Another common reason for failed deployment tasks are networking-related misconfigurations.

Windows unsuccessful deployment task status messages

The deployment task failed because there is no network connectivity between the GravityZone cluster initiating the deployment task and the target system.

To fix this issue, check the following:

  • The target system is accessible on the network: it has the correct DNS entry, and the assigned IP is not duplicated.

  • The local Firewall on the target system allows File and Printer Sharing traffic (TCP ports 139, 445; UDP ports 137, 138).

  • The target system accepts connections to its admin administrative share.

The deployment task failed because the administrator provided the wrong credentials when the deployment task was configured.

To fix this issue:

  • Check that the credentials entered in the deployment task Credentials Manager are the right ones and in the correct format.

  • Check that the provided credentials have administrative privileges on the target system.

The deployment task failed because the target machine could not contact the domain controller to validate the remote administrative share authentication request initiated by the GravityZone deployment processor.

To fix this error, check the target system and make sure it has proper network connectivity with the organization's Domain Controller.

The deployment task failed because the administrative share on the target system is not present.

To fix this issue, on the target system make sure that:

  • File and Printer Sharing protocol is enabled on the network interface.

  • User Account Control is disabled.

  • Server service and its dependencies are running.

The deployment task failed because the installer running on the target system could not contact the GravityZone Web Console role to download the security agent package.

To fix this issue, check the following:

  • The organization’s DNS server can resolve the GravityZone virtual appliance(s) hostname.

  • The target system can contact the DNS server and resolve the GravityZone virtual appliance(s) hostname.

To fix this issue:

  • Disable UAC for Windows 7, 8, 10 and Server 2012.

  • For Windows 8 and above, you must deactivate UAC from the registry as well.

    1. In Command Prompt, type regedit to open the registry editor.

    2. Go to: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System.

    3. Set EnableLUA to 0.

Modify failed at update stage because of a connection problem between the client and the update server.

The operation may be retried after the connection is established.

Modify failed at update stage because the downloaded files were corrupted. The operation may be retried after any network problem that might corrupt the files is solved.

Modify failed at update stage because the connection to the update server has timed out. Please try again.

Modify failed at update stage because the update server has not yet synchronized the update locations(the update location hasn't been requested yet by any client; the update server will begin to synchronize it at the first request). Please try again.

Modify failed at update stage because the update server isn't configured to synchronize one of the requested locations. Please try again or contact Bitdefender support.

Modify failed at update stage because of other update errors. Contact Bitdefender support.

Modify failed at stopping services.

The operation may be retried after a reboot. Any other modify attempted before rebooting will return reboot required.

Modify actions failed. Contact Bitdefender support.

Any other modify attempted before rebooting will return reboot required.

Installer.exe was stopped by the update process during a modify, to be able to replace the binary or one of its dependencies without a reboot. A new instance of installer.exe will be automatically started to continue the modify operation when the update finishes.

EpsdkInstaller has had difficulties in getting the modify result from Installer.exe.

Installer.exe returns this error code if it's the binary file is considered untrusted, blocking installation.

Installer.exe returns this error code if the product installation path contains invalid characters.

Installer.exe returns this error code if any of the installation files is altered, corrupted, or from a different version.

Possible causes:

  • Incorrect function. It can occur when the Firewall is enabled on the Relay and port 7074 is not allowed.

  • Parameter is incorrect. This can occur when the installation kits are not saved on the Relay.

To fix this issue, check the following:

  • DNS entry has been created for the virtual appliance, with the same name as the one entered in the appliance CLI interface (Appliance Options menu). The target Relay can ping the virtual appliance.

  • If internal filters or firewalls are in use, the traffic between the Relay and appliance is excluded.

  • Connection timeouts between the Relay and the GravityZone appliance.

Port 7074 inbound is blocked on the Relay and it must be excluded for internal LAN traffic.

To fix this issue:

  1. Check the Administrative share and credentials format (when deploying from the Relay: user@domain).

  2. Make sure your username and password are correct and have administrative rights.

Not enough free space on the selected drive. BEST requires at least 2 GB of free disk space.

This error message usually occurs when another task is in progress. In this case, wait until the task is complete and reboot the server.

The deployment task failed because competitor security software was detected on the target system and the Bitdefender removal routine failed to uninstall it.

This error encounters when the competitor software is password-protected, or the competitor software does not support a silent uninstall function in its uninstall routine.

If the competitor software is password-protected, remove the password protection and retry the deployment task otherwise, proceed with manually removing the competitor software.

To fix this issue:

  1. Check if the target machine is online.

  2. Check that the following ports are open:

    • 8443, when deploying from the GravityZone appliance.

    • 7074, when deploying from the Relay.

  3. Check for any filters or firewalls that might block the traffic between the deployer and the target machine.

The provided installation path is a network drive. Installation not allowed on network drives (including mapped drives).

The deployment task failed because there is no network connectivity between the GravityZone cluster initiating the deployment task and the target system.

To fix this issue, check the following:

  • The target system is accessible on the network: it has the correct DNS entry, and the assigned IP is not duplicated.

  • The local Firewall on the target system allows File and Printer Sharing traffic (TCP ports 139, 445; UDP ports 137, 138).

  • The target system accepts connections to its admin administrative share.

Port 7074 inbound is blocked on the Relay and it must be excluded for internal LAN traffic/file transfer.

The password provided for a maintenance operation does not match the password set at installation.

The installer was started with an invalid command line or no feature was selected to be installed. Valid installer command-line arguments are defined in the Installer parameters section.

Insufficient rights to perform the necessary changes. Make sure the user account that you are using for deployment, is a Local/Domain/Network Administrator account that has the ability to perform the requested operation.

Installation process failed to install the Visual C++ 2010 Redistributable dependency for the installer package. To fix this error, manually install the x86 or x64 version of the VC++ 2010 Redistributable package and then try again to deploy BEST.

The product configuration JSON could not be run at the end of the installation.

You can find the supported operating systems in the Endpoint Protection Requirements section of the GravityZone Installation Guide.

The installer cannot load one of its configuration files (install_config.xml, install_x86.xml/install_x64.xml) or cannot find additional.dll.

The installer was run under a user with insufficient privileges.

The installer was run under safe mode.

Installation process fails because the Central Scan option was selected after creating the packages and there is no Security Server selected or installed.

For a successful installation, you must change the scan mode to Local, or add a Security Server.

To fix this issue, run the fix from this Microsoft KB article on the target machine.

Note

You can find the Windows Installer 4.5 redistributable here.

This error message occurs when there is another task in progress. In such a case, check the other task, wait until it finishes, and then reboot the machine.

If the installation was unsuccessful, you may need to use the uninstall tool to clean up the machine. When uninstallation is complete, reboot and try to deploy one more time.

Installer.exe is not compliant with the operating system architecture.

Error code returned when the installer runs silent and it needs a reboot to finish its maintenance process.

By default, the reboot will not be performed automatically and the operation will not be resumed automatically.

Cases when installer might ask for a reboot: when removing 3rd party AV products, after scanning before install, after a repair/modify/uninstall operation.

A restart action is pending as a result of another maintenance (install, repair, modify, uninstall) operation that required a restart in order to finish correctly. The error code indicates that the current maintenance operation cannot continue until the restart is performed. Another case when this code is returned is when the repair or uninstall fails and will try again after a reboot.

The deployment task failed because:

  • A previous deployment task failed due to a crash of a process it depends on, causing the Bitdefender temporary deployment service to remain registered on the target system.

    In this case:

    1. Log in to the target system as administrator.

    2. Open a Command Prompt window and execute the following commands:

      C:\> sc stop bddepsrv
      C:\> sc delete bddepsrv
    3. Reboot the machine and retry the deployment task.

In addition to these scenarios, depending on different anomalies of the operating system on the target machine, the deployment task can return a generic Windows Installer error code. For more details about Windows Installer error codes, refer to this Microsoft KB article.

Please contact Bitdefender Enterprise Support for more information. To gather logs from the affected machine refer to Using the Support Tool.

Check if the package in question exists in the Network > Packages page of the Control Center.

To fix this error, delete and recreate the package.

Check the following information:

  • The username and the password configured in Control Center are correct: Log in to vSphere Client with the same credentials or try using another account.

  • The user provided for VMware integration has vCenter Administrator permissions.

This error occurs when deploying the security agent on virtual machines.

To fix the problem, change the following registry entries:

HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > lanmanserver > parameters > size to 3

HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Session Manager > Memory Management > LargeSystemCache to 1

9509_1.jpg

Cause:

  • The full kit is being run from within the archive

  • The installer.xml file is not located right next to the full kit

  • The full kit is unable to read installer.xml when the files are both located on a network drive

Solution:

To resolve this issue, ensure that both the installer.xml and the full kit files are unpacked and set to run from the local drive.