Jump to content
REGITDept

Unable to push client installation (MBAE) from the Management Console

Recommended Posts

Dear Malwarebytes,

 

We are unable to push client update (MBAE) to 1.07.2.1011 via the Management Console. After several minutes it would say "Installation failed. Access is denied. Failed to create remote service." (Please see attached screenshot). The first time we used push client, it worked just fine for the MBAE 1.05 version, there were some hiccups but overall it works. Now we try to update those client to the newest version and it would not work. We tried everything we knew, and follow the guides to the dot but with no luck.

 

P.S: We are running a Windows 7 environment.

 

Thanks.

post-189994-0-34062800-1436993937_thumb.

Share this post


Link to post
Share on other sites

Hi REGITDept. Can you please post a screenshot of the Control Panel -> Programs and Features list showing the Malwarebytes entries?

 

You might need to uninstall MBAE from the machines first before deploying the new one as the installer might be seeing it as already installed.

Share this post


Link to post
Share on other sites

You might need to uninstall MBAE from the machines first before deploying the new one as the installer might be seeing it as already installed.

Yes, we already tried that multiple times. We uninstalled MBAE for the client(s) through the Managed Console, restarted the client, tried to push the client install and is not successful.

Share this post


Link to post
Share on other sites

Attached is the screenshot from my computer. It is currently on the newest version of MBAE (1.07). I installed by manually uninstalling the old MBAE (1.05), and executing the executable that was created using the Management Console. Installing by physically being there, or remote connection works fine, just doesn't work when pushing through the Management Console.

 

Thanks.

post-189994-0-28561700-1437006150_thumb.

Share this post


Link to post
Share on other sites

What does the Programs and Features look like in a machine that still has the 1.05 version?

 

Does it have only 1 entry for "Malwarebytes Managed Client" or are there individual entries for MBAM and MBAE?

 

Please post a screenshot if possible.

 

Thanks!

Share this post


Link to post
Share on other sites

I haven't done this in so long that it is only coming back to me in pieces rather than all at once.  Often users will assume that using a username with admin rights will do the job.  In actuality, the client's local admin must be enabled and that must be used for the remote procedure calls.  That is a primary reason for "Access Denied."  I have been focusing on open ports, and chances are better that username standardization (removing the local admin username in favor of a username with admin rights) has been done over the long run.  Worth a shot to check it out...

Share this post


Link to post
Share on other sites

I think this might be a different/new issue Mike.

 

It seems as if the new push install with the updated MBAE fails because there it is already installed. QA tried replicating it but couldn't.

 

BTW REGITDept, which exact version of the Management Console are you using?

 

It might be worth upgrading to the latest to see if it solves the problem. I'll PM you the link.

Share this post


Link to post
Share on other sites

OK.  I'll back off.

Share this post


Link to post
Share on other sites

What does the Programs and Features look like in a machine that still has the 1.05 version?

 

Does it have only 1 entry for "Malwarebytes Managed Client" or are there individual entries for MBAM and MBAE?

 

Please post a screenshot if possible.

 

Thanks!

Hi pbust,

 

It looks exactly like the screenshot I posted previously. I believed it is displaying the Management Console version instead of the actual MBAE version. Yes there is only one entry "Malwarebytes Mananged Client". We only use Managed MBAE so there will be no MBAM at all.

 

Thanks.

Share this post


Link to post
Share on other sites

Hi REGITDept.

 

If you still have the old ClientSetup.msi, you can run that first via Active Directory with the /x /q command to uninstall the previous version from the endpoint. Then run the new ClientSetup.msi installer.

 

If you don't have the old ClientSetup.msi, you can lookup the GUID in the registry and use the following command to uninstall silently before deployment of the new installer:

msiexec /x {GUID} /q

 

The GUID can be found in the registry in the following locations. Simply search for the string "malwarebytes" within those locations.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Share this post


Link to post
Share on other sites

Hi REGITDept.

 

If you still have the old ClientSetup.msi, you can run that first via Active Directory with the /x /q command to uninstall the previous version from the endpoint. Then run the new ClientSetup.msi installer.

 

If you don't have the old ClientSetup.msi, you can lookup the GUID in the registry and use the following command to uninstall silently before deployment of the new installer:

msiexec /x {GUID} /q

 

The GUID can be found in the registry in the following locations. Simply search for the string "malwarebytes" within those locations.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Hi pbust,

 

We are not in an Active Directory environment. Also, the push also failed with fresh clients without MBAE install yet.

 

Thanks.

Share this post


Link to post
Share on other sites

Hmm, that shoots my theory out of the sky :(

 

That's as far as I can go troubleshooting the Console. I understand you have a ticket with Corporate Support. Please continue with them as they are much more familiar than I am with the Console.

 

Good luck and let me know if you have other issues with MBAE.

Share this post


Link to post
Share on other sites

Hmm, that shoots my theory out of the sky :(

 

That's as far as I can go troubleshooting the Console. I understand you have a ticket with Corporate Support. Please continue with them as they are much more familiar than I am with the Console.

 

Good luck and let me know if you have other issues with MBAE.

Thank you. I appreciate your help.

Share this post


Link to post
Share on other sites

We tried every possible ways with version 1.07 and nothing works. We decided to push out the original MBAE (1.05.2.1017) executable that came with the Management Console when we first purchased it and it works just fine with our test computer. Please see attached screenshot.

 

Thanks.

post-189994-0-64053800-1437522608_thumb.

Share this post


Link to post
Share on other sites

We've been doing this process of upgrading the server and re-pushing the upgraded client from the Console all day long to test something else, and it works every time.

 

Are you sure the endpoint requirements are all met? Have you tried the "Enable WMI" option?

 

post-141843-0-33303800-1437523348_thumb.

Share this post


Link to post
Share on other sites

We've been doing this process of upgrading the server and re-pushing the upgraded client from the Console all day long to test something else, and it works every time.

 

Are you sure the endpoint requirements are all met? Have you tried the "Enable WMI" option?

 

attachicon.gifScreen_40 2015-07-22 08.00.jpg

Yes, all the requirements are met. We even tried the "Enable WMI" option. If the requirements don't met then how are we successfully pushing out the 1.05 version that came with our Management Console and not the newer 1.07 version.

 

Thanks.

Share this post


Link to post
Share on other sites

I got this reply today:

 

JUL 22, 2015  |  09:11AM PDT
Michael Cingolani replied:

Hi,

Sorry for the delayed response. I was able to consult with my Sr Tech here and he as informed me at this time that this is a known bug, just one that we have not been able to replicate in house to fix. It happens when attempting to workaround to replace 1.05 with 1.07 MBAE in the Management Console. At this time the recommended way to do it, is to manually install the 1.07 with the executable file.

The only issue comes with the server version (for the fresh machine installs, in order to manage them when manually installed by the exe) would be have to be brought back to 1.05.

Hope this helps and we are working on a fix for this asap, but I do not have a time table yet as I stated we have not been able to replicate it in house for QA

Thanks again

Mike C.

 

Great, we can't use the 1.05 version due to the false-positive bug, and we can't use the 1.07 also due to a different bug. I hope you guys figured this out ASAP.

 

Thanks.

Share this post


Link to post
Share on other sites

We don't use method 2 because we don't use Active Directory. Method 3 will work if installed manually. We don't use the "psexec" way because we can just remote connect and install it using the manual way.

Share this post


Link to post
Share on other sites

If you don't have a lot of machines the manual way is OK I guess.

 

But if you prefer to automate that, you can always use psexec.

Share this post


Link to post
Share on other sites

If you don't have a lot of machines the manual way is OK I guess.

 

But if you prefer to automate that, you can always use psexec.

We have hundreds of clients right now so it is not OK for the manual way.

Share this post


Link to post
Share on other sites

Then its obviously best to use psexec. Here are some examples:

 

psexec \\targetcomputer -u DOMAIN\administrator -p mypassword -d \\FILESERVER\Installers\mbae-setup-1.07.2.1015.exe /log /SP- /VERYSILENT /SUPPRESSMSGBOXES

 

psexec \\* -u DOMAIN\administrator -p mypassword -d \\FILESERVER\Installers\mbae-setup-1.07.2.1015.exe /log /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOICONS

 

When using the path with a wildcard (e.g. \\*) psexec will attempt to execute the installer on all machines it finds in the network.

Share this post


Link to post
Share on other sites

Then its obviously best to use psexec. Here are some examples:

 

psexec \\targetcomputer -u DOMAIN\administrator -p mypassword -d \\FILESERVER\Installers\mbae-setup-1.07.2.1015.exe /log /SP- /VERYSILENT /SUPPRESSMSGBOXES

 

psexec \\* -u DOMAIN\administrator -p mypassword -d \\FILESERVER\Installers\mbae-setup-1.07.2.1015.exe /log /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOICONS

 

When using the path with a wildcard (e.g. \\*) psexec will attempt to execute the installer on all machines it finds in the network.

It seems like PsExec is a good tool to use, but our IT Manager don't want to introduce something new onto the network unless it is absolutely necessary. If anybody who worked in corporate IT with hundreds or thousands of users should know this. Everything needs to be planned, tested before introducing it into a live production environment.

Share this post


Link to post
Share on other sites

Yes of course, completely understood. Do you have some type of network management endpoint agent through which you can execute programs remotely across the network with admin/system privilege?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.