Agent installation via MSIEXEC fails when run by Local Administrator account

Version 2

    Verified Product Versions

    Environment Manager 10.0Environment Manager 10.1Application Control 10.0Application Control 10.1Environment Manager 2018.1

    Introduction

    When attempting an install or upgrade via MSIEXEC of the EM or AM agent to a higher 10.x version you see that the installation fails. Upon gathering verbose MSI logs you see the following error:

    DIFXAPP: ENTER: ProcessDriverPackages()

    DIFXAPP: INFO: 'Component' is 'EmDriver.sys'

    DIFXAPP: INFO: Component state 0x2 -> 0x3

    DIFXAPP: INFO: 'ComponentId' is {087E8FF0-7BBE-45D4-8781-A073E21CD906}

    DIFXAPP: INFO: 'Flags' is 30

    DIFXAPP: INFO: component path is C:\Program Files\AppSense\Environment Manager\Agent\DifxCache\EmDriver\

    DIFXAPP: INFO: user SID of user performing the install is 'S-1-5-21-1805430605-3996879279-1876025401-1003'.

    DIFXAPP: INFO: creating HKEY_USERS\S-1-5-21-1805430605-3996879279-1876025401-1003\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Components\{087E8FF0-7BBE-45D4-8781-A073E21CD906} (User's SID: 'S-1-5-21-1805430605-3996879279-1876025401-1003') ...

    DIFXAPP: ERROR 0x57 encountered while creating subkey for component '{087E8FF0-7BBE-45D4-8781-A073E21CD906}'

    DIFXAPP: RETURN: ProcessDriverPackages() 87 (0x57)

     

    The SID and GUID shown in the example above will vary based on your user and agent version.

     

    Detail

    This type of error will be seen if you have logged into your user session but our running the MSIEXEC install of the agent as a local user account and has been account to the builtin Administrators group on the endpoint. If the local user account has been run with no profile then the above error will occur.

    The instance the example below will produce the behaviour:

    > Create a new local user called "LocalAdmin"

    > Add LocalAdmin to the builtin Administrators group

    > Launch "RunAs /NoProfile /User:EndpointName\LocalAdmin "CMD.exe"

    > In the CMD prompt run "Msixec.exe /qn /i EnvironmentManagerAgent64.msi"

     

    The problem arises when the DIFxAPP (Microsoft Driver Installation Framework for Applications) tries to create a Registry sub key in the user hive of the account that is running MSIEXEC. If there is no profile or user hive loaded for that user (like in the example above, when using the "/noprofile" switch) then the installation will fail.

     

    You can workaround this behaviour by running it as an admin account that has a user hive loaded or by avoiding the "/noprofile" switch.

     

    This is an issue with DIFXAPP and so is not unique to Ivanti products.