EventSentry Light: new install fails to start ES service; error 1610

edited February 2015 in General
Windows 2008 R2 SP1. Brand new install of ES Light. First install, did not run installer as admin; got errors when trying to execute .reg files.

2nd time, ran as admin; no errors. ES service would not start. Got Error 1610 : configuration data is corrupt.

Uninstalled product using the uninstaller. Reinstalled (#3) running as admin user. AGAIN got errors executing the .reg files. Again got error 1610 trying to start the service.

uninstalled again. removed configuration settings; removed c:\Program Files (x86)\EventSentryLight.

installed again (#4) as admin. again got errors running (7) .reg files and the Compliance package. There does not seem to be any way to execute the .reg files after the install - are they removed after the installer finishes?

Any suggestions how to proceed?

Comments

  • Hi Jeremy,

    Thanks for bringing this to our attention and sorry for the issues with the installation.

    Can you post the exact error message you are getting here?

    The registry files are temporary only and are removed after the installation is complete, although they would still exist while the error message popup is there.

    You shouldn't have to run the installer as an admin, the process should be elevated by default.

    What's a bit unusual about the issues you are having is that the point of failure seems to be different with every time you run the installer, so this looks to be a bug in the installer.

    If necessary, would you be able to capture the entire installation under process monitor (Sysinternals) and upload that file to our site?

    Thank you.
  • Jeremy,

    I just did a quick test install on the same OS as you, and I didn't run into any issues so far.

    Can you also confirm which version of EventSentry Light you are running? I'm assuming you downloaded the latest build, 3.1.1.29, correct?

    Also, for those cases when the installer proceeds through the registry imports, what options are you specifying during the configuration assistant phase?

    Thanks!
  • Just uninstalled ES Light again, including removal of config files; and deleted the install directory.

    BTW I am a full administrator on this stand-alone machine, which is not connected to a domain. It is a cloud-server in a hosting-provider; not a local physical machine.

    Starting again:
    * Installer is in E:/Installers/eventsentrylight_v3_1_1_29_windows_setup.exe
    * right-click, run as administrator
    * get splash-screen
    * Welcome > Next
    * License > Accept > Next
    * Evaluation offer > Next
    * Install directory take default C:\Program Files (x86)\EventSentryLight > Next
    * Ready to install > Next
    * quickly goes thru install
    * Error dialog : "Unknown error while running c:\Users\jjd\WINDOWS\system32\reg.exe import "C:\Program Files (x86)\EventSentryLight|es_custom_eventlogs.reg". Click OK
    * 2nd Error, same as first, file is "es_embedded_scripts.reg". Click OK
    * 3rd Error, same as first, file is "es_light_filter_groups.reg". Click OK
    * 4th Error, same as first, file is "es_packages.reg". Click OK
    * 5th Error, same as first, file is "es_default_ribbon.reg". Click OK
    * 6th Error, same as first, file is "es_syslog.reg". Click OK
    * 7th Error, same as first, file is "es_snmp.reg". Click OK
    * 8th Error "Could not delete registry key HKEY_LOCAL_MACHINE\Software\netikus.net\EventSentry\packages\FilterPackages\Compliance target_1". Click OK.
    * Installer finishes. Click "Finish" button.

    * Launches config assistant
    * Configuration Assistant > Next
    * keep defaults on email-alerts page. > Next
    * SMTP Server. Fill in "localhost"; no other changes. > Next
    * Sender & Recipients. change domain-name, fill in recipient (myself). > Next
    * Heartbeat Monitoring. Unclick checkbox. > Next
    * Syslog & SNMP monitoring. Unclick checkbox. > Next
    * Summary. "Configure email (SMTP) action". > Next
    * message "activating event sentry agent".......waits for about a minute (stopwatch cursor)
    * Setup Complete "One or more errors occurred...please review the log"
    * View Log > contains:
    [ERROR][The EventSentry Agent service could not be started]
    [ERROR][Service not running after specified timeout period of 60 second(s) has elapsed]
    * Finish

    * Start > Administrative Tools > Services
    * open EventSentry service
    * Logon tab. Set to "Local System Account"
    * path is "C:\windows\syswow64\eventsentry\eventsentry_svc.exe"
    * set to Automatic, but not running
    * Start
    * Error dialog:
    "Windows could not start the EventSentry service on Local Computer""
    "Error 1610: the configuration for this product is corrupt. Contact your support personnel"

    =====

    2nd thought - server has McAfee antivirus product installed (provided by hosting company). ....let's try with it disabled.

    * Uninstalled again; removed config; removed install directory
    * Disabled antivirus
    * repeated exact same steps outlined above
    * Exact same results

    =====
    * Uninstalled yet again.
    * started installer
    * found PID associated with installer
    * opened ProcessMonitor; add filter to exclude events not associated with that PID
    * start capture
    * continued with install
    * at end of the install; finish capture
    * resulting file is ~56MB .PML; 3.5MB zip archive
    * where would you like me to put it ?
  • Thanks for testing it so extensively.

    When you filter the output, can you please make sure that you include all ocurrences of reg.exe as well, since this is what the installer is launching? The problem is most certainly related to that.

    To upload the file, please navigate to https://store.netikus.net/account, create an account and log in. Once logged in, you should see an upload area on the left hand side where you should be able to upload the zipped file.

    Thank you!
  • * uninstalled ES Lite again
    * reran the installer
    * ran ProcessMonitor, filter by executable name of the installer + reg.exe
    * captured, saved, zipped the output
    * file has been uploaded as requested

    please advise of next steps
  • After reviewing the PML file it looks like the issue is caused by EventSentry (Light) being installed on a Terminal Server, without the host being switched into install mode prior to running the installation.

    We have since made changes to the installer, and the next upcoming release will work correctly on Terminal Servers as well.

    In the meantime you can switch the server into install mode to install EventSentry successfully on a Terminal Server. Open Programs and Features from the Control Panel and choose to install an application on the terminal server.

    It can also be done by running "change user /install" command from command prompt and change it back to execution mode by running "change user /execute" after the installer finishes.
Sign In or Register to comment.