Upgrade to Enterprise Console 5.1 fails with just a red circle and a white cross - Custom Action: GenerateRSAKeyPair fails

  • Artikel-ID: 117730
  • Bewertung:
  • Der Artikel wurde von 3 Kunden mit 2.7 von 6 bewertet
  • Aktualisiert: 23 Nov 2013


When performing an installation of Enterprise Console 5.x, the installation fails but the installer displays no specific on-screen failure message, just a red circle with a white cross.

The installer dialog presented at the end of the installation looks like the following screenshot.

First seen in
Enterprise Console 5.0.0


There are potentially a number of causes for this dialog being displayed at the end of the installation or upgrade. Article: 117727 is a landing page to know causes.

One potential cause which is covered in this article is related to permissions on the following directory: 

Windows 2008/2008R2:

Windows 2003/2003R2:
C:\Documents and Settings\All Users\Application data\Microsoft\Crypto\RSA\MachineKeys\

What To Do

  1. Confirm the issue you have is covered by this article.  
    To do so, locate the Sophos_server[32|64] [TimeStamp].log for the failed installation.  This log can be found in location: C:\ProgramData\Sophos\Management Installer\ or C:\Documents and Settings\All Users\Application Data\Sophos\Management Installer\.

  2. Once found, open the log file in a text editor such as Notepad and search for the text:
    Doing action: GenerateRSAKeyPair

  3. If the text you see is as listed in the 'Technical information' section below you have encountered the issue covered by this article and should continue to the next steps.
    If you do not see the same text, search for 'Return value 3' for another failure reason or see article 117727 for other potential causes.

  4. Having identified the cause for the failure, check that the permissions on the locations mentioned in the 'Cause' section above.  The user performing the installation requires full access to the above location.
    Note: One option to aid troubleshooting this problem is to retry the installation while running Process Monitor.  This tool will help to identify if the failure is due to ACCESS DENIED as the message would suggest.

Technical information

The MSI log file ('Sophos_server[32|64] [TimeStamp].log' )

MSI (s) (C4:A0) [11:36:41:264]: Doing action: GenerateRSAKeyPair
Action ended 11:36:41: ConfigureUsers. Return value 1.
MSI (s) (C4:3C) [11:36:41:294]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIB69A.tmp, Entrypoint: GenerateRSAKeyPair
Action start 11:36:41: GenerateRSAKeyPair.
GenerateRSAKeyPair: Initialized.
GenerateRSAKeyPair: CryptAcquireContextW() failed to open. Create new key set.
GenerateRSAKeyPair: Error 0x80070005: CryptGenKey() failed.
GenerateRSAKeyPair: Error 0x80070005: Failed to create RSA key pair
CustomAction GenerateRSAKeyPair returned actual error code 1603 (note this may not be 100% accurate if translation
happened inside sandbox)
MSI (s) (C4:A0) [11:36:42:925]: Machine policy value 'DisableRollback' is 0
MSI (s) (C4:A0) [11:36:42:925]: Note: 1: 1402 2:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
Action ended 11:36:42: GenerateRSAKeyPair. Return value 3.
MSI (s) (C4:A0) [11:36:42:925]: Note: 1: 1402 2:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C4:A0) [11:36:42:925]: No System Restore sequence number for this installation.
MSI (s) (C4:A0) [11:36:42:925]: Unlocking Server
Action ended 11:36:42: INSTALL. Return value 3.

Wenn Sie weitere Informationen oder Unterstützung benötigen, wenden Sie sich bitte an den technischen Support.

Artikel bewerten

Ungenügend Hervorragend