During the installation of Sophos products, you may get errors that provide insufficient information about what has occurred. As all Sophos products for Windows use MSIs (Microsoft Installers) to perform the installation, it is very useful to check the MSI installer logs to gather more information about the error. This may allow you to resolve the problem yourself or provide vital information that you can give to Sophos Technical Support.
What to do
During installation, Sophos products create msi logs, which by default are created in the Temp directory. This can be located by typing %temp% into the address bar in Windows Explorer.
- When an error is reported during installation, identify the product that has generated the error. The product name should be displayed in the title of the error window displayed.
- Open Windows Explorer, and in the address bar type
%temp% then press Return.
- From the list displayed, identify the MSI log related to the product that has generated the error. The name of the MSI will reflect the name of the product that has been installed, for example:
- Sophos Enterprise Console.msi – Sophos Enterprise Console installation
- Sophos Anti-Virus Install Log.txt – Sophos Anti-Virus installation
- Sophos Client Firewall.msi.log – Sophos Client Firewall installation
- Sophos AutoUpdate Install Log.txt – Sophos AutoUpdate installation
- Sophos StandaloneInstaller.txt - Sophos Anti-Virus stand alone installation
- Sophos RMS Installer.txt – Sophos Remote Management System installation
Understanding MSI log files
- It is a good idea to read the file from the bottom up, as the error will have occurred nearer the end of the file.
- You will notice that an MSI log is split into two categories; 'Properties', which are displayed at the end of the article and 'Actions'.
- An Action looks like:
MSI (s) (18:B8) [14:49:54:875]: Doing action: SetUserGroupsProperty Action ended 14:49:54: RollbackUserGroups. Return value 1.
- A Property looks like:
Property(S): ALLUSERSPROFILE = c:\Documents and Settings\All Users\
- Focus on the Actions as opposed to Properties. Each action makes up a part of the installation procedure.
- To determine which action has failed during the installation, search for the error generated during installation.
For example, if error 1722 was displayed during the Sophos Anti-Virus installation, search for 1722 in Sophos Anti-Virus Install Log.txt
- When you have located the error, look at the Action that was performed just before the error. A return value code is written in the log to show if the action completed successfully or not. One of the following will be displayed:
- Return Value 1 – The Action completed successfully
- Return Value 2 – The user terminated the action
- Return Value 3 – The Action failed (will cause the installation to terminate)
- Make a note of which of the actions gives a return value of 3, and record any additional error information in the log file that may not have been displayed in the on-screen error.
- The name will reflect what the action is trying to perform. For example,
- The Action
CreateUserGroups attempts to create the users used by Sophos Anti-Virus.
- The Action
CheckRegForNullDACLs will check registry keys required by Sophos Anti-Virus to ensure they have the correct access control.
- With the above information, you can perform certain troubleshooting yourself. For example,
- If CreateUserGroups is failing with Return Value 3, you could attempt to create user groups manually on the affected machine. If this fails, you can see the cause of the issue is a restriction preventing the user from creating groups on the machine.
- If CheckRegForNullDACLs is failing with Return Value 3, check the permissions on the keys used by Sophos. For example, see the knowledgebase article 39357.
Please ensure that you record all your findings. This will facilitate a solution if you need to log a call with Sophos Technical Support.