Environment
- App Control Agent: Version 8.9.0+
- Microsoft Windows: All Supported Versions
Symptoms
The Agent is reporting failed Health Checks similar to:
Carbon Black App Control Agent detected a problem: Carbon Black App Control Agent has multiple GUID in the registry key [SOFTWARE\Classes\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9] - expected[304D10CA0DAEE634D99BFBEE43FD4229], actual[304D10CA0DAEE634D99BFBEE43FD4229|18633383D60BA99428F49BE443CC1879]. Options[00000003] TotalFailures[3] FailureId[1010]
Cause
The original Agent installation files were not persisted on the endpoint, or the files were removed at some point. Typically these files exist in C:\Windows\Installer\ and when deployed via SCCM or similar the option to persist the installation media was not enabled.
When the installation media does not exist, during the next upgrade Windows Installer will make a "best effort" to remove the related files. This can result in registry keys or other miscellaneous files being left behind.
Resolution
- Open a command prompt on the endpoint and issue the following command:
"C:\Program Files (x86)\Bit9\Parity Agent\DasCLI.exe" status
- Verify the Version Information returned shows the same versions for: CLI, Agent, Kernel. Example:
CLI: 8.9.2.1616 9/29/2023 1:09:34 PM
Agent: 8.9.2.1616 9/29/2023 1:09:34 PM
Kernel: 8.9.2.1616 9/29/2023 1:09:34 PM
Additional Notes
- This Health Check was introduced with the release of Agent version 8.9.0.
- If the versions do not match, this is typically caused by forcing the upgrade through by disabling Tamper Protection.
- If the versions match, this is typically caused by the original installation media (ex: Policy-Installer.msi) not being cached on the endpoint.
Related Content