14.2 RU1 won’t install on 2008 SP2 x64

I need a solution

I’m trying to upgrade a client on a Windows Server 2008 SP2 x64 machine, but it will not install.

I see the following in the SEP_INST log

CommunicateLaunchConditions: NOT PackageIntegrityError=1
CommunicateLaunchConditions: VersionNT >= 601=0
CommunicateLaunchConditions: Symantec Endpoint Protection only be installed on Windows 7 / Server 2008 R2 and later.
CommunicateLaunchConditions:  calling communicate state with the following arguments: 
CommunicateLaunchConditions: Prodversion = 14.2.3332.1000
CommunicateLaunchConditions: PathToSylink = C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.1015.0100.105SmcLUSetup
CommunicateLaunchConditions: Oldversion = 14.2.1015.0100
CommunicateLaunchConditions: ReasonStr = Symantec Endpoint Protection only be installed on Windows 7 / Server 2008 R2 and later.
CommunicateLaunchConditions: StatusCode = 302469127
CommunicateLaunchConditions: Initializing opstate communicator
CommunicateLaunchConditions:   File path = C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.1015.0100.105SmcLUSetupSyLink.xml
CommunicateLaunchConditions:   Reg  path = 
CommunicateLaunchConditions: Invalid registry path for client identity
CommunicateLaunchConditions: Added OpState callback
CommunicateLaunchConditions: Added OpState provider.
CommunicateLaunchConditions: Initialized UserInfo Provider. Initialization done.
CommunicateLaunchConditions: Successfully created CVE object
CommunicateLaunchConditions: Failed to send the opstate: 0x80004005
MSI (s) (F0:88) [07:20:28:674]: Doing action: preLaunchCond
Action ended 7:20:28: CommunicateLaunchConditions. Return value 1.
MSI (s) (F0:7C) [07:20:28:690]: Invoking remote custom action. DLL: C:WindowsInstallerMSI47E5.tmp, Entrypoint: preLaunchCond
Action start 7:20:28: preLaunchCond.
MSI (s) (F0!D4) [07:20:29:767]: Note: 1: 2731 2: 0 
IDCCA:  preLaunchCond – Launch condition `7Symantec Endpoint Protection only be installed on Windows 7 / Server 2008 R2 and later.` with condition `VersionNT >= 601` failed

But in the release notes I see the following:

Windows Server 2008 (32-bit,64-bit;RTM, R2, SP1, and SP2)

Anybody seen this happen before and maybe has a solution? 



  • No Related Posts

Install via Intune

I do not need a solution (just sharing information)


We are using Symantec Endpoint Protection Cloud and need to deploy the SEP to our Windows 10 devices via MS Intune. We don’t use group policy or active directory we are using Intune, Azure AD and Autopilot to manage our devices. Intune uses a single.MSI package to deploy a line of business apps however Symantec’s.MSI file is accompanied by a .MST file. We have tried repacking the .exe file to a .msi, and the install fails. How are you deploying the solution to Windows 10 devices in this scenario?



  • No Related Posts

Can I uninstall a software(.exe) on a client?

I need a solution

Hi, all.

With Software Management solution, I am able to deliver software to my users. I also understand that we can uninstall software on user’s PC if we discovered they are using software that they are not supposed to?

Question is, how? If it is an msi installation, we can do msiexec /u <msi package> quick delivery task from Notification Server but how about exe installations, what can we do to uninstall exe installation software?

Any help would be appreciated.



  • No Related Posts

SMSME is blocking legit pptx documents under Executable File Rule

I need a solution

Hi, PPTX presentations are put to quarantine under Executable File Rule. There is no pptx extension selected in the policy but just exe, msi, bat, lib, iso.

Symantec Mail Security replaced presentation.pptx with this text message.  The original file contained a filtering violation and was quarantined.


Have anyone the same bug? Has it been addressed?




  • No Related Posts

Anti tampering featurer is not being installed properly for unified agent

I need a solution


When I install the MSI using the command:

bcuaXX-setup.msi /qn CM_URL=https://proxysgip:8084 SUP=123456 FORCEREBOOT=no, the installation succeedes but the anti-tampering feature does not work. So when the user tries to uninstall the unified agent, she/he does not get asked for the anti-tampering password.






  • No Related Posts

Citrix MSI Log Analyzer


The Citrix MSI Log Analyzer is designed to assist with the following scenarios:

  • When failure occurred during install or upgrade or uninstall of XenApp/XenDesktop
  • The Citrix MSI Log Analyzer analyzes the failure and provides helpful info for troubleshooting the issue
  • The Citrix MSI Log Analyzer will also try to point to a knowledge base article helpful to troubleshoot and resolve the issue

What’s New in v1.2.0.9

  • Added support for Storefront logs
  • Added support for uploading experience metrics through TLS 1.2/TLS 1.1.
  • Minor bug fixes and inputs from the feedback


The user needs to be a Local Administrator on the target machine in order to run the tool.

How to use Citrix MSI Log Analyzer

The Citrix MSI Log Analyzer is a standalone executable file and does not require installation. Just download the tool to a local folder and execute the application.

Citrix MSI Log Analyzer offers various command line to deal with different use cases.

  1. To analyze the failure in the msi log file:

    CitrixMSILogAnalyzer.exe -msilogfile <msi log file path>

    Look for MSI log file under %TEMP%CitrixXenDesktop InstallerMSI Log files” folder and specify the absolute path of the failing msi log file in the above command line.

  2. To analyze the failure from the XenApp/XenDesktop Metainstaller log file::

    CitrixMSILogAnalyzer.exe -metainstallerlogfolder <metainstaller log folder path>

    Example: CitrixMSILogAnalyzer.exe -metainstallerlogfolder “C:UsersxxxxAppDataLocalTempCitrixXenDesktop Installer” where xxxx is the admin user name specific to the user environment

  3. To analyze Citrix XenApp/XenDesktop failure log file under temp folder


    This option is useful to run the tool on the target machine where the MSI installation failure happened and one is not sure on where to look for msi failure log file.

  4. To view help:

    CitrixMSILogAnalyzer.exe -help

Note: In order to improve Citrix XenApp/XenDesktop and Citrix MSI Log Analyzer, the troubleshooting data not containing any identifiable information from the tool is uploaded to Citrix. This can be controlled using –upload [Yes | No]

Output from the tool

The output of the tool on the console provides:

1. Troubleshooting info of the actual error

2. CTX article to troubleshoot or resolve the issue

3. Log file saved under %TEMP% with prefix mLog_*.txt. The exact name and path is displayed in the output.

Delete Citrix MSI Log Analyzer

Delete the downloaded executable from the current directory. One may also cleanup mLog_*.txt files under %TEMP% directory

Contact Information:

Questions? Concerns? Send any feedback to:



These software applications are provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.


Install switches to import Sylink

I need a solution

I have a situation where I need to install a different Sylink file in different environments for installs of 14.x client on Win 10.  I have pulled the Full Install from the SEPM and looked in setAid.ini and Setup.ini to see if there is anywhere I can specify a different Sylink to include but have not been able to find that or find any reference on a command line switch to do this.  I also know I can export different setup.exe packages from each environment but that this is for testing progression through test environments and if I did that my production setup would not really be run until production.  Please let me know if anyone knows how to do this. 



  • No Related Posts

How to Troubleshoot XenApp and XenDesktop MSI Installation or Upgrade Errors

Table of Contents


You need Administrator rights on your account to perform the steps listed in this article. Check User Accounts to see if you have Administrator rights or contact your Network Administrator to gain permissions.

Back to top

Troubleshooting Steps

Rectify Incomplete Installation which could interrupt any future installations

When an installation does not complete or roll back successfully, some files may remain in the system. Windows Installer considers the incomplete installation to be active and does not install new products or re-install existing products until the installation is resolved. Follow the instructions in this article to resolve this issue: Error: When Trying to Install or Remove XenApp Software, a 1603 Error Message is Displayed

Back to top

Troubleshoot/Resolve issues using Citrix MSI Log Analyzer

Citrix MSI Log Analyzer is a tool that troubleshoots install issues or upgrade issues and enables customers to resolve common issues by pointing them to a specific support article.

Note. You may skip this step if you were pointed to this article by the MSI Log Analyzer tool or the XenApp Xendesktop 7.16 Metainstaller, which has been integrated with the MSI Log Analyzer.

  1. Follow instructions in CTX229734 to download the latest version of the tool on the target machine where the installation failed occurred. Citrix recommends that you obtain the latest version of the tool.

Review these additional troubleshooting steps, in cases where steps above did not resolve the issue

Back to top

Resolve issues which could be due to corruption

Though the exact cause may vary from case to case, there could be a sign of corruption in registry, Performance counters, WMI providers, C++ Runtimes or or .NET Installation.

This guide begins with the least intrusive methods to help troubleshoot these issues. It is not intended to be an exhaustive guide, but it should be able to provide solution for the majority of these issues.

  1. Fix problems that block programs from being installed or removed

    Refer to this article for more information.

  2. Repair Missing or corrupted System files

    Run ‘sfc /scannow’ both in online and offline mode. Refer to this link for more details.

  3. C++ RunTime

Occasionally, the C++ redistributable packages are corrupted or inconsistent which may cause installations and upgrades to fail.

  1. Each XA/XD release comes with the system requirements. For example: 7.15 requirements are available here.

    Note: For your case open the link specific to the XA/XD release version being installed

  2. In the page, refer to the section on Virtual Delivery Agent(VDA) for Desktop OS and Server OS which provides details on the specific Microsoft Visual C++ runtimes.

    User-added image
    For example: As shown above VDA 7.15 on Desktop OS needs VC++ 2013 and 2015 runtimes. Depending on the version you are installing the runtime versions for those VDA may be different.

  3. The version mention in the documentation list the year. Follow the below steps to note down the File Versions of the actual msi of the VC++ runtime. Open/Mount the XenApp/Xendesktop ISO layout and browse to the Support folder. For each VC++ runtimes noted in step ii above browse to that sub-folder within the Support folder. For each of those, Right click the vcredist msi file under the respective VCRedist folder, Click Properties and Note down the File Version under Details tab. Make a note of all the 4 parts separated by dot for each vcredist msi file.

    User-added image

  4. Launch Control Panel and under Installed Program list note down all the VC++ runtime versions with the dots. If any of the version noted in step above is missing then one should install the specific version from the support folder under the Layout. On a 64 bit machine, both 32 bit and 64 bit versions are required to be installed. If all versions are present in the control panel then there might be some corruption in which case it is recommended to uninstall and reinstall those specific versions.

Test to install again and see if the problem persists.

  1. .NET Repair

    1. Follow steps here https://support.microsoft.com/en-us/help/2698555/microsoft–net-framework-repair-tool-is-available to repair .NET
    2. Test to install again and see if the problem persists.
  • Performance Counters

    Verify that the Performance Counters can be reloaded by opening an elevated CMD shell and type the following commands ( hit [ENTER] after each line) :

    cd c:windowssystem32

    lodctr /R

    cd c:windowssysWOW64

    lodctr /R

    Resync the counters with Windows Management Instrumentation (WMI):


    Stop and restart the Performance Logs and Alerts service.

    Stop and restart the Windows Management Instrumentation service.

    Check the event viewer for any errors.

  • WMI Repository Corruption

    If failures happen due to WMI corruption, for example, “RegisterEventManifest” or any other failure related to WMI, in the MSI failing log, please see Telemetry or CDF MSI fails to install or upgrade due to WMI repository Corruption.

Test to install again and see if the problem persists.

Back to top

Issues caused due to permissions or access issues

  1. Citrix MSI Log Analyzer output may point to the file/registry location where one should assess the permissions and ensure the administrator installing the VDA has necessary permissions. If not grant permission and try the installer again
  2. Try to temporarily move the VDA out of the OU enabled GPO and try installation once again, then move the VDA back to previous OU post the successful installation.

Back to top

Other causes to check

  1. You may receive this error message if any one of the following conditions is true:
  2. Windows Installer is attempting to install an app that is already installed on your PC.
  3. The folder that you are trying to install the Windows Installer package to is encrypted.
  4. The drive that contains the folder that you are trying to install the Windows Installer package to is accessed as a substitute drive.
  5. The SYSTEM account does not have Full Control permissions on the folder that you are trying to install the Windows Installer package to. You notice the error message because the Windows Installer service uses the SYSTEM account to install software.
  6. Sometimes AntiVirus may interfere with the installations. Disable the anti-virus software and attempt the installation.
  7. In some cases it is observed running in as a domain instead of a local Administrator or vice versa may help resolve the issue.

Back to top

What Next?

This really boils down to an OS based problem in most cases. Here are some solutions that have worked in other support cases.

  1. There is a deeper fix that can rebuild the performance counters from scratch. See links below.
  2. Admins can re-register the Windows installer service and look at other general Windows MSI repair options.
  3. Admins can attempt a repair install of Windows.
  4. If none of these steps delivers a resolution, further data can be captured by collecting MSI logs and running CDF Control on the machine while the installer runs.
  5. Links provided in the Additional Resources section.

Back to top

  1. Use the VDA Cleanup Utility

As a last resort, Download the utility from here and execute it as an administrator on the target machine. Try the installation again to see if it works.

Back to top


SEP 14

I need a solution

Before installing Symantec MSI on new PCs (no present in SEPM) , the preferredGroup in the Sylink file is changed. Once installed, the SEP client stays always in the default group.
I can’t find why this is happening. Checking the registry keys for Sylink, current group is defualt group and preferred group is the group I configured.

Having over 30000 Clients and many Groups, the only way to get the Clients in the right place, is editing the Sylink.xml before Installation.

It is only happening 14.2. It was not happening with 14.0 MSI