BEST deployment errors on Windows machines
Bitdefender Endpoint Security Tools deployment tasks might encounter different errors. This section provides an overview of the most common cases of unsuccessful deployment tasks and useful tips on how to fix the errors.
In general, the deployment tasks fail if the target systems are not compliant with the deployment prerequisites presented in the BEST installation prerequisites article. Another common reason for failed deployment tasks are network misconfigurations.
Note
If you've encountered an error that is not listed on this page, attach a support tool log from the affected endpoint, one from the associated Relay (if the Relay was used), and a brief description or steps to reproduce the issue to your support ticket.
Unsuccessful Windows deployment task status messages
The deployment task failed because there is no network connectivity between the GravityZone cluster that initiated the deployment task and the target system.
To fix this issue, check the following:
The target system is accessible on the network: it has the correct DNS entry, and the assigned IP is not duplicated.
The local Firewall on the target system allows File and Printer Sharing traffic (TCP ports
139
and445
, UDP ports137
and138
).The target system accepts connections to its admin administrative share.
The deployment task failed because the administrator provided the wrong credentials when the deployment task was configured.
To fix this issue, check the following:
Check that the credentials entered in the deployment task Credentials Manager are the right ones and in the correct format.
Check that the provided credentials have administrative privileges on the target system.
The deployment task has failed because the target system could not contact the domain controller to validate the remote administrative share authentication request initiated by the GravityZone deployment processor.
To fix this error, check the target endpoint and make sure it has proper network connectivity with the organization's Domain Controller.
The deployment task failed because the administrative share on the target endpoint is not present.
To fix this issue, on the target endpoint make sure that:
File and Printer Sharing protocol is enabled on the network interface.
User Account Control is disabled.
Server service and its dependencies are running.
The deployment task failed because the installer running on the target endpoint could not contact the GravityZone Web Console role to download the security agent package.
To fix this issue, check the following:
The organization’s DNS server can resolve the GravityZone virtual appliance(s) hostname.
The target system can contact the DNS server and resolve the GravityZone virtual appliance(s) hostname.
To fix this issue, check the following:
Disable UAC for Windows 7, 8, 10 and Server 2012.
For Windows 8 and above, you must deactivate UAC from the registry as well, by following these steps:
In Command Prompt, type
regedit
to open the registry editor.Go to:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
.Set
EnableLUA
to 0.
This error occurs for Windows 7 or Windows Server 2008 R2. To fix this, you must:
Update Universal C Runtime for Windows 7.
Update your endpoint to the SHA-2 code signing security update for Windows Server 2008 R2 and Windows 7.
If this error persists after the updates, attach a support tool log from the affected endpoint to your ticket.
The Reconfigure agent task failed at the update stage because of a connection problem between the client and the update server.
The operation may be retried after the connection is established.
The Reconfigure agent task failed at the update stage because the downloaded files were corrupted.
The operation may be retried after any network problem that might corrupt the files is solved.
The Reconfigure agent task failed at the update stage because the connection to the update server has timed out.
Try establishing the connection again.
The Reconfigure agent task failed at the update stage because the update server has not yet synchronized the update locations (the update location hasn't been requested yet by any client; the update server will begin to synchronize it at the first request).
Try again.
The Reconfigure agent task failed at the update stage because the update server isn't configured to synchronize one of the requested locations.
Try again or contact the Bitdefender Enterprise Support team.
The reconfigure client task failed at the update stage because of other update errors.
Contact the Bitdefender Enterprise Support team.
The Reconfigure agent task failed to stop services.
The operation may be retried after a reboot. Any other Reconfigure agent tasks attempted before rebooting will require a reboot.
The Reconfigure agent task actions have failed. Contact the Bitdefender Enterprise Support team.
Any other Reconfigure agent tasks attempted before rebooting will require a reboot.
The installer.exe
was stopped by the update process during a modify, to be able to replace the binary or one of its dependencies without a reboot.
A new instance of installer.exe
will start automatically to continue the modify operation when the update finishes.
EpsdkInstaller
has had difficulties in getting the modify result from installer.exe
.
installer.exe
returns this error code if the binary file is considered untrusted, blocking installation.
installer.exe
returns this error code if the product installation path contains invalid characters.
installer.exe
returns this error code if any of the installation files are altered, corrupted, or from a different version.
Possible causes:
Incorrect function. It can occur when the Firewall is enabled on the Relay and port
7074
is not allowed.Parameter is incorrect. This can occur when the installation kits are not saved on the Relay.
To fix this issue, check the following:
DNS entry has been created for the virtual appliance, with the same name as the one entered in the appliance CLI interface (Appliance Options menu). The target Relay can ping the virtual appliance.
If internal filters or firewalls are in use, the traffic between the Relay and appliance is excluded.
Connection timeouts between the Relay and the GravityZone appliance.
You must check if:
the kit is downloaded locally.
\\<target_ip>\Admin$
can be accessed.the user provided in the Install agent task has administrative privileges.
Port 7074
inbound is blocked on the Relay and it must be excluded for internal LAN traffic.
To fix this issue:
Check the Administrative share and credentials format (when deploying from the Relay:
user@domain
).Make sure your username and password are correct and have administrative rights.
Not enough free space on the selected drive. BEST requires at least 2 GB of free disk space.
This error message usually occurs when another task is in progress.
To fix this, you must wait until the task is complete and reboot the server.
For a complete analysis, attach a support tool log from the affected endpoint and another from the associated Relay to your ticket.
The deployment task failed because competitor security software was detected on the target system and the Bitdefender removal routine failed to uninstall it.
This error is encountered when the competitor software is password-protected, or the competitor software does not support a silent uninstall function in its uninstall routine.
If the competitor software is password-protected, remove the password protection and retry the deployment task otherwise, proceed with manually removing the competitor software.
Check if the Microsoft .NET Framework 3.5 SP1 or later is installed.
If it is not installed, you must install it.
To fix this issue, follow these steps:
Run the following commands in Windows CMD and check the output:
ping <target_ip>
ping <target_hostname>
Check if the target endpoint is online.
Check if the
\\target_ip\Admin$
shared folder can be accessed from the deployer.Check if the Firewall is disabled and File and print sharing is enabled on the target endpoint.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
The provided installation path is a network drive. Installation not allowed on network drives (including mapped drives).
The deployment task failed because there is no network connectivity between the GravityZone cluster initiating the deployment task and the target system.
To fix this issue, check the following:
The target system is accessible on the network: it has the correct DNS entry, and the assigned IP is not duplicated.
The local Firewall on the target system allows File and Printer Sharing traffic (TCP ports
139
,445
; UDP ports137
,138
).The target system accepts connections to its admin administrative share.
The registry key is set to 1:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy
. For more information refer to Description of User Account Control and remote restrictions in Windows Vista.
If the issue persists, please contact the Bitdefender Enterprise Support team. For a complete analysis, attach a support tool log from the affected endpoint and another from the associated Relay to your ticket.
Port 7074
inbound is blocked on the Relay and it must be excluded for internal LAN traffic or file transfer.
The password provided for a maintenance operation does not match the password set at installation.
The installer was started with an invalid command line or no feature was selected to be installed. Valid installer command-line arguments are defined in the Installer parameters section.
Check if there is enough disk space on the target endpoint.
Check if the package set to be installed has a valid installation path.
Check if BEST is already installed on the target endpoint.
Check the connectivity between GravityZone and target endpoint.
Verify that the credentials provided in the installation task under Credentials Manager in GravityZone console are valid.
If the issue persists, please contact the Bitdefender Enterprise Support team. For a complete analysis, attach a support tool log from the affected endpoint and another from the associated Relay to your ticket.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
Note
Check if the kit has been installed on the target endpoint.
Check the deployment requirements. For more information, refer to Preparing workstations for Bitdefender Endpoint Security Tools remote deployment
Check if the credentials provided in Tasks > Install > Credentials Manager are valid. In addition, you must check if the user provided has administrator privileges.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
Insufficient rights to perform the necessary changes. Make sure the user account that you are using for deployment, is a Local/Domain/Network Administrator account and has the ability to perform the requested operation.
To investigate this error check if the bddepsrv.exe
service is present on the Relay machine in C:\Program Files\Bitdefender\Endpoint Security\bddepsrv.exe
.
If the service is present but the error persists, please contact the Bitdefender Enterprise Support team. For a complete analysis attach a support tool log from the affected endpoint and another from the associated Relay to your ticket.
The product configuration JSON could not be run at the end of the installation.
For a complete analysis, attach a support tool log from the affected endpoint and another from the associated Relay to your ticket.
Use the Process Monitor to check if BDDepsrv
is created and started on the target during an Install agent task. You must also check Event Viewer for more info.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
You must check if the BDDepsrv
service is present in Services page on the target endpoint. If it is, run the following commands using CMD as an administrator:
sc stop "bddepsrv"
sc delete "bddepsrv"
Reboot the VM and run the task again.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
Use the Process Monitor from Sysinternals to check if BDDepsrv
is created and started on the target during an Install agent task. Check Event Viewer for more info.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
The deployment task has failed because a previous deployment task failed due to a crash of a process it depends on, causing the Bitdefender temporary deployment service to remain registered on the target system.
To fix this, follow these steps:
Log in to the target system as administrator.
Open a Command Prompt window and execute the following commands:
C:\> sc stop bddepsrv C:\> sc delete bddepsrv
Reboot the endpoint and retry the deployment task.
In addition to these scenarios, depending on different anomalies of the operating system on the target endpoint, the deployment task can return a generic Windows Installer error code. For more details about Windows Installer error codes, refer to this Microsoft KB article.
You can find the supported operating systems in the Endpoint protection Requirements section.
The installer cannot load one of its configuration files (install_config.xml
, install_x86.xml/install_x64.xml
) or cannot find additional .dll
files.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
For a complete analysis, attach a support tool log from the affected endpoint and another from the associated Relay (if Relay was used) to your ticket.
For a complete analysis, attach a support tool log from the affected endpoint and another from the associated Relay (if Relay was used) to your ticket.
The installer was run under a user with insufficient privileges.
Make sure you are using the correct format for user names and passwords.
For Active Directory endpoints, enter the domain usernames as USERNAME@DOMAIN (when deploying through a Relay) or DOMAIN\USERNAME, where DOMAIN is the NetBios name of the domain.
For Workgroup endpoints, you only need to enter the username, without the workgroup name.
The installer was run under safe mode.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
Note
Check if the kit has been installed on the target endpoint.
Check if another Install agent task is already in progress.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
Installation process fails because the Central Scan option was selected after creating the packages and there is no Security Server selected or installed.
For a successful installation, you must change the scan mode to Local, or add a Security Server.
To fix this issue, run the fix from this Microsoft KB article on the target endpoint.
Note
You can find the Windows Installer 4.5 redistributable here.
This error message occurs when there is another task in progress. In such a case, check the other task, wait until it finishes, and then reboot the endpoint.
If the installation was unsuccessful, you may need to use the uninstall tool to clean up the endpoint. When the uninstall is complete, reboot and try to deploy one more time.
installer.exe
is not compliant with the operating system architecture.
Check if the product is already installed on the target endpoint.
Check if you are able to log on the target endpoint using a domain administrator account.
For a complete analysis, attach a support tool log from the affected endpoint to your ticket.
To resolve this error, check the following:
In the Targets field of the installation task in GravityZone console check that both the IP and hostname of the endpoint are present.
Compare the IP displayed in the GravityZone console with the output of the command
ping <hostname>
on the endpoint. The IP addresses must be identical for a successful installation.Make sure the Network discovery setup is correct. For more information please refer to How network discovery works and Network discovery issues in Bitdefender GravityZone.
If the issue persists, please contact the Bitdefender Enterprise Support team.
For a complete analysis, attach a support tool log from the affected endpoint and another from the associated Relay to your ticket.
Error code returned when the installer runs silent and it needs a reboot to finish its maintenance process.
By default, the reboot will not be performed automatically and the operation will not be resumed automatically.
Cases when installer might ask for a reboot: when removing 3rd party AV products, after scanning before install, after a repair/modify/uninstall operation.
A restart action is pending as a result of another maintenance (install, repair, modify, uninstall) operation that required a restart in order to finish correctly.
The error code indicates that the current maintenance operation cannot continue until the restart is performed. Another case when this code is returned is when the repair or uninstall fails and will try again after a reboot.
Please contact the Bitdefender Enterprise Support team for more information. To gather logs from the affected endpoint refer to Using the Support Tool.
This error can be fixed by following these steps:
Log in to the target system as administrator.
Open a Command Prompt window and execute the following commands:
C:\> sc stop bddepsrv C:\> sc delete bddepsrv
Reboot the endpoint.
Use the Process Monitor to check if
BDDepsrv
is created and started on the target during an Install agent task.
IPv6 not supported. You must use the IPv4 protocol.
Configure the installation task by unchecking the Scan before installation option (if it was checked) and run the task again.
Check if the package in question exists in the Network > Packages page of the Control Center.
To fix this error, delete and recreate the package.
The target endpoint is a Security Server. Bitdefender Tools cannot be deployed on Security Server.
VMware Tools are not installed. Install VMware Tools on the target endpoint and run the task again.
VMware Tools are not running. Please check the VMware Tools status on the target endpoint. VMware Tools is required for the Bitdefender Tools deployment to work.
Cannot determine the VMware Tools status. Please check the VMware Tools status on target endpoint. VMware Tools is required for Bitdefender Tools deployment to work.
Check the following information:
The username and the password configured in Control Center are correct: Log in to vSphere Client with the same credentials or try using another account.
The user provided for VMware integration has vCenter Administrator permissions.
This error occurs when deploying the security agent on virtual machines.
To fix the problem, change the following registry entries:
HKEY_LOCAL_MACHINE
>SYSTEM
>CurrentControlSet
>Services
>lanmanserver
>parameters
>size
set to 3HKEY_LOCAL_MACHINE
>SYSTEM
>CurrentControlSet
>Control
>Session Manager
>Memory Management
>LargeSystemCache
set to 1
Possible causes:
The full kit is being run from within the archive.
The
installer.xml
file is not located right next to the full kit.The full kit is unable to read
installer.xml
when the files are both located on a network drive.
To resolve this issue, make sure that both the installer.xml
and the full kit files are unpacked and set to run from the local drive.