Solved

Windows 2012 event log warnings - are they significant?

Posted on 2014-10-09
36
359 Views
Last Modified: 2015-07-29
We have a Windows 2012 server running Exchange 2010. This is NOT our domain controller, it just works as a mail server.

I notice that we keep receiving a pair of warnings in our Windows Application Event log, as follows :-

1). Event ID - 1004 MsiInstaller

Detection of product '{54F84805-0116-467F-8713-899DFC472235}', feature 'SQL_Engine_Core_Shared', component '{B46C0736-6483-42D0-8CB7-6AE45B8F8B7E}' failed.  The resource 'd:\' does not exist.

2). Event ID -1001 MsiInstaller

Detection of product '{54F84805-0116-467F-8713-899DFC472235}', feature 'SQL_Engine_CNS' failed during request for component '{6E985C15-8B6D-413D-B456-4F624D9C11C2}'

There seems to be many MsiInstaller entries in the application log, so I have included a screen shot of the event log.

The fact it repeats over and over again, leads me to believe that there must be an underlying issue which needs addressing, but if anyone could confirm this, and what course of action is required, I would be very much obliged.

Many thanksWindows 2012 application event log
0
Comment
Question by:nigelbeatson
  • 21
  • 7
  • 4
  • +2
36 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 40370296
Seems that this error has been posted once on the forums here, please check and see this topic.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/Q_28426610.html

Also, i se that the MSI installer ends with an exit code 0 which means installation successful without any errors. Could it be you are repairing something? Or something has been misinstalled and needs to be repaired over and over again?

Rebooting might just help.
0
 

Author Comment

by:nigelbeatson
ID: 40370315
OK Thanks.

We did use an external USB drive (d:) to install Microsoft Exchange 2010 Sp3 onto the 2012 server, as this was the only method I could see working. The Exchange Software was downloaded from Microsoft (as that was what I was instructed to do under the licence agreement we hold with them), and it was larger than a single DVD would hold. Burning a DVD therfore was not a possible solution.

Anyway, the point is, there are hundreds of references within the registry which point to the external USB drive (D:) we used, so making manual changes would be a real pain.

My concern is that had we have installed everything from a DVD, the media would not be present anyway, so would not the same problem happen, even if we had done it this way?

I could re connect an external USB drive to the server, but what would this achieve if the original sourcs data was not there?

I am just confused as to why the installer is trying to run in the first place, we have not tried to install anything recently??

Do you think it just needs a drive d: to be present to complete what it is doing?

Any advice greatly appreciated.
0
 
LVL 9

Expert Comment

by:Marshal Hubs
ID: 40370322
0
 

Author Comment

by:nigelbeatson
ID: 40370336
I have established that the resource refered to in the event warning ie 54F84805-0116-467F-8713-899DFC472235 only has one reference to d:\, which I could easily modify.

My concern is however, that it appears to be looking for the initial installation packet, which we may no longer have ( I have not had a proper search for it yet, but I will do if it is the only solution).

If I modify the path to say c:, the packet is not there either, so I dont see what this will achieve?? I am confused as to what I should do.

Any help much appreciated.

Thanks
0
 
LVL 23

Expert Comment

by:rhandels
ID: 40370345
Even so, if you installed the application from a remote D drive and you installed it fully imho there is no reason to worry any more because it is all running nice and clean, am i right?

What you normally see is that when installing software (lets take office as example) and you don't fully install it will use the installation source to install subsequent software you actually need that wasn't installed initially.
0
 

Author Comment

by:nigelbeatson
ID: 40370354
Yes, you are correct, it all seems to be working OK, I just dont like the cycling event which keeps restarting the process every few seconds, and consuming resources on our server no doubt.

I would still like to stop this though, even though there may be no problems currently being presented. We have not intentially asked for any additional features to be installed, so I still dont understand why we are seeing these warnings.

Many thanks.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 40370539
Problem is that you might break something that is working right now..
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40370837
my first question would be why do you have exchange 2010 and sql 2012 on the same server?
this is not a recommended configuration
each will be fighting for physical memory as they are both designed to use as much as it has available
0
 

Author Comment

by:nigelbeatson
ID: 40370874
We have not installed sql 2012 specifically onto the server, just 2012 server and exchange 2010. We have yosemite server backup software and avg anti virus. That is all??
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40370881
does yosemite use sql?
that screenshot clearly shows sql 2012 database engine is installed
0
 
LVL 16

Expert Comment

by:Mike T
ID: 40373637
Hi,

Seth is correct - you definitely have SQL 2012 installed and it was done from the D: drive, the same as Exchange was. The SQL version is 11.0.2100.60.

This contradicts what you say is installed, which was:
2012 server
exchange 2010
yosemite server backup software
avg anti virus.

Since none of those products need SQL (I checked Yosemite here

Then I would investigate. Check the setup eventlog and the start menu.


As SQL and Exchange will fight over RAM I would strongly suggest you remove ALL SQL components.

Also, you question starts with your server repeatedly trying to do something with SQL
Detection of product '{54F84805-0116-467F-8713-899DFC472235}', feature 'SQL_Engine_Core_Shared', component '{B46C0736-6483-42D0-8CB7-6AE45B8F8B7E}' failed.  The resource 'd:\' does not exist.

This is the MSIEXEC engine (aka Windows Installer) looking to repair or reconfigure an MSI with the GUID {54F8....}.
That is the unique code for SQL 2012 - of which it is looking for the module {B46C...} which is, I guess the Core Engine for SQL.

So, if you are absolutely sure you don't want SQL on that server uninstall it. To remove run the command
MsiExec.exe /X{54F84805-0116-467F-8713-899DFC472235}
or
Use the SQL installer on the start menu, if it's there, or of course Programs and Features.

Mike
0
 

Author Comment

by:nigelbeatson
ID: 40384360
Sorry for the delay in responding.

I have looked at the server, and asked if anyone else has installed SQL and no one seems to know anything about it.

I decided to pause sql, to see if anything stopped working and I noted the following information in the event log :-

Source MSSQL$ADK Event ID - 17144

SQL Server is not allowing new connections because the Service Control Manager requested a pause. To resume the service, use SQL Computer Manager or the Services application in Control Panel.

We may have installed the Assesment and Deployment Kit as some stage, but would this automatically install SQL? If so, can we remove this now, if its causing problems?

Any assistance very much appreciated.

Thanks
0
 
LVL 16

Expert Comment

by:Mike T
ID: 40384637
Hi,

WADK does not install SQL. I am not surprised no-one confessed, but as it is installed, you can check the eventlog for the date or the date stamp of the folder to see when it appeared at least.

If you really are adamant it should not be there, uninstall it. If anything else needs it, you will soon know, but then the "something else" needs to be installed somewhere else too. And the owner might come crawling out of the woodwork too.

Just make sure you have a full working backup before you touch it, and then uninstall.

Mike
0
 

Author Comment

by:nigelbeatson
ID: 40384658
I have suspended the SQL services for the moment, which I hope will simulate removal. If anything then stops working, I am sure I will soon hear about it. If I hear nothing for a few days, I will proceed with removal.

Hope that meets with your approval?

Many thanks.
0
 

Author Comment

by:nigelbeatson
ID: 40385604
Having disabled the sql services, I notice that we are still receiving the same entries in the event log :
Source MSIInstaller - event id 1004
Detection of product '{54F84805-0116-467F-8713-899DFC472235}', feature 'SQL_Engine_Core_Shared', component '{B46C0736-6483-42D0-8CB7-6AE45B8F8B7E}' failed.  The resource 'd:\' does not exist.

Followed by :-

Source MSiInstaller - event id 1001
Detection of product '{54F84805-0116-467F-8713-899DFC472235}', feature 'SQL_Engine_CNS' failed during request for component '{6E985C15-8B6D-413D-B456-4F624D9C11C2}'

How do I get to the bottom of this? Any suggestions greatly appreciated
0
 

Author Comment

by:nigelbeatson
ID: 40385622
There seems to be a repeat cycle taking place as follows :-

Source MsiInstaller - Event ID - 1040
Beginning a Windows Installer transaction: {54F84805-0116-467F-8713-899DFC472235}. Client Process Id: 12184.

Source MsiInstaller - Event ID - 11724
Product: SQL Server 2012 Database Engine Shared -- Install started.

Source RestartManager - Event ID - 10000
Starting session 0 - ‎2014‎-‎10‎-‎16T22:11:42.527080600Z.

Source MsiInstaller - Event ID - 11728
Product: SQL Server 2012 Database Engine Shared -- Configuration completed successfully.

Source MsiInstaller - Event ID - 1035
Windows Installer reconfigured the product. Product Name: SQL Server 2012 Database Engine Shared. Product Version: 11.0.2100.60. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.

Source MsiInstaller - Event ID - 1042
Ending a Windows Installer transaction: {54F84805-0116-467F-8713-899DFC472235}. Client Process Id: 12184.

Source RestartManager - Event ID - 10001
Ending session 0 started ‎2014‎-‎10‎-‎16T22:11:42.527080600Z.

Source MsiInstaller - Event ID - 1004
Detection of product '{54F84805-0116-467F-8713-899DFC472235}', feature 'SQL_Engine_Core_Shared', component '{B46C0736-6483-42D0-8CB7-6AE45B8F8B7E}' failed.  The resource 'd:\' does not exist.

Source MsiInstaller - Event ID - 1001
Detection of product '{54F84805-0116-467F-8713-899DFC472235}', feature 'SQL_Engine_CNS' failed during request for component '{6E985C15-8B6D-413D-B456-4F624D9C11C2}'

Just what is going on here? This cycle happens over and over again??

Can anyone help?

Thanks
0
 

Author Comment

by:nigelbeatson
ID: 40385656
Trying to identify why we have sql server installed, and have looked at the sql config console. A screen shot is enclosed. All I can see are the SQL server services which I have stopped.

Can anyone assist in helping us identify how we have managed to get sql server installed and whether we can remove it?

Many thanks
screenshot.jpg
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40385713
someone installed windows assessment and deployment kit

Windows ADK Overview
http://technet.microsoft.com/en-us/library/hh825486.aspx
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 16

Expert Comment

by:Mike T
ID: 40385714
Hi,

Stopping the SQL services will NOT stop those errors appearing in the eventlog. As I said before, the Windows installer service which runs all the time is trying to fix SQL but failing for some reason.
The only way to stop it is a) repair SQL or b) remove SQL.

Seth is correct - the screenshot shows SQL with an instance for the ADK, so that's the most likely source after all. Apologies. I always install it for the deployment tools and don't remember SQL being added.
What is listed in Programs and Features?

Mike
0
 

Author Comment

by:nigelbeatson
ID: 40386620
Thankyou for your reply.

Here is a screenshot of programs and features, which shows several sql programs installed.

Can you confirm that these would be installed with ADK and that we can just uninstall that, which will also remove SQL? Or do we need to remove ADK and all of the sql programs individually?

I looked through the info supplied about the ADK overview but could see nothing about SQL. I am really confused about why this has been installed, and it would be reassuring to establish that it is just part of ADK, which we can safely remove.

Many thanks
screenshot.jpg
0
 
LVL 16

Expert Comment

by:Mike T
ID: 40387110
Hi,

I will install WADK (full install) later today to confirm. My existing machine has several SQL items too but I can't say which of them came from WADK. I checked the docs too and could not find any mention.

Mike
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40391175
Can you confirm that these would be installed with ADK

that was confirmed in your earlier screenshot showing the ADK SQL instance
0
 

Author Comment

by:nigelbeatson
ID: 40391403
It was confirmed that we have it installed,  but not what installed it. I just want to be certain that I can just remove adk and sql safely, as I have seen nothing that mentions that adk does install sql.

thanks
0
 

Author Comment

by:nigelbeatson
ID: 40419590
Did you manage to install WADK? Did it install SQL?

If you could let me have an update, I would be grateful.
0
 

Author Comment

by:nigelbeatson
ID: 40419634
Having had this problem outstanding for some time, (my fault), I thought I would go ahead and remove the ADK. Unfortunately, it failed!!! Stating that the installation was not complete, and I should complete this first!

The Log was as follows :-


=== Verbose logging started: 03/11/2014  15:55:56  Build type: SHIP UNICODE 5.00.9200.00  Calling process: C:\ProgramData\Package Cache\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}\adksetup.exe ===
MSI (c) (CC:BC) [15:55:56:824]: Resetting cached policy values
MSI (c) (CC:BC) [15:55:56:824]: Machine policy value 'Debug' is 0
MSI (c) (CC:BC) [15:55:56:824]: ******* RunEngine:
           ******* Product: {E14DDED2-919B-FCCB-84AC-5ABB6D182D46}
           ******* Action:
           ******* CommandLine: **********
MSI (c) (CC:BC) [15:55:56:824]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (CC:BC) [15:55:56:824]: Grabbed execution mutex.
MSI (c) (CC:BC) [15:55:56:824]: Cloaking enabled.
MSI (c) (CC:BC) [15:55:56:824]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (CC:BC) [15:55:56:824]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (c) (CC:BC) [15:55:56:824]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (CC:BC) [15:55:56:824]: MainEngineThread is returning 1618
=== Verbose logging stopped: 03/11/2014  15:55:56 ===

MSI (s) (34:FC) [15:55:59:293]: User policy value 'DisableRollback' is 0
MSI (s) (34:FC) [15:55:59:293]: Machine policy value 'DisableRollback' is 0
MSI (s) (34:FC) [15:55:59:293]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (34:FC) [15:55:59:293]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (34:FC) [15:55:59:309]: Note: 1: 2265 2:  3: -2147287035
MSI (s) (34:FC) [15:55:59:309]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (34:FC) [15:55:59:309]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (s) (34:FC) [15:55:59:309]: Destroying RemoteAPI object.
MSI (s) (34:D0) [15:55:59:309]: Custom Action Manager thread ending.


I just seem to be going round in circles with this. Cant stop the warnings in the evnt log, cant remove the ADK which seems to have installed SQL.

Any ideas on what I can do?

Advice very much appreciated.
0
 

Author Comment

by:nigelbeatson
ID: 40419687
It would seems the loop we are informed of in my first post, ie the contstant attempt to install something that fails, is preventing the item (ADK) from being removed. I dont even know whether removing ADK will remove SQL, but I would like to get ADK off this server.

If anyone can assist in this, I would love to hear from you.

Many thanks.
0
 
LVL 16

Expert Comment

by:Mike T
ID: 40419751
Hi,

The error code "MainEngineThread is returning 1618" means another installation is in process. You need to stop it by stopping msiexec installer service and then try again.

It may still fail because it was installed from a removable disk. It may be easier to reinstall it again over the top and effectively repair the install and then remove it cleanly.

Mike
0
 

Author Comment

by:nigelbeatson
ID: 40419780
Thankyou for that. Unfortunately Windows Installer does not let me stop it. All of the options on the service cosole are greyed out. It does confirm its running, but I cant stop it??

Do you think I will be able to re install in this condition, as I normally get told it cant because it is Installer is still running, just like I get when trying to uninstall.

Any ideas?

Many thanks.
0
 
LVL 16

Expert Comment

by:Mike T
ID: 40419852
Hi,

No, if it's still running you cannot install anything that uses the installer engine. If using the local admin account fails you might have to resort to using the system account.

Mike
0
 

Author Comment

by:nigelbeatson
ID: 40419884
Not sure what you mean Mike. I am logged in as the domain admin?? Can you explain a little more? I thought doman admin was the highest authority and should provide the best credentials??

Many thanks
0
 

Author Comment

by:nigelbeatson
ID: 40421975
Not sure what to do with this, as I cannot confirm that the SQL was installed by the ADK, although I can see only ADK processes detailed within the SQL  Admin console, and would probably gues that it was. However, I dont like to take such dratsic measures without knowing for sure that this is the case.

In addition, I cannot seem to be able to bottom the cycle of events in the event log. I cannot un install the ADK as it is currently trying to complete the initial installation for some reason.

I cannot stop this installation process either so I seem to be stuck with the ongoing instalation failing as it cant find something on the initial installation path. (ie it was installed from a USB drive initially).

I am quite happy to open up a new case, but was unsure how to deal with the points, as people have tried to help. I have been told previously not to allocate points unless somone resolved my issue, so I really dont know where to go.

Any suggestions.

Thanks
0
 
LVL 16

Expert Comment

by:Mike T
ID: 40422049
Hi Nigel,

Sorry, I got delayed in responding. "Local system" is a special account which has higher privilege than local admin even. See MSDN.

If you can't stop the installer service from running (and note you can't stop it entirely as you need it to reinstall) then the only alternative is to reconnect the source or edit the registry. Either way you need to provide the WADK source files. I think the easiest and safest route is just to download it from MS (http://go.microsoft.com/fwlink/?LinkId=309291) and choose the option for offline download, then put the download on a USB drive. Then the current install cycle should finish and you can uninstall it. You might have to figure out the drive letter, but Windows will probably pop up a browse box with it.

Mike
0
 

Author Comment

by:nigelbeatson
ID: 40430118
OK - I have managed to remove the ADK but it did not remove any of the sql components.

I have attached a screen shot of the components installed.

Can I just remove them all, is there a set order of removal being so many?

I would really like to confirm that ADK does install SQL before I remove it. This is just an exchange 2010 server and although have not installed SQL, and I understand that having SQL on an exchange server is not a good idea, I am reluctant to do it until I know for sure.

There are so many SQL components, I cant believe the ADK would install all of this without making me aware.

If anyone can assist, I would be very grateful.
SQL-COMPONENTS.png
0
 

Author Comment

by:nigelbeatson
ID: 40430119
Are none of the SQL components required for Exchange 2010?
0
 

Accepted Solution

by:
nigelbeatson earned 0 total points
ID: 40897318
I eventually found that Yosemite requires the ADK for some of its features to work. Removing ADK stopped Yosemite from running correctly.

I re installed ADK and all is working correctly now. There must have been a problem with the original install.

Thanks to all who tried to help
0
 

Author Closing Comment

by:nigelbeatson
ID: 40903866
Help offered but the solution was found by myself in conjunction with Yosemite Support.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Resolve DNS query failed errors for Exchange
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now