https://github.com/osquery/osquery logo
Join Slack
Powered by
im having a hard time deploying a compiled service...
# kolide
w
im having a hard time deploying a compiled service MSI for windows, im basically getting an error related to not having the right permission to create a system service, ive tried with the local system account and a user that has the privilege to logon as a service and i just cant get it to work, an old version or service shouldnt remain, im deploying with PDQ not sure how much that would matter
im using 0.11.17 for reference
s
Is this an error that looks like 
Verify you have sufficient privileges to start system services
?
w
yeah thats the one
s
That’s an generic windows error that covers any problem with service installation (not just permissions)
w
actually its a bit different
its says install rather then start but i imagine its similarly vague
s
All the occurrences I’ve found have been traced to what I can only describe as a bug in service manager. Did you have a version of this service installed prior?
w
i think so, im doing both an uninstall and an attempt to clean up the old services with powershell just in case
s
The only fix I’ve found is to reboot after the uninstall.
w
gross
ok ill have to plan something then
s
This seems to happen if the service control panel is open, when you uninstall a service. This leaves that service in a weird limbo state. Subsequent installs fail with that, until it’s been rebooted.
I have no idea what “correct” is here. This all just feels like a windows bug.
w
ok that must be why its not every host
i might not get back on this soon but ill see if i cant schedule something soon
s
I haven’t seen it happen in normal MSI upgrade/repair stuff. Only when people do uninstall/reinstall testing with lots of control panels open, and whatnot. Which, frustratingly, means I hit it randomly testing
w
ah ok so to do an update do i need to uninstall reinstall or is the launcher msi upgrade aware like how some tools are, the one that comes to mind for me is the splunk UF
s
I have no experience with splunk.
You mentioned custom building, so all bets are off.
w
im just using the package-builder to build the msi, but i could see why that wouldnt be supported
s
But generally speaking, launcher will update itself. The MSI doesn’t change versions, but launcher will download and exec the newest versions. (If autouodate is enabled)
w
yeah we cant use the auto updating function
s
Ah.
w
so ive just been pulling the windows releases from github and using package-builder
s
What does upgrade aware mean? I think you should be able to install a new MSI straight over the old one. The various product and upgrade guids should be set correctly for that to work
w
ok yeah so for example to upgrade the splunk uf you just run the new installer, no uninstall
s
Yeah, that should work.
w
ok cool that should make things easier
s
Why doesn’t autoupgrade work in your environment?
w
were an airgapped environment
s
Yup… You could run a notary nd download server internally, but I can’t really recommend that work.
w
yeah its not too bad to run package builder and then use our deployment tools to distribute it
s
I’m glad 
package-builder
is working for you
w
yeah so far so good
Open in Slack
PreviousNext
Powered by