MSI installation failure

[vikman90]

Description

We are experiencing issues when installing the MSI package of the Wazuh Agent for Windows. The installation process terminates with the message:

Wazuh Agent Setup Wizard ended prematurely

Reviewing the installation logs, we identified at least three issues that could be related to the failure:

1. System Restore Point Creation Failure

MSI (s) (00:60) [02:48:35:300]: Calling SRSetRestorePoint API. dwRestorePtType: 0, dwEventType: 102, llSequenceNumber: 0, szDescription: "Installed Wazuh Agent".
MSI (s) (00:60) [02:48:35:300]: The System Restore service is disabled. Returned status: 1058. GetLastError() returned: 1058

The installer attempts to create a restore point, but the System Restore service is disabled, leading to failure.

2. Permission Issue During Configuration File Move

WixQuietExec:  Move-Item : Access to the path is denied.
WixQuietExec:  At C:\Program Files\wazuh-agent\postinstall.ps1:48 char:5
WixQuietExec:  +     Move-Item -Path $sourcePath -Destination $destinationPath -Force
WixQuietExec:  +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WixQuietExec:      + CategoryInfo          : PermissionDenied: (C:\Program File...wazuh-agent.yml:FileInfo) , Unauthorized
WixQuietExec:     AccessException
WixQuietExec:      + FullyQualifiedErrorId : MoveFileInfoItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.MoveItemCommand
WixQuietExec:   
WixQuietExec:  Config file moved successfully.

There is an "Access Denied" error when moving the configuration file, yet the log message still states "Config file moved successfully," which is inconsistent.

3. Failure to Start Wazuh Agent

WixQuietExec:  Starting agent.
WixQuietExec:  Error executing wazuh-agent.exe. Error code: .
WixQuietExec:  Error 0x80070001: Command line returned an error.
WixQuietExec:  Error 0x80070001: QuietExec Failed
WixQuietExec:  Error 0x80070001: Failed in ExecCommon method

The installer tries to start the Wazuh Agent before it has been registered, which results in an error.

Full log

install.log

Environment

• Wazuh Agent version: 0201834
• OS version: Windows 11

[jotacarma90]

First analysis

The permissions error comes from the mini script added in WIX:

    <CustomAction
        Id="PostInstall"
        BinaryKey="WixCA"
        DllEntry="WixQuietExec"
        Return="check"
        Execute="immediate"
        Impersonate="no"
    />

By executing the postinstall script, we are doing it with Execute="immediate".
This is causing the script to run with the same user that ran the MSI.
A possible option is to use deferred (this causes it to run with LocalSystem), but it will be necessary to check the timing of the script execution. There may be problems with the file you intend to move.

Some alternative options may be to try to force the execution of the powershell command of the postinstall.sh script with -Verb RunAs.

Regarding the appearance of Config file moved successfully after the installation failed, it will be necessary to fix the script flow by checking the output of each command, to properly display the result.

Finally, the error related to the execution of wazuh-agent.exe is probably caused by the missing configuration file (error mentioned above due to lack of permissions).
The lack of agent registration does not cause an error with the wazuh-agent.exe command, so we can decide whether to use it or not. During development it was useful to verify that the executable dependencies were correct when installed.

[MarcelKemp]

Update

• Several tests have been performed by modifying the value to referred, however, they fail to generate the MSI, so it is necessary to modify the current steps in order for WiX to generate the package properly.
  • Tests performed with branch: bug/557-msi-installation-failure
• Preparing Windows package generation environment to visualise WiX bugs and fix them.