Closed elwali10 closed 2 years ago
We have been investigating this issue, and we were able to upgrade a Windows package using a different user following the process described in the issue:
We found, however, that users other than Administrator
need to be granted permissions manually to access the contents of C:\Program Files (x86)\ossec-agent
. This causes as shown in the video the installation GUI to not be able to show the manage agent interface.
Generated installation log:
As we can see in the previous log we obtain the following error:
Error 1920. Service 'Wazuh' (WazuhSvc) failed to start. Verify that you have sufficient privileges to start system services.
This error appears after a the installation has waited for some time while installing as the following pop up:
It seems that the user employed for the upgrade can't run the WazuhSvc service.
We are currently investigating possible solutions for this problem.
Using an OVA instance shared by @elwali10 we were able to reproduce the error.
We noticed that this error does only appear when the virtual machine only has 1 core and probably has nothing to do with the user.
We verified that the service can be started even with 1 core.
Found the possible cause of the error, in this line of the wxs
file:
https://github.com/wazuh/wazuh/blob/b1f7b533efeba1e4bd40b0edb0a5a12d8eff58fb/src/win32/wazuh-installer.wxs#L206
The MSI only verifies the condition WAZUHINSTALLED
but there is no check for the the service being active before the installation, this may lead to the agent starting in an incorrect state.
Fixed issue mentioned in the last comment: https://github.com/wazuh/wazuh/commit/53f97596abd6e2c3348e7546731abdc3c3a3d3ff
Build and test package with the fix.
The error does not appear in the new package when upgrading a package in a machine with 1 core.
1 core
4 core
Investigate the cause of the log time spent in the starting services
step of the MSI. We found this thread:
https://stackoverflow.com/questions/50340129/wix-servicecontrol-start-takes-four-minutes-to-fail-should-be-30-sec
That suggests that the service may be holding the process.
Investigate windows service code: https://github.com/wazuh/wazuh/blob/2b0d34b7aec641fc4c73f150d53c3d5b0679d67b/src/win32/win_service.c https://github.com/wazuh/wazuh/blob/f2d777d86f9a2d29fbfa237e1a311eb106e1c637/src/win32/win_utils.c
Test package disabling different components.
Test installation and upgrade of failing packages while disabling different modules, we observed the same behavior when starting the services.
The proposed changes affect the way the services are managed after an upgrade, currently the error described here: https://github.com/wazuh/wazuh/issues/13928#issuecomment-1181880846
Causes the services always to try to start after an upgrade or installation. The correct behavior would be only to start the services if the Wazuh services were running before the upgrade and never start them after a new installation.
These changes may affect upgrades from before the service name change, this is from versions lower than 4.2.0 and upgrades after the service name change and new installations.
Tests should be done in Windows XP, Windows 2012R2, and Windows server 2022.
Windows XP | Windows 2012R2 | Windows server 2022 | |
---|---|---|---|
Upgrade from 3.x previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.0 previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.2 previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 3.x previous service started | :red_circle: | :red_circle: | :red_circle: |
Upgrade from 4.0 previous service started | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.2 previous service started | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Clean install | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Windows XP | Windows 2012R2 | Windows server 2022 | |
---|---|---|---|
Upgrade from 3.x previous service stopped | :heavy_check_mark: | ||
Upgrade from 4.0 previous service stopped | :heavy_check_mark: | ||
Upgrade from 4.2 previous service stopped | :heavy_check_mark: | ||
Upgrade from 3.x previous service started | :heavy_check_mark: | ||
Upgrade from 4.0 previous service started | :heavy_check_mark: | ||
Upgrade from 4.2 previous service started | :heavy_check_mark: | ||
Clean install | :heavy_check_mark: |
Investigate problem with the upgrade from 3.x
Add fix for 3.x upgrades. https://github.com/wazuh/wazuh/commit/d3436911016114c0912cef87df9f19b7a446ffd1
Windows XP | Windows 2012R2 | Windows server 2022 | |
---|---|---|---|
Upgrade from 3.x previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.0 previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.2 previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 3.x previous service started | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.0 previous service started | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.2 previous service started | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Clean install | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Windows XP | Windows 2012R2 | Windows server 2022 | |
---|---|---|---|
Upgrade from 3.x previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.0 previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.2 previous service stopped | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 3.x previous service started | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.0 previous service started | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Upgrade from 4.2 previous service started | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Clean install | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Hello team,
Upgrading the Wazuh agent in Windows server 2016 manually(by clicking on the package MSI and using the WUI) from 4.3.1 to 4.3.3 fails.
Steps to reproduce:
Create two Windows users (Users A & B) with permissions to install packages (Admins).
log in as a user A and install the Wazuh agent 4.3.1
Switch to the user B then upgrade manually using the MSI package to 4.3.3.
The upgrade process hangs.
Regards, Elwali