To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Can not install Elements on a Win 10 computer.

Options
ITsupporter
ITsupporter W/ Partner Posts: 5 Security Scout

Getting error something like - Windows Update has not the latest updates.
But Windows is updated in full.
Any ideas?

Answers

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 245 Moderator
    edited May 24
    Options

    HI @ITsupporter

    Thank you for reaching out the WithSecure Community,

    It's difficult to pinpoint the exact root causes of the issue without checking the WSdiag logs. Could you please provide information on how many machines are affected due to the Windows Update? If it's just a single machine, as a starting point, you can check if the ACS dependencies are missing on the reported machine. You can refer to this article: https://community.withsecure.com/en/kb/articles/29714-changes-in-support-on-microsoft-windows-minimum-patch-level

    If the above mentioned is not your scenario, here are a few steps you can try to resolve this issue:

    1. Run the Windows Update Troubleshooter:
      • Go to Settings > Update & Security > Troubleshoot.
      • Select Windows Update and then click on Run the troubleshooter.
    2. Ensure that Windows Update services are running:
      • Press Windows key + R, type services.msc, and press Enter.
      • Find and ensure that Windows Update and Background Intelligent Transfer Service are set to Start.
    3. Use System File Checker (SFC):
      • Open Command Prompt as Administrator.
      • Type sfc /scannow and press Enter to check for any system errors and corrupted files.
    4. Reset Windows Update Components:
      • Open Command Prompt as Administrator.
      • net stop wuauserv
      • net stop cryptSvc
      • net stop bits
      • net stop msiserver
      • ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
      • ren C:\Windows\System32\catroot2 catroot2.old
      • net start wuauservnet start cryptSvc
      • net start bitsnet start msiserver
      • Restart your computer and try updating again.
    5. Download and Run the WithSecure Uninstallation tool: https://download.withsecure.com/uninstallationtool/WsUninstallationTool.exe
    6. Re-install the WithSecure Elements Agent again.
    7. If the above methods do not work, consider performing an in-place upgrade which can repair broken operating system files while keeping your personal files and settings intact. You can reach to the Microsoft Support.

    Before proceeding with these steps, ensure that all external peripherals are unplugged except for the mouse, keyboard, and LAN cable. Also, temporarily disable or uninstall any third-party antivirus programs as they can interfere with the update process.

    If you’ve tried all these steps and the issue persists, it might be helpful to seek further assistance from WithSecure Support.

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™ https://www.withsecure.com/en/home

  • ITsupporter
    ITsupporter W/ Partner Posts: 5 Security Scout
    Options

    Still the same

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 524 Moderator
    edited May 24
    Options

    Hi @ITsupporter

    Thank you for sharing the screenshot, which translates to "The certificate for the download server could not be verified. This may be due to you using an outdated version of Windows. Update Windows and try installing the product again".

    Do check that your certificates are latest.

    Is this a fresh install or an upgrade of Elements Agent ?

    Can you check the registry for this string if it exist ?

    [HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\updates\ulcore\1709915445]:

    "error_code_install"=(REG_DWORD):14

    If the string does not exist, we suggest to submit a support case with WSDiag logs - https://www.withsecure.com/en/support/contact-support/email-support

  • ITsupporter
    ITsupporter W/ Partner Posts: 5 Security Scout
    Options

    It does not exists. It is a fresh install.

  • ITsupporter
    ITsupporter W/ Partner Posts: 5 Security Scout
    Options

    This is what I get running the ConnectionChecker:

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 245 Moderator
    Options

    Hi @ITsupporter

    Thank you for providing the screenshot of the connection result. It appears that the backend connections failed to establish. Our Elements Agent require communication with the WithSecure backend for certain installations.

    • *.f-secure.com
    • *.fsapi.com

    Note: The domains mentioned above needs to be whitelisted to your firewall or proxy. In case your have enabled some proxy in your environment, the client reads it via discovery service and tries to connect to *.fsapi.com through it. 

  • ITsupporter
    ITsupporter W/ Partner Posts: 5 Security Scout
    Options

    Okey…
    The customer has no firewall or proxy. Must be something else.
    It is a standard Windows 10, connected via a router, provided by the Internet provider. It is a standard private home villa.

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 524 Moderator
    Options

    Hi @ITsupporter

    Thank you for sharing the Connectivity Checker results, which I can see error 12175 to some of our backend servers.

    From version 22.1 onwards, the connectivity requirements have changed for the Elements Agent and Elements Connector.
    This release included a new check which contacts Certificate Revocation List (CRL) servers, related to the validity check of TLS certificates used.

    Connectivity requirements changed:
    Please note that we do require connection to CRL URLs now. Please verify that connections to the following CRL URLs work:

    ocsp.rootca1.amazontrust.com
    crl.sca1b.amazontrust.com
    ocsp.rootg2.amazontrust.com
    ocsp.sca1b.amazontrust.com
    crl3.digicert.com
    crl4.digicert.com
    ocsp.digicert.com

    If you see that the client status is not updating in the portal, or profile changes are not applied to the client, please open HTTP connections to the CRL URLs.

    This is mentioned in the Elements EPP for Computers and Elements EPP for Servers change logs:

    https://community.f-secure.com/change-logs-business/kb/articles/9238-release-22-1-availability-starting-13-01-2022

    To know more about CRL and OCSP refer to the links below:

    https://www.thesslstore.com/blog/crl-explained-what-is-a-certificate-revocation-list/
    https://www.digicert.com/kb/util/utility-test-ocsp-and-crl-access-from-a-server.htm