mpande
Posts: 64
Joined: Tue Sep 28, 2021 1:52 pm

Windows User Error after running upgrade

Wed Apr 13, 2022 5:51 pm

Several of our sites are running into errors generating an internal certificate after running an upgrade. We've run a diff of the logs of the working sites against the non-working sites, and the problem sites all have the following two sections in the logs where working sites do not:

(Only present in non-working sites)
SI (s) [TIME]: PROPERTY CHANGE: Deleting AI_RollbackAccount property. Its current value is 'NopUser{75F0C14F-C0D9-4FC4-A878-08678788386D}'.
MSI (s) [TIME]: PROPERTY CHANGE: Adding AI_CreateAccount property. Its value is 'NopUser76998DA4D493DD032D80BD53E542E611E3FB357A80802000B7968B0776689322B10A7ED0BAF7EE256F4E08AC4194F65B76E1C11FA48D958ADFA08107013807D8Nabancard LLC User account used by various windows services 65600S-1-5-32-5441{75F0C14F-C0D9-4FC4-A878-08678788386D}2021.52.0931.0'.
MSI (s) [TIME]: Doing action: AI_CreateAccount
Action ended TIME: AI_RollbackAccount. Return value 1.
Action start TIME: AI_CreateAccount.
MSI (s) [TIME]: PROPERTY CHANGE: Deleting AI_CreateAccount property. Its current value is 'NopUser76998DA4D493DD032D80BD53E542E611E3FB357A80802000B7968B0776689322B10A7ED0BAF7EE256F4E08AC4194F65B76E1C11FA48D958ADFA08107013807D8Nabancard LLC User account used by various windows services 65600S-1-5-32-5441{75F0C14F-C0D9-4FC4-A878-08678788386D}2021.52.0931.0'.
MSI (s) [TIME]: PROPERTY CHANGE: Adding AI_CommitAccounts property. Its value is 'NopUser{B1A899C4-8A16-4C75-932D-D1B9B6D67FCE}'.
MSI (s) [TIME]: Doing action: AI_CommitAccounts
Action ended TIME: AI_CreateAccount. Return value 1.
Action start TIME: AI_CommitAccounts.
MSI (s) [TIME]: PROPERTY CHANGE: Deleting AI_CommitAccounts property. Its current value is 'NopUser{B1A899C4-8A16-4C75-932D-D1B9B6D67FCE}'.
Action ended TIME: AI_CommitAccounts. Return value 1.
MSI (s) [TIME]: PROPERTY CHANGE: Adding AI_RollbackAccount property. Its value is 'postgresNopUser{75F0C14F-C0D9-4FC4-A878-08678788386D}'.
MSI (s) [TIME]: Doing action: AI_RollbackAccount
Action start TIME: AI_RollbackAccount.

Later:
(Only present in non-working sites)
MSI (s) [TIME]: Executing op: ActionStart(Name=AI_CommitAccounts,Description=Commit the creation of user accounts on the local computer,)
MSI (s) [TIME]: Executing op: CustomActionSchedule(Action=AI_CommitAccounts,ActionType=11777,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) [TIME]: Executing op: ActionStart(Name=AI_RollbackAccount,Description=Rolling back the creation of user accounts on the local computer,Template=Account: [1])
MSI (s) [TIME]: Executing op: CustomActionSchedule(Action=AI_RollbackAccount,ActionType=11521,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) [TIME]: Executing op: ActionStart(Name=AI_CreateAccount,Description=Creating user account on the local computer,Template=Account: [1])
MSI (s) [TIME]: Executing op: CustomActionSchedule(Action=AI_CreateAccount,ActionType=11265,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) [TIME]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI760B.tmp, Entrypoint: CreateAccount

The NopUser mentioned in the logs is the windows user that runs our service. It is has been set up in the installer (both in the original version and in the upgrade) under Users and Groups with "Delete user profile folder when user account is deleted" as unchecked and and Error Policy of "Skip user creation if the user already exists" Within our custom actions we have a step to assign the "Log on as a service" policy setting .

Wade will add details about the cert issue.

wholt@nabancard.com
Posts: 9
Joined: Mon Feb 01, 2021 11:15 pm

Re: Windows User Error after running upgrade

Thu Apr 14, 2022 4:46 pm

The user issue is manifested in the service user (the one Max mentioned above being removed and rolled backed) not being able no longer access the application embedded application resource in the lib dll (or more accurate, the security sensitive parts of the resource ???)

as a service a .net exe runs using a .net dll library
the exe is just a stub for a service, the library is where the executing code lies
in the dll lib, is are embedded resources, of which one of those is a pfx certificate

byte[] certBytes = Properties.Resources.certificate_pfx;
Certificate = new X509Certificate2(certBytes, "certificatePassphase");
//the following will throw an exception ONLY when the user rollback is done,
// on a normal install/re-install/upgrade it will not. Its really accessing
// the Certificate that has the problem, and isnt really the cert as a whole
// but more like its the secrets part(s)
var spJson = System.Text.Json.JsonSerializer.Serialize(Certificate);

Catalin
Posts: 6510
Joined: Wed Jun 13, 2018 7:49 am

Re: Windows User Error after running upgrade

Tue Apr 19, 2022 11:57 am

Hello Max, Wade,

This is indeed a strange behavior.

Am I understanding this right, that the user account is deleted only on certain machine (despite the option to no delete it being checked) and this causes the certificate error?

If that is the case, are you guys able to replicate this on any of your machines?

If so, could you please forward me the following resources:

- a copy of the .AIP file

- a download link for the v1 of the setup

- a download link for the v2 of the setup

- some details about this issue - i.e. a test-case to help me reproduce and better understand the issue

by email at support at advancedinstaller dot com?

Additionally, could you please give me some more details about the option to not remove the user during uninstall, as I was not quite able to find it, at least not in the "Users and Groups" page. The "Delete user profile folder when user account is deleted" does not affect the user account itself, but only the user profile folder.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

mpande
Posts: 64
Joined: Tue Sep 28, 2021 1:52 pm

Re: Windows User Error after running upgrade

Tue Apr 19, 2022 4:33 pm

Am I understanding this right, that the user account is deleted only on certain machine (despite the option to no delete it being checked) and this causes the certificate error?
-Yes

If that is the case, are you guys able to replicate this on any of your machines?
-We have not been able to reproduce this on our lab machines. It has occurred frequently on customer machines.

If so, could you please forward me the following resources:

- a copy of the .AIP file
- a download link for the v1 of the setup
- a download link for the v2 of the setup
- some details about this issue - i.e. a test-case to help me reproduce and better understand the issue
by email at support at advancedinstaller dot com?


Additionally, could you please give me some more details about the option to not remove the user during uninstall, as I was not quite able to find it, at least not in the "Users and Groups" page. The "Delete user profile folder when user account is deleted" does not affect the user account itself, but only the user profile folder.

We have the install condition for the user set on the new AIP file as "OLDPRODUCTS".

Catalin
Posts: 6510
Joined: Wed Jun 13, 2018 7:49 am

Re: Windows User Error after running upgrade

Thu Apr 28, 2022 2:10 pm

Hello Max,

First of all, please accept my apologies for the delayed reply on this (we had some days off due to Orthodox Easter holiday).

As previously mentioned, that option from the "Users and Groups" page does not prevent the user from being removed.

In order to do that, please follow the steps my colleague Daniel has given you here:

Prevent User Deletion

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”