stinger007
Well-known member
Sorry last one :)
Wondering what your thoughts are about running this on the problem server to update sense?
Wondering what your thoughts are about running this on the problem server to update sense?
Windows Server 2016 x64 - unable to enable Defender Missing KB's
- Thread starter stinger007
- Start date
I was working on an environment to reproduce this issue, to kill Defender etc.
KB5005292 is the same version (10.8735.26020.1009), but maybe re-installing will help, so I would give it a try?
stinger007
Well-known member
Thanks mate you don't give up do you!!
Ok so I ran the exe from above, I don't think it installed as files are from a few days ago when we copied over. I could extract the exe and manually copy them? just want to check things like this with you 1st before doing anything, as I don't want to undo all the work you've done.
Ok so I ran the exe from above, I don't think it installed as files are from a few days ago when we copied over. I could extract the exe and manually copy them? just want to check things like this with you 1st before doing anything, as I don't want to undo all the work you've done.
Indeed, I don't give up so easily when just one service is going 'freaky', I will do some tests with KB5005292 on a VM here here this weekend and post the findings.
So have a good weekend...
So have a good weekend...
stinger007
Well-known member
Thanks as always for your help mate - Have a great weekend
Hi,
I've just installed a new VM to test some things, so make first a backup of the services key:
Warning: This fix was written specifically for this system. Do not run this fix on another system.
Afterwards reboot the server and try to start the Sense service again.
I've just installed a new VM to test some things, so make first a backup of the services key:
Code:
reg save "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" "%userprofile%\Desktop\Services_BKP.hiv"Warning: This fix was written specifically for this system. Do not run this fix on another system.
- Save any work you have open, and close all programs.
- Download the attachment SFCFixScript.txt and save it to your desktop.
- Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.
- SFCFix will launch, let it complete.
- Once done, a file will appear on your desktop, called SFCFix.txt.
- Post the logfile (SFCFix.txt) as attachment in your next reply.
Afterwards reboot the server and try to start the Sense service again.
stinger007
Well-known member
Good Morning, hope you had a good weekend. I've backed up the Key, run the fix output below, looks like we have a few failures below. Shall I reboot and try anyway?
RegistryScript::
Failed to set registry key ownership for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense with error code 0x51B.
Failed to set registry key ownership for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services with error code 0x51B.
Failed to set registry key ownership for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense with error code 0x51B.
Successfully deleted registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense.
Successfully imported registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense.
Successfully imported registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense\Security.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense with error code ERROR_FILE_NOT_FOUND.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense\Security.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense.
RegistryScript:: directive failed to complete successfully.
Failed to process all directives successfully.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 203 datablocks.
Finish time: 2024-06-17 09:58:13.156
Script hash: 8q386E1GHGFbrWN3oevDb/9tR5HJe247wOcC1o1y3nA=
----------------------EOF-----------------------
RegistryScript::
Failed to set registry key ownership for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense with error code 0x51B.
Failed to set registry key ownership for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services with error code 0x51B.
Failed to set registry key ownership for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense with error code 0x51B.
Successfully deleted registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense.
Successfully imported registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense.
Successfully imported registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense\Security.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense with error code ERROR_FILE_NOT_FOUND.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense\Security.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense.
RegistryScript:: directive failed to complete successfully.
Failed to process all directives successfully.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 203 datablocks.
Finish time: 2024-06-17 09:58:13.156
Script hash: 8q386E1GHGFbrWN3oevDb/9tR5HJe247wOcC1o1y3nA=
----------------------EOF-----------------------
Good morning too!
On my test server I got the same error messages, so yes please reboot the server.
On my test server I got the same error messages, so yes please reboot the server.
stinger007
Well-known member
Rebooted, also disabled trend, service will not start via services. When started via CMD it's saying an instance is already running
Open services.msc > Sense > Properties and take a screenshot of the dependencies tab.
stinger007
Well-known member
Thanks, See below. This is also the same on the working server
Yeah, this looks good. Try to run the offboarding script and post the result.
stinger007
Well-known member
There's no log file just the below. It's interesting as I can run the offboarding script multiple time and it will always run as successful
Okay, let's see the result when you try the other script and if it's still complaining about a Sense issue.
stinger007
Well-known member
Could it be time to crack open the Champagne!!!! I'll run through the install and let you know!
That's great news. Fingers crossed! 
stinger007
Well-known member
So close!. I've never seen this error before, looks like its trying to install the service. Retry does nothing
I pressed Ignore and the install ended
error below
I've attached the the 2 log files. I'm templated to try it again without -Passive just to see if we can get it installed. If it works passive mode can always be set later in the reg
I pressed Ignore and the install ended
error below
I've attached the the 2 log files. I'm templated to try it again without -Passive just to see if we can get it installed. If it works passive mode can always be set later in the reg
A useful tool to examine permissions is SetACL studio which can be activated with the freeware key.
Please check the permissions of the following key on both servers.
Please check the permissions of the following key on both servers.
Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sensestinger007
Well-known member
Very good tool, cheers. results below
Please open the services section > Windows Defender Advanced Threat Protection Service and take a screenshot.