Manual installation of agent fails on registration.

Version 21

    Symptoms

     

    You attempt to manually install an agent and it fails during the registration process.

     

      Error found in registration.log

    • 'Error during registration. Error: Error 1300: Not all privileges or groups referenced are assigned to the caller'

      Error found  in the STAgentUI.log

    • 'Error 1314: A required privilege is not held by the client'
    • 'class STWin32::CWin32Exception at X509Certificate.cpp:65: Error 5: Access is denied'

      Error found in the STAgentManagement.log

    • Error: 'class STServiceModel::Wws::CWebServiceException at RegistrationServiceClient.cpp:401: Unable to register the agent with the provided registration key

     

     

    Cause

     

    This error is seen if the user account used to install the agent does not have the correct permissions.

     

    Resolution

     

    Ensure the SYSTEM account, as well as the user installing the agent has full control over C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder as well as the files in the directory.

     

    Add required rights in User Rights Assignments.

     

        Known rights needed to install and register agents.

      • "Act as Operating System"
      • "Take Ownership"

     

    1. Open Local Security Settings.
    2. In the console tree, click User Rights Assignment.
      - Security Settings/Local Policies/User Rights Assignments
    3. In the details pane, double-click the user right you want to change.
    4. In UserRight Properties, click Add User or Group.
    5. Add the user or group and click OK.

      To open Local Security Policy, click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.

    You can also check what rights the current user has by running the following command from a Windows Command Prompt.

    >whoami /priv

     

    Additional Information

     

    Settings are applied in the following order through a Group Policy Object (GPO), which will overwrite settings on the local computer at the next Group Policy update:

    Local policy settings
    Site policy settings
    Domain policy settings
    OU policy settings

      When a local setting is greyed out, it indicates that a GPO currently controls that setting.

     

    Affected Products


    Shavlik Protect 9.x