Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

CORTEX XDR Installation Error 1067

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

CORTEX XDR Installation Error 1067

L3 Networker

I am not able to install COrtex XDR in a WIN10 computer;

cortex-error-01.png

 

When we try to start the service below we received error message 1067

cortex-error-02.png

13 REPLIES 13

L1 Bithead

Hi Fabio,

Could you run again the installation following the https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cortex/cortex-xdr/7-0/cortex-xdr-ag... page 9 to get installation logs?

 

msiexec /i c:\install\cortexxdr.msi /l*v C:\temp\cortexxdrinstall.log /qn 

 

Please post the logs so we can have more context and help you out.

 

Thanks,

L2 Linker

Make sure you have the two certificates installed on the machine then try to re-start the installation.

L4 Transporter

Hi @FabioGarcia-

 

Were you able to run the installers with verbose logging?  If so, and you are still having the issue, can you please post the log snippet with the error description?


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Hello thanks for the feedback!

I am attaching some log files

Hi there.  Out of curiosity, have you tried to launch a command prompt as an administrator and kick off the MSI from there?  The 1603 error in the logs makes me lean this direction.  Also, TAC should be able to resolve this one quickly.  Have you tried reaching out to Support?


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

L1 Bithead

Sorry Expert, I have same issue.

The Cortex XDR agents appears pop up same like above, but after I tried to uninstall XDR agent, the process is stuck.

I tried to generate logs for TAC support, but cytray/icon XDR console is not showing.

 

Please help me how to Can I generate support log XDR if the cytray not appears.

L3 Networker

sounds like you need to run the agent cleaner on the asset first, then reboot and you should be good to go. 

L1 Bithead

How can do that? do u have tutorial for that?

Hi @Muhammad-Rusli Looks like there are two parts to your problem:

  1. Generating a support file
  2. Uninstalling an agent

 

Generating a Support File

You can generate support file from the XDR console . You can do it from the Endpoint Administration page or from Action Center.

1. Navigate to Endpoints -> Endpoint Management -> Endpoint Administration.

2. Right-click on the affected endpoint, navigate to Endpoint -> Endpoint Control -> Retrieve Support File

 

bbarmanroy_0-1637640182984.png

 

 

The process to retrieve a support file from the Action Center is described here: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/...

 

Uninstalling an agent

Please create a Support ticket at the Customer Support Portal (link), with the Support File. The TAC Engineer will advise you accordingly on the uninstallation process.

 

Hope this helps!

 

 

L1 Bithead

Hi Bbarmanroy,

 

Thanks for your advice, If the hostname device already deleted from XDR management and xtray/icon cannot appears in the device.

Do u have any other way for getting generate logs?

L5 Sessionator

Hi @FabioGarcia Can you try using a supported version of the agent (v>7.1)? Is this happening on 1 host or on multiple hosts? If the installation fails on the supported versions, please generate the support files for a subset of affected hosts and create a support ticket for a prompt triage and resolution.

That is an interesting edge case. Is the agent still installed on the endpoint?

You can try executing and see if this works: cytool log collect 

 

Link: https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-5/cortex-xdr-agent-admin/cortex-xdr-agent-for-...

 


@Muhammad-Rusli wrote:

Hi Bbarmanroy,

 

Thanks for your advice, If the hostname device already deleted from XDR management and xtray/icon cannot appears in the device.

Do u have any other way for getting generate logs?


 


@Muhammad-Rusli wrote:

Hi Bbarmanroy,

 

Thanks for your advice, If the hostname device already deleted from XDR management and xtray/icon cannot appears in the device.

Do u have any other way for getting generate logs?


@Muhammad-Rusli If you're looking to uninstall the agent manually, you can raise a support ticket in any case. They should be able to provide you with a cleaner tool to ensure a successful removal. 

  • 17040 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!