Can't remove OTP cred provider on windows host

365 views
Skip to first unread message

Plancks Constant

unread,
May 6, 2016, 5:36:19 PM5/6/16
to RCDevs Security Solutions - Technical
I installed the openOTP credential Provider for WIndows 64bit to a 2012 host.   

I can RDP into the host with OTP client using LDAP + OTP (MFA).... works well. 

The account I use is a domain admin.  

I'm done and wanted to remove the client form the server but I cannot. 
Using the normal method - Programs and Feature, select openOTP cred provider, click Uninstall, and I get a windows stating "You Must be an Administrator".    So the client cant be removed.  
The account is a domain admin and has admin rights on the host (i can do other admin stuff).    

What am I doing wrong here?   Something I missed?  

What additional info do you need? 


Yoann Traut (RCDevs)

unread,
May 9, 2016, 4:19:29 AM5/9/16
to RCDevs Security Solutions - Technical
Hello, 

Have you tried with the .msi installer file ?  

It's strange! I just tried on my Windows 2012 R2 VM and I have not the same problem like you. Everything works for me. 
Try uninstalling with .MSI installer. 


Best Regards 

Plancks Constant

unread,
May 9, 2016, 10:47:26 AM5/9/16
to RCDevs Security Solutions - Technical
Tried it with the MSI.   Got the same result.   "You must be an administrator" .   

I try to 'run as different user' and use credentials for a 2nd domain admin and also get same results. 

Very odd, I've never had a program complain about the domain admin not having rights.   


Yoann Traut (RCDevs)

unread,
May 9, 2016, 11:09:54 AM5/9/16
to RCDevs Security Solutions - Technical
Very strange...

What is the version of your credential provider ? 

Could you tried with local admin account please ? 

Best Regards

Plancks Constant

unread,
May 9, 2016, 11:31:07 AM5/9/16
to RCDevs Security Solutions - Technical
Cred provider was Downloaded Friday.   MSI properties shows version 3.1.119.1618

This one host is a Domain Controller so there is no local admin.  

Is there a manual uninstall?    


Plancks Constant

unread,
May 9, 2016, 11:40:32 AM5/9/16
to RCDevs Security Solutions - Technical
Event Viewer shows: 
Event ID: 1034:
Windows Installer removed the product. Product Name: OpenOTP Credential Provider for Windows (64 bit). Product Version: 3.1.119.1618. Product Language: 1033. Manufacturer: RCDevs. Removal success or error status: 1603. 

Event ID 1013:
Product: OpenOTP Credential Provider for Windows (64 bit) -- You must be an Administrator!

Plancks Constant

unread,
May 9, 2016, 11:41:09 AM5/9/16
to RCDevs Security Solutions - Technical
Here is the verbose logging for an attempt to remove the product from the Domain Controller: 



=== Verbose logging started: 5/9/2016  11:39:45  Build type: SHIP UNICODE 5.00.9600.00  Calling process: c:\Windows\System32\msiexec.exe ===
MSI (c) (60:9C) [11:39:45:423]: Font created.  Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (60:9C) [11:39:45:423]: Font created.  Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (60:74) [11:39:45:423]: Resetting cached policy values
MSI (c) (60:74) [11:39:45:423]: Machine policy value 'Debug' is 0
MSI (c) (60:74) [11:39:45:423]: ******* RunEngine:
           ******* Product: c:\bin\OpenOTP_CredentialProvider.msi
           ******* Action: 
           ******* CommandLine: **********
MSI (c) (60:74) [11:39:45:423]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (60:74) [11:39:45:423]: Grabbed execution mutex.
MSI (c) (60:74) [11:39:45:439]: Cloaking enabled.
MSI (c) (60:74) [11:39:45:439]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (60:74) [11:39:45:439]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C0:84) [11:39:45:439]: Running installation inside multi-package transaction c:\bin\OpenOTP_CredentialProvider.msi
MSI (s) (C0:84) [11:39:45:439]: Grabbed execution mutex.
MSI (s) (C0:F0) [11:39:45:439]: Resetting cached policy values
MSI (s) (C0:F0) [11:39:45:439]: Machine policy value 'Debug' is 0
MSI (s) (C0:F0) [11:39:45:439]: ******* RunEngine:
           ******* Product: c:\bin\OpenOTP_CredentialProvider.msi
           ******* Action: 
           ******* CommandLine: **********
MSI (s) (C0:F0) [11:39:45:439]: Machine policy value 'DisableUserInstalls' is 0
F-818A4051248E} is admin assigned: LocalSystem owns the publish key.
MSI (s) (C0:F0) [11:39:45:455]: Product {E189CC3A-2370-473E-B65F-818A4051248E} is managed.
MSI (s) (C0:F0) [11:39:45:455]: Running product '{E189CC3A-2370-473E-B65F-818A4051248E}' with elevated privileges: Product is assigned.
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'DisableFlyWeightPatching' is 0
`Error` = 1717 
MSI (s) (C0:F0) [11:39:45:439]: Calling SRSetRestorePoint API. dwRestorePtType: 1, dwEventType: 102, llSequenceNumber: 0, szDescription: "Removed OpenOTP Credential Provider for Windows (64 bit)".
MSI (s) (C0:F0) [11:39:45:439]: The call to SRSetRestorePoint API failed. Returned status: 0. GetLastError() returned: 127
MSI (s) (C0:F0) [11:39:45:439]: MSCOREE not loaded loading copy from system32
MSI (s) (C0:F0) [11:39:45:455]: End dialog not enabled
MSI (s) (C0:F0) [11:39:45:455]: Original package ==> c:\bin\OpenOTP_CredentialProvider.msi
MSI (s) (C0:F0) [11:39:45:455]: Package we're running from ==> C:\Windows\Installer\7c553.msi
MSI (s) (C0:F0) [11:39:45:455]: APPCOMPAT: Uninstall Flags override found.
MSI (s) (C0:F0) [11:39:45:455]: APPCOMPAT: Uninstall VersionNT override found.
MSI (s) (C0:F0) [11:39:45:455]: APPCOMPAT: Uninstall ServicePackLevel override found.
MSI (s) (C0:F0) [11:39:45:455]: APPCOMPAT: looking for appcompat database entry with ProductCode '{E189CC3A-2370-473E-B65F-818A4051248E}'.
MSI (s) (C0:F0) [11:39:45:455]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'DisablePatch' is 0
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'DisableMsi' is 1
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (C0:F0) [11:39:45:455]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (C0:F0) [11:39:45:455]: Product {E189CC3A-2370-473E-B65ue is '5'.
MSI (s) (C0:F0) [11:39:45:455]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (s) (C0:F0) [11:39:45:455]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 3: 2 
MSI (s) (C0:F0) [11:39:45:455]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (C0:F0) [11:39:45:455]: Specifed source is not already in a list.
MSI (s) (C0:F0) [11:39:45:455]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'DisableBrowse' is 0
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'AllowLockdownBrowse' is 0
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (C0:F0) [11:39:45:455]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (C0:F0) [11:39:45:455]: Product {E189CC3A-2370-473E-B65F-818A4051248E} is admin assigned: LocalSystem owns the publish key.
MSI (s) (C0:F0) [11:39:45:455]: Product {E189CC3A-2370-473E-B65F-818A4051248E} is managed.
MSI (s) (C0:F0) [11:39:45:455]: Running product '{E189CC3A-2370-473E-B65F-818A4051248E}' with elevated privileges: Product is assigned.
MSI (s) (C0:F0) [11:39:45:455]: Adding new sources is not allowed.
MSI (s) (C0:F0) [11:39:45:455]: Warning: rejected attempt to add new source 'c:\bin\' (product: {E189CC3A-2370-473E-B65F-818A4051248E})
signed: LocalSystem owns the publish key.
MSI (s) (C0:F0) [11:39:45:455]: Product {E189CC3A-2370-473E-B65F-818A4051248E} is managed.
MSI (s) (C0:F0) [11:39:45:455]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (C0:F0) [11:39:45:455]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (C0:F0) [11:39:45:455]: MSI_LUA: Credential prompt is not required at this point, product is managed and deployment compliant
MSI (s) (C0:F0) [11:39:45:455]: Note: 1: 2205 2:  3: MsiPackageCertificate 
MSI (s) (C0:F0) [11:39:45:455]: Note: 1: 2205 2:  3: MsiDigitalCertificate 
MSI (s) (C0:F0) [11:39:45:455]: PROPERTY CHANGE: Adding ProductState property. Its valMSI (s) (C0:F0) [11:39:46:861]: MSI_LUA: Credential Request return = 0x0
MSI (s) (C0:F0) [11:39:46:861]: MSI_LUA: Elevated credential consent provided. Install will run elevated
MSI (s) (C0:F0) [11:39:46:861]: Note: 1: 2205 2:  3: MsiPackageCertificate 
MSI (s) (C0:F0) [11:39:46:861]: Note: 1: 2205 2:  3: MsiDigitalCertificate 
MSI (s) (C0:F0) [11:39:46:861]: MSI_LUA: Allowing use of new source since consent was provided
MSI (s) (C0:F0) [11:39:46:861]: Package name retrieved from configuration data: 'OpenOTP_CredentialProvider.msi'
MSI (s) (C0:F0) [11:39:46:861]: Note: 1: 2205 2:  3: Error 
MSI (s) (C0:F0) [11:39:46:861]: Note: 1: 2262 2: AdminProperties 3: -2147287038 
MSI (s) (C0:F0) [11:39:46:861]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (C0:F0) [11:39:46:861]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (C0:F0) [11:39:46:861]: Product {E189CC3A-2370-473E-B65F-818A4051248E} is admin assigned: LocalSystem owns the publish key.
MSI (s) (C0:F0) [11:39:46:861]: Product {E189CC3A-2370-473E-B65F-818A4051248E} is managed.
MSI (s) (C0:F0) [11:39:46:861]: Running product '{E189CC3A-2370-473E-B65F-818A4051248E}' with elevated privileges: Product is assigned.
MSI (s) (C0:F0) [11:39:46:861]: PROPERTY CHANGE: Adding REMOVE property. Its value is 'ALL'.
MSI (s) (C0:F0) [11:39:46:861]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\Windows\System32'.
MSI (s) (C0:F0) [11:39:46:861]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '2'.
MSI (s) (C0:F0) [11:39:46:861]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '3936'.
MSI (s) (C0:F0) [11:39:46:861]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0
MSI (s) (C0:F0) [11:39:46:861]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is '5753db3530577544b22145ee51b963d9'.
MSI (s) (C0:F0) [11:39:46:861]: RESTART MANAGER: Session opened.
MSI (s) (C0:F0) [11:39:46:861]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (s) (C0:F0) [11:39:46:861]: TRANSFORMS property is now: 
MSI (s) (C0:F0) [11:39:46:861]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '1033'.
MSI (s) (C0:F0) [11:39:46:861]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '405'.
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\Favorites
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\Documents
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\Recent
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\SendTo
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\Templates
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (s) (C0:F0) [11:39:46:861]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Local
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\Pictures
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\Users\mkane\Desktop
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (s) (C0:F0) [11:39:46:876]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16 
MSI (s) (C0:F0) [11:39:46:876]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding AdminUser property. Its value is '1'.
MSI (s) (C0:F0) [11:39:46:876]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'EC2'.
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Amazon.com'.
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding Installed property. Its value is '00:00:00'.
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Windows\Installer\7c553.msi'.
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\bin\OpenOTP_CredentialProvider.msi'.
MSI (s) (C0:F0) [11:39:46:876]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 2205 2:  3: PatchPackage 
MSI (s) (C0:F0) [11:39:46:876]: Machine policy value 'DisableRollback' is 0
MSI (s) (C0:F0) [11:39:46:876]: User policy value 'DisableRollback' is 0
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding UILevel property. Its value is '3'.
=== Logging started: 5/9/2016  11:39:46 ===
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038 
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding Preselected property. Its value is '1'.
MSI (s) (C0:F0) [11:39:46:876]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (C0:F0) [11:39:46:876]: Doing action: INSTALL
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 2205 2:  3: ActionText 
Action start 11:39:46: INSTALL.
MSI (s) (C0:F0) [11:39:46:876]: Running ExecuteSequence
MSI (s) (C0:F0) [11:39:46:876]: Doing action: System64Folder_amd64_VC.05F0B5F5_44A8_3793_976B_A4F17AECF92C
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 2205 2:  3: ActionText 
MSI (s) (C0:F0) [11:39:46:876]: PROPERTY CHANGE: Adding System64Folder_amd64_VC.05F0B5F5_44A8_3793_976B_A4F17AECF92C property. Its value is 'C:\Windows\system32\'.
Action start 11:39:46: System64Folder_amd64_VC.05F0B5F5_44A8_3793_976B_A4F17AECF92C.
MSI (s) (C0:F0) [11:39:46:876]: Doing action: FindRelatedProducts
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 2205 2:  3: ActionText 
Action ended 11:39:46: System64Folder_amd64_VC.05F0B5F5_44A8_3793_976B_A4F17AECF92C. Return value 1.
MSI (s) (C0:F0) [11:39:46:876]: Skipping FindRelatedProducts action: not run in maintenance mode
Action start 11:39:46: FindRelatedProducts.
MSI (s) (C0:F0) [11:39:46:876]: Doing action: CheckAdministratorPrivileges
MSI (s) (C0:F0) [11:39:46:876]: Note: 1: 2205 2:  3: ActionText 
Action ended 11:39:46: FindRelatedProducts. Return value 0.
MSI (s) (C0:54) [11:39:46:892]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI93A3.tmp, Entrypoint: CheckAdministratorPrivileges
MSI (s) (C0:74) [11:39:46:892]: Generating random cookie.
MSI (s) (C0:74) [11:39:46:892]: Created Custom Action Server with PID 3736 (0xE98).
MSI (s) (C0:F4) [11:39:46:908]: Running as a service.
MSI (s) (C0:F4) [11:39:46:908]: Hello, I'm your 32bit Impersonated custom action server.
Action start 11:39:46: CheckAdministratorPrivileges.
MSI (s) (C0!C0) [11:39:46:923]: PROPERTY CHANGE: Adding USER_IS_ADMINISTRATOR property. Its value is '0'.
CheckAdministratorPrivileges:  Initialized.
CustomAction CheckAdministratorPrivileges returned actual error code 1603 but will be translated to success due to continue marking
MSI (s) (C0:F0) [11:39:46:923]: Doing action: CheckAdministratorPrivilegesFalse
MSI (s) (C0:F0) [11:39:46:923]: Note: 1: 2205 2:  3: ActionText 
Action ended 11:39:46: CheckAdministratorPrivileges. Return value 1.
Action start 11:39:46: CheckAdministratorPrivilegesFalse.
MSI (s) (C0:F0) [11:39:47:939]: Note: 1: 2205 2:  3: Error 
MSI (s) (C0:F0) [11:39:47:939]: Note: 1: 2228 2:  3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709 
MSI (s) (C0:F0) [11:39:47:939]: Product: OpenOTP Credential Provider for Windows (64 bit) -- You must be an Administrator!

MSI (c) (60:9C) [11:39:46:939]: Font created.  Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

Action ended 11:39:47: CheckAdministratorPrivilegesFalse. Return value 3.
Action ended 11:39:47: INSTALL. Return value 3.
MSI (s) (C0:F0) [11:39:47:939]: Note: 1: 1725 
MSI (s) (C0:F0) [11:39:47:939]: Note: 1: 2205 2:  3: Error 
MSI (s) (C0:F0) [11:39:47:939]: Note: 1: 2228 2:  3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1725 
MSI (s) (C0:F0) [11:39:47:939]: Note: 1: 2205 2:  3: Error 
MSI (s) (C0:F0) [11:39:47:939]: Note: 1: 2228 2:  3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709 
MSI (s) (C0:F0) [11:39:47:939]: Product: OpenOTP Credential Provider for Windows (64 bit) -- Removal failed.

MSI (s) (C0:F0) [11:39:47:939]: Windows Installer removed the product. Product Name: OpenOTP Credential Provider for Windows (64 bit). Product Version: 3.1.119.1618. Product Language: 1033. Manufacturer: RCDevs. Removal success or error status: 1603.

MSI (s) (C0:F0) [11:39:47:939]: Deferring clean up of packages/files, if any exist
MSI (s) (C0:F0) [11:39:47:939]: MainEngineThread is returning 1603
MSI (s) (C0:84) [11:39:47:939]: RESTART MANAGER: Session closed.
MSI (s) (C0:84) [11:39:47:939]: No System Restore sequence number for this installation.
=== Logging stopped: 5/9/2016  11:39:47 ===
MSI (s) (C0:84) [11:39:47:939]: User policy value 'DisableRollback' is 0
MSI (s) (C0:84) [11:39:47:939]: Machine policy value 'DisableRollback' is 0
MSI (s) (C0:84) [11:39:47:939]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C0:84) [11:39:47:955]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (C0:84) [11:39:47:955]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (C0:84) [11:39:47:955]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (s) (C0:84) [11:39:47:955]: Destroying RemoteAPI object.
MSI (s) (C0:74) [11:39:47:955]: Custom Action Manager thread ending.
MSI (c) (60:74) [11:39:47:955]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (60:74) [11:39:47:955]: MainEngineThread is returning 1603
=== Verbose logging stopped: 5/9/2016  11:39:47 ===

 

Yoann Traut (RCDevs)

unread,
May 9, 2016, 11:43:06 AM5/9/16
to RCDevs Security Solutions - Technical
Could you try to uninstall with Powershell as Administrator please ? Run Powershell as Administrator, go to the folder where .msi file is located and run .msi since Powershell. 

Best Regards 

Plancks Constant

unread,
May 9, 2016, 11:48:35 AM5/9/16
to RCDevs Security Solutions - Technical
Powershell did the trick.    I was able to remove.  

Yoann Traut (RCDevs)

unread,
May 9, 2016, 11:55:57 AM5/9/16
to RCDevs Security Solutions - Technical
Great !

Ayson Niel

unread,
Feb 10, 2017, 4:19:04 PM2/10/17
to RCDevs Security Solutions - Technical
I am having the same exact problem but nothing I do, including what has been stated in this thread works to remove the software. Additionally over time the software "evolved" from doing nothing to suddenly today my login shows RCDEVS icon as opposed to my domain login and no logins, including local admin users, work. I have had to restore my machine to gain access but still RCDevs credentials is present and still I cant get rid of it.

The power shell pops up a dialog telling me a 80 word "error" along the lines of "This patch package could not be opened." ....  Basically it failed.

This is pretty bad as I was evaluating this software for possible MFA deployment at work. I think this one event alone is enough to kill the current POC.

On Monday, May 9, 2016 at 9:55:57 AM UTC-6, Yoann Traut (RCDevs) wrote:
Great !

Ibrahim MESLEM (RCDevs)

unread,
Feb 13, 2017, 10:56:38 AM2/13/17
to RCDevs Security Solutions - Technical
Hello Ayson , 

Can you provide us which version in use ? 

do you have any other credential provider to use in order to access the machine ?

Ayson Niel

unread,
Feb 13, 2017, 2:53:20 PM2/13/17
to RCDevs Security Solutions - Technical
I think it was 1.1.2 64bit but its hard to say now. I would have performed the install perhaps 2 months ago at most. I had to revert back so far in my snapshots that I lost the download used during the installation. I know it was not the current 1.1.3.  The machine has local admin and regular user accounts but none of them would work. I had no choice but to restore from previous backups to recover. I would be willing to test it again but I simply do not have the time if I encounter this scenario again.  The time line I am on is exceedingly compressed. I can tell you that looking through the registry I saw the uninstall location and even attempted to use msiexec and specify the inventory ID with the same results. 

francois...@rcdevs.com

unread,
Feb 14, 2017, 4:12:10 AM2/14/17
to RCDevs Security Solutions - Technical
Hello,

When you test, you must keep our credential provider optional. During the installation, keep the red cross with "Default provider" and you will be able to change to the credential provider provided with Windows.
When you are sure that our credential provider is configured properly, you can enable it as "Default provider" and you will be obliged to use it.
Reply all
Reply to author
Forward
0 new messages