Wazuh Agent Reinstallation Problem
272 views
Skip to first unread message
George Xristop
Nov 29, 2024, 7:55:46 AM11/29/24
to Wazuh | Mailing List
So im facing a problem re-installing the wazuh agent on Windows endpoints , i have tryied to use the CLI and the MSI and i am not seeing anything . I had wazuh agent version 4.7.3 installed on windows endpoint's a while back with the help of Active Directory Group Policy. I have unistalled the agent and in the path of C://ProgramFiles (x86)/ossec-agent , and in the folder im seeing a folder named upgrades , some files
client.keys.save
local_internal_option.conf.save
ossec.conf.save .
When i try and Run the MSI of the wazuh Agent 4.9.2 the progress bar finishes fast and i see a deleting backup files , it says the installation has been completed and the folder of ossec-agent does have the problem files(you know active-response,logs,queue and all that) . What could the problem be
Any Idea what to do maybe use another group policy ?
Pedro Maximiliano Tolosa
Nov 29, 2024, 4:28:02 PM11/29/24
to Wazuh | Mailing List
Dear User,
Based on the information provided, it seems that the uninstallation process of the Wazuh Agent version 4.7.2 did not completely remove all files and configurations, which could be interfering with the installation of version 4.9.2.
To resolve this issue, please follow the steps below:
Before starting please back up the installation folder to prevent configuration losses
1. --Verify and Remove Residual Files:
- Ensure there are no leftover files in `C:\Program Files (x86)\ossec-agent`. If you see folders like `upgrades` or files such as `ossec.conf.save`, delete them manually.
- Confirm that the "Wazuh Agent" service is not registered in the system by running the following command in an elevated Command Prompt:
cmd
sc delete WazuhAgent
2. --Clean the Windows Registry:
- Open the Windows Registry Editor (`regedit`) and search for entries related to `ossec-agent` or `Wazuh Agent`. Delete these entries.
- If you prefer, you can use a reliable registry cleaner tool to simplify the process.
3. --Reinstall the Agent:
- Run the MSI installer with administrative privileges. To capture installation logs for troubleshooting, use the following command in PowerShell:
PowerShell msiexec.exe /i PathToMSI/wazuh-agent-4.9.2.msi /q WAZUH_MANAGER='SERVER IP' WAZUH_AGENT_NAME='AGENT-NAME' /L*V install.log
- This will generate an `install.log` file in the same directory where you executed the command. Please share this log with us if the issue persists.
4. --Consider Using GPO Deployment:
Please try these steps and let us know the results. Feel free to reach out if you have any additional questions.
Best regards,
Pedro Tolosa
Based on the information provided, it seems that the uninstallation process of the Wazuh Agent version 4.7.2 did not completely remove all files and configurations, which could be interfering with the installation of version 4.9.2.
To resolve this issue, please follow the steps below:
Before starting please back up the installation folder to prevent configuration losses
1. --Verify and Remove Residual Files:
- Ensure there are no leftover files in `C:\Program Files (x86)\ossec-agent`. If you see folders like `upgrades` or files such as `ossec.conf.save`, delete them manually.
- Confirm that the "Wazuh Agent" service is not registered in the system by running the following command in an elevated Command Prompt:
cmd
sc delete WazuhAgent
2. --Clean the Windows Registry:
- Open the Windows Registry Editor (`regedit`) and search for entries related to `ossec-agent` or `Wazuh Agent`. Delete these entries.
- If you prefer, you can use a reliable registry cleaner tool to simplify the process.
3. --Reinstall the Agent:
- Run the MSI installer with administrative privileges. To capture installation logs for troubleshooting, use the following command in PowerShell:
PowerShell msiexec.exe /i PathToMSI/wazuh-agent-4.9.2.msi /q WAZUH_MANAGER='SERVER IP' WAZUH_AGENT_NAME='AGENT-NAME' /L*V install.log
- This will generate an `install.log` file in the same directory where you executed the command. Please share this log with us if the issue persists.
4. --Consider Using GPO Deployment:
- If you plan to deploy the agent using a Group Policy Object (GPO), ensure the system is completely clean before applying the policy to avoid conflicts.
5. -- Force the agent service:
Using the CLI execute: NET START WazuhSvc
Then check the log file in 'C:\Program Files (x86)\ossec-agent\ossec.log'
5. -- Force the agent service:
Using the CLI execute: NET START WazuhSvc
Then check the log file in 'C:\Program Files (x86)\ossec-agent\ossec.log'
additionally here's our documentation: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/index.html
Please try these steps and let us know the results. Feel free to reach out if you have any additional questions.
Best regards,
Pedro Tolosa
Reply all
Reply to author
Forward
0 new messages