on Dec 17, 2018Article Content
| Article Number | 000037018 |
| Applies To | RSA Product Set: NetWitness Endpoint RSA Product/Service Type: NetWitness Endpoint RSA Version/Condition: 4.4.x / Insights 11.1.x-11.2.x Platform: Windows |
| Issue | Verification using SCCM or other tools that bulk push out updates may be difficult to verify that they have been performed successfully. Since the agent rolls back failed upgrades, the version number in the registry should still show the old agent version. Hence, targeting the DisplayVersion and InstallDate registry values may yield information about the agent. |
| Cause | The causes for agent failure to install have multiple reasons and are not necessary for this article's discussion. |
| Resolution | Using SCCM or another software solution, verify the output of the following registry keys:
The first value will have a version number in the following format: 4.4.0.6 Use this to verify the version of the agent The second value will have an install date in the following format: 20180610 Use this to verify the installation date of the agent in conjunction with its reported version number Taken together, it becomes possible to verify if an agent upgrade succeeded or failed as these values would rollback to their previous entries if an installation fails. Note this applies to upgrades mainly; for fresh installs, a separate registry key located in the services directory called ServerSS is useful to determine if the agent checked in to the server after installation.  |
| Notes | To the Uninstall registry location, it is identical between the original ECAT agent, and the Insights agent, although the values will be different in some cases. The two values used in this article do not change, so both can be treated the same for testing if an upgrade succeeded or failed. |