WiX Installer Fails on ADXRegistrator CreateSubKey - Access is denied

Add-in Express™ Support Service
That's what is more important than anything else

WiX Installer Fails on ADXRegistrator CreateSubKey - Access is denied
 
Gareth Thom




Posts: 12
Joined: 2017-06-14
Hi,

I am having exactly the same problem as was reported https://www.add-in-express.com/forum/read.php?FID=10&TID=14485, whereby my WiX MSI Installer does not seem able to elevate the permissions in order for ADXRegistrator to be able to register the addin. When running the MSI it goes through each page in the wizard then when it gets to the "Ready to Install" page it shows the "Install" button with the shield. When clicking "Install" the user is prompted for the Administrator password but it still does not seem to actually elevate the install.

I'm using the latest stable build of WiX 3.11.

The WIX Package is set to InstallScope="perMachine" InstallPrivileges="elevated" and the ADXRegistrator Custom Actions have "/privileges=admin" contained within the ExeCommand.

I've tried setting InstallerVersion to "200", "300" and "400" with no difference.

I've also tried setting the following property as seen on some Stack Overflow posts but with no success:
<Property Id="MSIUSEREALADMINDETECTION" Value="1" />

I have tried running the installer on both Windows 10 Enterprise PCs and Windows Server 2012 R2 and the only way to get either of them to install correctly is to create an elevated command prompt and run the MSI from there. It's almost as if the MSI elevates the installation process but when it comes to calling the ADXRegistrator Custom Actions they still run using the permission level of the original, non-elevated process, so when run normally these calls are not elevated, but when run from an elevated command prompt they are (as everything run from them would be).

Finally, like the other post, I created the installer using your "Create Setup Project" wizard so I don't know how to create a bootstrapper for this type of project. If this answer lies down this route, can you please direct me towards some documentation for doing this?

Here is the log file:


Add-in Express Registrator Log File: 06/14/2017 15:51:53

Installation directory: C:\Windows\Installer\
Registrator version: 8.6.4408.0
Operating System: Microsoft Windows Server 2012 R2 Datacenter Edition (build 9600), 64-bit
Process Owner: User
Command Line: "C:\Windows\Installer\MSIA379.tmp" /install="C:\Program Files (x86)\Elite\ContractCosting.DocumentManagement\Elite.ContractCosting.DocumentManagement.OfficeIntegration.dll" /privileges=admin
Run 'As Administrator': No
Process Elevated: No
Integrity Level: Medium
UAC (User Account Control): On
--------------------------------------------------------------
15:51:53 0300 Starting the add-in registration process.
15:51:53 0300 Loading mscoree.dll
15:51:53 0300 Success.
15:51:53 0300 .NET Framework installation directory:
15:51:53 0300 The latest version of .NET Framework: 'v4.0.30319'
15:51:53 0300 Loading CLR: v4.0.30319.
15:51:53 0300 Calling CLRCreateInstance method.
15:51:53 0300 Success.
15:51:53 0300 Calling GetRuntime method.
15:51:53 0300 Success.
15:51:53 0300 Checking if the hosting API of .NET Framework v4.0 beta is installed.
15:51:55 0300 The hosting API is up to date.
15:51:55 0300 Calling GetInterface method for the CorRuntimeHost interface.
15:51:55 0300 Success.
15:51:55 0300 Starting CLR...
15:51:55 0300 Success.
15:51:55 0300 Getting the CLR version.
15:51:55 0300 The CLR v4.0.30319 has been initialized successfully.
15:51:55 0300 Creating a new domain setup.
15:51:55 0300 Success.
15:51:55 0300 The 'shadow copy' is disabled.
15:51:55 0300 Creating a new application domain.
15:51:55 0300 Success.
15:51:55 0300 Getting the base directory for the domain.
15:51:55 0300 Success. The directory is 'C:\Program Files (x86)\Elite\ContractCosting.DocumentManagement\'.
15:51:55 0300 Searching for the Add-in Express core library.
15:51:55 0300 Success. The 'AddinExpress.MSO.2005.dll' file is found.
15:51:55 0300 Creating an instance of the 'AddinExpress.Deployment.ADXRegistrator' class.
15:51:55 0300 Assembly identity is 'AddinExpress.MSO.2005'.
15:51:56 0300 Success.
15:51:56 0300 Unwrapping the instance of the 'AddinExpress.Deployment.ADXRegistrator' class.
15:51:56 0300 Success.
15:51:56 0300 Calling the managed registration procedure (DISPID = 1610743823).
15:51:58 0300 Managed Error:
Date and Time: 14/06/2017 15:51:57
Machine Name: ILY1VQBK0OUNGHQ
IP Address: fe80::4dba:9b6a:81fe:6030%12
Current User: ILY1VQBK0OUNGHQ\Demo

Application Domain: C:\Program Files (x86)\Elite\ContractCosting.DocumentManagement\
Assembly Codebase: file:///C:/Program Files (x86)/Elite/ContractCosting.DocumentManagement/AddinExpress.MSO.2005.DLL
Assembly Full Name: AddinExpress.MSO.2005, Version=8.6.4408.0, Culture=neutral, PublicKeyToken=4416dd98f0861965
Assembly Version: 8.6.4408.0

Exception Source: AddinExpress.MSO.2005
Exception Type: System.ComponentModel.Win32Exception
Exception Message: Access is denied
Exception Target Site: CreateSubKey

---- Stack Trace ----
AddinExpress.Projects.Common.ADXRegistryKey.CreateSubKey(subKeyName As String)
AddinExpress.MSO.2005.DLL: N 0133 (0x85) IL
AddinExpress.Projects.Common.Utilities.RegisterManagedType(rootKey As ADXRegistryKey, type As Type, strAsmName As String, strAsmVersion As String, strAsmCodeBase As String, strRuntimeVersion As String, targetHive As ADXTargetRegistryHive, createVersionKey As Boolean)
AddinExpress.MSO.2005.DLL: N 0082 (0x52) IL
AddinExpress.Projects.Common.Utilities.RegisterType(t As Type, createVersionKey As Boolean, allUsers As Boolean, targetHive As ADXTargetRegistryHive, callRegMethod As Boolean)
AddinExpress.MSO.2005.DLL: N 0206 (0xCE) IL
AddinExpress.Projects.Common.Utilities.RegisterAssembly(assembly As Assembly, createVersionKey As Boolean, allUsers As Boolean, targetHive As ADXTargetRegistryHive, callRegMethod As Boolean)
AddinExpress.MSO.2005.DLL: N 0040 (0x28) IL
AddinExpress.Deployment.AddinDomainAdapter.RegisterForComInterop(register As Boolean, dllType As String, dllPath As String, showExceptions As Boolean)
AddinExpress.MSO.2005.DLL: N 0205 (0xCD) IL
AddinExpress.Deployment.ADXRegistrator.RegisterAssembly(commandLine As String)
AddinExpress.MSO.2005.DLL: N 0705 (0x2C1) IL



15:51:58 0300 The add-in registration process is completed with HRESULT = -2147467259.


Are you able to shed some light on this please?

Thanks,
Gareth
Posted 14 Jun, 2017 11:11:41 Top
Gareth Thom




Posts: 12
Joined: 2017-06-14
It looks like I had guessed correctly with the Custom Actions not getting elevated. By setting the Impersonate="no" on all three of them it installed correctly.

Would setting Impersonate="no" have any unintended side affects?

Here is the updated log file:


Add-in Express Registrator Log File: 06/14/2017 17:07:56

Installation directory: C:\Windows\Installer\
Registrator version: 8.6.4408.0
Operating System: Microsoft Windows Server 2012 R2 Datacenter Edition (build 9600), 64-bit
Process Owner: System
Command Line: "C:\Windows\Installer\MSI4134.tmp" /install="C:\Program Files (x86)\Elite\ContractCosting.DocumentManagement\Elite.ContractCosting.DocumentManagement.OfficeIntegration.dll" /privileges=admin
Run 'As Administrator': Yes
Process Elevated: Yes
Integrity Level: System
UAC (User Account Control): On
--------------------------------------------------------------
17:07:56 0300 Starting the add-in registration process.
17:07:56 0300 Loading mscoree.dll
17:07:56 0300 Success.
17:07:56 0300 .NET Framework installation directory:
17:07:56 0300 The latest version of .NET Framework: 'v4.0.30319'
17:07:56 0300 Loading CLR: v4.0.30319.
17:07:56 0300 Calling CLRCreateInstance method.
17:07:56 0300 Success.
17:07:56 0300 Calling GetRuntime method.
17:07:56 0300 Success.
17:07:56 0300 Checking if the hosting API of .NET Framework v4.0 beta is installed.
17:07:56 0300 The hosting API is up to date.
17:07:56 0300 Calling GetInterface method for the CorRuntimeHost interface.
17:07:56 0300 Success.
17:07:56 0300 Starting CLR...
17:07:56 0300 Success.
17:07:56 0300 Getting the CLR version.
17:07:56 0300 The CLR v4.0.30319 has been initialized successfully.
17:07:56 0300 Creating a new domain setup.
17:07:56 0300 Success.
17:07:56 0300 The 'shadow copy' is disabled.
17:07:56 0300 Creating a new application domain.
17:07:56 0300 Success.
17:07:56 0300 Getting the base directory for the domain.
17:07:56 0300 Success. The directory is 'C:\Program Files (x86)\Elite\ContractCosting.DocumentManagement\'.
17:07:56 0300 Searching for the Add-in Express core library.
17:07:56 0300 Success. The 'AddinExpress.MSO.2005.dll' file is found.
17:07:56 0300 Creating an instance of the 'AddinExpress.Deployment.ADXRegistrator' class.
17:07:56 0300 Assembly identity is 'AddinExpress.MSO.2005'.
17:07:58 0300 Success.
17:07:58 0300 Unwrapping the instance of the 'AddinExpress.Deployment.ADXRegistrator' class.
17:07:58 0300 Success.
17:07:58 0300 Calling the managed registration procedure (DISPID = 1610743823).
17:08:03 0300 Registration success.
17:08:03 0300 The add-in registration process is completed with HRESULT = 0.
Posted 14 Jun, 2017 11:38:00 Top
Andrei Smolin


Add-in Express team


Posts: 18794
Joined: 2006-05-11
Hello Gareth,

Gareth Thom writes:
Would setting Impersonate="no" have any unintended side affects?


Yes, it would. If a standard user starts the .MSI, the actions will start non-elevated. This will result in Access denied.


Andrei Smolin
Add-in Express Team Leader
Posted 16 Jun, 2017 06:30:51 Top
Gareth Thom




Posts: 12
Joined: 2017-06-14
Sorry Andrei, I'm not sure I understand what you mean.

We have tested this install (with Impersonate="no") when logged in as Administrator, when logged in as a standard user with local admin rights and when logged in as a standard user without local admin rights and all three scenarios work (by either installing without prompting, UAC prompting to elevate or UAC prompting for a username & password with admin credentials, respectively).

Can you please clarify what you mean?

Thanks,
Gareth
Posted 16 Jun, 2017 09:00:32 Top
Sergey Grischenko


Add-in Express team


Posts: 7233
Joined: 2004-07-05
Hi Gareth,

You are right. If you set Impersonate="no", the add-in will be registered correctly for all users. However, adxregistrator.exe will run under the LocalSystem account, not under the user who installs the add-in. If you need to access some resources of the current user during the registration (such as system registry, profile folders), the operating system will redirect you to the LocalSystem account automatically. So, a better way is to set Impersonate="true" and run setup.exe. Also, you can create a 'dual-purpose' setup project that installs add-ins for 'Me' or 'Everyone' by selecting a corresponding option on the Folders MSI dialog.
Posted 19 Jun, 2017 07:15:51 Top
Gareth Thom




Posts: 12
Joined: 2017-06-14
Our add-in will only ever be installed for all users, so would I be right in thinking that setting Impersonate="no" will therefore not cause any problems?

Also, I would certainly prefer to include a setup.exe bootstrapper - how would I go about doing this for a Add-in Express generated WiX installer?

Thanks again - your help is most appreciated,
Gareth
Posted 20 Jun, 2017 05:05:09 Top
Sergey Grischenko


Add-in Express team


Posts: 7233
Joined: 2004-07-05
Hi Gareth,

Yes, you can use Impersonate="no" for your add-in. If you create the setup project via the Add-in Express wizard, setup.exe is automatically generated by WiX compiller. setup.exe is located in the same folder with the msi file.
Posted 20 Jun, 2017 08:06:33 Top
Gareth Thom




Posts: 12
Joined: 2017-06-14
I have re-run the Add-in Express Create Setup Project wizard and the resulting WiX Installer only generates a .msi (and a .wixpdb). I did not see any option in the wizard to specify that I wanted a .exe.

The output type of the WiX project is set to .msi, but if I change it to .exe I get the following warning output from light.exe:

warning LGHT1109: Found mismatched entry point <Product>. Expected <Bundle> for specified output package type .exe.


And when I try and run the resulting .exe I get a message saying:

This app can't run on your PC


What is it I am missing?

Thanks,
Gareth
Posted 20 Jun, 2017 09:46:31 Top
Sergey Grischenko


Add-in Express team


Posts: 7233
Joined: 2004-07-05
Hi Gareth,

Do you have any Windows SDK installed on your PC?
To generate setup.exe you need to install Bootstrapper packages. What version of Visual Studio do you use?
Posted 20 Jun, 2017 10:32:57 Top
Gareth Thom




Posts: 12
Joined: 2017-06-14
I have various .Net Framework SDKs installed, but not Windows ones. I am running Windows 10 and VS2017.
Posted 20 Jun, 2017 10:42:49 Top