[wix-users] System registry key started showing up in our MSI

Mike Henseler m.henseler at simfront.com
Fri Dec 3 11:31:38 PST 2021


Are you using heat to harvest?
What would happen if a .reg file was harvested, could/would it be added to the registry table and not just treated as a flat file?

This is question for Wix developer



From: Dennis Costello <dennis.costello at prudential.com>
Sent: December 3, 2021 2:23 PM
To: Edwin Castro <egcastr at gmail.com>; WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Cc: Mike Henseler <m.henseler at simfront.com>
Subject: RE: [wix-users] System registry key started showing up in our MSI

Its showing up in our uninstall logs and I see the registry key in the registry table in the MSI so it certainly seems like its our install.  I just don't know how it's getting into the MSI.

MSI (s) (34:34) [13:58:07:251]: Executing op: RegOpenKey(Root=-2147483646,Key=System\CurrentControlSet\Services\WinSock2\Parameters,,BinaryType=0,,)
MSI (s) (34:34) [13:58:07:251]: Executing op: RegRemoveValue(Name=WinSock_Registry_Version,Value=2.0,)

From: Edwin Castro <egcastr at gmail.com<mailto:egcastr at gmail.com>>
Sent: Friday, December 3, 2021 2:17 PM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>>
Cc: Dennis Costello <dennis.costello at prudential.com<mailto:dennis.costello at prudential.com>>; Mike Henseler <m.henseler at simfront.com<mailto:m.henseler at simfront.com>>
Subject: Re: [wix-users] System registry key started showing up in our MSI

Use ProcMon to determine which process is deleting the key and work back up to the process chain to see if this is even happening as a result of msiexec at all.

--
Edwin G. Castro


On Fri, Dec 3, 2021 at 10:52 AM Mike Henseler via wix-users <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>> wrote:
Try running these cmds manually and see if any are deleting the key.
But of course this wont explain why it is intermittent.



-----Original Message-----
From: Dennis Costello <dennis.costello at prudential.com<mailto:dennis.costello at prudential.com>>
Sent: December 3, 2021 1:47 PM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>>
Cc: Mike Henseler <m.henseler at simfront.com<mailto:m.henseler at simfront.com>>
Subject: RE: System registry key started showing up in our MSI

Ok, we do have custom actions to run cmd and add 3 ports on install and uninstall the 3 ports.

    <CustomAction Id="AddPort1" Directory="INSTALLFOLDER" Execute="commit" Impersonate="no" ExeCommand="cmd.exe /c "netsh http add urlacl url=http://+:40266/ user=Everyone"" Return="ignore" />
    <CustomAction Id="AddPort2" Directory="INSTALLFOLDER" Execute="commit" Impersonate="no" ExeCommand="cmd.exe /c "netsh http add urlacl url=http://+:50266/ user=Everyone"" Return="ignore" />
    <CustomAction Id="AddPort3" Directory="INSTALLFOLDER" Execute="commit" Impersonate="no" ExeCommand="cmd.exe /c "netsh http add urlacl url=http://+:60266/ user=Everyone"" Return="ignore" />
    <CustomAction Id="DeletePort1" Directory="INSTALLFOLDER" Execute="commit" Impersonate="no" ExeCommand="cmd.exe /c "netsh http delete urlacl url=http://+:40266/"" Return="ignore" />
    <CustomAction Id="DeletePort2" Directory="INSTALLFOLDER" Execute="commit" Impersonate="no" ExeCommand="cmd.exe /c "netsh http delete urlacl url=http://+:50266/"" Return="ignore" />
    <CustomAction Id="DeletePort3" Directory="INSTALLFOLDER" Execute="commit" Impersonate="no" ExeCommand="cmd.exe /c "netsh http delete urlacl url=http://+:60266/"" Return="ignore" />

And then the InstallExecuteSequence:
        <Custom Action="DeletePort1" After="BackupDatabases">REMOVE = "ALL"</Custom>
        <Custom Action="DeletePort2" After="DeletePort1">REMOVE = "ALL"</Custom>
        <Custom Action="DeletePort3" After="DeletePort2">REMOVE = "ALL"</Custom>

This has been part of the code for years and again, that key doesn't show up in every build.  Any idea why it would affect the registry?

-----Original Message-----
From: wix-users <wix-users-bounces at lists.wixtoolset.org<mailto:wix-users-bounces at lists.wixtoolset.org>> On Behalf Of Mike Henseler via wix-users
Sent: Friday, December 3, 2021 1:40 PM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>>
Cc: Mike Henseler <m.henseler at simfront.com<mailto:m.henseler at simfront.com>>
Subject: Re: [wix-users] System registry key started showing up in our MSI

Also watch for any activity like this cmd " netsh winsock reset" or any other action that may affect that registry without explicitly referring to it

-----Original Message-----
From: wix-users <wix-users-bounces at lists.wixtoolset.org<mailto:wix-users-bounces at lists.wixtoolset.org>> On Behalf Of Rob Mensching via wix-users
Sent: December 3, 2021 1:33 PM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>>
Cc: Rob Mensching <rob at firegiant.com<mailto:rob at firegiant.com>>
Subject: Re: [wix-users] System registry key started showing up in our MSI

A verbose log file will show you what the MSI did and hopefully any Custom Actions in the MSI log their work as well.

-----Original Message-----
From: wix-users <wix-users-bounces at lists.wixtoolset.org<mailto:wix-users-bounces at lists.wixtoolset.org>> On Behalf Of Hoover, Jacob via wix-users
Sent: Friday, December 3, 2021 10:31 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>>
Cc: Hoover, Jacob <Jacob.Hoover at greenheck.com<mailto:Jacob.Hoover at greenheck.com>>
Subject: Re: [wix-users] System registry key started showing up in our MSI

Any custom actions?  Have you inspected a known bad MSI with orca?

Windows Installer isn't going to nuke a key if it isn't referenced in the authoring, which is why I suspect a CA or you are invoking an exe/script on uninstall that may be causing this behavior.


From: wix-users <wix-users-bounces at lists.wixtoolset.org<mailto:wix-users-bounces at lists.wixtoolset.org>> On Behalf Of Dennis Costello via wix-users
Sent: Friday, December 3, 2021 12:23 PM
To: wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>
Cc: Dennis Costello <dennis.costello at prudential.com<mailto:dennis.costello at prudential.com>>
Subject: [wix-users] System registry key started showing up in our MSI

We have been using a wix project to build our deployment for several years now and very recently we started experiencing a problem with machines not being able to boot after our system was uninstalled. After several days of investigating it was found that our uninstall was removing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version registry key, thus disabling Windows completely. We do not have any references to this key, nor have we had this problem prior to about 2 weeks ago. We haven't made any code changes to our wix project since early August and that was a very minor change. We build and test our system daily so we know that this just started happening very recently, but here's the kicker for us, it doesn't happen every build! The same compile machine is used for every build, but using Orca I do not see the Registry entry in every msi!

We are at a complete loss as to where to even begin to figure out what is going on. I could say some how the registry key is being picked up from the compile machine, but it doesn't happen every build. Any help would be greatly appreciated.

Thank you!

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C1bbcb91b110c43c4e24f08d9b68c485b%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741535889682135%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vxZrDRvXejKRnqAtBNZKCNSISFffnBUCjjitJpCPxXU%3D&reserved=0<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C4494e8da68af452250c608d9b6919177%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741558594923335%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cZKoNDHA3bgY8DrleJCQgX1y%2FJq16Jo0dGGdXjb9p%2Bs%3D&reserved=0><https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C1bbcb91b110c43c4e24f08d9b68c485b%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741535889682135%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vxZrDRvXejKRnqAtBNZKCNSISFffnBUCjjitJpCPxXU%3D&reserved=0<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C4494e8da68af452250c608d9b6919177%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741558594923335%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cZKoNDHA3bgY8DrleJCQgX1y%2FJq16Jo0dGGdXjb9p%2Bs%3D&reserved=0>>
NOTE: This email was received from an external source. Please use caution when opening links or attachments in the message.

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C1bbcb91b110c43c4e24f08d9b68c485b%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741535889682135%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vxZrDRvXejKRnqAtBNZKCNSISFffnBUCjjitJpCPxXU%3D&reserved=0<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C4494e8da68af452250c608d9b6919177%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741558594933332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rNWdnzKV34JKx5Js5pRrXhvCRRAIAPokIMuL3yURrrc%3D&reserved=0>

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C1bbcb91b110c43c4e24f08d9b68c485b%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741535889682135%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vxZrDRvXejKRnqAtBNZKCNSISFffnBUCjjitJpCPxXU%3D&reserved=0<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C4494e8da68af452250c608d9b6919177%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741558594933332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rNWdnzKV34JKx5Js5pRrXhvCRRAIAPokIMuL3yURrrc%3D&reserved=0>


***** This email was sent outside of your organization *****

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C1bbcb91b110c43c4e24f08d9b68c485b%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741535889682135%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vxZrDRvXejKRnqAtBNZKCNSISFffnBUCjjitJpCPxXU%3D&reserved=0<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C4494e8da68af452250c608d9b6919177%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741558594943325%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=WZ%2BRYGJk%2BuaxhAKWfjjJf%2FNgwwwD9az8ugbPuKo5UgE%3D&reserved=0>


***** This email was sent outside of your organization *****

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Cdennis.costello%40prudential.com%7C4494e8da68af452250c608d9b6919177%7Cd8fde2f5939242608a030ad01f4746e9%7C0%7C0%7C637741558594943325%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=WZ%2BRYGJk%2BuaxhAKWfjjJf%2FNgwwwD9az8ugbPuKo5UgE%3D&reserved=0>

***** This email was sent outside of your organization *****



More information about the wix-users mailing list