In this article, you will learn how to troubleshoot issues regarding the HEIMDAL Agent installation and the HEIMDAL license key activation.
1. Installation error: The specified account already exists
2. Installation error: Unable to install because a newer version of this product is already installed
3. Installation issue due to incompatible/corrupted .NET Framework
4. Activation error: Could not activate license
5. Activation error: the HEIMDAL Agent activates the Free license instead of the Enterprise license
INSTALLATION ERROR: The specified account already exists
BEHAVIOR: when running the HEIMDAL Agent installer, the installer displays the following error message: The specified account already exists.
SOLUTION: this error is encountered when you are trying to install the same version of the HEIMDAL Agent that is already installed on the computer. To solve the issue, open Control Panel -> Programs and Features and uninstall the Heimdal Thor Agent application. After the uninstall, you can proceed with the installation of the HEIMDAL Agent.
INSTALLATION ERROR: Unable to install because a newer version of this product is already installed
BEHAVIOR: when running the HEIMDAL Agent installer, the installer displays the following error message: Unable to install because a newer version of this product is already installed.
SOLUTION: this error is encountered when you are trying to install an older version of the HEIMDAL Agent but a newer version is already installed on the computer. In case there are problems with the HEIMDAL Agent and reinstallation is required, open Control Panel -> Programs and Features and uninstall the Heimdal Thor Agent application. After the uninstall, you can proceed with the installation of the HEIMDAL Agent.
INSTALLATION ISSUE due to incompatible/corrupted .NET Framework
BEHAVIOR: when running the HEIMDAL Agent installer, the installer displays the following error message: Error 1001. InstallUtilLib.dll: Unknown error. Other Error 1001 message can be also be reported, depending on the issue with the .NET Framework.
Another issue can happen when the .NET Framework libraries are corrupted and requires repairing. To make sure that the corrupted .NET Framework libraries are the culprit, you can check the Event Viewer Logs -> Windows Logs -> Application, and then use the right-side option Filter Current Log -> Filter tab -> Event level -> for Critical, Warning, and Error to search for .NET events.
SOLUTION: the HEIMDAL Agent requires the .NET Framework (at least version 4.6.1) or above. To solve the problem, make sure you install .NET Framework 4.6.1 or update the existing version to the latest .NET framework version which is compatible with your Windows operating system. Additionally, you can try to repair the .NET framework installer by using this tool (Download it here) or by checking for available Windows Updates (Microsoft provides a .NET update every month).
ACTIVATION ERROR: Could not activate license
BEHAVIOR: during the HEIMDAL Agent installation process, in the HEIMDAL license key activation step, the installer displays the following error message: Could not activate license.
SOLUTION: this error happens due to multiple cases and we will discuss them below.
1. Your Firewall/Proxy/VPN service is blocking the connection between the HEIMDAL Agent and our HEIMDAL servers. To solve this issue, make sure you whitelist/exclude the IP Addresses, Ports, and Processes that are required to communicate with our servers. All the System Requirements and Exclusions are described in the System Requirements and Firewall Exceptions support article.
2. Windows Management Instrumentation (WMI) service failure
The HEIMDAL Agent is dependent on the Windows Management Instrumentation (WMI) service and it is used to detect all active network adapters on the computer so it can add the DarkLayer Guard DNS IP Address (127.7.7.x), in order to be able to filter internet traffic. If the WMI suffers modifications or is, somehow, failing, it will generate an issue with the HEIMDAL Agent as well.
To check the status of the WMI, click the Start button, type wmimgmt.msc and type Enter. From the WmiMgmt window, right-click WMI Control (Local) and click Properties.
Check the status displayed in the General tab. In the case when the WMI fails to initialize with an error message of Invalid class or any other failure message, this means that the problem is generated by the cimv2 namespace.
The WMI initialization failure can generate errors in the HEIMDAL Agent that can be seen in the Heimdal Logs generated by the Agent:
or
To solve this issue, a WMI reset is required following the steps below:
A. Open Command Prompt (as an Administrator) and run the following command lines one by one:
sc config winmgmt start= disabled
net stop winmgmt
winmgmt /salvagerepository %windir%\system32\wbem
winmgmt /resetrepository %windir%\system32\wbem
sc config winmgmt start= auto
shutdown /r /f /t 10
The command lines above disable the WMI service, stop it, check the WMI repository consistency and rebuild it (if inconsistent), reset the WMIM repository to the initial state, set the WMI service to Auto, and restart the computer in 10 seconds. If all the above do not solve the WMI service failure, proceed with step B.
B. Run the following command lines (OPTIONAL):
cd C:\Windows\System32\wbem
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
regsvr32 cimwin32.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %s in ('dir /b /s *.dll') do regsvr32 /s %s
for /f %s in ('dir /b *.mof') do mofcomp %s
for /f %s in ('dir /b *.mfl') do mofcomp %s
regsvr32 wmisvc.dll
wmiprvse /regserver
Once the WMI repository is consistent, it should display the following status:
3. Windows Platform FIPS Validated Cryptographic Algorithms
Another factor that might cause the issue is an error that can be found in the HEIMDAL Agent's Logs: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
To correct this behavior, follow the steps below:
A. Click the Start button, type secpol.msc and press Enter. In the Local Security Policy window, navigate under Local Policies -> Security Options and look for System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing. If this policy is enabled, you have to disable it.
B. This operation can be performed by opening the Windows Registry editor and by setting 0 as the value on the Enabled property on the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
4. Time and Date
The HEIMDAL Agent also depends on Windows Time service. Without it, the HEIMDAL Agent cannot communicate with the Domain Controller time anymore, so it will fail to activate the license key.
- Check your internet connection and make sure you can access the web;
- Open Date and Time by clicking the Start button, click Control Panel, click Clock, Language, and Region, and then click Date and Time:
- Click the Internet Time tab, and then click Change settings...;
- Click the Update now button;
- It is very important to wait for the confirmation message that tells you the update was successful;
- If you receive an error confirmation message, please repeat the process until you receive a successful update message.
Domain Computers can be also synchronized with the Domain Controller time using the command line in an elevated Command-Prompt:
net time /set /y or w32tm /resync
5. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
This means the SSL certificate might be expired and needs to be renewed. Please reach out to the HEIMDAL Security Support Team.
ACTIVATION ERROR: the HEIMDAL Agent activates the Free license instead of the Enterprise license
BEHAVIOR: after entering the HEIMDAL license key, the HEIMDAL Agent is activating the Free license key, instead of the Enterprise license.
SOLUTION: this error is happening when the computer is revoked from the HEIMDAL Dashboard, thus, the Enterprise license key is not allowed to be activated. To solve the issue, log in to the HEIMDAL Dashboard, navigate to Management -> Active Clients, select the Start Date of the timeframe to more than 30 days (we recommend going back more than 1-2 years), select the End Date to Today, and check for Revoked endpoints. If the endpoint's hostname appears as revoked, this is the reason why the HEIMDAL license key does not activate. Select the hostname of the computer in question and from the dropdown menu apply the Unrevoke action.
Once unrevoked, the HEIMDAL Agent can be activated.
ACTIVATION ERROR: the HEIMDAL Agent activates the Free license instead of the Enterprise license
BEHAVIOR: after entering the HEIMDAL license key, the HEIMDAL Agent is activating the Free license key, instead of the Enterprise license.
If none of the steps above fix the issue, please reach out to the HEIMDAL Security Support Team.