Check if you have "DisableAntiSpyware" with value 1 inside: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender This was the problem for me (GPO applied to disable Defender Anti-Spyware). After changing the value to 0, I have been able to install the extension without any problem. Hope it helps.
MDE.Windows extension installation fails with "vNext/Unified agent installation failed"
Brett McClellan
6
Reputation points
We are deploying ARC via GPO and the MDE extension via ARC.
Almost 800 machines have onboarded properly to ARC and the majority have onboarded to MDE as well. We have noticed that almost 70 servers did not onboard to MDE and the MDE.Windows extension on the ARC server has the following error:
Extension Message: Failed to configure Microsoft Defender for Endpoint: vNext/Unified agent installation failed. Please refer to log in C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.9.3, executionlog: [2023-11-03 13:08:49Z][Information] Check if md4ws.msi has same sign as https://go.microsoft.com/fwlink/?linkid=2168294 with timeout of 60
[2023-11-03 13:09:00Z][Information] The installation will use the default md4ws.msi that comes with the extension package due to difficulties during updating. Reason: System.NotSupportedException: The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.VerifyInternetExplorerAvailable(Boolean checkComObject)
at Microsoft.PowerShell.Commands.InvokeWebRequestCommand.ProcessResponse(WebResponse response)
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()
[2023-11-03 13:09:00Z][Information] Try to restore original md4ws.msi
[2023-11-03 13:09:00Z][Information] md4ws.msi : Default file doesn't exist -> No file to restore
[2023-11-03 13:09:00Z][Information] calling: C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.9.3/Install.ps1 -OnboardingScript C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.9.3/WindowsDefenderATPOnboardingScript.cmd -ExtraWebRequestOptions System.Collections.Hashtable
[2023-11-03 13:09:30Z][Information] Install.ps1 job state is Failed
[2023-11-03 13:09:30Z][Error] Exception from Install: The referenced assembly could not be found.
Almost all of the servers in this state are Win 2016, but there is a 2012R2 server as well. However, there are 100s of servers that the deployment has worked properly on.
Any thoughts on how to repair these servers? Uninstalling ARC and letting the GPO reinstall did not resolve it.