This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 96%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
We are deploying ARC via GPO and the MDE extension via ARC.
Almost 800 machines have onboarded properly to ARC and the majority have onboarded to MDE as well. We have noticed that almost 70 servers did not onboard to MDE and the MDE.Windows extension on the ARC server has the following error:
Extension Message: Failed to configure Microsoft Defender for Endpoint: vNext/Unified agent installation failed. Please refer to log in C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.9.3, executionlog: [2023-11-03 13:08:49Z][Information] Check if md4ws.msi has same sign as https://go.microsoft.com/fwlink/?linkid=2168294 with timeout of 60
[2023-11-03 13:09:00Z][Information] The installation will use the default md4ws.msi that comes with the extension package due to difficulties during updating. Reason: System.NotSupportedException: The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.VerifyInternetExplorerAvailable(Boolean checkComObject)
at Microsoft.PowerShell.Commands.InvokeWebRequestCommand.ProcessResponse(WebResponse response)
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()
[2023-11-03 13:09:00Z][Information] Try to restore original md4ws.msi
[2023-11-03 13:09:00Z][Information] md4ws.msi : Default file doesn't exist -> No file to restore
[2023-11-03 13:09:00Z][Information] calling: C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.9.3/Install.ps1 -OnboardingScript C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.9.3/WindowsDefenderATPOnboardingScript.cmd -ExtraWebRequestOptions System.Collections.Hashtable
[2023-11-03 13:09:30Z][Information] Install.ps1 job state is Failed
[2023-11-03 13:09:30Z][Error] Exception from Install: The referenced assembly could not be found.
Almost all of the servers in this state are Win 2016, but there is a 2012R2 server as well. However, there are 100s of servers that the deployment has worked properly on.
Any thoughts on how to repair these servers? Uninstalling ARC and letting the GPO reinstall did not resolve it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
@Brett McClellan - Thank you for reaching out to us and for being patient.
Looks like we need to troubleshoot this further, we would like to put you in touch with a support engineer so you can receive 1:1 support for a deeper investigation on this.
We would need you to send us an email at AzCommunity@Microsoft.com by providing the details below.
Subject : ATTN:Monika
Please email us these details and we will work with you closely to get this issue taken care of and also post any findings here in the thread so the community can benefit from it.
Thanks in advance. Looking forward for your email.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 26%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZR%3C/text%3E%3C/svg%3E)
@Brett McClellan. Did you find a resolution to this problem? I came across this on a subset of my servers the other week and have been trying to find out what might be wrong.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 43%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
@Zigmund Raaz I have not had a resolution. The problem still exists. Did you come across a solution?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 40%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBV%3C/text%3E%3C/svg%3E)
Check if you have "DisableAntiSpyware" with value 1 inside: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender This was the problem for me (GPO applied to disable Defender Anti-Spyware). After changing the value to 0, I have been able to install the extension without any problem. Hope it helps.