Error 25015.Failed to install assembly 'C:WINDOWSMicrosoft.NETFrameworkv2.0.50727IEExecRemote.dll' because of system error: Access is denied

  • Article

While installing .Net Framework 3.5 SP1 / .Net Framework 2.0 SP2, it may fail with the following error message: Error 25015.Failed to install assembly 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll' because of system error: Access is denied.

From the MSI log:

MSI (s) (10!FC) [00:15:17:984]: Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 25015.Failed to install assembly 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll' because of system error: Access is denied.
05/04/11 00:15:17 DDSet_CARetVal: 25015
05/04/11 00:15:18 DDSet_Exit: InstallAssembly ended with return value 1603
MSI (s) (10:08) [00:15:18:015]: User policy value 'DisableRollback' is 0
MSI (s) (10:08) [00:15:18:015]: Machine policy value 'DisableRollback' is 0
Action ended 0:15:18: InstallExecute. Return value 3.

From the process monitor log:

While attempting to add IEExecRemote to the GAC, fusion finds a native win32 manifest for assembly, attempts to delete it which fails.

11:47:26.4140290 AM MsiExec.exe 2264 0.0000284 SetDispositionInformationFile C:\WINDOWS\WinSxS\Manifests\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e.manifest CANNOT DELETE Delete: True

As per https://support.microsoft.com/kb/113996STATUS_CANNOT_DELETE maps to Win32 ERROR_ACCESS_DENIED. This is the source of the access denied error. This indicates that some other installer (perhaps an OS update) has installed this assembly to WinSXS and ACLed the file in such a way that fusion cannot delete it. I took a closer look at this and found something interesting. IEExecRemote.dll has a Win32 application manifest. 

IEExecRemote.dll.mainfest :

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>

When I run the 2.0 SP2 installer on a server 2003 I see the manifest created with the same content. I ran a query against the procmon trace and didn’t find any other apps holding onto this file, so it is likely either ACL or some APP holding a handle for a long time/not visible to procmon. We can work around the problem by deleting or renaming the manifest. After renaming the manifest file MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e.manifest, we were able to install .Net Framework 2.0 SP2 on the system