Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
MBAM Setup was unable to complete. FatalError Return value: 1603

Answered MBAM Setup was unable to complete. FatalError Return value: 1603

  • Thursday, January 17, 2013 8:16 PM
     
     
    Sign In to Vote
    0

    We are trying to evaluate MBAM aka Microsoft BitLocker Administration and Monitoring. We have an Enterprise agreement in addition to many MSDN subscriptions if that matters. Unfortunately the MBAM installer is very poor and has several undocumented dependencies. The documentation is also missing key information so I'm having to stitch together the actually install process from blogs and many Microsoft web pages.

    I have a long document detailing all the configuration details we are using as well as a /l*v installer log but I don't see where to post them here, so I'm posting extracts at the end of this message.

    The installer blows up with a FatalError with return value 1603. I've tried both letting the installer do the local groups and creating the groups before the install. 

    Will someone please tell me what I'm missing? This is blocking a large roll out of Bitlocker here.

    Our test setup includes:
    - Single test server install using SSL with a commercial SSL certificate.
    - Windows Server 2008 R2 Enterprise (fully patched.)
    - SQL 2008 R2 SP2 Enterprise
    - Running the installer from a domain account with local admin     privileges, added SPN Read/Write and Write Public Information permission.

    The issue seems to happen at this stage:

    Rollback: MbamRemoveGroupsRollback
    MSI (s) (B0:EC) [14:02:54:380]: Executing op: ActionStart(Name=MbamRemoveGroupsRollback,,)
    MSI (s) (B0:EC) [14:02:54:382]: Executing op: CustomActionRollback(Action=MbamRemoveGroupsRollback,ActionType=1345,Source=BinaryData,Target=CreateGroupsDeferred,CustomActionData=Groups=<dictionary />;Users=<dictionary />;ComputerName=SOTTMBAM)
    MSI (s) (B0:60) [14:02:54:384]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI60ED.tmp, Entrypoint: CreateGroupsDeferred
    SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSI60ED.tmp-\
    SFXCA: Binding to CLR version v2.0.50727
    Calling custom action MBAMServerCAs!Microsoft.Windows.Mdop.BitlockerManagement.SetupCAs.Groups.CreateGroupsDeferred
    Creating Groups
    Populating Groups
    Rollback: Stopping services
    [....]

    Rollback: Updating component registration
    MSI (s) (B0:EC) [14:02:57:790]: Executing op: ActionStart(Name=ProcessComponents,Description=Updating component registration,)
    MSI (s) (B0:EC) [14:02:57:791]: Executing op: ComponentUnregister(ComponentId={B0126C20-7CEE-50C7-81CD-7FB3D0678820},ProductKey={19DEFF63-AA41-4E83-9279-F46C65277BF7},BinaryType=1,)

    [... Many unregisters]

    MSI (s) (B0:EC) [14:02:58:016]: Executing op: ComponentUnregister(ComponentId={22683FE7-6A3A-5355-AF57-7122C8ACDC61},ProductKey={19DEFF63-AA41-4E83-9279-F46C65277BF7},BinaryType=1,)
    MSI (s) (B0:EC) [14:02:58:016]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
    MSI (s) (B0:EC) [14:02:58:016]: Error in rollback skipped. Return: 5
    MSI (s) (B0:EC) [14:02:58:020]: Note: 1: 2318 2:  
    MSI (s) (B0:EC) [14:02:58:021]: No System Restore sequence number for this installation.
    MSI (s) (B0:EC) [14:02:58:021]: Unlocking Server
    MSI (s) (B0:EC) [14:02:58:023]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
    Action ended 14:02:58: INSTALL. Return value 3.
    [...properties dump...]
    MSI (s) (B0:EC) [14:02:58:191]: MainEngineThread is returning 1603
    MSI (s) (B0:04) [14:02:58:195]: RESTART MANAGER: Session closed.
    MSI (s) (B0:04) [14:02:58:195]: No System Restore sequence number for this installation.
    MSI (s) (B0:04) [14:02:58:196]: User policy value 'DisableRollback' is 0
    MSI (s) (B0:04) [14:02:58:196]: Machine policy value 'DisableRollback' is 0
    MSI (s) (B0:04) [14:02:58:196]: Incrementing counter to disable shutdown. Counter after increment: 0
    MSI (s) (B0:04) [14:02:58:196]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
    MSI (s) (B0:04) [14:02:58:197]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
    MSI (s) (B0:04) [14:02:58:199]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
    MSI (s) (B0:04) [14:02:58:199]: Restoring environment variables
    MSI (s) (B0:04) [14:02:58:200]: Destroying RemoteAPI object.
    MSI (s) (B0:BC) [14:02:58:200]: Custom Action Manager thread ending.
    MSI (c) (7C:08) [14:02:58:201]: Back from server. Return value: 1603
    MSI (c) (7C:08) [14:02:58:201]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
    MSI (c) (7C:08) [14:02:58:201]: PROPERTY CHANGE: Deleting SECONDSEQUENCE property. Its current value is '1'.
    Action ended 14:02:58: ExecuteAction. Return value 3.
    MSI (c) (7C:08) [14:02:58:202]: Doing action: FatalError
    Action 14:02:58: FatalError. 
    Action start 14:02:58: FatalError.


    • Edited by RobHardy Thursday, January 17, 2013 8:18 PM typo
    •  
     

All Replies

  • Thursday, January 17, 2013 8:54 PM
     
     
    Sign In to Vote
    0

    This might sound simple but have you ran this with admin privileges? I ask because you get a 'Return value 3' right after "PROPERTY CHANGE:"

    Also these articles might help:

    http://support.microsoft.com/kb/834484 - You receive an "error 1603:  A fatal error occurred during installation" error message when you try to install a Windows Installer package

    http://blogs.msdn.com/b/astebner/archive/2005/08/01/446328.aspx - How to locate the cause of error code 1603 in a verbose MSI log file

    http://mariusene.wordpress.com/

     
  • Thursday, January 17, 2013 9:42 PM
     
     
    Sign In to Vote
    0

    Thanks for the suggestions but I'm no further ahead...

    I am running as a domain account which has been added to the local Administrators group on my server. That account also has been been granted read/write SPN and Write Public Information on the domain. To start the process, I ran a cmd as Administrator and switched to D: (my DVD) and cd'ed to the MBAM x64 install directory. I then ran: MbamSetup.exe /l*v C:\temp\mbaminstall95.log

    I have seen both of those articles and have generated logs in both verbose mode with /l*v and debugging with /lvx. Neither log clearly tells me what the installer is trying to do and what exactly is failing. It seems to be related to a failing rollback for group removal but I'm unclear on how that helps me or why the installer is trying to create a group removal rollback in the first place....


     
  • Tuesday, February 19, 2013 4:47 PM
     
     Answered
    Sign In to Vote
    0

    After a hellish debugging run and having attempted multiple KB based workarounds, I've reached the conclusion that despite documentation indicating otherwise, this product does not work unless it is installed by a user with full Domain Admin privileges. Being a member of  local administrators group is not enough nor is granting the various undocumented rights to a domain account. It is ridiculous that this product does not check for what it needs during the prerequisites checking stage. 


    • Marked As Answer by RobHardy Tuesday, February 19, 2013 4:48 PM
    • Edited by RobHardy Tuesday, February 19, 2013 4:52 PM clarification
    •