AGPM 4.0 SP3 fails to install on Windows server 2016 RRS feed

  • Question

  • hi all,

    i'm running into an issue while installing AGPM 4.0 SP3 on a fresh deployed Windows 2016 server system. the MSI error code is 1603 (the non-descriptive unknown error).

    i had read the known issue about the windows feature installation failure in the product's release notes :


    AGPM internally enables the Windows Communication Foundation (WCF)-NonHTTP-Activation feature during installation. In Windows 10, WCF now includes a requirement to restart Windows after enabling the WCF NonHTTP-Activation feature. However, the current AGPM installer code does not handle this restart requirement and stops responding while it waits for the service to be activated.

    Workaround: Before you run the AGPM installer, enable the WCF Non-HTTP Activation feature and then restart Windows.


    but this doesn't solve the issue. all required components seem to be installed, although the names of these features seems to be a bit different in Windows 2016 (or not all features are available in this OS)

    i also read a couple of forum posts about the installer failing to configure the firewall exception if the FW service wasn't started. well mine is. but i don't thing the installation even reaches that phase.

    the msi log only lists the package properties. and at the end shows these messages:

    MSI (c) (24:2C) [13:25:06:902]: Note: 1: 1708 
    MSI (c) (24:2C) [13:25:06:902]: Product: Microsoft Advanced Group Policy Management - Server -- Installation failed.

    MSI (c) (24:2C) [13:25:06:918]: Windows Installer installed the product. Product Name: Microsoft Advanced Group Policy Management - Server. Product Version: Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

    MSI (c) (24:2C) [13:25:06:918]: Grabbed execution mutex.
    MSI (c) (24:2C) [13:25:06:918]: Cleaning up uninstalled install packages, if any exist
    MSI (c) (24:2C) [13:25:06:918]: MainEngineThread is returning 1603

    for testing purposes i have installed a clean Windows server 2012 R2 VM and here the installation completes successfully.

    what would be the reason for the installation to fail on Win2016 ? general compatibility issue ? manually install .Net 4.5 instead of using the built-in 4.6 ? missing patches ?

    all tips are appreciated since the customer would like to use the highest OS level and thus provide full support for Windows 10 GPO deployments.

    thanks a lot



    Friday, September 1, 2017 2:08 PM

All replies

  • enabling verbose logging may provide further insight

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Saturday, September 2, 2017 9:28 AM
  • I'm preparing to bring up a 2016 server for Windows 10 support and I noticed these very specific requirements for 2016 that are not there by default.  

    Windows 10 or Windows Server 2016
    If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation.
    If Powershell 3.0 is not installed, the installer blocks the installation.
    If the GPMC is not enabled or installed, the installer blocks the installation.
    If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation.
    If the GPMC is not enabled or installed, the installer blocks the installation.

    Generally it would state 4.5.1 or higher and notice this heading is specific to Server 2016.  I read this as potentially removing or not enabling 4.6 under features and downloading the 4.5.1 offline installer.  Same goes for Powershell.  2016 ships with WMF 5.1 and yet this clearly states 3.0.   


    Section: Prerequisites for installing AGPM 4.0 SP3

    I too have additional concerns in regard to using 2016 Server versus just installing the client and server on Windows 10.

    I think this information needs clarification so I posted request here:

    Friday, December 15, 2017 5:35 PM
  • We have exactly the same problems. Tried a few hours to solve the issues but it's still not working.

    Did you find a solution in the meantime?

    Monday, August 13, 2018 11:33 AM
  • I have found the issue it is not anything related to the Pre - Req. Even the verbose logging gives incorrect error message.

    The issue is "DsWriteAccountSpn() failed. [ hr = 0x80072098 "Insufficient access rights to perform the 

    operation." ]"

    AGPM service account, only Domain admin/Enterprise admin/Administrators have permission to write its SPN attribute. Since SPN set is needed during AGPM-Server installation, it’s required that we run the installation wizard to ensure sufficient permission is provided.

    So I temporarily added the service account to Domain Admin and the setup worked without any issues.

    Wednesday, September 26, 2018 1:46 AM
  • Hi! 

    were you able to solve the issue? 

    Many thanks,


    Thursday, October 10, 2019 12:07 PM
  • I ran into this problem as well.

    The workaround was to install the WCF Non-HTTP Activation feature before running the AGPM installer but I had to install the feature using the SXS files as the source.  Add-WindowsFeature NET-Non-HTTP-Activ -source C:\Windows2016_SXS.

    I also installed the GPMC before the AGPM install.  Install-WindowsFeature –Name GPMC

    Monday, December 16, 2019 1:37 PM