Hi there, I am running up against a 1603 error installing MBAM server. Reading the documentation and forum posts hasn't provided a solution. Any suggestions would be most appreciated. The platform is W2K8R2 Ent running SQL2K8R2 Ent. The installer is run using a domain admin account, the sql accounts are local to the server. I am installing all features, but am not encrypting network communication, the database configs are using the defaults. All prerequisites check out, the installer runs, but fails. I have seen a post which suggested that the account used to install MBAM may need to have Write ServicePrincipalName and Write validated SPN rights and that these rights are conferred by being a domain admin, however using ADSIEDIT I don't see those rights applied for either the account I am using to install, or for the domain admin account and don't know if that is related to this failure. The resulting log file is here: https://skydrive.live.com/redir?resid=DF67B8D2E48434C8!105 Thanks! Jim

Verify that the account used to install MBAM has Write ServicePrincipalName and Write validated SPN rights to the directory. Use adsiedit.msc from support tools. Also can you ensure that the computer account on which MBAM is being installed has read and list permissions to Active Directory down to the container in which the MBAM service account resides.Manoj Sehgal

Verify that the account used to install MBAM has Write ServicePrincipalName and Write validated SPN rights to the directory. Use adsiedit.msc from support tools. Also can you ensure that the computer account on which MBAM is being installed has read and list permissions to Active Directory down to the container in which the MBAM service account resides.Manoj Sehgal

Hi Manoj, Thanks for the reply. A couple of questions. Which directory needs the SPN and Validated SPN rights? Is that the directory that the installer is running from/AppData? Using adsiedit I can see that ServerPrincipalName is not currently set for the domain admin account I am using to install: can you give me an example of the value I would associate with the attribute to enable it? I *don't* see an attribute in adsiedit for Validated SPN-where would I look for that? Thanks again, Jim