MBAM installation failure 1603
We are experiencing a few installation errors in which documentation and other open forums has not revealed how to resolve for the problem we are seeing.
Appreciate if you can offer suggestions.
Overview:
We have 2 VM Servers (Server 2008 standard sp2). Our architecture is 3 components on the DB server (SQL 2008 R2 sp1), and the other 2 components on the Web Server.
Using the following as a guide we completed the prerequisites. However, the installation pretty quickly fails. Below is a subset of the logs. We are using an account that is local admin on
the servers and has spn provided at the computer level for both servers. We have found references that indicate that you are required to be a domain admin to install MBAM - but that seems a bit extreme to us. Can anyone confirm what rights are
needed? The MBAM documentation is not specific on this.
Or is the issue something different than permissions?
Reference article
http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/82e88066-ff6f-445e-bfd5-341b5244d114
Accessing Active Directory
Adding ADMINANDMON_MACHINENAMES to database
Exception: The server could not be contacted.
StackTrace: at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name)
at Microsoft.Windows.Mdop.BitlockerManagement.SetupCAs.Groups.ConfigureGroups(Session session)
InnerException:Exception: The LDAP server is unavailable.
InnerException:StackTrace: at System.DirectoryServices.Protocols.LdapConnection.Connect()
at System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
Action ended 17:06:34: MbamConfigureGroups. Return value 3.
.....
MSI (s) (AC:98) [17:06:34:494]: MainEngineThread is returning 1603
MSI (s) (AC:28) [17:06:34:498]: RESTART MANAGER: Session closed.
MSI (s) (AC:28) [17:06:34:498]: No System Restore sequence number for this installation.
MSI (s) (AC:28) [17:06:34:504]: User policy value 'DisableRollback' is 0
MSI (s) (AC:28) [17:06:34:504]: Machine policy value 'DisableRollback' is 0
MSI (s) (AC:28) [17:06:34:504]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (AC:28) [17:06:34:508]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (AC:28) [17:06:34:514]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (AC:28) [17:06:34:519]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (AC:28) [17:06:34:519]: Restoring environment variables
MSI (s) (AC:28) [17:06:34:523]: Destroying RemoteAPI object.
MSI (s) (AC:4C) [17:06:34:523]: Custom Action Manager thread ending.
MSI (c) (E0:50) [17:06:34:531]: Back from server. Return value: 1603
MSI (c) (E0:50) [17:06:34:531]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (E0:50) [17:06:34:532]: PROPERTY CHANGE: Deleting SECONDSEQUENCE property. Its current value is '1'.
Action ended 17:06:34: ExecuteAction. Return value 3.
MSI (c) (E0:50) [17:06:34:533]: Doing action: FatalError
Action 17:06:34: FatalError.
Action start 17:06:34: FatalError.
April 22nd, 2012 6:39pm
Login with a domain user account to execute the MBAM Setup.
Also make sure this account is a member of local admin group.
execute the mbam setup using a command line and send the log file if it fails to manojsehgal@hotmail.com
>mbamsetup.exe /lvx c:\mbam.log
I hope this helps.
Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2012 5:57am
We figured out the issue with this.
1. Our user active directory domain is different than the standard dns domain. Therefore, it was not able to find users based on our active directory domain. We manually added the AD user domain to the mbam server(s) host file pointing to a domain
controller and that worked.
I hope this is an install only issue and it is got good to force dns via a manual host entry.
2. Manoj provided an updated installer.
We needed both of these items for our installation to complete. I hope this helps someone elseDee Ramon
April 27th, 2012 4:00pm
Can you give more detail about what you added to the host file to resolve this issue?
Free Windows Admin Tool Kit Click here and download it now
June 12th, 2012 4:33pm
our login domain is domain1, our dns domain is different,
we added a host file for domain1 to point to a domain controller for domain1
Apparently it was trying to use dns to find domain1, which is not really in dnsDee Ramon
June 12th, 2012 4:50pm
Thanks for the reply. That's not how our system is up. I thought it was, we have a subdomain, not a totally different domain.
Free Windows Admin Tool Kit Click here and download it now
June 12th, 2012 5:27pm
you could try it, we again added our login domain ( domain1) as a host entry pointing to a domain controllerDee Ramon
June 12th, 2012 5:38pm