We are experiencing a few installation errors in which documentation and other open forums has not revealed how to resolve for the problem we are seeing. Appreciate if you can offer suggestions. Overview: We have 2 VM Servers (Server 2008 standard sp2). Our architecture is 3 components on the DB server (SQL 2008 R2 sp1), and the other 2 components on the Web Server. Using the following as a guide we completed the prerequisites. However, the installation pretty quickly fails. Below is a subset of the logs. We are using an account that is local admin on the servers and has spn provided at the computer level for both servers. We have found references that indicate that you are required to be a domain admin to install MBAM - but that seems a bit extreme to us. Can anyone confirm what rights are needed? The MBAM documentation is not specific on this. Or is the issue something different than permissions? Reference article http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/82e88066-ff6f-445e-bfd5-341b5244d114 Accessing Active Directory Adding ADMINANDMON_MACHINENAMES to database Exception: The server could not be contacted. StackTrace: at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties) at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval() at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password) at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name) at Microsoft.Windows.Mdop.BitlockerManagement.SetupCAs.Groups.ConfigureGroups(Session session) InnerException:Exception: The LDAP server is unavailable. InnerException:StackTrace: at System.DirectoryServices.Protocols.LdapConnection.Connect() at System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request) at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties) Action ended 17:06:34: MbamConfigureGroups. Return value 3. ..... MSI (s) (AC:98) [17:06:34:494]: MainEngineThread is returning 1603 MSI (s) (AC:28) [17:06:34:498]: RESTART MANAGER: Session closed. MSI (s) (AC:28) [17:06:34:498]: No System Restore sequence number for this installation. MSI (s) (AC:28) [17:06:34:504]: User policy value 'DisableRollback' is 0 MSI (s) (AC:28) [17:06:34:504]: Machine policy value 'DisableRollback' is 0 MSI (s) (AC:28) [17:06:34:504]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (AC:28) [17:06:34:508]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (AC:28) [17:06:34:514]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (AC:28) [17:06:34:519]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (s) (AC:28) [17:06:34:519]: Restoring environment variables MSI (s) (AC:28) [17:06:34:523]: Destroying RemoteAPI object. MSI (s) (AC:4C) [17:06:34:523]: Custom Action Manager thread ending. MSI (c) (E0:50) [17:06:34:531]: Back from server. Return value: 1603 MSI (c) (E0:50) [17:06:34:531]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (E0:50) [17:06:34:532]: PROPERTY CHANGE: Deleting SECONDSEQUENCE property. Its current value is '1'. Action ended 17:06:34: ExecuteAction. Return value 3. MSI (c) (E0:50) [17:06:34:533]: Doing action: FatalError Action 17:06:34: FatalError. Action start 17:06:34: FatalError.

Login with a domain user account to execute the MBAM Setup. Also make sure this account is a member of local admin group. execute the mbam setup using a command line and send the log file if it fails to manojsehgal@hotmail.com >mbamsetup.exe /lvx c:\mbam.log I hope this helps. Manoj Sehgal

We figured out the issue with this. 1. Our user active directory domain is different than the standard dns domain. Therefore, it was not able to find users based on our active directory domain. We manually added the AD user domain to the mbam server(s) host file pointing to a domain controller and that worked. I hope this is an install only issue and it is got good to force dns via a manual host entry. 2. Manoj provided an updated installer. We needed both of these items for our installation to complete. I hope this helps someone elseDee Ramon

Can you give more detail about what you added to the host file to resolve this issue?

our login domain is domain1, our dns domain is different, we added a host file for domain1 to point to a domain controller for domain1 Apparently it was trying to use dns to find domain1, which is not really in dnsDee Ramon

Thanks for the reply. That's not how our system is up. I thought it was, we have a subdomain, not a totally different domain.

you could try it, we again added our login domain ( domain1) as a host entry pointing to a domain controllerDee Ramon