search cancel

Error: "GPOPolicyReview returned actual error code 1603" when installing, upgrading or repairing Endpoint Protection Manager


Article ID: 162624


Updated On:


Endpoint Protection


Symantec Endpoint Protection Manager (SEPM) encounters an error during the installation and rolls back.  Upon reviewing the SEPM_Inst.log file the following error is observed:
"CustomAction GPOPolicyReview returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)".




The issue can have a couple different causes:

  1. TMP and TEMP variables do not have the same path.
  2. Restrictive permissions are prohibiting the installation.
    • An explicit deny will take precedent over an implicit allow.  Because of this, when a user is a member of multiple account groups, they can encounter permission issues (even if they are a member of the Administrators group).
  3. The installation runs "gpresult /scope COMPUTER /f /X gpresult.xml" during the installation to determine the currently assigned group policies.  If this command takes longer than 5 minutes to run, the installation will fail. 



  1. Check Temp variables and verify that TMP and TEMP have the same path.
    • Example:  C:\Windows\TEMP
  2. If restrictive permissions or GPO complexity issues cannot be identified, create a new local administrator account that is only a member of the local Administrators group.
    • Log in with the new Administrator account and attempt install again.