search cancel

Endpoint Prevent Agent installation fails with 1603 when installing chrome dependencies.

book

Article ID: 163380

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

  • You are attempting to install DLP endpoint agents either manually or via software management tools. 
  • The installation fails for some machines and you see the entries below in the InstallAgent.log file:
Invoking remote custom action. DLL: C:\Windows\Installer\MSI8129.tmp, Entrypoint: InstallChromeDependencies
...
InstallChromeLGPO: Error opening local GPO, -2147467259

...
InstallChromeLGPO: Error saving machine registry key for GPO, -2147467259

...
CustomAction InstallChromeDependencies returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

Cause

There may be multiple possible causes for this error:

  • Local Group Policy Objects are inaccessible due to other Group Policy restrictions at higher levels.
  • Corrupt Group Policy files on the local machine.
  • Logged in user does not have privileges to run gpedit.msc.
  • Also the error occurs if the Local Group Policy file 'Registry.pol' is corrupt or has incorrect entries or is incorrectly formatted

or

The windows\system32\GroupPolicy\Gpt.ini file is incomplete / corrupt.

Resolution

Solution 1:

  1. Run GPRESULT /Z /USER targetusername (where targetusername is the account that is running the agent installation)
  2. Have your Active Directory Administrator review any Windows Group Policies that would restrict access to gpedit.msc or access to the registry
  3. Resolve conflicting policies to allow access to gpedit.msc.
  4. Resolve permissions issues related to HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
  5. Re-Run the agent installation

If you are still unable to run gpedit.msc then speak with your system administrator.

  1. If above doesn’t work, then go to ‘C:\Windows\System32\GroupPolicy\Machine’ and rename the Registry.pol file to something like ‘Registry_old.pol’, then restart the Agent installer.
  2. This workaround has been obtained from Microsoft Technet sites:

If the above does not fix the issue then try the following:

  • Review the Gpt.ini file for incomplete entries such as missing brackets. This file is populated by the domain policies.
  • If no errors can be determined, then delete the GroupPolicy folder and then retry the install. 

Note, that this will cause exiting group policies to not load properly until the machine updates with the domain controller.

Solution 2:

Machine was using localpolicies when it should be using domain policies. Run through the following commands to reset the local policies. 

  1. RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
  2. RD /S /Q "%WinDir%\System32\GroupPolicy"
  3. gpupdate /force
  4. run the agent install

The workaround was obtained from:

https://www.windowscentral.com/how-reset-local-group-policy-objects-their-default-settings-windows-10