Endpoint Prevent Agent installation fails with 1603 when installing chrome dependencies.
search cancel

Endpoint Prevent Agent installation fails with 1603 when installing chrome dependencies.


Article ID: 163380


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


  • You are attempting to install DLP endpoint agents either manually or via software management tools. 
  • The installation fails for some machines and you see the entries below in the InstallAgent.log file:
Invoking remote custom action. DLL: C:\Windows\Installer\MSI8129.tmp, Entrypoint: InstallChromeDependencies
InstallChromeLGPO: Error opening local GPO, -2147467259

InstallChromeLGPO: Error saving machine registry key for GPO, -2147467259

CustomAction InstallChromeDependencies returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)


There may be multiple possible causes for this error:

  • Local Group Policy Objects are inaccessible due to other Group Policy restrictions at higher levels.
  • Corrupt Group Policy files on the local machine.
  • Logged in user does not have privileges to run gpedit.msc.
  • Also the error occurs if the Local Group Policy file 'Registry.pol' is corrupt or has incorrect entries or is incorrectly formatted


The windows\system32\GroupPolicy\Gpt.ini file is incomplete / corrupt.


Solution 1:

  1. Run GPRESULT /Z /USER targetusername (where targetusername is the account that is running the agent installation)
  2. Have your Active Directory Administrator review any Windows Group Policies that would restrict access to gpedit.msc or access to the registry
  3. Resolve conflicting policies to allow access to gpedit.msc.
  4. Resolve permissions issues related to HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
  5. Re-Run the agent installation

If you are still unable to run gpedit.msc then speak with your system administrator.

  1. If above doesn’t work, then go to ‘C:\Windows\System32\GroupPolicy\Machine’ and rename the Registry.pol file to something like ‘Registry_old.pol’, then restart the Agent installer.
  2. This workaround has been obtained from Microsoft Technet sites:

If the above does not fix the issue then try the following:

  • Review the Gpt.ini file for incomplete entries such as missing brackets. This file is populated by the domain policies.
  • If no errors can be determined, then delete the GroupPolicy folder and then retry the install. 

Note, that this will cause exiting group policies to not load properly until the machine updates with the domain controller.

Solution 2:

Machine was using localpolicies when it should be using domain policies. Run through the following commands to reset the local policies. 

  1. RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
  2. RD /S /Q "%WinDir%\System32\GroupPolicy"
  3. gpupdate /force
  4. run the agent install

The workaround was obtained from: