While installing a DLP Detection Server the installation ends prematurely and rolls back.

The installation process automatically generates an MSI*.log (* is replaced with random characters) in the %TEMP% folder.

From the logs, it can be observed that there is an issue due to a lack of permissions to install Detection Server services. In the example below, for the DLP Service Username, an existing account called 'DLP_Service' was used, instead of selecting the option for the installer to create a new User Service account.

MSI (s) (50:A4) [12:00:32:874]: Executing op: RegCreateKey()
1: \Software\Symantec\Data Loss Prevention\Services 
MSI (s) (50:A4) [12:00:32:874]: Executing op: ActionStart(Name=InstallServices,Description=Installing new services Service: [2],)
Action 12:00:32: InstallServices. Installing new services Service: [2]
MSI (s) (50:A4) [12:00:32:882]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=1300000)
MSI (s) (50:A4) [12:00:32:882]: Executing op: ServiceInstall(Name=SymantecDLPDetectionServerService,DisplayName=Symantec DLP Detection Server Service,ImagePath="C:\Program Files\Symantec\DataLossPrevention 16.0.2\DetectionServer\Services\SymantecDLPDetectionServer.exe" -s SymantecDLPDetectionServer.conf,ServiceType=16,StartType=2,ErrorControl=0,,Dependencies=[~],,StartName=\DLP_Service,Password=**********,Description=Provides violation detection for the Symantec DLP platform,,SDDLText=D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD))
1: SymantecDLPDetectionServerService 
MSI (s) (50:A4) [12:00:32:882]: Note: 1: 2205 2:  3: Error 
MSI (s) (50:A4) [12:00:32:882]: Note: 1: 2228 2:  3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1923 
Info 1923.Service 'Symantec DLP Detection Server Service' (SymantecDLPDetectionServerService) could not be installed.  Verify that you have sufficient privileges to install system services.
Action ended 12:00:32: InstallFinalize. Return value 3.

The installation fails due to error 1923, which is specifically related to insufficient privileges for installing system services. This can occur if:

• The user account running the installation doesn't have administrative rights.
• The account doesn't have the necessary privileges to register new system services.
• The service account provided for DLP service to run cannot be granted "Log on as a service" right

As a result, the installation is rolled back.

Ensure you’re running the installer with an account that has local administrator privileges.

If you're using a domain user account, ensure it is part of the Administrators group on the server.

The service account needs to have the "Log on as a service" right assigned, or there should be nothing preventing the installer from adding that right.

A Group Policy Object (GPO) could be preventing the user from being granted the "Log on as a service" (SeServiceLogonRight) right. This can be checked using secpol.msc.

Work with your system/domain administrator to grant the necessary permissions. Alternatively, allow the installer to create a new service account.