What To Do When System Center 2012 Endpoint Protection RC Installation Fails

Written by Frank Pawetzki, Microsoft Premier Field Engineer

The Issue:

This happened to me today on my Windows 7 machine: the installation of Microsoft System Center 2012 Endpoint Protection (Release Candidate) failed with error code 0x80070643.

The event log showed this error:

Log Name: Application
Source: Microsoft Security Client Setup
Date: 02.12.2011 16:24:13
Event ID: 100
Task Category: None
Level: Error
Keywords: Classic
User: myUser
Computer: myComputer
Description:
HRESULT:0x80070643
Description:Cannot complete the System Center Endpoint Protection installation. An error has prevented the System Center Endpoint Protection setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

In addition to that, the following errors were logged:

Log Name: Application
Source: MsiInstaller
Date: 02.12.2011 16:17:02
Event ID: 10005
Task Category: None
Level: Error
Keywords: Classic
User: myUser
Computer: myComputer
Description:
Product: Microsoft Antimalware -- Error 25521. Failed to set security descriptor on object MsMpSvc, system error: –2147023824

and

Log Name: Application
Source: MsiInstaller
Date: 02.12.2011 16:17:02
Event ID: 11923
Task Category: None
Level: Error
Keywords: Classic
User: myUser
Computer: myComputer
Description:
Product: Microsoft Antimalware -- Error 1923. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be installed. Verify that you have sufficient privileges to install system services.

As a result from the failed setup, the endpoint protection client was uninstalled by the installer automatically,

Troubleshooting Steps:

As event 100 indicates, a restart of the computer is necessary, but will by itself not solve the problem.

In cases where the endpoint protection client has been installed correctly, Service Manager (which can be found in Control Panel –> Services and Applications –> Services) will show the related service like this:

Nevertheless, in our case of failure, the “Microsoft Antimalware Service” was not running and was instead presenting an error stating that there were privileges missing.

So, in order to get out of this state, you need to check this registry key and verify that it exists.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsMpSvc]

Please note that although the endpoint protection client is not installed, this registry key is in place.

Solution:

The solution is to simply delete the yellow marked key from the registry and reboot the computer:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsMpSvc]

After that, you should be able to install the Endpoint Protection client without problems.