What To Do When System Center 2012 Endpoint Protection RC Installation Fails
Written by Frank Pawetzki, Microsoft Premier Field Engineer
The Issue:
This happened to me today on my Windows 7 machine: the installation of Microsoft System Center 2012 Endpoint Protection (Release Candidate) failed with error code 0x80070643.
The event log showed this error:
Log Name: Application
Source: Microsoft Security Client Setup
Date: 02.12.2011 16:24:13
Event ID: 100
Task Category: None
Level: Error
Keywords: Classic
User: myUser
Computer: myComputer
Description:
HRESULT:0x80070643
Description:Cannot complete the System Center Endpoint Protection installation. An error has prevented the System Center Endpoint Protection setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
In addition to that, the following errors were logged:
Log Name: Application
Source: MsiInstaller
Date: 02.12.2011 16:17:02
Event ID: 10005
Task Category: None
Level: Error
Keywords: Classic
User: myUser
Computer: myComputer
Description:
Product: Microsoft Antimalware -- Error 25521. Failed to set security descriptor on object MsMpSvc, system error: –2147023824
and
Log Name: Application
Source: MsiInstaller
Date: 02.12.2011 16:17:02
Event ID: 11923
Task Category: None
Level: Error
Keywords: Classic
User: myUser
Computer: myComputer
Description:
Product: Microsoft Antimalware -- Error 1923. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be installed. Verify that you have sufficient privileges to install system services.
As a result from the failed setup, the endpoint protection client was uninstalled by the installer automatically,
Troubleshooting Steps:
As event 100 indicates, a restart of the computer is necessary, but will by itself not solve the problem.
In cases where the endpoint protection client has been installed correctly, Service Manager (which can be found in Control Panel –> Services and Applications –> Services) will show the related service like this:
Nevertheless, in our case of failure, the “Microsoft Antimalware Service” was not running and was instead presenting an error stating that there were privileges missing.
So, in order to get out of this state, you need to check this registry key and verify that it exists.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsMpSvc]
Please note that although the endpoint protection client is not installed, this registry key is in place.
Solution:
The solution is to simply delete the yellow marked key from the registry and reboot the computer:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsMpSvc]
After that, you should be able to install the Endpoint Protection client without problems.
Comments
Anonymous
January 01, 2003
@Johan Wstrom and @Lou Sorry for the late reply. The yellow mark got lost in the post,. Answer is: Delete MsMpSvcAnonymous
December 14, 2012
Hello, Which yellow marked key exactly?Anonymous
July 01, 2014
yes which yellow marked key?Anonymous
March 11, 2015
What if there is no MsMpSvc key and we still get this same error?Anonymous
August 29, 2016
I neither cannot see the key: MsMpSvcWhat should I do if the key is missing and still be the error?Thanks!