Installation of the MBAM fails with the error 0x80041010

[アーティクル]
11/23/2014

Hello Everyone,

Many of you would have come across issues with respect to the installation of the MBAM 1.0\2.0\2.5 Client on Windows 7, 8 and 8.1 machines.

The installation of the Client starts as follows:

The installation rolls back in few seconds as seen in the following screenshot.

We will notice the following error message in the Application Event logs:

Log Name: Application

Source: Microsoft-Windows-WMI

Date: 10/1/2014 1:19:08 PM

Event ID: 10

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: XXXX.COM

Description:

Event filter with query "SELECT * FROM __InstanceOperationEvent WITHIN 30 WHERE TargetInstance ISA 'mbam_Volume' AND TargetInstance.BitLockerManagementVolumeType='3'" could not be reactivated in namespace "//./ROOT/Microsoft/MBAM" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.

err 0x80041010

# for hex 0x80041010 / decimal -2147217392

AXE_E_ASSESSMENT_CRASHED axeerror.h

# The assessment crashed or caused a system reboot without

# first notifying AXE of an impending reboot.

PP_E_EXCLUDED errormsg.h

# The credential is blocked.

SYNC_E_ITEM_HAS_NO_VERSION_DATA synchronizatio

errors.h

# Operation is not valid as the specified item has no version

# data.

WBEM_E_INVALID_CLASS wbemcli.h

Source: MsiInstaller

Date: 10/1/2014 1:19:15 PM

Event ID: 11708

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: XXXX.COM

Description:

Product: MDOP MBAM -- Installation failed.

Additionally we would find the following in the MSI logs:

MSI (c) (D8:C4) [19:11:59:227]: Note: 1: 1708

MSI (c) (D8:C4) [19:11:59:227]: Product: MDOP MBAM -- Installation failed.

MSI (c) (D8:C4) [19:11:59:227]: Windows Installer installed the product. Product Name: MDOP MBAM. Product Version: 2.1.0117.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

MSI (c) (D8:C4) [19:11:59:227]: Grabbed execution mutex.

MSI (c) (D8:C4) [19:11:59:227]: Cleaning up uninstalled install packages, if any exist

MSI (c) (D8:C4) [19:11:59:243]: MainEngineThread is returning 1603

err 1603

# for decimal 1603 / hex 0x643

csierrWebService_AccessDenied csiErrorDefinit

ions.h

ecFavCreateMessage ec.h

ERROR_INSTALL_FAILURE winerror.h

# Fatal error during installation.

# No results found for hex 0x1603 / decimal 5635

# as an HRESULT: Severity: SUCCESS (0), FACILITY_NULL (0x0), Code 0x643

# for decimal 1603 / hex 0x643

ERROR_INSTALL_FAILURE winerror.h

At the time of installation if we capture a process monitor (https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx)we would see the following

12:21:33.7955823 PM rundll32.exe 35176 CreateFile C:\Windows\System32\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7959753 PM rundll32.exe 35176 CreateFile C:\Windows\Installer\MSIEC.tmp-\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7964261 PM rundll32.exe 35176 CreateFile C:\Windows\System32\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7972865 PM rundll32.exe 35176 CreateFile C:\Windows\system\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7977407 PM rundll32.exe 35176 CreateFile C:\Windows\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7989175 PM rundll32.exe 35176 CreateFile C:\Program Files\Java\jdk1.8.0_05\bin\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

By default the environment variables for windows Vista\7\8 are as follows:

C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;{plus program paths}

(OR)

%SystemRoot%\system32;

%SystemRoot%;

%SystemRoot%\System32\Wbem;

These are the environment variables which are listed at the time of the issue which is the cause of the installation failure.

This usually occurs when the environment variables have been changed by Code Developers for developing their product.

So we can fix this issue by following any one of the following methods:

Method 1:

Copying the mofcomp.exe from WBEM folder to the default folders like

%SystemRoot%\system32;

%SystemRoot%;

Method 2:

We can modify the environment variables on your machine by doing any one of the following steps:

GUI:

1.Open Computer Management.

2. In the console tree, right-click Computer Management (Local), and then click Properties.

3. On the Advanced tab, under Environment Variables, click Settings.

4. Select a user in the User variables for list.

5. Click the name of the system variable (Path)

6. Click Edit to change the value of the Path

(OR)

Registry:

1.Open regedit.exe

2.Navigate to the following location:

HKLM\System\CurrentControlSet\Control\SessionManager\Environment

3.On the right hand pane , select Path and right click , modify and enter the environment variables.

You can verify the environment variables by running the command SET PATH with admin privileges on an elevated command prompt .

Hope this was helpful!

More Information:

Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer.

They are part of the operating environment in which a process runs.

For example, a running process can query the value of the TEMP environment variable to discover a suitable location to store temporary files, or the HOME or USERPROFILE variable to find the directory structure owned by the user running the process.

System path variables[citation needed] refer to locations of critical operating system resources, and as such generally are not user-dependent.

%PATH%This variable contains a semicolon-delimited (do not put spaces in between) list of directories in which the command interpreter will search for an executable file that matches the given command. Environment variables, that represent paths, may be nested within the %PATH% variable, but only at one level of indirection.

If this sub-path environment variable itself contains an environment variable representing a path, %PATH% will not expand properly in the variable substitution.

%ProgramFiles%, %ProgramFiles(x86)%, %ProgramW6432%The %ProgramFiles% variable points to the Program Files directory, which stores all the installed programs of Windows and others.

The default on English-language systems is "C:\Program Files". In 64-bit editions of Windows (XP, 2003, Vista), there are also %ProgramFiles(x86)%, which defaults to "C:\Program Files (x86)", and %ProgramW6432%, which defaults to "C:\Program Files". The %ProgramFiles% itself depends on whether the process requesting the environment variable is itself 32-bit or 64-bit (this is caused by Windows-on-Windows 64-bit redirection).

Articles about the environment Variables.

https://technet.microsoft.com/en-us/library/ee156595.aspx --Environment Variables

https://technet.microsoft.com/en-us/library/dd560744(v=WS.10).aspx --Recognized Environment Variables

https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds_shelloverview.mspx?mfr=true --Command shell overview

https://support.microsoft.com/kb/104011 --How to propagate environment variables to the system

https://technet.microsoft.com/en-us/library/cc736637(v=WS.10).aspx --Add or change environment variables

More to come soon!

Suganya Natarajan

Windows Core Team