Error: "GPOPolicyReview returned actual error code 1603" when installing, upgrading or repairing Endpoint Protection Manager
book
Article ID: 162624
calendar_today
Updated On:
Products
Endpoint Protection
Issue/Introduction
Symantec Endpoint Protection Manager (SEPM) encounters an error during the installation and rolls back. Upon reviewing the SEPM_Inst.log file the following error is observed: "CustomAction GPOPolicyReview returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)".
Cause
The issue can have a couple different causes:
TMP and TEMP variables do not have the same path.
Restrictive permissions are prohibiting the installation.
An explicit deny will take precedent over an implicit allow. Because of this, when a user is a member of multiple account groups, they can encounter permission issues (even if they are a member of the Administrators group).
The installation runs "gpresult /scope COMPUTER /f /X gpresult.xml" during the installation to determine the currently assigned group policies. If this command takes longer than 5 minutes to run, the installation will fail.
Resolution
Check Temp variables and verify that TMP and TEMP have the same path.
Example: C:\Windows\TEMP
If restrictive permissions or GPO complexity issues cannot be identified, create a new local administrator account that is only a member of the local Administrators group.
Log in with the new Administrator account and attempt install again.