I have 2 Active Directory, it's running Windows server 2019 (1809), no proxy, no core. i try to install the Defender for Identity sensor on a DC, setup wizard is running until a point. Then setup fails with 0x80070643 and do a rollback.

MsiPackage.log file:

=== Verbose logging started: 08/09/2021 23:27:58 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\Windows\Temp\{B8D83596-2A70-4F3C-8FB8-792FB318C6C2}\.be\Azure ATP Sensor Setup.exe ===
MSI (c) (60:50) [23:27:58:654]: Resetting cached policy values
MSI (c) (60:50) [23:27:58:654]: Machine policy value 'Debug' is 0
MSI (c) (60:50) [23:27:58:654]: ******* RunEngine:
******* Product: C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi
******* Action:
******* CommandLine: **********
MSI (c) (60:50) [23:27:58:670]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (60:50) [23:27:58:670]: Grabbed execution mutex.
MSI (c) (60:50) [23:27:58:701]: Cloaking enabled.
MSI (c) (60:50) [23:27:58:701]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (60:50) [23:27:58:707]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (94:40) [23:27:58:707]: Running installation inside multi-package transaction C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi
MSI (s) (94:40) [23:27:58:707]: Grabbed execution mutex.
MSI (s) (94:00) [23:27:58:707]: Resetting cached policy values
MSI (s) (94:00) [23:27:58:707]: Machine policy value 'Debug' is 0
MSI (s) (94:00) [23:27:58:707]: ******* RunEngine:
******* Product: C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi
******* Action:
******* CommandLine: **********
MSI (s) (94:00) [23:27:58:707]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (94:00) [23:27:58:707]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (94:00) [23:27:58:723]: SRSetRestorePoint skipped for this transaction.
MSI (s) (94:00) [23:27:58:723]: File will have security applied from OpCode.
MSI (s) (94:00) [23:27:58:739]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi' against software restriction policy
MSI (s) (94:00) [23:27:58:739]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi has a digital signature
MSI (s) (94:00) [23:27:58:823]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (94:00) [23:27:58:823]: MSCOREE not loaded loading copy from system32
MSI (s) (94:00) [23:27:58:823]: End dialog not enabled
MSI (s) (94:00) [23:27:58:823]: Original package ==> C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi
MSI (s) (94:00) [23:27:58:823]: Package we're running from ==> C:\Windows\Installer\901521.msi
MSI (s) (94:00) [23:27:58:823]: APPCOMPAT: Compatibility mode property overrides found.
MSI (s) (94:00) [23:27:58:823]: APPCOMPAT: looking for appcompat database entry with ProductCode '{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}'.
MSI (s) (94:00) [23:27:58:823]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (94:00) [23:27:58:823]: Machine policy value 'TransformsSecure' is 1
MSI (s) (94:00) [23:27:58:823]: Note: 1: 2262 2: File 3: -2147287038
MSI (s) (94:00) [23:27:58:823]: Note: 1: 2205 2: 3: MsiFileHash
MSI (s) (94:00) [23:27:58:823]: Machine policy value 'DisablePatch' is 0
MSI (s) (94:00) [23:27:58:823]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (94:00) [23:27:58:823]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (94:00) [23:27:58:823]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (94:00) [23:27:58:823]: APPCOMPAT: looking for appcompat database entry with ProductCode '{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}'.
MSI (s) (94:00) [23:27:58:839]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (94:00) [23:27:58:839]: Transforms are not secure.
MSI (s) (94:00) [23:27:58:839]: Note: 1: 2205 2: 3: Control
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\ADMINI~1.GRE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20210908232740_000_MsiPackage.log'.
MSI (s) (94:00) [23:27:58:839]: Command Line: ARPSYSTEMCOMPONENT=1 MSIFASTINSTALL=7 ACCESSKEY=********** InstallationPath=C:\Program Files\Azure Advanced Threat Protection Sensor InstalledVersion= PROXYCONFIGURATION=********** WixBundleOriginalSourceFolder=C:\Azure ATP Sensor Setup\ REBOOT=ReallySuppress CURRENTDIRECTORY=C:\Azure ATP Sensor Setup CLIENTUILEVEL=3 MSICLIENTUSESEXTERNALUI=1 CLIENTPROCESSID=12640
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{6F8A7B28-5262-426D-A9E7-47443E6A6B39}'.
MSI (s) (94:00) [23:27:58:839]: Product Code passed to Engine.Initialize: ''
MSI (s) (94:00) [23:27:58:839]: Product Code from property table before transforms: '{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}'
MSI (s) (94:00) [23:27:58:839]: Product Code from property table after transforms: '{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}'
MSI (s) (94:00) [23:27:58:839]: Product not registered: beginning first-time install
MSI (s) (94:00) [23:27:58:839]: Product {61E851B5-79C3-44C6-9FCD-1AD4A73553F4} is not managed.
MSI (s) (94:00) [23:27:58:839]: MSI_LUA: Credential prompt not required, user is an admin
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (94:00) [23:27:58:839]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (94:00) [23:27:58:839]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (94:00) [23:27:58:839]: Adding new sources is allowed.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (94:00) [23:27:58:839]: Package name extracted from package path: 'Microsoft.Tri.Sensor.Deployment.Package.msi'
MSI (s) (94:00) [23:27:58:839]: Package to be registered: 'Microsoft.Tri.Sensor.Deployment.Package.msi'
MSI (s) (94:00) [23:27:58:839]: Note: 1: 2205 2: 3: Error
MSI (s) (94:00) [23:27:58:839]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (94:00) [23:27:58:839]: Machine policy value 'DisableMsi' is 1
MSI (s) (94:00) [23:27:58:839]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (94:00) [23:27:58:839]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (94:00) [23:27:58:839]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (94:00) [23:27:58:839]: Running product '{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}' with elevated privileges: Product is assigned.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding ARPSYSTEMCOMPONENT property. Its value is '1'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding MSIFASTINSTALL property. Its value is '7'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding ACCESSKEY property. Its value is '**********'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding INSTALLATIONPATH property. Its value is 'C:\Program Files\Azure Advanced Threat Protection Sensor'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding WIXBUNDLEORIGINALSOURCEFOLDER property. Its value is 'C:\Azure ATP Sensor Setup\'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Azure ATP Sensor Setup'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding MSICLIENTUSESEXTERNALUI property. Its value is '1'.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '12640'.
MSI (s) (94:00) [23:27:58:839]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is '6c5de35935e7d644830a241ae0bf7f8c'.
MSI (s) (94:00) [23:27:58:839]: RESTART MANAGER: Session opened.
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (s) (94:00) [23:27:58:839]: TRANSFORMS property is now:
MSI (s) (94:00) [23:27:58:839]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '500'.
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\Favorites
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\Documents
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Recent
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\SendTo
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Templates
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Local
MSI (s) (94:00) [23:27:58:839]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\Pictures
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\Users\administrator.xxx\Desktop
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (s) (94:00) [23:27:58:855]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (s) (94:00) [23:27:58:855]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (94:00) [23:27:58:855]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (s) (94:00) [23:27:58:855]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (s) (94:00) [23:27:58:855]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (94:00) [23:27:58:855]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (94:00) [23:27:58:855]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Administrator'.
MSI (s) (94:00) [23:27:58:855]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (94:00) [23:27:58:855]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'N/A'.
MSI (s) (94:00) [23:27:58:855]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Windows\Installer\901521.msi'.
MSI (s) (94:00) [23:27:58:855]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi'.
MSI (s) (94:00) [23:27:58:855]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (s) (94:00) [23:27:58:855]: EEUI - Disabling MsiEmbeddedUI due to existing external or embedded UI
MSI (s) (94:00) [23:27:58:855]: EEUI - Disabling MsiEmbeddedUI for service because it's not a quiet/basic install
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (94:00) [23:27:58:870]: Machine policy value 'DisableRollback' is 0
MSI (s) (94:00) [23:27:58:870]: User policy value 'DisableRollback' is 0
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding MsiUISourceResOnly property. Its value is '1'.
=== Logging started: 08/09/2021 23:27:58 ===
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (94:00) [23:27:58:870]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (94:00) [23:27:58:870]: Doing action: INSTALL
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: ActionText
Action start 23:27:58: INSTALL.
MSI (s) (94:00) [23:27:58:870]: Running ExecuteSequence
MSI (s) (94:00) [23:27:58:870]: Doing action: FindRelatedProducts
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: ActionText
Action start 23:27:58: FindRelatedProducts.
MSI (s) (94:00) [23:27:58:870]: Doing action: LaunchConditions
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: FindRelatedProducts. Return value 1.
Action start 23:27:58: LaunchConditions.
MSI (s) (94:00) [23:27:58:870]: Doing action: ValidateProductID
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: LaunchConditions. Return value 1.
Action start 23:27:58: ValidateProductID.
MSI (s) (94:00) [23:27:58:870]: Doing action: CostInitialize
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: ValidateProductID. Return value 1.
MSI (s) (94:00) [23:27:58:870]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: Patch
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: Patch
Action start 23:27:58: CostInitialize.
MSI (s) (94:00) [23:27:58:870]: Doing action: FileCost
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: CostInitialize. Return value 1.
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: MsiAssembly
Action start 23:27:58: FileCost.
MSI (s) (94:00) [23:27:58:870]: Doing action: CostFinalize
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: FileCost. Return value 1.
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: Patch
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: Condition
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
MSI (s) (94:00) [23:27:58:870]: Target path resolution complete. Dumping Directory table...
MSI (s) (94:00) [23:27:58:870]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (94:00) [23:27:58:870]: Dir (target): Key: TARGETDIR , Object: C:\
MSI (s) (94:00) [23:27:58:870]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is '1'.
Action start 23:27:58: CostFinalize.
MSI (s) (94:00) [23:27:58:870]: Doing action: MigrateFeatureStates
MSI (s) (94:00) [23:27:58:870]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: CostFinalize. Return value 1.
Action start 23:27:58: MigrateFeatureStates.
MSI (s) (94:00) [23:27:58:886]: Doing action: InstallValidate
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: MigrateFeatureStates. Return value 0.
MSI (s) (94:00) [23:27:58:886]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is '6c5de35935e7d644830a241ae0bf7f8c'.
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Dialog
MSI (s) (94:00) [23:27:58:886]: Feature: ProductFeature; Installed: Absent; Request: Local; Action: Local
MSI (s) (94:00) [23:27:58:886]: Component: ProductComponent; Installed: Absent; Request: Local; Action: Local
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Registry
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: BindImage
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: ProgId
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Extension
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Font
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Class
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Icon
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: TypeLib
Action start 23:27:58: InstallValidate.
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: MsiAssembly
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?
MSI (s) (94:00) [23:27:58:886]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Registry
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: BindImage
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: ProgId
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Extension
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Font
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Class
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: Icon
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: TypeLib
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2727 2:
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: FilesInUse
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2727 2:
MSI (s) (94:00) [23:27:58:886]: Doing action: InstallInitialize
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: InstallValidate. Return value 1.
MSI (s) (94:00) [23:27:58:886]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (94:00) [23:27:58:886]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (94:00) [23:27:58:886]: BeginTransaction: Locking Server
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (94:00) [23:27:58:886]: SRSetRestorePoint skipped for this transaction.
MSI (s) (94:00) [23:27:58:886]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (94:00) [23:27:58:886]: Server not locked: locking for product {61E851B5-79C3-44C6-9FCD-1AD4A73553F4}
Action start 23:27:58: InstallInitialize.
MSI (s) (94:00) [23:27:58:902]: Doing action: InstallCustomAction
MSI (s) (94:00) [23:27:58:902]: Note: 1: 2205 2: 3: ActionText
Action ended 23:27:58: InstallInitialize. Return value 1.
MSI (s) (94:40) [23:27:58:908]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI15CD.tmp, Entrypoint: Install
MSI (s) (94:6C) [23:27:58:908]: Generating random cookie.
MSI (s) (94:6C) [23:27:58:908]: Created Custom Action Server with PID 12504 (0x30D8).
MSI (s) (94:90) [23:27:58:924]: Running as a service.
MSI (s) (94:E8) [23:27:58:939]: Hello, I'm your 64bit Impersonated custom action server.
Action start 23:27:58: InstallCustomAction.
SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSI15CD.tmp-\
SFXCA: Binding to CLR version v4.0.30319
Calling custom action Microsoft.Tri.Sensor.Deployment.Package.Actions!Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.Install
2021-09-08 16:28:00.2746 Debug CustomActions RunActionGroup InstallActionGroup started
2021-09-08 16:28:00.2902 Debug InstallActionGroup Apply started
2021-09-08 16:28:00.2902 Debug CreateDirectoryDeploymentAction Apply started [suppressFailure=False]
2021-09-08 16:28:00.2902 Debug CreateDirectoryDeploymentAction Apply finished
2021-09-08 16:28:00.2902 Debug DownloadMinorDeploymentPackageBytesAction Apply started [suppressFailure=False]
2021-09-08 16:28:05.0977 Debug DownloadMinorDeploymentPackageBytesAction Apply finished
2021-09-08 16:28:05.0977 Debug UnpackDeploymentPackageBytesAction Apply started [suppressFailure=False]
2021-09-08 16:28:05.9688 Debug UnpackDeploymentPackageBytesAction Apply finished
2021-09-08 16:28:05.9688 Debug RunDeployerMajorDeploymentAction Apply started [suppressFailure=False]
2021-09-08 16:28:05.9844 Info RunDeployerMajorDeploymentAction ApplyInternal started [filePath=ETAPZ0LIXJS3Ig8prJ1PFA== _arguments=W99/xxf9VqhqIKYVgAACqA==]
2021-09-08 16:28:07.6428 Info RunDeployerMajorDeploymentAction ApplyInternal finished [isSuccessful=False]
2021-09-08 16:28:07.6428 Debug InstallActionGroup Revert started
2021-09-08 16:28:07.6428 Warn InstallActionGroup Revert reverting [rollbackAction=UnpackDeploymentPackageBytesAction index=0 count=3]
2021-09-08 16:28:07.6585 Debug UnpackDeploymentPackageBytesAction Revert started
2021-09-08 16:28:07.6897 Debug UnpackDeploymentPackageBytesAction Revert finished
2021-09-08 16:28:07.6897 Warn InstallActionGroup Revert reverting [rollbackAction=DownloadMinorDeploymentPackageBytesAction index=1 count=3]
2021-09-08 16:28:07.7054 Debug DownloadMinorDeploymentPackageBytesAction Revert started
2021-09-08 16:28:07.7054 Debug DownloadMinorDeploymentPackageBytesAction Revert finished
2021-09-08 16:28:07.7054 Warn InstallActionGroup Revert reverting [rollbackAction=CreateDirectoryDeploymentAction index=2 count=3]
2021-09-08 16:28:07.7054 Debug CreateDirectoryDeploymentAction Revert started
2021-09-08 16:28:07.7054 Debug CreateDirectoryDeploymentAction Revert finished
2021-09-08 16:28:07.7054 Debug InstallActionGroup Revert finished
2021-09-08 16:28:07.7431 Error DeploymentAction Failed to apply InstallActionGroup
Microsoft.Tri.Infrastructure.ExtendedException: Apply failed [Type=RunDeployerMajorDeploymentAction]
at void Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(bool suppressFailure)
at void Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(bool suppressFailure)
at ActionResult Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.RunActionGroup(DeploymentActionGroup deploymentActionGroup, Session session)
2021-09-08 16:28:07.7431 Debug CustomActions RunActionGroup InstallActionGroup finished [result=Failure]
CustomAction InstallCustomAction returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (94:00) [23:28:07:821]: Note: 1: 2265 2: 3: -2147287035
MSI (s) (94:00) [23:28:07:821]: Machine policy value 'DisableRollback' is 0
MSI (s) (94:00) [23:28:07:821]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
Action ended 23:28:07: InstallCustomAction. Return value 3.
MSI (s) (94:00) [23:28:07:821]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (94:00) [23:28:07:821]: No System Restore sequence number for this installation.
MSI (s) (94:00) [23:28:07:821]: Unlocking Server
Action ended 23:28:07: INSTALL. Return value 3.
Property(S): UpgradeCode = {EDFB49E0-16FA-4535-B268-BD1B81B15DC2}
Property(S): TARGETDIR = C:\
Property(S): ALLUSERS = 1
Property(S): Manufacturer = Microsoft Corporation
Property(S): ProductCode = {61E851B5-79C3-44C6-9FCD-1AD4A73553F4}
Property(S): ProductLanguage = 1033
Property(S): ProductName = Azure Advanced Threat Protection Sensor
Property(S): ProductVersion = 2.0.0.0
Property(S): SecureCustomProperties = WIX_DOWNGRADE_DETECTED;WIX_UPGRADE_DETECTED
Property(S): MsiHiddenProperties = ACCESSKEY;PROXYCONFIGURATION
Property(S): MsiLogFileLocation = C:\Users\ADMINI~1.GRE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20210908232740_000_MsiPackage.log
Property(S): PackageCode = {6F8A7B28-5262-426D-A9E7-47443E6A6B39}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): MSIFASTINSTALL = 7
Property(S): ACCESSKEY = **********
Property(S): INSTALLATIONPATH = C:\Program Files\Azure Advanced Threat Protection Sensor
Property(S): WIXBUNDLEORIGINALSOURCEFOLDER = C:\Azure ATP Sensor Setup\
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = C:\Azure ATP Sensor Setup
Property(S): CLIENTUILEVEL = 3
Property(S): MSICLIENTUSESEXTERNALUI = 1
Property(S): CLIENTPROCESSID = 12640
Property(S): MsiSystemRebootPending = 1
Property(S): VersionDatabase = 500
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): VersionNT64 = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 2
Property(S): MsiNTSuiteDataCenter = 1
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\Windows\system32\
Property(S): SystemFolder = C:\Windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\ADMINI~1.GRE\AppData\Local\Temp\
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\administrator.xxx\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\administrator.xxx\Favorites\
Property(S): NetHoodFolder = C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\administrator.xxx\Documents\
Property(S): PrintHoodFolder = C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\administrator.xxx\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\administrator.xxx\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\administrator.xxx\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 12288
Property(S): VirtualMemory = 7407
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = administrator
Property(S): UserSID = S-1-5-21-895235092-2957102850-851312084-500
Property(S): UserLanguageID = 1033
Property(S): ComputerName = IDC
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 23
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 23:28:07
Property(S): Date = 9/8/2021
Property(S): MsiNetAssemblySupport = 4.7.3190.0
Property(S): MsiWin32AssemblySupport = 6.3.17763.1
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Administrator
Property(S): COMPANYNAME = N/A
Property(S): DATABASE = C:\Windows\Installer\901521.msi
Property(S): OriginalDatabase = C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi
Property(S): UILevel = 2
Property(S): MsiUISourceResOnly = 1
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = C:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): INSTALLLEVEL = 1
MSI (s) (94:00) [23:28:07:843]: Note: 1: 1708
MSI (s) (94:00) [23:28:07:843]: Note: 1: 2205 2: 3: Error
MSI (s) (94:00) [23:28:07:843]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708
MSI (s) (94:00) [23:28:07:843]: Note: 1: 2205 2: 3: Error
MSI (s) (94:00) [23:28:07:843]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
MSI (s) (94:00) [23:28:07:843]: Product: Azure Advanced Threat Protection Sensor -- Installation failed.

MSI (s) (94:00) [23:28:07:843]: Windows Installer installed the product. Product Name: Azure Advanced Threat Protection Sensor. Product Version: 2.0.0.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

MSI (s) (94:00) [23:28:07:843]: Deferring clean up of packages/files, if any exist
MSI (s) (94:00) [23:28:07:843]: MainEngineThread is returning 1603
MSI (s) (94:40) [23:28:07:859]: RESTART MANAGER: Session closed.
MSI (s) (94:40) [23:28:07:859]: No System Restore sequence number for this installation.
=== Logging stopped: 08/09/2021 23:28:07 ===
MSI (s) (94:40) [23:28:07:859]: User policy value 'DisableRollback' is 0
MSI (s) (94:40) [23:28:07:859]: Machine policy value 'DisableRollback' is 0
MSI (s) (94:40) [23:28:07:859]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (94:40) [23:28:07:859]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (94:40) [23:28:07:859]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (94:40) [23:28:07:859]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (94:40) [23:28:07:859]: Destroying RemoteAPI object.
MSI (s) (94:6C) [23:28:07:859]: Custom Action Manager thread ending.
MSI (c) (60:50) [23:28:07:859]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (60:50) [23:28:07:859]: MainEngineThread is returning 1603
=== Verbose logging stopped: 08/09/2021 23:28:07 ===

The orther log file:

[3258:2D00][2021-09-08T23:27:40]i001: Burn v3.11.2.4516, Windows v10.0 (Build 17763: Service Pack 0), path: C:\Windows\Temp\{42F423E1-CDD4-4552-92DF-000BA6FC3852}\.cr\Azure ATP Sensor Setup.exe
[3258:2D00][2021-09-08T23:27:40]i000: Initializing hidden variable 'AccessKey'
[3258:2D00][2021-09-08T23:27:40]i000: Initializing hidden variable 'ProxyConfiguration'
[3258:2D00][2021-09-08T23:27:40]i000: Initializing hidden variable 'ProxyUserPassword'
[3258:2D00][2021-09-08T23:27:40]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value '/passive /showrmui'
[3258:2D00][2021-09-08T23:27:40]i009: Command Line: '"-burn.clean.room=C:\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe" -burn.filehandle.attached=740 -burn.filehandle.self=744'
[3258:2D00][2021-09-08T23:27:40]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe'
[3258:2D00][2021-09-08T23:27:40]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Azure ATP Sensor Setup\'
[3258:2D00][2021-09-08T23:27:40]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\ADMINI~1.GRE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20210908232740.log'
[3258:2D00][2021-09-08T23:27:40]i000: Setting string variable 'WixBundleName' to value 'Azure Advanced Threat Protection Sensor'
[3258:2D00][2021-09-08T23:27:40]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'
[3258:2D00][2021-09-08T23:27:40]i000: Loading managed bootstrapper application.
[3258:2D00][2021-09-08T23:27:40]i000: Creating BA thread to run asynchronously.
[3258:2D54][2021-09-08T23:27:40]i000: 2021-09-08 16:27:40.8905 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetExportedTypes failed [\[]assembly=PInvoke.User32, Version=0.5.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a exception.Message=Could not load file or assembly 'PInvoke.Windows.Core, Version=0.5.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:41]i000: 2021-09-08 16:27:41.0065 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Cloud.Common.ServiceModuleManager, Microsoft.Tri.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Cloud.Common.ServiceModuleManager, Microsoft.Tri.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:41]i000: 2021-09-08 16:27:41.0912 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Infrastructure.ModuleManager, Microsoft.Tri.Infrastructure, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Infrastructure.ModuleManager, Microsoft.Tri.Infrastructure, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:41]i000: 2021-09-08 16:27:41.0912 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Sensor.Common.CommonSensorModuleManager, Microsoft.Tri.Sensor.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Sensor.Common.CommonSensorModuleManager, Microsoft.Tri.Sensor.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D00][2021-09-08T23:27:41]i100: Detect begin, 5 packages
[3258:2D00][2021-09-08T23:27:41]i000: 2021-09-08 16:27:41.1224 Debug DeploymentModel DetectDeploymentAction DetectBegin [\[]Installed=False[\]]
[3258:2D00][2021-09-08T23:27:41]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2'
[3258:2D00][2021-09-08T23:27:41]i000: Setting numeric variable 'Kb4019990Windows2008R2Exists' to value 0
[3258:2D00][2021-09-08T23:27:41]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.2.1.1'
[3258:2D00][2021-09-08T23:27:41]i000: Setting numeric variable 'Kb4019990Windows2012Exists' to value 0
[3258:2D00][2021-09-08T23:27:41]i000: Setting string variable 'NetFrameworkRegistryValue' to value '461814'
[3258:2D00][2021-09-08T23:27:41]i000: Setting string variable 'ServerLevelsServerCoreRegistryValue' to value '1'
[3258:2D00][2021-09-08T23:27:41]i000: Setting string variable 'ServerLevelsServerGuiShellRegistryValue' to value '1'
[3258:2D00][2021-09-08T23:27:41]i052: Condition 'Kb4019990Windows2008R2Exists' evaluates to false.
[3258:2D00][2021-09-08T23:27:41]i052: Condition 'Kb4019990Windows2012Exists' evaluates to false.
[3258:2D00][2021-09-08T23:27:41]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
[3258:2D00][2021-09-08T23:27:41]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
[3258:2D00][2021-09-08T23:27:41]i101: Detected package: Kb4019990Windows2008R2Package, state: Absent, cached: None
[3258:2D00][2021-09-08T23:27:41]i101: Detected package: Kb4019990Windows2012Package, state: Absent, cached: None
[3258:2D00][2021-09-08T23:27:41]i101: Detected package: NetFrameworkPackageServer, state: Present, cached: None
[3258:2D00][2021-09-08T23:27:41]i101: Detected package: NetFrameworkPackageServerCore, state: Present, cached: None
[3258:2D00][2021-09-08T23:27:41]i101: Detected package: MsiPackage, state: Absent, cached: None
[3258:2D00][2021-09-08T23:27:41]i199: Detect complete, result: 0x0
[3258:2D54][2021-09-08T23:27:41]i000: 2021-09-08 16:27:41.1224 Debug DeploymentModel .ctor [\[]DeploymentAction=Install[\]]
[3258:2D54][2021-09-08T23:27:41]i000: 2021-09-08 16:27:41.1915 Debug DeploymentModel .ctor [\[]IsAfterRestartAndConfigured=False[\]]
[3258:2D54][2021-09-08T23:27:56]i000: 2021-09-08 16:27:56.3969 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetExportedTypes failed [\[]assembly=PInvoke.User32, Version=0.5.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a exception.Message=Could not load file or assembly 'PInvoke.Windows.Core, Version=0.5.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:56]i000: 2021-09-08 16:27:56.4034 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetExportedTypes failed [\[]assembly=Microsoft.Owin, Version=4.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 exception.Message=Could not load file or assembly 'Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:56]i000: 2021-09-08 16:27:56.4191 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Cloud.Common.ServiceModuleManager, Microsoft.Tri.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Cloud.Common.ServiceModuleManager, Microsoft.Tri.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:56]i000: 2021-09-08 16:27:56.5037 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Infrastructure.ModuleManager, Microsoft.Tri.Infrastructure, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Infrastructure.ModuleManager, Microsoft.Tri.Infrastructure, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:56]i000: 2021-09-08 16:27:56.5037 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Sensor.Common.CommonSensorModuleManager, Microsoft.Tri.Sensor.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Sensor.Common.CommonSensorModuleManager, Microsoft.Tri.Sensor.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:56]i000: 2021-09-08 16:27:56.5194 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.CommonCommunication.ClientCertificateAuthenticationOptions, Microsoft.Tri.CommonCommunication, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.CommonCommunication.ClientCertificateAuthenticationOptions, Microsoft.Tri.CommonCommunication, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Microsoft.Owin.Security.Cookies, Version=4.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:57]i000: 2021-09-08 16:27:57.2903 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetExportedTypes failed [\[]assembly=PInvoke.User32, Version=0.5.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a exception.Message=Could not load file or assembly 'PInvoke.Windows.Core, Version=0.5.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:57]i000: 2021-09-08 16:27:57.2923 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetExportedTypes failed [\[]assembly=Microsoft.Owin, Version=4.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 exception.Message=Could not load file or assembly 'Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:57]i000: 2021-09-08 16:27:57.3083 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Cloud.Common.ServiceModuleManager, Microsoft.Tri.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Cloud.Common.ServiceModuleManager, Microsoft.Tri.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:57]i000: 2021-09-08 16:27:57.3843 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Infrastructure.ModuleManager, Microsoft.Tri.Infrastructure, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Infrastructure.ModuleManager, Microsoft.Tri.Infrastructure, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:57]i000: 2021-09-08 16:27:57.3903 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.Sensor.Common.CommonSensorModuleManager, Microsoft.Tri.Sensor.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.Sensor.Common.CommonSensorModuleManager, Microsoft.Tri.Sensor.Common, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Autofac, Version=4.9.2.0, Culture=neutral, PublicKeyToken=17863af14b0044da' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:57]i000: 2021-09-08 16:27:57.3943 Warn JsonSerializerSettingsExtension+JsonSerializationBinder UpdateCurrentDomainAssemblyTypes GetSerializableMembers failed [\[]AssemblyQualifiedName=Microsoft.Tri.CommonCommunication.ClientCertificateAuthenticationOptions, Microsoft.Tri.CommonCommunication, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null AssemblyQualifiedName=Microsoft.Tri.CommonCommunication.ClientCertificateAuthenticationOptions, Microsoft.Tri.CommonCommunication, Version=2.160.14446.3872, Culture=neutral, PublicKeyToken=null exception.Message=Could not load file or assembly 'Microsoft.Owin.Security.Cookies, Version=4.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.[\]]
[3258:2D54][2021-09-08T23:27:57]i000: 2021-09-08 16:27:57.7374 Info Model ValidateAsync ValidateCreateSensorAsync returned [\[]validateCreateSensorResult=Success[\]]
[3258:2D54][2021-09-08T23:27:57]i000: Setting string variable 'IsConfigured' to value 'True'
[3258:2D54][2021-09-08T23:27:57]i000: Setting hidden variable 'AccessKey'
[3258:2D54][2021-09-08T23:27:57]i000: Setting hidden variable 'ProxyConfiguration'
[3258:2D54][2021-09-08T23:27:57]i000: Setting string variable 'InstallationPath' to value 'C:\Program Files\Azure Advanced Threat Protection Sensor'
[3258:2D00][2021-09-08T23:27:57]i200: Plan begin, 5 packages, action: Install
[3258:2D00][2021-09-08T23:27:57]i052: Condition 'VersionNT64 = v6.1' evaluates to false.
[3258:2D00][2021-09-08T23:27:57]w321: Skipping dependency registration on package with no dependency providers: Kb4019990Windows2008R2Package
[3258:2D00][2021-09-08T23:27:57]i052: Condition 'VersionNT64 = v6.2' evaluates to false.
[3258:2D00][2021-09-08T23:27:57]w321: Skipping dependency registration on package with no dependency providers: Kb4019990Windows2012Package
[3258:2D00][2021-09-08T23:27:57]i052: Condition 'ServerLevelsServerCoreRegistryValue <> 1 OR ServerLevelsServerGuiShellRegistryValue = 1' evaluates to true.
[3258:2D00][2021-09-08T23:27:57]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServer
[3258:2D00][2021-09-08T23:27:57]i052: Condition 'ServerLevelsServerCoreRegistryValue = 1 AND ServerLevelsServerGuiShellRegistryValue <> 1' evaluates to false.
[3258:2D00][2021-09-08T23:27:57]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServerCore
[3258:2D00][2021-09-08T23:27:57]i000: Setting string variable 'WixBundleRollbackLog_MsiPackage' to value 'C:\Users\ADMINI~1.GRE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20210908232740_000_MsiPackage_rollback.log'
[3258:2D00][2021-09-08T23:27:57]i000: Setting string variable 'WixBundleLog_MsiPackage' to value 'C:\Users\ADMINI~1.GRE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20210908232740_000_MsiPackage.log'
[3258:2D00][2021-09-08T23:27:57]i201: Planned package: Kb4019990Windows2008R2Package, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[3258:2D00][2021-09-08T23:27:57]i201: Planned package: Kb4019990Windows2012Package, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[3258:2D00][2021-09-08T23:27:57]i201: Planned package: NetFrameworkPackageServer, state: Present, default requested: Present, ba requested: Present, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[3258:2D00][2021-09-08T23:27:57]i201: Planned package: NetFrameworkPackageServerCore, state: Present, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[3258:2D00][2021-09-08T23:27:57]i201: Planned package: MsiPackage, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
[3258:2D00][2021-09-08T23:27:57]i299: Plan complete, result: 0x0
[3258:2D00][2021-09-08T23:27:57]i300: Apply begin
[3258:2D00][2021-09-08T23:27:57]i010: Launching elevated engine process.
[3258:2D00][2021-09-08T23:27:58]i011: Launched elevated engine process.
[3258:2D00][2021-09-08T23:27:58]i012: Connected to elevated engine.
[3160:3648][2021-09-08T23:27:58]i358: Pausing automatic updates.
[3160:3648][2021-09-08T23:27:58]i359: Paused automatic updates.
[3160:3648][2021-09-08T23:27:58]i360: Creating a system restore point.
[3160:3648][2021-09-08T23:27:58]i362: System restore disabled, system restore point not created.
[3160:3648][2021-09-08T23:27:58]i370: Session begin, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6c5fe9be-763e-4977-92d5-88c9c3b823c5}, options: 0x7, disable resume: No
[3160:3648][2021-09-08T23:27:58]i000: Caching bundle from: 'C:\Windows\Temp\{B8D83596-2A70-4F3C-8FB8-792FB318C6C2}\.be\Azure ATP Sensor Setup.exe' to: 'C:\ProgramData\Package Cache\{6c5fe9be-763e-4977-92d5-88c9c3b823c5}\Azure ATP Sensor Setup.exe'
[3160:3648][2021-09-08T23:27:58]i320: Registering bundle dependency provider: {6c5fe9be-763e-4977-92d5-88c9c3b823c5}, version: 2.0.0.0
[3160:3648][2021-09-08T23:27:58]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6c5fe9be-763e-4977-92d5-88c9c3b823c5}, resume: Active, restart initiated: No, disable resume: No
[3160:36E4][2021-09-08T23:27:58]i305: Verified acquired payload: MsiPackage at path: C:\ProgramData\Package Cache\.unverified\MsiPackage, moving to: C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi.
[3160:3648][2021-09-08T23:27:58]i323: Registering package dependency provider: {61E851B5-79C3-44C6-9FCD-1AD4A73553F4}, version: 2.0.0.0, package: MsiPackage
[3160:3648][2021-09-08T23:27:58]i301: Applying execute package: MsiPackage, action: Install, path: C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi, arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7" ACCESSKEY="*****" InstallationPath="C:\Program Files\Azure Advanced Threat Protection Sensor" InstalledVersion="" PROXYCONFIGURATION="*****" WixBundleOriginalSourceFolder="C:\Azure ATP Sensor Setup\"'
[3160:3648][2021-09-08T23:28:07]e000: Error 0x80070643: Failed to install MSI package.
[3160:3648][2021-09-08T23:28:07]e000: Error 0x80070643: Failed to execute MSI package.
[3258:2D00][2021-09-08T23:28:07]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[3258:2D00][2021-09-08T23:28:07]i000: 2021-09-08 16:28:07.8591 Error Model LogError [\[]methodName=BootstrapperApplication_ExecutePackageComplete status=-2147023293 exception=[\]]
[3258:2D00][2021-09-08T23:28:07]i319: Applied execute package: MsiPackage, result: 0x80070643, restart: None
[3258:2D00][2021-09-08T23:28:07]e000: Error 0x80070643: Failed to execute MSI package.
[3160:3648][2021-09-08T23:28:07]i318: Skipped rollback of package: MsiPackage, action: Uninstall, already: Absent
[3258:2D00][2021-09-08T23:28:07]i319: Applied rollback package: MsiPackage, result: 0x0, restart: None
[3160:3648][2021-09-08T23:28:07]i329: Removed package dependency provider: {61E851B5-79C3-44C6-9FCD-1AD4A73553F4}, package: MsiPackage
[3160:3648][2021-09-08T23:28:07]i351: Removing cached package: MsiPackage, from path: C:\ProgramData\Package Cache\{61E851B5-79C3-44C6-9FCD-1AD4A73553F4}v2.0.0.0\
[3160:3648][2021-09-08T23:28:07]i372: Session end, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6c5fe9be-763e-4977-92d5-88c9c3b823c5}, resume: None, restart: None, disable resume: No
[3160:3648][2021-09-08T23:28:07]i330: Removed bundle dependency provider: {6c5fe9be-763e-4977-92d5-88c9c3b823c5}
[3160:3648][2021-09-08T23:28:07]i352: Removing cached bundle: {6c5fe9be-763e-4977-92d5-88c9c3b823c5}, from path: C:\ProgramData\Package Cache\{6c5fe9be-763e-4977-92d5-88c9c3b823c5}\
[3160:3648][2021-09-08T23:28:07]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6c5fe9be-763e-4977-92d5-88c9c3b823c5}, resume: None, restart initiated: No, disable resume: No
[3258:2D00][2021-09-08T23:28:07]i399: Apply complete, result: 0x80070643, restart: None, ba requested restart: No0902878278

Can you help me this case?