Consider the following scenario:
Locating group 'MBAM Report Users'
Adding 'S-1-5-21-1439336290-1767738825-2630487909-500' to group 'MBAM Report Users'
Locating group 'MBAM Recovery and Hardware DB Access'
Adding 'S-1-5-20' to group 'MBAM Recovery and Hardware DB Access'
Exception: A new member could not be added to a local group because the member has the wrong account type.
StackTrace:
at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes)
at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)
at System.DirectoryServices.AccountManagement.SAMStoreCtx.Update(Principal p)
at Microsoft.Windows.Mdop.BitlockerManagement.SetupCAs.Groups.CreateGroupsDeferred(Session session)
InnerException:Exception: A new member could not be added to a local group because the member has the wrong account type.
InnerException:StackTrace:
at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADsGroup.Add(String bstrNewItem)
at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes)
CustomAction MbamCreateGroupsDeferred returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Note: MBAM logs can be collected by when you execute MBAM Setup using the below command from eleavted command prompt.
- You have a system running Windows Server 2008 or Windows Server 2008 R2.
- The server have Active Directory Domain Services role installed.
- When you execute Microsoft BitLocker Administration and Monitoring (MBAM) setup it would fail to install.
- You notice following error logged in MBAMSetup.log file:
Locating group 'MBAM Report Users'
Adding 'S-1-5-21-1439336290-1767738825-2630487909-500' to group 'MBAM Report Users'
Locating group 'MBAM Recovery and Hardware DB Access'
Adding 'S-1-5-20' to group 'MBAM Recovery and Hardware DB Access'
Exception: A new member could not be added to a local group because the member has the wrong account type.
StackTrace:
at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes)
at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)
at System.DirectoryServices.AccountManagement.SAMStoreCtx.Update(Principal p)
at Microsoft.Windows.Mdop.BitlockerManagement.SetupCAs.Groups.CreateGroupsDeferred(Session session)
InnerException:Exception: A new member could not be added to a local group because the member has the wrong account type.
InnerException:StackTrace:
at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADsGroup.Add(String bstrNewItem)
at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes)
CustomAction MbamCreateGroupsDeferred returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Note: MBAM logs can be collected by when you execute MBAM Setup using the below command from eleavted command prompt.
mbamsetup.exe /lvx c:\mbam.log