Symantec AntiVirus: "Error 1920". "The Service failed to start. Verify that you have sufficient privileges to start system services."

Article:TECH103676  |  Created: 2008-01-02  |  Updated: 2010-01-05  |  Article URL http://www.symantec.com/docs/TECH103676
Article Type
Technical Solution


Environment

Issue



Why is an Error code 1920 produced during installation with Message – “Symantec AntiVirus failed to start.”

Symptoms
The Symantec AntiVirus Service is dependent on "Symantec Settings Manager." It is the inability of this service to start that causes the complete installation of the product to fail.


Other possibilities are as follows:

  • Incorrect Permissions set on the Registry Keys, or Software Restriction Policies set through GPO's for the Domain.
  • The CustomSD entry flag (Event Log Security).


Solution



Below are three possible resolutions:
  • Either a combination of, or any one of these resolutions may work.
  • It is possible that all three Resolutions will need to be followed before the problem is corrected.
    Resolution 1
    1. Click Start
    2. Click Run.
    3. Type regedit
    4. Click OK.
    5. Navigate to the following subkeys:
      • HKEY_LOCAL_MACHINE\Software\Intel
      • HKEY_LOCAL_MACHINE\Software\Symantec
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths
      • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

    6. For each of these keys, ensure that "Administrator", "Administrators" and "System" have Full Control.
    Warning: If all of the groups: "Administrator", "Administrators" and "System" have Full Control, DO NOT CHANGE ANYTHING, instead proceed to Resolution 2.



    Resolution 2
    The Trusted Publishers Properties must have "Allow the following users to Select Trusted publishers" configured to "End Users." To change this setting follow the below steps:
    1. Go to Default Domain Controller Security Settings> Software Restriction Policies> Trusted publishers
    2. Change the settings from "Enterprise Administrators" to "End Users."
      • This sets AuthenticodeFlags = 0 under the following registry locations.
        • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer\AuthenticodeFlags
        • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Safer\AuthenticodeFlags
        • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer\AuthenticodeFlags

    3. Perform the following: gpupdate /force, to force a refresh of the Group Policy on the AD Server.

    Resolution 3
    If the CustomSD entry for the Application Eventlog has been modified, then the "Symantec Settings Manager" will not be able to read/write to that Application Eventlog.

    Please read and follow the directions in the following Microsoft document to ensure that the CustomSD entry for the Application Eventlog is set to default:
    "How to set event log security locally or by using Group Policy in Windows Server 2003" at URL: http://support.microsoft.com/kb/323076


References
"How to set event log security locally or by using Group Policy in Windows Server 2003" at URL: http://support.microsoft.com/kb/323076





Legacy ID



2008010303273448


Article URL http://www.symantec.com/docs/TECH103676


Terms of use for this information are found in Legal Notices