GPO push install fails with error code 1603

I am new to GPO push install. I just configured a group policy to push install a software for machines in the domain. However, it fails with error code 1603.

The following is the log appmgmt on the client.

07-27 17:14:16:775 
Software installation extension has been called for foreground synchronous policy refresh.
The following policies are to be applied, flags are 1.
    SecureAge Distribute (unique identifier {AE19597D-CBD3-42EF-AEE8-09FBBFA13171})
        System volume path = \\dev.sa.com\SysVol\dev.sa.com\Policies\{AE19597D-CBD3-42EF-AEE8-09FBBFA13171}\Machine
        Active Directory path = LDAP://CN=Machine,cn={AE19597D-CBD3-42EF-AEE8-09FBBFA13171},cn=policies,cn=system,DC=dev,DC=sa,DC=com
Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,cn={AE19597D-CBD3-42EF-AEE8-09FBBFA13171},cn=policies,cn=system,DC=dev,DC=sa,DC=com;.
Enumerating applications in the Active Directory for computer CHENBOXPSP3X32 with flags 5.
CSTORE: Retrieving class store path for the system account.
CSTORE: Retrieved 1 class stores for the user or machine.
CSTORE: Attempting to bind to class store 0 with path LDAP://CN=Class Store,CN=Machine,cn={AE19597D-CBD3-42EF-AEE8-09FBBFA13171},cn=policies,cn=system,DC=dev,DC=sa,DC=com.
CSTORE: Bind attempt returned error code 0.
CSTORE: Enumerating packages with search filter (&(objectclass=packageRegistration)(|(|(msiScriptName=*A*)(&(canUpgradeScript=*)(msiScriptName=*P*)))(!(msiScriptName=*)))) and flags ce00000.
CSTORE: Examining retrieved package SecureAge.
The following applications were found in policy SecureAge Distribute.
    Assigned application SecureAge (flags a0004c70).
Found 1 applications in policy SecureAge Distribute.
Enumerating the managed applications which are currently applied to this user.
No managed applications are currently applied to this user.
Found 0 applications locally that are not included in the set of applications from the Active Directory.
Application SecureAge from policy SecureAge Distribute is set for installation because it is assigned to this computer policy.
Assigning application SecureAge from policy SecureAge Distribute.
Calling the Windows Installer to advertise application SecureAge from script C:\WINDOWS\system32\appmgmt\MACHINE\{e7b03277-41c7-41b4-8863-cffe4d61237e}.aas with flags 69.
Windows Installer cannot advertise application SecureAge from script C:\WINDOWS\system32\appmgmt\MACHINE\{e7b03277-41c7-41b4-8863-cffe4d61237e}.aas, error 1603..
The assignment of application SecureAge from policy SecureAge Distribute failed.  The error was : %1603

And

Removing application SecureAge from the software installation database.
Calling Windows Installer to remove application advertisement for application SecureAge from script C:\WINDOWS\system32\appmgmt\MACHINE\{e7b03277-41c7-41b4-8863-cffe4d61237e}.aas.
Windows Installer cannot remove application advertisement for application SecureAge from script C:\WINDOWS\system32\appmgmt\MACHINE\{e7b03277-41c7-41b4-8863-cffe4d61237e}.aas, error 1603.
The removal of the assignment of application SecureAge from policy SecureAge Distribute failed.  The error was : %1603

Policy Logging for Software Management is attempting to log application SecureAge from policy SecureAge Distribute.
Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : %1603

And

Software installation extension returning with final error code 1603.
07-27 17:14:25:665 
Software installation extension has been called for foreground synchronous policy refresh.
The following policies are to be applied, flags are 80.
    SecureAge Distribute (unique identifier {AE19597D-CBD3-42EF-AEE8-09FBBFA13171})
        System volume path = \\dev.sa.com\SysVol\dev.sa.com\Policies\{AE19597D-CBD3-42EF-AEE8-09FBBFA13171}\User
        Active Directory path = LDAP://CN=User,cn={AE19597D-CBD3-42EF-AEE8-09FBBFA13171},cn=policies,cn=system,DC=dev,DC=sa,DC=com
Set the Active Directory path to LDAP://CN=Class Store,CN=User,cn={AE19597D-CBD3-42EF-AEE8-09FBBFA13171},cn=policies,cn=system,DC=dev,DC=sa,DC=com;.
Policy has not changed.  Only assigned applications will be advertised.
Enumerating the managed applications which are currently applied to this user.
No managed applications are currently applied to this user.
Found 0 applications locally that are not included in the set of applications from the Active Directory.
Software installation extension returning with final error code 0.

I tried to search things like "Windows Installer cannot advertise application ... from script ...", but get no hint.

Also, there is no log for the msi installation in the %temp% folder.

Edit: The event information in the application event is the following:

Event ID: 101 (error)
The assignment of application SecureAge from policy SecureAge Distribute failed.  The error was : Fatal error during installation. 

Event ID: 103 (error)
The removal of the assignment of application SecureAge from policy SecureAge Distribute failed.  The error was : Fatal error during installation. 

Event ID: 108 (error)
Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : Fatal error during installation. 

Event ID: 1085 (error)
The Group Policy client-side extension Software Installation failed to execute. Please look for any errors reported earlier by that extension.

I followed this link to setup the group policy as I cannot post the screenshot since I am new. http://support.microsoft.com/kb/816102

The problem happens for both windows XP and 7 32bit hosts. The hosts run in VMWare.

Edit 2: I tried to use startup script to install the package, it works for Windows 7 client. During the startup phase in Windows 7 client, a pop-up of Interactive Services Detection window shows the installed software wants to show some message. Other than that, the installation works fine, no input is required during the installation process. Note that manual installation of the msi shows a message that restart is required after the installation.

The startup script is the following:

Set WshShell = CreateObject("WScript.Shell")
Set objFso = CreateObject("Scripting.FileSystemObject")
If Not objFso.FileExists("C:\Program Files\SecureAge\bin\SecureAge.exe") Then
    WshShell.Run "\\192.168.0.145\DPoint\SecureAge.msi"
End If 

Note: the startup script installation only works in Windows 7, but not in Windows XP.

Edit 3: the screenshot of the group policy:

Can anyone please help me with the issue.

Thanks and regards

Solution 1:

1603 fatal errors usually are caused by one of two things: the account doing the installation can't write where it needs to, or the installation package is corrupted. Since you've ruled out #2 by doing an install with it, I'll assume it's #1.

When you use a computer-based software installation GPO, what you're doing is installing the software as the SYSTEM account. Some software installers misbehave and require that data be written to the installing user's profile. The SYSTEM account doesn't have a traditional profile like other user accounts do, which gives the illusion that required directories do not exist. This could explain why a logon script or manual install works - neither run as SYSTEM.

I'd check with your software vendor and make sure that this software can be deployed the way that you are trying, since all signs point to the software installer itself being the culprit.