0x00000652 ERROR_INSTALL_ALREADY_RUNNING — Windows Error Code

Q: What does the Windows error code 0x00000652 mean?

It is the Win32 / NTSTATUS code ERROR_INSTALL_ALREADY_RUNNING (decimal 1618). Another installation is already in progress. Complete that first, or kill msiexec.exe.

Q: How do I decode 0x00000652 in PowerShell?

Run [ComponentModel.Win32Exception]::new(1618).Message in any PowerShell session. For HRESULT-style codes, use err.exe from the Windows SDK or the WinDbg !error command.

Q: Where does Windows typically log this error?

It depends on the originating subsystem (Windows Update → %WinDir%\WindowsUpdate.log; AD/Kerberos → Security event log on the DC; BSOD → minidump under C:\Windows\Minidump; MSI → %TEMP%\msi*.log; WMI → Microsoft-Windows-WMI-Activity). Always cross-reference the timestamp and module name with the Application and System event logs.

Description

ERROR_INSTALL_ALREADY_RUNNING (hex code 0x00000652, decimal 1618) is a Windows warning-level error code in the MSI Installer Errors family. Microsoft surfaces this code through the Win32 API, the Common Language Runtime, the kernel, the event log, PowerShell, command-line tools (sfc, dism, gpupdate, sc), and Windows-side applications such as Outlook, Teams, Office, and System Center.

Another installation is already in progress. Complete that first, or kill msiexec.exe.

This page documents what triggers 0x00000652, the most common scenarios where it appears, the likely root causes, and a step-by-step troubleshooting workflow you can run against affected endpoints. It is intended for system administrators, MSP technicians, helpdesk engineers, and anyone diagnosing Windows behavior in a managed environment.

In-depth explanation

This is a warning-severity code. The operation did not necessarily fail; Windows may have completed it with side effects, conflicts, or a state that requires user attention. It is normally safe to retry, but should still be logged so repeated occurrences can be triaged.

It is part of the Windows Installer error space. It surfaces in MSI logs (msiexec /l*v), App-V / Intune deployments, and the Application event log.

The code can be looked up programmatically in PowerShell with [ComponentModel.Win32Exception]::new(1618).Message (for Win32 / NTSTATUS codes that map cleanly), or with net helpmsg 1618 for the legacy decimal range. For HRESULT-style codes, decode the facility and code with err.exe from the SDK or via the WinDbg !error command.

Common causes

Windows Installer service (msiserver) stopped or disabled.
Concurrent installation already in progress — wait or kill msiexec.exe.
MSI package corrupted, partially downloaded, or signed with an untrusted certificate.
Insufficient permissions on %TEMP% or the install target directory.
Custom action failure — check the verbose log msiexec /i <pkg> /l*v %TEMP%\msi.log.

Troubleshooting steps

Confirm the Windows Installer service is running: sc query msiserver — start it with sc start msiserver.
Re-run the installer with verbose logging: msiexec /i <package.msi> /l*v %TEMP%\msi.log and inspect the log for the failing custom action.
Make sure no other MSI is in progress (kill any running msiexec.exe) before retrying.
Check the digital signature of the MSI — Windows blocks unsigned or untrusted packages under SmartScreen / WDAC.
For App-V / Intune deployments, verify the package is targeted at the correct architecture (32 vs 64-bit) and the user has the required group membership.

Decode in PowerShell

# Decode 0x00000652 (1618) in PowerShell
[ComponentModel.Win32Exception]::new(1618).Message

# Or via WinDbg / err.exe (Windows SDK)
# err 0x00000652

# Or net helpmsg (legacy decimal range only)
# net helpmsg 1618

Frequently asked questions

What does the Windows error code 0x00000652 mean?

It is the Win32 / NTSTATUS code ERROR_INSTALL_ALREADY_RUNNING (decimal 1618). Another installation is already in progress. Complete that first, or kill msiexec.exe.

How do I decode 0x00000652 in PowerShell?

Run [ComponentModel.Win32Exception]::new(1618).Message in any PowerShell session. For HRESULT-style codes, use err.exe from the Windows SDK or the WinDbg !error command.

Where does Windows typically log this error?

It depends on the originating subsystem (Windows Update → %WinDir%\WindowsUpdate.log; AD/Kerberos → Security event log on the DC; BSOD → minidump under C:\Windows\Minidump; MSI → %TEMP%\msi*.log; WMI → Microsoft-Windows-WMI-Activity). Always cross-reference the timestamp and module name with the Application and System event logs.

Is this code recoverable?

Yes — this code is informational or warning-level. The operation can normally be retried after addressing the condition described in the summary.

Should I open a Microsoft support case for this?

Open a case if the error reproduces after applying the troubleshooting steps, particularly if it blocks production workloads, occurs across multiple endpoints, or is associated with a security boundary (BitLocker recovery, Kerberos failure, DCOM hardening, SmartScreen / WDAC). Have a fresh CBS log, minidump, or Get-WinEvent export ready before opening the case.