0x00000654 ERROR_INSTALL_PACKAGE_INVALID — Windows Error Code

Q: What does the Windows error code 0x00000654 mean?

It is the Win32 / NTSTATUS code ERROR_INSTALL_PACKAGE_INVALID (decimal 1620). This installation package could not be opened. It may be corrupt.

Q: How do I decode 0x00000654 in PowerShell?

Run [ComponentModel.Win32Exception]::new(1620).Message in any PowerShell session. For HRESULT-style codes, use err.exe from the Windows SDK or the WinDbg !error command.

Q: Where does Windows typically log this error?

It depends on the originating subsystem (Windows Update → %WinDir%\WindowsUpdate.log; AD/Kerberos → Security event log on the DC; BSOD → minidump under C:\Windows\Minidump; MSI → %TEMP%\msi*.log; WMI → Microsoft-Windows-WMI-Activity). Always cross-reference the timestamp and module name with the Application and System event logs.

Description

ERROR_INSTALL_PACKAGE_INVALID (hex code 0x00000654, decimal 1620) is a Windows error-level error code in the MSI Installer Errors family. Microsoft surfaces this code through the Win32 API, the Common Language Runtime, the kernel, the event log, PowerShell, command-line tools (sfc, dism, gpupdate, sc), and Windows-side applications such as Outlook, Teams, Office, and System Center.

This installation package could not be opened. It may be corrupt.

This page documents what triggers 0x00000654, the most common scenarios where it appears, the likely root causes, and a step-by-step troubleshooting workflow you can run against affected endpoints. It is intended for system administrators, MSP technicians, helpdesk engineers, and anyone diagnosing Windows behavior in a managed environment.

In-depth explanation

This is an error-severity code. Windows uses it to signal a failed operation that prevented the caller from completing its work. The underlying cause can range from a permissions or quota issue to a corrupted system component, missing dependency, or unreachable service.

It is part of the Windows Installer error space. It surfaces in MSI logs (msiexec /l*v), App-V / Intune deployments, and the Application event log.

The code can be looked up programmatically in PowerShell with [ComponentModel.Win32Exception]::new(1620).Message (for Win32 / NTSTATUS codes that map cleanly), or with net helpmsg 1620 for the legacy decimal range. For HRESULT-style codes, decode the facility and code with err.exe from the SDK or via the WinDbg !error command.

Common causes

Windows Installer service (msiserver) stopped or disabled.
Concurrent installation already in progress — wait or kill msiexec.exe.
MSI package corrupted, partially downloaded, or signed with an untrusted certificate.
Insufficient permissions on %TEMP% or the install target directory.
Custom action failure — check the verbose log msiexec /i <pkg> /l*v %TEMP%\msi.log.

Troubleshooting steps

Confirm the Windows Installer service is running: sc query msiserver — start it with sc start msiserver.
Re-run the installer with verbose logging: msiexec /i <package.msi> /l*v %TEMP%\msi.log and inspect the log for the failing custom action.
Make sure no other MSI is in progress (kill any running msiexec.exe) before retrying.
Check the digital signature of the MSI — Windows blocks unsigned or untrusted packages under SmartScreen / WDAC.
For App-V / Intune deployments, verify the package is targeted at the correct architecture (32 vs 64-bit) and the user has the required group membership.

Decode in PowerShell

# Decode 0x00000654 (1620) in PowerShell
[ComponentModel.Win32Exception]::new(1620).Message

# Or via WinDbg / err.exe (Windows SDK)
# err 0x00000654

# Or net helpmsg (legacy decimal range only)
# net helpmsg 1620

Frequently asked questions

What does the Windows error code 0x00000654 mean?

It is the Win32 / NTSTATUS code ERROR_INSTALL_PACKAGE_INVALID (decimal 1620). This installation package could not be opened. It may be corrupt.

How do I decode 0x00000654 in PowerShell?

Run [ComponentModel.Win32Exception]::new(1620).Message in any PowerShell session. For HRESULT-style codes, use err.exe from the Windows SDK or the WinDbg !error command.

Where does Windows typically log this error?

It depends on the originating subsystem (Windows Update → %WinDir%\WindowsUpdate.log; AD/Kerberos → Security event log on the DC; BSOD → minidump under C:\Windows\Minidump; MSI → %TEMP%\msi*.log; WMI → Microsoft-Windows-WMI-Activity). Always cross-reference the timestamp and module name with the Application and System event logs.

Is this code recoverable?

Critical-severity codes usually require kernel-level investigation (driver, hardware, system file repair). Error and warning codes are typically recoverable through the troubleshooting workflow on this page — start with the elevated-shell + log review steps.

Should I open a Microsoft support case for this?

Open a case if the error reproduces after applying the troubleshooting steps, particularly if it blocks production workloads, occurs across multiple endpoints, or is associated with a security boundary (BitLocker recovery, Kerberos failure, DCOM hardening, SmartScreen / WDAC). Have a fresh CBS log, minidump, or Get-WinEvent export ready before opening the case.