Universal Forwarder Server 2012 R2 Hangs

While trying to install the 6.0.1 x64 universal forwarder on an Azure Server 2012 R2 Datacenter VM that has the ADDS roles installed, the install just "hangs" forever. It gets through the copy process, and I can see the four install messages in the Windows Application log, however it never completes.

This is the only meaningful log file I can locate (varlogssplunksplunkd-utility.log)

12-24-2013 12:34:44.977 -0800 INFO  ServerConfig - My server name is "drewlabdc01".
12-24-2013 12:34:44.977 -0800 INFO  ServerConfig - My hostname is "DREWLABDC01".
12-24-2013 12:34:45.008 -0800 INFO  ServerConfig - Setting HTTP server compression state=on
12-24-2013 12:34:45.008 -0800 INFO  ServerConfig - Setting HTTP client compression state=0 (false)
12-24-2013 12:34:45.008 -0800 INFO  ServerConfig - Default output queue for file-based input: parsingQueue.
12-24-2013 12:34:45.805 -0800 INFO  loader - Running utility: "check-transforms-keys"
12-24-2013 12:34:45.805 -0800 INFO  loader - Getting configuration data from: C:\Program Files\SplunkUniversalForwarder\etc\myinstall\splunkd.xml
12-24-2013 12:34:45.805 -0800 INFO  loader - SPLUNK_MODULE_PATH environment variable not found - defaulting to C:\Program Files\SplunkUniversalForwarder\etc\modules
12-24-2013 12:34:45.805 -0800 INFO  loader - loading modules from C:\Program Files\SplunkUniversalForwarder\etc\modules
12-24-2013 12:34:45.805 -0800 INFO  loader - Writing out composite configuration file: C:\Program Files\SplunkUniversalForwarder\var\run\splunk\composite.xml
12-24-2013 12:34:53.849 -0800 INFO  loader - Splunkd starting (build 189883).
12-24-2013 12:34:53.849 -0800 INFO  loader - System info: Windows, DREWLABDC01, 2, 6, x64.
12-24-2013 12:34:53.849 -0800 INFO  loader - Detected 1 (virtual) CPUs and 1791MB RAM
12-24-2013 12:34:53.849 -0800 INFO  loader - Maximum number of threads (approximate): 895
12-24-2013 12:34:53.849 -0800 INFO  loader - Arguments are: "rest" "--noauth" "POST" "/services/apps/local/SplunkUniversalForwarder/enable"
12-24-2013 12:34:53.849 -0800 INFO  loader - Getting configuration data from: C:\Program Files\SplunkUniversalForwarder\etc\myinstall\splunkd.xml
12-24-2013 12:34:53.849 -0800 INFO  loader - SPLUNK_MODULE_PATH environment variable not found - defaulting to C:\Program Files\SplunkUniversalForwarder\etc\modules
12-24-2013 12:34:53.849 -0800 INFO  loader - loading modules from C:\Program Files\SplunkUniversalForwarder\etc\modules
12-24-2013 12:34:53.849 -0800 INFO  loader - Writing out composite configuration file: C:\Program Files\SplunkUniversalForwarder\var\run\splunk\composite.xml
12-24-2013 12:34:53.865 -0800 ERROR RESTTester - tenant service initialization failed
12-24-2013 12:34:53.865 -0800 INFO  ServerConfig - My server name is "drewlabdc01".
12-24-2013 12:34:53.865 -0800 INFO  ServerConfig - My hostname is "DREWLABDC01".
12-24-2013 12:34:53.880 -0800 INFO  ServerConfig - Setting HTTP server compression state=on
12-24-2013 12:34:53.880 -0800 INFO  ServerConfig - Setting HTTP client compression state=0 (false)
12-24-2013 12:34:53.880 -0800 INFO  ServerConfig - Default output queue for file-based input: parsingQueue.
12-24-2013 12:34:54.865 -0800 WARN  LocalAppsAdminHandler - User 'splunk-system-user' triggered the 'enable' action on app 'SplunkUniversalForwarder', and the following objects required a restart: default-mode, limits, server, web
12-24-2013 12:34:56.178 -0800 INFO  loader - Splunkd starting (build 189883).
12-24-2013 12:34:56.178 -0800 INFO  loader - System info: Windows, DREWLABDC01, 2, 6, x64.
12-24-2013 12:34:56.178 -0800 INFO  loader - Detected 1 (virtual) CPUs and 1791MB RAM
12-24-2013 12:34:56.178 -0800 INFO  loader - Maximum number of threads (approximate): 895
12-24-2013 12:34:56.178 -0800 INFO  loader - Arguments are: "rest" "--noauth" "POST" "/servicesNS/nobody/SplunkUniversalForwarder/data/outputs/tcp/server" "name=drewsplunk.transnational.local:9997"
12-24-2013 12:34:56.178 -0800 INFO  loader - Getting configuration data from: C:\Program Files\SplunkUniversalForwarder\etc\myinstall\splunkd.xml
12-24-2013 12:34:56.178 -0800 INFO  loader - SPLUNK_MODULE_PATH environment variable not found - defaulting to C:\Program Files\SplunkUniversalForwarder\etc\modules
12-24-2013 12:34:56.178 -0800 INFO  loader - loading modules from C:\Program Files\SplunkUniversalForwarder\etc\modules
12-24-2013 12:34:56.194 -0800 INFO  loader - Writing out composite configuration file: C:\Program Files\SplunkUniversalForwarder\var\run\splunk\composite.xml
12-24-2013 12:34:56.194 -0800 ERROR RESTTester - tenant service initialization failed
12-24-2013 12:34:56.210 -0800 INFO  ServerConfig - My server name is "drewlabdc01".
12-24-2013 12:34:56.210 -0800 INFO  ServerConfig - My hostname is "DREWLABDC01".
12-24-2013 12:34:56.225 -0800 INFO  ServerConfig - Setting HTTP server compression state=on
12-24-2013 12:34:56.225 -0800 INFO  ServerConfig - Setting HTTP client compression state=0 (false)
12-24-2013 12:34:56.225 -0800 INFO  ServerConfig - Default output queue for file-based input: parsingQueue.

I've tried re-installing it several times, both set as Local Data only and as a Remote Data setup using a domain service account with the privileges defined in the Prepare the Splunk App for Active Directory add-ons link.

The only way to close the installer is to start ending tasks (Installer GUI is responsive though) and eventually one of the processes flags a rollback. It usually errors stating it can't remove services, etc. I then reboot, clean the registry, reboot again and use PowerShell to remove the SplunkUniversalForwarder directory.

I'm trying to do this in a lab set-up before I pitch the universal forwarders as the right way to go to my management chain. This has not been a great success so far...