It is all well documented by Microsoft, and easy to google if you know that the SP2 is responsible for the install failure, but just in case you did not make the link, read the article
The install failure is:
An unexpected error occurred while configuring the Single Sign-On server.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Microsoft support article 841893 explains in detail how to resolve the issue by:
- Using Gpedit.msc to enforce the authentication of client calls
- Using Registry Editor to enforce the authentication of client calls