[Note Added Later: Please see my next post below before using these instructions. - Tikkune]
Sander: thanks for pointing me to the Shaun Walker post:
http://www.dotnetnuke.com/Community/ForumsDotNetNuke/tabid/795/forumid/107/threadid/45348/scope/posts/Default.aspx
because after having the UPGRADE package fail again, and after reading Shaun's post, I decided to do a brand new INSTALL of 4.3.0, rather than upgrade (Shaun mentions this option). Here's exactly what worked for me:
1) copied the full file/folder contents of my existing DNN 4.0.3 application to a temp/backup folder;
2) deleted everything in my DNN 4.0.3 application folder;
3) extracted the contents of the 4.3.0 INSTALL package into my (now empty) application folder;
4) * reset the ACL permissions on the DNN application folder/subfolders (and all child entries...);
5) browsed to the location of my DNN application (localhost/dnn) to start the 4.3.0 installation;
6) fresh installation of 4.3.0 completed successfully; closed the browser immediately (did not access portal);
7) opened the 4.0.3 web.config file (temp folder) and copied to paste buffer the Validation and Decryption KEYS;
8) opened the 4.3.0 web.config file and pasted my Validation and Decryption KEYS over the default KEYS;
9) copied the contents of my existing \App_Data\ folder (the DNN database) over the 4.3.0 default database;
10) * reset the ACL permissions on the DNN application folder/subfolders (and all child entries...)
11) browsed to my DNN application,and UPGRADE started automatically;
12) upgrade completed successfully.
I could now login without errors, and I had upgraded from 4.0.3 to 4.3.0 successfully. :)
* (highlight your /dotnetnuke application folder, and right-click) > Sharing and Security... > Security [tab] >Advanced [button] > [x] Replace permission entries on all child objects with entries shown here that apply to child objects > Apply [button] > OK [button]