We are attempting to install FIM 2010 on a server running 2008 R2 and SQL 2008 R2. We are getting an error on the Configure the FIM service account screen. The error we receive when using our service accountis The service account could not be found. This could be due to an incorrect password. Please check the service account and try again.We have double-checked the settings and everything checks out. Any help is appreciated.

Is the service account local or a doain account Joe?Steve Mitchell Technical Director - Oxford Computer Group

It is a domain account.

A couple of quick checks (even if they're basic, they're still worth mentioning):- Is the server joined to the domain?- Are you performing the installation with a domain account? If you're using a local account the application won't be able to see the domain resources.- Can you see the domain service account in a seperate tool such as Local Users and Computers? If you can't, then you have a basic security issue - such as the two I just listed.- Are you using UPN or NT format for the service account? I've had issues before using the UPN format, as ILM has expected the NT format in the past.- Check the System Event Log and make sure you don't see any NETLOGON errors relating to the computer account, as that might indicate a trust failure with the domain.That's a few basic checks to start with,Cheers,Lain

Thanks for the reply.- Yes, the server is joined to the domain.- Yes, we are using a domain account.- Yes, I can see the account in ADUC and in ADSIEdit- Both, we have tried multiple formats.- I have double-checked the application and system logs on the server, there are no NETLOGON errors or any other errors associated with communication difficulties with the domain.Any other ideas?

None that are coming to me without caveats. As per usual, this is about where it'd be handy to be sitting in front of said computer. Some brief points that come to mind in no particular order:- Can you log onto the FIM server with the service account?- This isn't coming up on the FIM MA account screen is it? Because for that secondary account, it has to be a different account to the service account;- Are the service principal names (SPNs) registered correctly for the service account?Yes, I'm grasping at straws a little here for the simple fact that I didn't get these errors myself. But those things do come to mind when you consider that some error messages are red herrings, and are often indicative of the end result of the real problem.Just by way of comparison, we also are using Windows Server 2008 R2 x64 and SQL Server 2008 SP1 x64, but the SQL Server is remote, not local. That difference shouldn't really matter though.Cheers,Lain

Thanks for the reply.- We can log onto the FIM Server with the service account.- We are using different accounts.- Yes, the SPNs are registered correctly.The error message we see seems to suggest that the software cannot communicate with Active Directory. Thanks for any help you can provide,Joe

Well...you can try with another domain account just to test the connectivity 1) Can FIM discover the domain ADMIN account? 2) The domain account you are using for the installation process (the account you are using to log in into the windows session) has local administrator privileges? 3) Why don't you download ADExplorer from MS and try to discover the AD with both credentials...the one you are using for the FIM Service and the one you are using for the installation process. 4) You could turn off both firewalls (FIM box and DC box) for a second and test your FIM installation process again...maybe some port is being blocked and you might need to open the specific ports... hope you can move forward....keep us posted... max

Check the security log in event viewer and verify that the sync service has permission to log in. I often forget to grant logon rights.

Can the FIM Service account connect to the SQL Server? (log in to windows as the FIM Service account and open SQL Management studio and connect to the SQL Server)David Lundell www.ilmBestPractices.com

Is your FIM 2010 server or your AD hosted in any kind of virtual environment? I had noticed such behavior when bringing up a suspended VM. Does this match your situation?Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

Thanks for the Reply, No our FIM 2010 server is in no way hosted in a Virtual Environment.

Hy. Did you manybe solved the problem? I have the same problem with FIM sync service account. Every time the same error that I need to check if i entered right account name, computer name and password.

Use the net bios name of the domain and not the fqdn.