FIM Installation problem
We are attempting to install FIM 2010 on a server running 2008 R2 and SQL 2008 R2. We are getting an error on the Configure the FIM service account screen. The error we receive when using our service accountis The service account could not be found. This could be due to an incorrect password. Please check the service account and try again.We have double-checked the settings and everything checks out. Any help is appreciated.
December 16th, 2009 12:18pm
Is the service account local or a doain account Joe?Steve Mitchell
Technical Director - Oxford Computer Group
Free Windows Admin Tool Kit Click here and download it now
December 16th, 2009 12:28pm
It is a domain account.
December 17th, 2009 2:19pm
A couple of quick checks (even if they're basic, they're still worth mentioning):- Is the server joined to the domain?- Are you performing the installation with a domain account? If you're using a local account the application won't be able to see the domain resources.- Can you see the domain service account in a seperate tool such as Local Users and Computers? If you can't, then you have a basic security issue - such as the two I just listed.- Are you using UPN or NT format for the service account? I've had issues before using the UPN format, as ILM has expected the NT format in the past.- Check the System Event Log and make sure you don't see any NETLOGON errors relating to the computer account, as that might indicate a trust failure with the domain.That's a few basic checks to start with,Cheers,Lain
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2009 10:30pm
Thanks for the reply.- Yes, the server is joined to the domain.- Yes, we are using a domain account.- Yes, I can see the account in ADUC and in ADSIEdit- Both, we have tried multiple formats.- I have double-checked the application and system logs on the server, there are no NETLOGON errors or any other errors associated with communication difficulties with the domain.Any other ideas?
December 18th, 2009 11:35am
None that are coming to me without caveats. As per usual, this is about where it'd be handy to be sitting in front of said computer. Some brief points that come to mind in no particular order:- Can you log onto the FIM server with the service account?- This isn't coming up on the FIM MA account screen is it? Because for that secondary account, it has to be a different account to the service account;- Are the service principal names (SPNs) registered correctly for the service account?Yes, I'm grasping at straws a little here for the simple fact that I didn't get these errors myself. But those things do come to mind when you consider that some error messages are red herrings, and are often indicative of the end result of the real problem.Just by way of comparison, we also are using Windows Server 2008 R2 x64 and SQL Server 2008 SP1 x64, but the SQL Server is remote, not local. That difference shouldn't really matter though.Cheers,Lain
Free Windows Admin Tool Kit Click here and download it now
December 21st, 2009 5:06am
Thanks for the reply.- We can log onto the FIM Server with the service account.- We are using different accounts.- Yes, the SPNs are registered correctly.The error message we see seems to suggest that the software cannot communicate with Active Directory. Thanks for any help you can provide,Joe
December 21st, 2009 9:42am
Well...you can try with another domain account just to test the connectivity
1) Can FIM discover the domain ADMIN account?
2) The domain account you are using for the installation process (the account you are using to log in into the windows session) has local administrator privileges?
3) Why don't you download ADExplorer from MS and try to discover the AD with both credentials...the one you are using for the FIM Service and the one you are
using for the installation process.
4) You could turn off both firewalls (FIM box and DC box) for a second and test your FIM installation process again...maybe some port is being blocked and you might need to open the specific ports...
hope you can move forward....keep us posted...
max
Free Windows Admin Tool Kit Click here and download it now
December 22nd, 2009 8:54pm
Check the security log in event viewer and verify that the sync service has permission to log in. I often forget to grant logon rights.
December 23rd, 2009 11:15am
Can the FIM Service account connect to the SQL Server? (log in to windows as the FIM Service account and open SQL Management studio and connect to the SQL Server)David Lundell www.ilmBestPractices.com
Free Windows Admin Tool Kit Click here and download it now
December 31st, 2009 4:19pm
Is your FIM 2010 server or your AD hosted in any kind of virtual environment? I had noticed such behavior when bringing up a suspended VM. Does this match your situation?Thanks & Regards,
Jameel Syed
Principal Consultant,
fimGuru - Your window into simplified identities
jameel.syed@fimguru.com - http://www.fimguru.com
December 31st, 2009 6:49pm
Thanks for the Reply, No our FIM 2010 server is in no way hosted in a Virtual Environment.
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2010 10:19am
Hy. Did you manybe solved the problem? I have the same problem with FIM sync service account. Every time the same error that I need to check if i entered right account name, computer name and password.
February 17th, 2010 12:41pm
Use the net bios name of the domain and not the fqdn.
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2010 5:17pm
thanks
smcenaney that worked like a charm.
May 17th, 2012 12:05am