Installation of Microsoft Identity Manager 2016 fails every time

Hi Everyone,

I wanted to install Microsoft Identity Manager 2016, but during the installation I always have the following message:

Once I started installation with verbose logging, and I found the following rows:

Action 14:13:58: SetPolicyforServiceAccount. 
Action 14:13:58: SetPolicyforMonitoringServiceAccount. 
CustomAction SetPolicyforMonitoringServiceAccount returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 14:13:58: InstallExecute. Return value 3.
Action 14:13:58: Rollback. Rolling back action:
Rollback: SetPolicyforMonitoringServiceAccount
Rollback: SetPolicyforServiceAccount
Action ended 14:13:58: INSTALL. Return value 3.

This happens only in case if I want to install Privileged Access Management feature. If I deselect it, the installation fininshes successfully and all features working perfectly.

Do you know, what does this SetPolicyforMonitoringServiceAccount method do during the installation?

Maybe it is an important information that in my environment many very strict policies are configured and many options are disabled (I mean editing local permissions in the local GPO).

Thanks a lot!

BR

Gabor

August 7th, 2015 4:07am

You must have auditing for specific events (account management and directory services access, afair) turned on for using PAM.

It is mentioned in TLG which was available at MIM Preview and it is mentioned in documentation:

https://technet.microsoft.com/en-us/library/mt345586.aspx

https://technet.microsoft.com/en-us/library/mt345585.aspx

It is quite a common sense, that if you are going to manage sensitive and priviledged accounts, you MUST have an information about what's exactly is going on, hence audit requirements.
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2015 6:30am

You must have auditing for specific events (account management and directory services access, afair) turned on for using PAM.

It is mentioned in TLG which was available at MIM Preview and it is mentioned in documentation:

https://technet.microsoft.com/en-us/library/mt345586.aspx

https://technet.microsoft.com/en-us/library/mt345585.aspx

It is quite a common sense, that if you are going to manage sensitive and priviledged accounts, you MUST have an information about what's exactly is going on, hence audit requirements.
August 10th, 2015 6:30am

You must have auditing for specific events (account management and directory services access, afair) turned on for using PAM.

It is mentioned in TLG which was available at MIM Preview and it is mentioned in documentation:

https://technet.microsoft.com/en-us/library/mt345586.aspx

https://technet.microsoft.com/en-us/library/mt345585.aspx

It is quite a common sense, that if you are going to manage sensitive and priviledged accounts, you MUST have an information about what's exactly is going on, hence audit requirements.
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2015 2:43am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics