I am attempting to install the FIM 2010 R2 SP1 Service and the install is "ending prematurely." This is the second instance of the service and is in a different forest than the first instance, sync engine, and databases. There is a forest trust between the two, with ForestA trusting ForestB with selective authentication and ForestB trusting ForestA with forest wide authentication. The databases and service accounts are in ForestA. The Service install that is failing is in ForestB. This setup was up and running with FIM 2010 RTM.
I've found the following references to the install process failing at the same point, but with a different error (I'm seeing "Access Denied").
http://www.fimspecialist.com/fim-r2-sp1-fim-service-and-portal-setup-wizard-ended-prematurely/
http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/b2668b83-f54b-4e34-b8e8-84c1540f2a42
http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/d9157272-a9cb-448b-96f1-dc7be372357b
The account that I'm using to run the install is in ForestA and is a local admin on the Server. I am able to manually add the fimservice account to the local "Performance Monitor Users" group on the server.
I've created a log file using the following command:
msiexec /i "Service and Portal.msi" /L*v c:\temp\fiminstall.log
This looks to be the offending step from the install log:
Calling custom action Microsoft.IdentityManagement.ServerCustomActions!Microsoft.IdentityManagement.ServerCustomActions.CustomActions.AddServiceToPerformanceMonitors
Adding FIMService account to 'Performance Monitor Users' group
Property name = 'ServiceAccount', value = 'ForestA\fimservice'.
DomainName='ForestA'
AccountName='fimservice'
Domain AD found
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.UnsafeNativeMethods.IAdsContainer.GetObject(String className, String relativeName)
at System.DirectoryServices.DirectoryEntries.Find(String name, String schemaClassName)
at Microsoft.IdentityManagement.ServerCustomActions.CustomActions.ChangeUserMembershipInGroup(Session session, Boolean addUser)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
CustomAction AddServiceToPerformanceMonitors returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 14:02:42: InstallExecute. Return value 3.Any suggestions?
Thanks!
-Ryan