locked
Installation problem in PCNS(password change notification service) RRS feed

  • Question

  • Hi,

     

    I am trying to install the PCNS for password synchronization in window server 2003.I have already install the Active Directory with domain name miis.com. When i run the command MSIEXEC.EXE /i "Password Change Notification Service.msi" SCHEMAONLY=TRUE , it  opened a  setup installation wizard and prompt for extending the schema, when i clicked the ok button then it gives error

    "Setup cannot update the Active Direcorty schema because server responsibility for schema update cannot be reached,please make sure that server miis.com is online and retry the solution.

    Error code 53 "

     

    Please do the needful.

    thanks in advance.

     

    Regads,

    Amit

     

     

    Friday, July 25, 2008 8:45 AM

Answers

  • Please check your DNS configuration.

    It looks like there is something broken.

    As an initial test, you should try to ping your domain (ping miis.com).

    There are also tools such as dsquery available that can help troubleshoot your problem.

     

    PCNS requires your DNS infrastructure to work properly.

     

    Cheers,

    Markus

     

    ///////////////////////////////////////////////////////////////////////
    Markus Vilcinskas

    Technical Writer
    Microsoft Identity Integration Server
    mailto:markvi@microsoft.com.NO_SPAM

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/copyright.htm
    ///////////////////////////////////////////////////////////////////////

     

     

    Friday, July 25, 2008 9:16 AM
    Moderator
  • Amit,

     

    just a check : is your miis.com domain a single-server domain, or do you have multiple DC's?

     

    If multi-server, have you checked which DC is schema master of the forest?

     

    You checked in DNS that the service records of the DC's are correct.

    Have you restarted the netlogon service and/or did you run "ipconfig /registerdns" on the DC?

     

    Another basic check for network connectivity and DC operations is running netdiag and dcdiag on the DC (part of the Windows 2003 Support tools, here ).

    Do you get any errors / messages from these diags?

     

    HTH,

    Peter

    Friday, July 25, 2008 10:46 AM
  • Hi Amit,

    check the following:

     

    - Does "ping miis.com" works from the machine you're trying to run the set up? The result should be the IPs of all of your DCs

    - Which DC holds the Schema Master Role?

    - Can you ping the Schema Master from the machine you're running the set up?

    - Is the account under which you running the set up member of the Schema Administrators group?

    - Is the remote registry service running on the Schema Master DC?

    - Check the following registry key on your Schema Master DC: HKLM\System\CurrentControlSet\Services\Ntds\Parameters\Schema Update Allowed. The value shoud be "1".

     

    /Matthias

    Saturday, July 26, 2008 9:57 AM
  • Just making sure – a “ping” is important but not sufficient as network test. Your DC also has to respond on the LDAP layer. This can be tested by using the MIISDCInfo tool from the MIIS Reskit. This tool sends an LDAP ping to your DC.

     

    Cheers,

    Markus

     

    ///////////////////////////////////////////////////////////////////////
    Markus Vilcinskas

    Technical Writer
    Microsoft Identity Integration Server
    mailto:markvi@microsoft.com.NO_SPAM

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/copyright.htm
    ///////////////////////////////////////////////////////////////////////

     

    Monday, July 28, 2008 5:57 PM
    Moderator

All replies

  • Error 53 is network name resolution. My guess would be that your AD DNS is not configured properly.

     

     

    Friday, July 25, 2008 9:12 AM
  • Please check your DNS configuration.

    It looks like there is something broken.

    As an initial test, you should try to ping your domain (ping miis.com).

    There are also tools such as dsquery available that can help troubleshoot your problem.

     

    PCNS requires your DNS infrastructure to work properly.

     

    Cheers,

    Markus

     

    ///////////////////////////////////////////////////////////////////////
    Markus Vilcinskas

    Technical Writer
    Microsoft Identity Integration Server
    mailto:markvi@microsoft.com.NO_SPAM

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/copyright.htm
    ///////////////////////////////////////////////////////////////////////

     

     

    Friday, July 25, 2008 9:16 AM
    Moderator
  • thanks for your help.

    i am properly able to ping the miis.com and i had checked the DNS  and its running fine.

    Now i am agin run the setup but still it gives same problem.

    could you please tell me step bye step how to resolve this problem?

    thanks in advance.

     

     

     

    Friday, July 25, 2008 9:36 AM
  • Amit,

     

    just a check : is your miis.com domain a single-server domain, or do you have multiple DC's?

     

    If multi-server, have you checked which DC is schema master of the forest?

     

    You checked in DNS that the service records of the DC's are correct.

    Have you restarted the netlogon service and/or did you run "ipconfig /registerdns" on the DC?

     

    Another basic check for network connectivity and DC operations is running netdiag and dcdiag on the DC (part of the Windows 2003 Support tools, here ).

    Do you get any errors / messages from these diags?

     

    HTH,

    Peter

    Friday, July 25, 2008 10:46 AM
  • Hi Amit,

    check the following:

     

    - Does "ping miis.com" works from the machine you're trying to run the set up? The result should be the IPs of all of your DCs

    - Which DC holds the Schema Master Role?

    - Can you ping the Schema Master from the machine you're running the set up?

    - Is the account under which you running the set up member of the Schema Administrators group?

    - Is the remote registry service running on the Schema Master DC?

    - Check the following registry key on your Schema Master DC: HKLM\System\CurrentControlSet\Services\Ntds\Parameters\Schema Update Allowed. The value shoud be "1".

     

    /Matthias

    Saturday, July 26, 2008 9:57 AM
  • Just making sure – a “ping” is important but not sufficient as network test. Your DC also has to respond on the LDAP layer. This can be tested by using the MIISDCInfo tool from the MIIS Reskit. This tool sends an LDAP ping to your DC.

     

    Cheers,

    Markus

     

    ///////////////////////////////////////////////////////////////////////
    Markus Vilcinskas

    Technical Writer
    Microsoft Identity Integration Server
    mailto:markvi@microsoft.com.NO_SPAM

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/copyright.htm
    ///////////////////////////////////////////////////////////////////////

     

    Monday, July 28, 2008 5:57 PM
    Moderator
  • Amen to that Markus!

    Tuesday, July 29, 2008 12:43 AM
  • Thanks a lot for helping me.

     

    Now We are able to solve above problem and trying to install PCNS on ILM2007 .

    We are doing the following steps while installing PCNS and getting an error.

     

    1.       In command line we run the following command to run the installation:

    Msiexec /I PCNS.msi schemaonly=TRUE

    2.       Installation wizard opens and we get a prompt: setup will now update active directory schema for PCNS. We then click OK and then we get the following error:

    “SetUp encountered an error while updating the active directory schema

    Error Code (87):The parameter is incorrect”

     

    We will be thankful if you can guide us with suitable solution.

     

    Tuesday, July 29, 2008 6:16 AM
  • Amit,

     

    Are you running that command on the ILM server or on a DC?

    (Unless you have installed ILM on a DC, but that's not a best practice...)

     

    Because: the schema extension must be executed on a DC, not on the ILM server itself.

     

    Kind regards,

    Peter

     

    Tuesday, July 29, 2008 9:14 AM
  • Amit,

    any new on the "Error Code (87)" issue? I'm currently facing the exact same error.
    All "known suspects" (Schema Admin, Install on DC, etc.) seem to be OK for me.
    I can even update the schema manually (using the MMC Schema Admin Plugin).
    Google is not helpful with this issue.

    Thanks, Stefan.
    Tuesday, March 17, 2009 2:35 PM
  • Hi!

     

    Still not any resolution to this problem? I have exactly the same error (Error Code 87, Parameter incorrect). I have done this installation on two other domains, and everything went fine. But on one domain i tried on now, i get this error. It is run on the Schema master server.

    Br Patrik

     

    Friday, May 28, 2010 7:46 AM
  • DID you get a resolution to this? I have the same problem.

    Dave
    Wednesday, March 23, 2011 1:28 AM
  • DID you get a resolution to this? I have the same problem (error 87).

     

    Action 10:15:22: _UpdateSchema2.
    Setup will now update the Active Directory schema for the Password Change Notification Service. Click OK to proceed with the schema update. Click Cancel to cancel setup.
    Setup encountered an error while updating the Active Directory schema.

    Error code (87): The parameter is incorrect.
    MSI (s) (B4!14) [10:15:30:284]: Product: Forefront Identity Manager Password Change Notification Service -- Setup encountered an error while updating the Active Directory schema.

    Error code (87): The parameter is incorrect.

    Action ended 10:15:30: InstallFinalize. Return value 3.
    Action 10:15:30: Rollback. Rolling back action:
    Rollback: _UpdateSchema2
    Action ended 10:15:30: INSTALL. Return value 3.


    Dave
    Wednesday, March 23, 2011 1:29 AM
  • Independent of that, the best option to extend the schema for PCNS is to execute "MSIEXEC.EXE /i "Password Change Notification Service.msi" SCHEMAONLY=TRUE" command on the schema FSMO in your environment.
    Paul Loonen (Avanade) | MCM: Directory 2008 | MVP: ILM
    Wednesday, March 23, 2011 9:11 AM
  • I am getting this same error. Did you get a resolution to this?
    Wednesday, April 10, 2013 4:11 AM