none
Installation of Microsoft Identity Manager 2016 fails every time RRS feed

  • Question

  • Hi Everyone,

    I wanted to install Microsoft Identity Manager 2016, but during the installation I always have the following message:

    Once I started installation with verbose logging, and I found the following rows:

    Action 14:13:58: SetPolicyforServiceAccount. 
    Action 14:13:58: SetPolicyforMonitoringServiceAccount. 
    CustomAction SetPolicyforMonitoringServiceAccount returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    Action ended 14:13:58: InstallExecute. Return value 3.
    Action 14:13:58: Rollback. Rolling back action:
    Rollback: SetPolicyforMonitoringServiceAccount
    Rollback: SetPolicyforServiceAccount
    Action ended 14:13:58: INSTALL. Return value 3.

    This happens only in case if I want to install Privileged Access Management feature. If I deselect it, the installation fininshes successfully and all features working perfectly.

    Do you know, what does this SetPolicyforMonitoringServiceAccount method do during the installation?

    Maybe it is an important information that in my environment many very strict policies are configured and many options are disabled (I mean editing local permissions in the local GPO).

    Thanks a lot!

    BR

    Gabor

    Friday, August 7, 2015 8:05 AM

All replies

  • You must have auditing for specific events (account management and directory services access, afair) turned on for using PAM.

    It is mentioned in TLG which was available at MIM Preview and it is mentioned in documentation:

    https://technet.microsoft.com/en-us/library/mt345586.aspx

    https://technet.microsoft.com/en-us/library/mt345585.aspx

    It is quite a common sense, that if you are going to manage sensitive and priviledged accounts, you MUST have an information about what's exactly is going on, hence audit requirements.
    Monday, August 10, 2015 6:30 AM