none
FIM Service Upgrade: CustomAction InstallCerts fails RRS feed

  • General discussion

  • I am unable to upgrade from 2010 to 2010 R2 SP1 in one of my environments (3 others have been successful upgrading from the same FIM version).  I've tried both and upgrade and an uninstall/reinstall, but it always fails at:

    Action 14:00:54: InstallCerts.
    CustomAction InstallCerts returned actual error code 5 (note this may not be 100% accurate if translation happened inside sandbox)

    I can't find any more information the the windows event log.  Searching around the web for InstallCerts has not been helpful.  Does anyone know how to troubleshoot further?

    -james

    Wednesday, October 23, 2013 9:18 PM

All replies

  • Neat, that Custom Action is actually documented:

    http://technet.microsoft.com/en-us/library/jj159300(v=ws.10).aspx

    My next step would be to get more logging by running the MSI with logging turned on.


    CraigMartin – Edgile, Inc. – http://identitytrench.com

    Wednesday, October 23, 2013 9:39 PM
  • Running with /l*vx yielded a bit more:

    MSI (s) (74:34) [17:29:03:671]: Executing op: CustomActionSchedule(Action=InstallCerts,ActionType=11266,Source=BinaryData,Target=**********,)
    CustomAction InstallCerts returned actual error code 5 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (74:34) [17:29:04:483]: Note: 1: 1722 2: InstallCerts 3: C:\Windows\Installer\MSI9E4B.tmp 4: **********

    Unfortunately that MSI9E4B tmp file does not exist.  I got the same result twice in a row.

    Thursday, October 24, 2013 12:33 AM
  • CustomAction InstallCerts returned actual error code 5


    That probably means Access-Denied.  You might try running the MSI from a command prompt with elevated privileges.

    CraigMartin – Edgile, Inc. – http://identitytrench.com

    Thursday, October 24, 2013 6:12 PM
  • I think my initial attempts (before going command line to enable logging) were right-click-run-as-administrator, so I'm not sure if that would have resolved the issue.  Unfortunately I've already wasted 3 days on this issue, and...

    I found a work-around, asking FIM to re-use the existing ForefrontIdentityManager certificate allowed the install to complete.  As this particular environment is just a development sandbox, I think that's good enough.

    Thanks for your help Craig.

    -james

    Thursday, October 24, 2013 6:48 PM