I'm attempting to setup the FIM PCNS on a domain controller I'm promoting. I'm running into an error with the installer.
Error 25011. The Forefront Identity Manager Password Change Notification Service Setup Wizard failed calling SetInfo() on the Active Directory object LDAP://CN=System,DC=domain,DC=com.
Access is denied.
I'm running the installer using the default domain admin account for this installation.
Is this the first PCNS Server you are creating for the implementation? If so, You need to first extend the schema using by running the installer command "MSIEXEC.EXE /i "Password Change Notification Service.msi" SCHEMAONLY=TRUE" on the server hosting the schema master with an enterprise admin account.
Please note that you need to run the installer with administrator context. This can be done by opening the console with the "Run as administrator" setting and then trying run the installer from the console.
Also as stated in other replies on the page, you cannot install pcns on an RODC, as it does not process password changes, but merely forwards them to a full DC to process.
Visit My Blog: http://theidentityguy.blogspot.com/
It's not the first, and it's not an RODC. It's a newly promoted DC. I believe that the problem was my AD had not fully replicated to the DC.
I tried this morning to install it and it worked fine.