PCNS installation error 25006 RRS feed

  • Question

  • Hello. We have PCNS running smoothly on our domain, however I am adding a new domain controller (All servers are running 2012 R2) and the PCNS client will not install. It gives me the following error:

    Error 25006.The Forefront Identity Manager Password Change Notification Service Setup Wizard cannot write to the discretionary access control lists (DACLs). CN=domain\/fqdn,cn=Password Change Notification Service, CN=System,DC=our,DC=domain,DC=org. Ensure you have the correct permissions for this operation, and then try running this wizard again.

    I am attempting the install the client with the same user account I used on the other domain controller. The account is a domain admin, and I have checked permissions in ADSI. I have searched but I cant seem to find an actual resolution to this anywhere online. Any help would be greatly appreciated.

    Monday, August 18, 2014 9:30 PM

All replies

  • If you've ensured the installing account has the correct permissions, it might be that none of the FIM components are supported for use with Server 2012 R2. According to the documentation anyway:
    Monday, August 18, 2014 11:33 PM
  • Thanks for the reply. I thought about that but all of our servers are running Server 2012 R2 and the others didn't have a problem with the installation. Maybe I will build another DC with 2012, see if PCNS installs and do an in place upgrade if it does. 
    Tuesday, August 19, 2014 12:58 AM
  • Excuse me, how did you manage to install the PCNS client on Windows Server 2008 R2, with me it tells me that I don't have enough permissions on the server to update the schema (but the user is already a domain admin and a schema admin).

    Please excuse my english and thank you.

    Wednesday, November 19, 2014 4:24 PM