none
FIM Sync Installation fails with Invalid object name 'mms_management_agent'. Access is denied RRS feed

  • Question

  • When I tried to install FIM

    FIM Sync Installation fails with Invalid object name 'mms_management_agent'. Access is denied

    happned.

    http://www.identitychaos.com/2009/09/issues-with-sql-server-in-windows-2008.html

    I added 

     SQL Server (your SQL Server service account) to theBUILTIN\Windows Authorization Access Group group

    but, same error happen.

    it says about readprocessmemory adn writeprocessmemory , it is slite different.
    What should I do ?

    Tuesday, September 25, 2012 9:28 PM

Answers

  • Hi,

    Hi,

    Which account you will use to install FIM sync or Fim portal, it must have Admin rights.

    Same rights should be in SQL also. Its better even in SQL you give the Owner rights also. Otherwise it will create problem if in future you try to install the FIM reporting.

    And always use domain account rather than local.

    Also set the account never expire and SharePoint of view also never change the password, otherwise there will be big trouble if you do not know the share point admin.

    Regards,


    M. Irfan

    • Proposed as answer by M.Irfan Thursday, September 27, 2012 12:38 PM
    • Marked as answer by yuuichiro99 Thursday, September 27, 2012 6:03 PM
    Thursday, September 27, 2012 12:38 PM
  • You must use an account who has admin rights to install FIM sync service, and the account have to be a member of SQL sysadmin role.

    It is not an issue of rights of fimsyncservice account.

    Usually I use following accounts having privileges.

    • SQL Server / Installation : Administrator / local administrators
    • SQL Server / Running Service : svc-sqlserver / domain users
    • FIM Sync Service / Installation : Administrator / local administrators , SQL Server sysadmin role
    • FIM Sync Service / Running Service : svc-fimsync / domain users

    Naohiro Fujie MVP for Forefront Identity Manager ( Jan 2010 - Dec 2012 )

    • Marked as answer by yuuichiro99 Thursday, September 27, 2012 6:03 PM
    Thursday, September 27, 2012 4:30 PM

All replies

  • Maybe not a best solution but it did helped me once:

    http://social.technet.microsoft.com/Forums/en/ilm2/thread/5bfcdb52-902b-4ce3-9638-674bcb0b76c4

    Actually I would be glad to resolve it otherwise (narrow down which GPO setting was preventing us from deployment) but we didn't had a time at that moment to do this properly. This was required only for install and later could be revoked. 

    Tuesday, September 25, 2012 9:49 PM
  • Which account did you use while installing FIM Sync Service? And which server role do the account belong in the SQL Server?


    Naohiro Fujie MVP for Forefront Identity Manager ( Jan 2010 - Dec 2012 )

    Thursday, September 27, 2012 8:16 AM
  • Hi,

    Hi,

    Which account you will use to install FIM sync or Fim portal, it must have Admin rights.

    Same rights should be in SQL also. Its better even in SQL you give the Owner rights also. Otherwise it will create problem if in future you try to install the FIM reporting.

    And always use domain account rather than local.

    Also set the account never expire and SharePoint of view also never change the password, otherwise there will be big trouble if you do not know the share point admin.

    Regards,


    M. Irfan

    • Proposed as answer by M.Irfan Thursday, September 27, 2012 12:38 PM
    • Marked as answer by yuuichiro99 Thursday, September 27, 2012 6:03 PM
    Thursday, September 27, 2012 12:38 PM
  • You must use an account who has admin rights to install FIM sync service, and the account have to be a member of SQL sysadmin role.

    It is not an issue of rights of fimsyncservice account.

    Usually I use following accounts having privileges.

    • SQL Server / Installation : Administrator / local administrators
    • SQL Server / Running Service : svc-sqlserver / domain users
    • FIM Sync Service / Installation : Administrator / local administrators , SQL Server sysadmin role
    • FIM Sync Service / Running Service : svc-fimsync / domain users

    Naohiro Fujie MVP for Forefront Identity Manager ( Jan 2010 - Dec 2012 )

    • Marked as answer by yuuichiro99 Thursday, September 27, 2012 6:03 PM
    Thursday, September 27, 2012 4:30 PM