Support-Info: Troubleshooting Installation Error 25009

 

PROBLEM SCENARIO DESCRIPTION

Have you ever gone through the installation for the Synchronization Service Engine and received the error 25009? Well, my hope with this blog is to cover some of the different exceptions and things you can do to track down the reason for 25009 and be able to resolve it.

 

There are a couple key points that we should already have in place prior to installing the Synchronization Service Engine.

 

SQL Server SA (sysAdmin) Permissions
      • The user executing the installation and/or hotfix update must be a sysAdmin on the backend SQL Server.
      • A good recommendation is to have an install account that has these higher permissions and is only utilized during and for installations. Once the installation is complete, then disable the account until the next time.   Check out the FIM 2010 Installation Companion Accounts for some guidance.

https://social.technet.microsoft.com/wiki/contents/articles/7222.fim-2010-installation-companion-accounts.aspx

    • If the user executing the installation does not have SA permissions on the backend SQL Server, then you will receive the 25009 error.
Firewall Access
    • The Synchronization Service machine must be able to communicate across port 1433, which is the default SQL Server Port.
    • If you are using a SQL Server Alias, you must ensure that you have this configured on the client machine

 

 

25009 SCENARIO #1: .NET Framework 3.5 missing

25009 VERSION OF ERROR

Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database.   <hr=0x80131700>

Product Versions / Machine Setup
    • SQL Server 2014 (Remote SQL Server) on Windows Server 2012 R2
    • Microsoft Identity Manager 2016 Service Pack 1 (4.4.1302) on Windows Server 2012 R2
Install Bullets
    • Fresh install of Windows Server 2012 R2 and then installing MIM after making sure connectivity to SQL through the firewall is working.
    • Receive the error below
    • ERROR MESSAGE: Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>
    • Did a windows installer verbose log
Bullets learned from Windows Installer Verbose Log
  • We can see the error: Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>
    1. Just below that, we can see an Assembly Install issue, which actually leads to the issue. Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren
    2. The fact that we are failing with an Assembly Install, leads me to believe a problem with the Microsoft .NET Framework
WINDOWS INSTALLER VERBOSE LOG INFORMATION
MSI (s) (60:8C) [09:18:59:365]: Executing op: ActionStart(Name=ConfigDB,Description=Configuring SQL database,)

Action 9:18:59: ConfigDB. Configuring SQL database

MSI (s) (60:8C) [09:18:59:365]: Executing op: CustomActionSchedule(Action=ConfigDB,ActionType=9217,Source=BinaryData,Target=**********,CustomActionData=**********)

MSI (s) (60:E4) [09:18:59:381]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI8F14.tmp, Entrypoint: ConfigDB

Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database.     <hr=0x80131700>

MSI (s) (60!88) [09:19:00:799]: Product: Microsoft Identity Manager Synchronization Service — Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>

CustomAction ConfigDB returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

03/25/2017 09:19:00.799 [3168]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 396

03/25/2017 09:19:00.799 [3168]: Detailed info about C:\Windows\assembly\tmp\IDBMN9ZY\Microsoft.MetadirectoryServices.Host.dll

03/25/2017 09:19:00.815 [3168]:         File attributes: 00000080

03/25/2017 09:19:00.893 [3168]:         Restart Manager Info: 1 entries

03/25/2017 09:19:00.893 [3168]:                 App[0]: (3168) Windows Installer (msiserver), type = 3

03/25/2017 09:19:00.893 [3168]:         Security info:

03/25/2017 09:19:00.893 [3168]:                 Owner: S-1-5-18

03/25/2017 09:19:00.893 [3168]:                 Group: S-1-5-18

03/25/2017 09:19:00.893 [3168]:                 DACL information: 4 entries:

03/25/2017 09:19:00.893 [3168]:                 ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

03/25/2017 09:19:00.893 [3168]:                 ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

03/25/2017 09:19:00.893 [3168]:                 ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

03/25/2017 09:19:00.893 [3168]:                 ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

Action ended 9:19:00: InstallFinalize. Return value 3.

RESOLUTION
    1. Open Server Manager and from Manage, select Add Roles and Features
    2. Click the Next Button, until you get to the Features
    3. By default, only the .NET Framework 4.5 Features are installed
    4. Select the .NET Framework 3.5 Features and install them
    5. Try your installation

 

25009 SCENARIO #2: missing sysAdmin permissions

25009 VERSION OF ERROR

Error 25009.The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database.  These workstations have sessions with open files on this server:

Product Versions tested
    • Microsoft Identity Manager 2016 Service Pack 1 (4.4.1459.0)
    • SQL Server 2014
    • Windows Server 2012 R2 Service Pack 1
Install bullets
    • Fresh install of Windows Server 2012 R2 and then installing MIM after making sure connectivity to SQL through the firewall is working.
    • Receive the error below
    • Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>
Bullets learned from the Windows Installer Verbose Log
    • We can see from the error that the installation is experiencing issues configuring the backend database. This is most likely because of a permissions problem.
MSI (s) (60:E4) [09:18:59:381]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI8F14.tmp, Entrypoint: ConfigDB

Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>

MSI (s) (60!88) [09:19:00:799]: Product: Microsoft Identity Manager Synchronization Service — Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>

CustomAction ConfigDB returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

03/25/2017 09:19:00.799 [3168]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 396

03/25/2017 09:19:00.799 [3168]: Detailed info about C:\Windows\assembly\tmp\IDBMN9ZY\Microsoft.MetadirectoryServices.Host.dll

03/25/2017 09:19:00.815 [3168]:         File attributes: 00000080

03/25/2017 09:19:00.893 [3168]:         Restart Manager Info: 1 entries

03/25/2017 09:19:00.893 [3168]:                 App[0]: (3168) Windows Installer (msiserver), type = 3

03/25/2017 09:19:00.893 [3168]:         Security info:

03/25/2017 09:19:00.893 [3168]:                 Owner: S-1-5-18

03/25/2017 09:19:00.893 [3168]:                 Group: S-1-5-18

03/25/2017 09:19:00.893 [3168]:                 DACL information: 4 entries:

03/25/2017 09:19:00.893 [3168]:                 ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

03/25/2017 09:19:00.893 [3168]:                 ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

03/25/2017 09:19:00.893 [3168]:                 ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

03/25/2017 09:19:00.893 [3168]:                 ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

Action ended 9:19:00: InstallFinalize. Return value 3.

 

RESOLUTION
    1. Provide the account executing the installation with SysAdmin permissions
    2. Re-try the installation

 

25009 SCENARIO #3: SQL Server Compatibility Level

25009 VERSION OF ERROR ERROR 25009: The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database. Valid values of the database compatibility level are 100, 110, or 120. Usage sp_dbcmptlevel [dbname[, compatibilitylevel]]
25009compat
SQL Server Compatibility Level

The following is information on the SQL Server Compatibility Levels for the different SQL Server Versions. compat

https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-database-transact-sql-compatibility-level

CAUSE
The problem here is that we attempted to install the Synchronization Service Engine against a non-supported version of Microsoft SQL Server.
RESOLUTION
Install against a supported version of the Microsoft SQL Server. You can find supported versions here.

https://docs.microsoft.com/en-us/microsoft-identity-manager/plan-design/microsoft-identity-manager-2016-supported-platforms

 

 

 

ADDITIONAL RESOURCES
These are some previous articles, Microsoft TechNet Wikis that were written around the error message.
FIM Troubleshooting: Installation Error 25009 (SA Admin Rights Missing): https://social.technet.microsoft.com/wiki/contents/articles/1734.fim-troubleshooting-installation-error-25009-sa-admin-rights-missing.aspx
TROUBLESHOOTING: FIM Installation: 25009: CONDITIONAL failed because the following SET options have incorrect settings: ‘ARITHABORT’: http://social.technet.microsoft.com/wiki/contents/articles/12621.troubleshooting-fim-installation-25009-conditional-failed-because-the-following-set-options-have-incorrect-settings-arithabort.aspx
TROUBLESHOOTING: FIM INSTALLATION: Error 25009.The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database.  These workstations have sessions with open files on this server: http://social.technet.microsoft.com/wiki/contents/articles/1734.troubleshooting-fim-installation-error-25009.aspx
FIM-TROUBLESHOOTING: Installation Error: 25009: Cannot create more than one clustered index on table ‘dbo.mms_connectorspace’:http://social.technet.microsoft.com/wiki/contents/articles/14775.fim-troubleshooting-error-25009-the-forefront-identity-manager-synchronization-service-setup-wizard-cannot-configure-the-specified-database.aspx
FIM/MIM Troubleshooting Error 25009 Resource Page: https://social.technet.microsoft.com/wiki/contents/articles/35638.fimmim-troubleshooting-error-25009-resource-page.aspx