Share via

Azure AD Connect installation wizard permission that are required to write to the event log is missing

Andre van der Westhuizen 21 Reputation points
2022-11-17T00:56:01.573+00:00

We have installed Azure AD Connect with and account which is granted the following rights:

  • local administrator to the server
  • Enterprise Administrator
  • Domain Administrator

After the installation the Wizard opens we receive the following message
261098-picture1.jpg

We have check the permissions on the %systemroot%\Sytem32\Winevt and sub folders and have also grant the Service account write permissions to the folder but still the same issue.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,961 questions
0 comments
Accepted answer
  1. Givary-MSFT 35,601 Reputation points Microsoft Employee Moderator
    2022-11-18T17:30:03.253+00:00

    @Andre van der Westhuizen From the above screenshot, clearly states there is a permission issue that Event Viewer log's permissions have been customized and most likely is causing the installation wizard to fail due to insufficient permissions for the ADSync service account to record new event logs.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application' for the value CustomSD is where custom permissions gets stored, try to compare this value with a server which doesnt have any GPO restrictions.

    Since AAD Connect is using a VSA (NT SERVICE\ADSync) as the service account, then NT AUTHORITY\SERVICE must have WriteData permissions, e.g.:

    NT AUTHORITY\SERVICE: AccessAllowed (ListDirectory, WriteData)

    Usually Domain GPO enforcing Event Viewer log permissions under "Computer Configuration/Policies/Administrative Templates/Windows Components/Event Log Service/Application - is where the policy is configured and getting applied to the ad connect server.

    Try to exclude the AAD Connect server from the Domain GPO from where these permissions are getting applied and delete the CustomSD value from the registry, which will restore the Security Descriptor to the default permissions.

    Then try to run Azure AD Connect wizard again and the installation and verify the issue.

    Let me know if you have any further questions, please feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157K Reputation points MVP Volunteer Moderator
    2022-11-17T12:19:02.477+00:00

    Did you follow the suggestion to grant write permissions to the NT AUTHORITY\SERVICE account for the event logs?

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/error-unable-access-security-log

    Checked HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security - Eventlog has no permissions there.

    HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.