Have you ever gone through the installation for the Synchronization Service Engine and received the error 25009? Well, my hope with this blog is to cover some of the different exceptions and things you can do to track down the reason for 25009 and be able to resolve it.
There are a couple key points that we should already have in place prior to installing the Synchronization Service Engine.
SQL Server SA (sysAdmin) Permissions
The user executing the installation and/or hotfix update must be a sysAdmin on the backend SQL Server.
A good recommendation is to have an install account that has these higher permissions and is only utilized during and for installations. Once the installation is complete, then disable the account until the next time. Check out the FIM 2010 Installation Companion Accounts for some guidance.
If the user executing the installation does not have SA permissions on the backend SQL Server, then you will receive the 25009 error.
Firewall Access
The Synchronization Service machine must be able to communicate across port 1433, which is the default SQL Server Port.
If you are using a SQL Server Alias, you must ensure that you have this configured on the client machine
25009 SCENARIO #1: .NET Framework 3.5 missing
25009 VERSION OF ERRORError 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>
Product Versions / Machine Setup
SQL Server 2014 (Remote SQL Server) on Windows Server 2012 R2
Microsoft Identity Manager 2016 Service Pack 1 (4.4.1302) on Windows Server 2012 R2
Install Bullets
Fresh install of Windows Server 2012 R2 and then installing MIM after making sure connectivity to SQL through the firewall is working.
Receive the error below
ERROR MESSAGE: Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>
Did a windows installer verbose log
Bullets learned from Windows Installer Verbose Log
We can see the error: Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>
Just below that, we can see an Assembly Install issue, which actually leads to the issue. Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren
The fact that we are failing with an Assembly Install, leads me to believe a problem with the Microsoft .NET Framework
WINDOWS INSTALLER VERBOSE LOG INFORMATION
MSI (s) (60:8C) [09:18:59:365]: Executing op: ActionStart(Name=ConfigDB,Description=Configuring SQL database,)Action 9:18:59: ConfigDB. Configuring SQL databaseMSI (s) (60:8C) [09:18:59:365]: Executing op: CustomActionSchedule(Action=ConfigDB,ActionType=9217,Source=BinaryData,Target=**********,CustomActionData=**********)MSI (s) (60:E4) [09:18:59:381]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI8F14.tmp, Entrypoint: ConfigDBError 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>MSI (s) (60!88) [09:19:00:799]: Product: Microsoft Identity Manager Synchronization Service -- Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>CustomAction ConfigDB returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)03/25/2017 09:19:00.799 [3168]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 39603/25/2017 09:19:00.799 [3168]: Detailed info about C:\Windows\assembly\tmp\IDBMN9ZY\Microsoft.MetadirectoryServices.Host.dll03/25/2017 09:19:00.815 [3168]: File attributes: 0000008003/25/2017 09:19:00.893 [3168]: Restart Manager Info: 1 entries03/25/2017 09:19:00.893 [3168]: App[0]: (3168) Windows Installer (msiserver), type = 303/25/2017 09:19:00.893 [3168]: Security info:03/25/2017 09:19:00.893 [3168]: Owner: S-1-5-1803/25/2017 09:19:00.893 [3168]: Group: S-1-5-1803/25/2017 09:19:00.893 [3168]: DACL information: 4 entries:03/25/2017 09:19:00.893 [3168]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-1803/25/2017 09:19:00.893 [3168]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-54403/25/2017 09:19:00.893 [3168]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-54503/25/2017 09:19:00.893 [3168]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1Action ended 9:19:00: InstallFinalize. Return value 3.
RESOLUTION
Open Server Manager and from Manage, select Add Roles and Features
Click the Next Button, until you get to the Features
By default, only the .NET Framework 4.5 Features are installed
Select the .NET Framework 3.5 Features and install them
Try your installation
25009 SCENARIO #2: missing sysAdmin permissions
25009 VERSION OF ERRORError 25009.The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database. These workstations have sessions with open files on this server:
Product Versions tested
Microsoft Identity Manager 2016 Service Pack 1 (4.4.1459.0)
SQL Server 2014
Windows Server 2012 R2 Service Pack 1
Install bullets
Fresh install of Windows Server 2012 R2 and then installing MIM after making sure connectivity to SQL through the firewall is working.
Receive the error below
Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>
Bullets learned from the Windows Installer Verbose Log
We can see from the error that the installation is experiencing issues configuring the backend database. This is most likely because of a permissions problem.
MSI (s) (60:E4) [09:18:59:381]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI8F14.tmp, Entrypoint: ConfigDBError 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>MSI (s) (60!88) [09:19:00:799]: Product: Microsoft Identity Manager Synchronization Service -- Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700> CustomAction ConfigDB returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)03/25/2017 09:19:00.799 [3168]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 39603/25/2017 09:19:00.799 [3168]: Detailed info about C:\Windows\assembly\tmp\IDBMN9ZY\Microsoft.MetadirectoryServices.Host.dll03/25/2017 09:19:00.815 [3168]: File attributes: 0000008003/25/2017 09:19:00.893 [3168]: Restart Manager Info: 1 entries03/25/2017 09:19:00.893 [3168]: App[0]: (3168) Windows Installer (msiserver), type = 303/25/2017 09:19:00.893 [3168]: Security info:03/25/2017 09:19:00.893 [3168]: Owner: S-1-5-1803/25/2017 09:19:00.893 [3168]: Group: S-1-5-1803/25/2017 09:19:00.893 [3168]: DACL information: 4 entries:03/25/2017 09:19:00.893 [3168]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-1803/25/2017 09:19:00.893 [3168]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-54403/25/2017 09:19:00.893 [3168]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-54503/25/2017 09:19:00.893 [3168]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1Action ended 9:19:00: InstallFinalize. Return value 3.
RESOLUTION
Provide the account executing the installation with SysAdmin permissions
Re-try the installation
25009 SCENARIO #3: SQL Server Compatibility Level
25009 VERSION OF ERROR ERROR 25009: The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database. Valid values of the database compatibility level are 100, 110, or 120. Usage sp_dbcmptlevel [dbname[, compatibilitylevel]]
https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-database-transact-sql-compatibility-level