Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2014-09-21) Change Install Of The Azure AD Sync Service Throws WMI Namespace Error

Posted by Jorge on 2014-09-21


When performing a CHANGE install of the Azure AD Sync Service you may get the following error.

image

Figure 1: Error Thrown By The Azure AD Sync Setup Wizard Not Being Able To Configure Permissions On A Non-Existing Namespace

Error 25050. The Microsoft Azure AD Sync Setup wizard cannot set Windows Management Instrumentation (WMI) permissions. Ensure you have the correct permissions for this operation, and then try running this wizard again. To run WMI remotely, you must manually set the remote enable permissions. Invalid namespace.

The solution to the problem was already covered in this WIKI page, but unfortunately it is not complete.

When everything is OK, the "MicrosoftIdentityIntegrationServer" namespace does exist.

image

Figure 2: The "MicrosoftIdentityIntegrationServer" Namespace Does Exist When Everything Is OK

When everything is not OK, the "MicrosoftIdentityIntegrationServer" namespace does not exist! Duh!

image

Figure 3: The "MicrosoftIdentityIntegrationServer" Namespace Does Not Exist When Everything Is Not OK

Open a command prompt window and navigate to the folder "C:\Program Files\Microsoft Azure AD Sync\Bin". The execute: mofcomp mmswmi.mof

image

Figure 4: Reregistering The "MicrosoftIdentityIntegrationServer" Namespace

To make sure everything is really OK, check the namespace is configured with Azure AD Sync Service security groups. All Azure AD Sync Service security groups should have the4 same permissions as shown below

image

Figure 5: Permissions On The "MicrosoftIdentityIntegrationServer" Namespace For The Azure AD Sync Service security groups

In addition to the steps above, start the Component Services MMC, navigate to Component Services –> Computers –> My Computer, right-click My Computer and select Properties

image

Figure 6: Component Services MMC

Click on the "COM Security" TAB

image

Figure 7: "COM Security" TAB And The Parts For Which Permissions Need To Be Configured

If you changed the Azure AD Sync Service security groups, then make sure to REMOVE all old Azure AD Sync Service security groups in all three parts

image

Figure 8: Previous Azure AD Sync Service security groups

Make sure to configure the exact same permissions for all Azure AD Sync Service security groups as shown in the picture below

image

Figure 9: Access Permissions – Security Limits For Azure AD Sync Service security groups

Make sure to configure the exact same permissions for all Azure AD Sync Service security groups as shown in the picture below

image

Figure 10: Access Permissions – Default Security For Azure AD Sync Service security groups

Make sure to configure the exact same permissions for all Azure AD Sync Service security groups as shown in the picture below

image

Figure 11: Launch And Activation Permissions – Security Limits For Azure AD Sync Service security groups

And you’re done!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

2 Responses to “(2014-09-21) Change Install Of The Azure AD Sync Service Throws WMI Namespace Error”

  1. […] you get the following error, make sure to check this blog post AFTER the wizard has […]

  2. […] (2014-09-21) Change Install Of The Azure AD Sync Service Throws WMI Namespace Error […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: