Share via

MIM 2016 Service and Portal Troubleshooting: Hotfix installation failure (Unauthorized operation)

  • Article

Credits

This article has been build with the greatly appreciated assistance and input of José Carrilho.

Collection

This article is part of a set troubleshooting articles, containing:

Background

When you try to install a (or any) hotfix on a FIM or MIM 2016 server or component, you might run into a situation where the installation seems to run fine until the very last second and then the wizard starts a rollback.

Certainly, when you start the setup, msi or msp (patch) directly without any logging parameters, you will hardly get any information on the root cause.

Therefore it's wise to start the setup or hotfix installation with verbose logging.

Generating log

Use this article to install the hotfix with verbose logging: FIM Troubleshooting: Attempted to perform an unauthorized operation.

As explained by Tim:

  1. Open an Administrative Command-Prompt by right-clicking  Command-Prompt and selecting Run As Administrator

  2. Navigate to where you downloaded and extracted the hotfix

  3. Execute the following:

    msiexec.exe /p <name of msp file> /l*v mylog.txt

  4. Open and review the log  

Log Error Message Indicators

The log might have a very high volume of information.

Below you find some useful phrases of information that should give you some indicators or easy search components to look for.

Transform EVAL.1 invalid

DEBUG: Error 2746:  Transform EVAL.1 invalid for package C:\WINDOWS\Installer\535989.msi. Expected product {AB9663A3-2B61-44C7-8A64-358EC72934E6}, found product {0782FB14-023A-430F-B0D5-4AE1D1CCFCAA}.

DEBUG: Error 2746:  Transform EVAL.1 invalid for package C:\WINDOWS\Installer\599fa.msi. Expected product {AB9663A3-2B61-44C7-8A64-358EC72934E6}, found product {0782FB14-023A-430F-B0D5-4AE1D1CCFCAA}.

Keywords:

  • {AB9663A3-2B61-44C7-8A64-358EC72934E6}
  • {0782FB14-023A-430F-B0D5-4AE1D1CCFCAA}

CheckFarmAdministratorWithOpenPermissionForSharePoint2007Or2010

MSI (s) (20:88) [19:59:55:711]: Skipping action: CheckFarmAdministratorWithOpenPermissionForSharePoint2007Or2010 (condition is false)

Keywords:

  • CheckFarmAdministratorWithOpenPermissionForSharePoint2007Or2010

Failing with hr=800700b7

[5664]: Assembly Install: Failing with hr=800700b7 at FusionMoveDirectory, line 3310

Keyword:

  • hr=800700b7

Failing with hr=80070005

[5664]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 396

Keyword:

  • hr=80070005

Error code 1603

Configuration failed

Product: Microsoft Identity Manager Service and Portal - Update 'MIM Service & Portal Hotfix KB 3201389' could not be installed. Error code 1603. Additional information is available in the log file C:\FIM\Sources\SP1\4.4.1302 HF\hotfix.log. MSI (c) (60:18) [10:05:41:437]: Windows Installer installed an update. Product Name: Microsoft Identity Manager Service and Portal. Product Version: 4.4.1302.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: MIM Service & Portal Hotfix KB 3201389. Installation success or error status: 1603.

MSI (c) (60:18) [10:05:41:437]: Product: Microsoft Identity Manager Service and Portal -- Configuration failed.

Attempted to perform an unauthorized operation

MSI (c) (60:18) [<time>]: Windows Installer reconfigured the product. Product Name: Microsoft Identity Manager Service and Portal. Product Version: 4.4.1302.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 1603.

MSI (s) (F0:B4) [14:28:29:652]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI26CF.tmp, Entrypoint: CAQuietExec

CAQuietExec:  Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.

CAQuietExec:  Executing all administrative timer jobs in preparation for FIM solution pack retraction.

CAQuietExec:  Removing feature for microsoftidentitymanagement.wsp

CAQuietExec:  An exception occurred while running Microsoft.IdentityManagement.SolutionPackUtility.exe: Attempted to perform an unauthorized operation.

CAQuietExec:  An error occurred while retracting FIM portal solution packs.

CAQuietExec:  Error 0xfffffffa: Command line returned an error.

CAQuietExec:  Error 0xfffffffa: CAQuietExec Failed

CustomAction PatchRemoveFIMPortal returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

Keywords:

  • microsoftidentitymanagement.wsp
  • unauthorized
  • wsp

Solutions

DCOM Error

Check that there are no DCOM errors (event id 10016)

Solutions:

Service account logon ID (NetBIOS or UPN format)

Source: forum post: Issue when trying to apply hotfix update KB3134725 for FIMService

As explained in the forum post: check the format of the service logon ID as configured in the FIM Service.

Root cause: "login info that runs the services wasn't in the correct format.  The default install had it like servicename@domain.net, but it needed to be domain\servicename."

SharePoint Admin rights

Make sure the installer account has the proper SharePoint Farm admin rights.

Use this article to install to fix the rights: FIM Troubleshooting: Attempted to perform an unauthorized operation.

See also

References