Warning 25051 / Service Account is not secure in its current configuration

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

First published on MSDN on Aug 28, 2015
This can be used for to Secure the following accounts

  • FIM Synchronization Service / MIM Synchronization Service

  • FIMService / MIM Service


Note: This is not for the Service accounts to be used for the PAM Features see Service account is not secure in its current configuration
Issue:

  • When installing the Forefront Identity Manager Synchronization Service or the Forefront Identity Manager Portal you may be presented with a popup Warning 25051 which informs you that the service account is not secure in its current configuration. You are able to continue with the installation if you wish or you could stop the installation and secure the service account being used prior to installation of these features


Image:

  • When installing the Forefront Identity Manager Features




  • When installing the Microsoft Identity Manager 2016 Features



Cause:

  • Prior to installing the Forefront Identity Manager Synchronization Service or portal the Service accounts used for each feature are not configured on the server that the feature is to be installed on using the secure method


Resolution:

  1. On the server that host the Forefront Identity Manger Synchronization Service or FIM Service and Portal is installed on.

    1. Open up Local Security

    2. Expand Local Polices

    3. Click on User Rights Assignment

    4. Scroll down to locate the following policies

      1. Deny log on as a batch job

      2. Deny log on locally

      3. Deny access to this computer from the network



    5. For each of the above add the service account that is used for the installing feature. For example, on the server that the Synchronization Service is installed on this may be the FIMSync Service account, and on the server that host the FIM portal it may be the FIMService account that is used during the initial configuration. Right Click on the policy you wish to add the service account to and click on properties and then click on Add user or group, Add the correct (User) Service account for the feature being installed to that policy. Repeat steps for each policy.






Questions? Comments? Love FIM so much you can't even stand it?

EMAIL US>EMAIL US<

## http://blogs.msdn.com/connector_space ##

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.