none
Problem when i install Azure AD connect on Windows server 2012/16

    Question

  • Hello guys, i have a problem when i installed azure ad connect.

    Error 906 make me crazy !!!!!!!!!!!!!

    Unable to install the synchronization service.

    AzureActiveDirectorySyncEngine Verbose: 903 : ==========================================================================
    AzureActiveDirectorySyncEngine Verbose: 903 : Sync Engine install Starting: 04/11/2017 02:59:47
    AzureActiveDirectorySyncEngine Verbose: 903 : ==========================================================================
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\MSOLCoExistence, InstallationIdentifier, {NULL})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:f1abe19250a4479889f2301d79497217
    AzureActiveDirectorySyncEngine Verbose: 903 : Initializing the installation task...
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::SetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\MSOLCoExistence\CurrentVersion, InstallationIdentifier, f1abe19250a4479889f2301d79497217)
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::SetStringValue
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::SetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\MSOLCoExistence\CurrentVersion, InstallationPath, C:\Program Files\Microsoft Azure AD Sync)
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::SetStringValue
    AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 1/5...
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Microsoft SQL Server Express LocalDB......
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::DoesRegistrySubKeyExist(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6c026a91-640f-4a23-8b68-05d589cc6f18})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::DoesRegistrySubKeyExist:True
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6c026a91-640f-4a23-8b68-05d589cc6f18}, DisplayVersion, {NULL})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:11.1.3000.0
    AzureActiveDirectorySyncEngine Information: 904 : An equal or higher version of Microsoft SQL Server Express LocalDB is already installed. Target version = 11.1.3000.0, Installed version = 11.1.3000.0
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Installing the Microsoft SQL Server Express LocalDB.... Duration: 0.007 sec.
    AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 2/5...
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Azure Active Directory Sign-in Client......
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::DoesRegistrySubKeyExist(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::DoesRegistrySubKeyExist:True
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd}, DisplayVersion, {NULL})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:7.250.4556.0
    AzureActiveDirectorySyncEngine Information: 904 : An equal or higher version of Azure Active Directory Sign-in Client is already installed. Target version = 7.250.4556.0, Installed version = 7.250.4556.0
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Installing the Azure Active Directory Sign-in Client.... Duration: 0.002 sec.
    AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 3/5...
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Microsoft SQL Server Native Client......
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::DoesRegistrySubKeyExist(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{49d665a2-4c2a-476e-9ab8-fcc425f526fc})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::DoesRegistrySubKeyExist:True
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{49d665a2-4c2a-476e-9ab8-fcc425f526fc}, DisplayVersion, {NULL})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:11.0.2100.60
    AzureActiveDirectorySyncEngine Information: 904 : An equal or higher version of Microsoft SQL Server Native Client is already installed. Target version = 11.0.2100.60, Installed version = 11.0.2100.60
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Installing the Microsoft SQL Server Native Client.... Duration: 0.002 sec.
    AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 4/5...
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Microsoft SQL Server Command Line Utilities......
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::DoesRegistrySubKeyExist(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9d573e71-1077-4c7e-b4db-4e22a5d2b48b})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::DoesRegistrySubKeyExist:True
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9d573e71-1077-4c7e-b4db-4e22a5d2b48b}, DisplayVersion, {NULL})
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:11.0.2100.60
    AzureActiveDirectorySyncEngine Information: 904 : An equal or higher version of Microsoft SQL Server Command Line Utilities is already installed. Target version = 11.0.2100.60, Installed version = 11.0.2100.60
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Installing the Microsoft SQL Server Command Line Utilities.... Duration: 0.002 sec.
    AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 5/5...
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Synchronization Service......
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Creating a service account for the Synchronization Service to use...
    AzureActiveDirectorySyncEngine Verbose: 903 : An object with samAccountName 'AAD_f1abe19250a4' already exists.
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Setting password for the Synchronization Service's service account...
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Setting password for the Synchronization Service's service account. Duration: 2.393 sec.
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Creating a service account for the Synchronization Service to use. Duration: 2.415 sec.
    AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount: Using auto-generated User Account AAD_f1abe19250a4
    AzureActiveDirectorySyncEngine Verbose: 903 : MachineName = SHEPARD DomainName = REM2K, isLocalMachineAccount=False, isDomainController=True, IsManagedServiceAccount=False.
    AzureActiveDirectorySyncEngine Verbose: 903 : Specified sync service account REM2K\AAD_f1abe19250a4 is a valid domain account.
    AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount.ResolveSid: SyncServiceAccount.SidString=S-1-5-21-1548383388-1442375699-2368014779-1103
    AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount:AddAccountRights
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Temporarily adding the SeServiceLogonRight to the AAD_f1abe19250a4...
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Temporarily adding the SeServiceLogonRight to the AAD_f1abe19250a4. Duration: 0.003 sec.
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Creating security groups for the Synchronization Service...
    AzureActiveDirectorySyncEngine Verbose: 903 : Group not explicitly specified, creating group ADSyncAdmins
    AzureActiveDirectorySyncEngine Verbose: 903 : An object with samAccountName 'ADSyncAdmins' already exists.
    AzureActiveDirectorySyncEngine Verbose: 903 : Group not explicitly specified, creating group ADSyncOperators
    AzureActiveDirectorySyncEngine Verbose: 903 : An object with samAccountName 'ADSyncOperators' already exists.
    AzureActiveDirectorySyncEngine Verbose: 903 : Group not explicitly specified, creating group ADSyncBrowse
    AzureActiveDirectorySyncEngine Verbose: 903 : An object with samAccountName 'ADSyncBrowse' already exists.
    AzureActiveDirectorySyncEngine Verbose: 903 : Group not explicitly specified, creating group ADSyncPasswordSet
    AzureActiveDirectorySyncEngine Verbose: 903 : An object with samAccountName 'ADSyncPasswordSet' already exists.
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Creating security groups for the Synchronization Service. Duration: 0.004 sec.
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Adding the current user REM2K\Administrateur to the ADSyncAdmins security group...
    AzureActiveDirectorySyncEngine Verbose: 903 : The 'WinNT://REM2K/Administrateur,user' is already a member of the 'WinNT://SHEPARD/ADSyncAdmins,group'.
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Adding the current user REM2K\Administrateur to the ADSyncAdmins security group. Duration: 0.004 sec.
    AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount:AddToLocalUsersGroup
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Temporarily adding the AAD_f1abe19250a4 account to the local Users group...
    AzureActiveDirectorySyncEngine Verbose: 903 : The 'WinNT://REM2K/AAD_f1abe19250a4,user' is already a member of the 'WinNT://SHEPARD/Utilisateurs,group'.
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Temporarily adding the AAD_f1abe19250a4 account to the local Users group. Duration: 0.003 sec.
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::AddRegistryAccessRole(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\AD Sync\Shared, S-1-5-21-1548383388-1442375699-2368014779-1103, Allow)
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::AddRegistryAccessRole
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::AddRegistryAccessRole(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\AD Sync\Shared, S-1-5-32-544, Allow)
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::AddRegistryAccessRole
    AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::RemoveRegistryAccessRoleAll(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\AD Sync\Shared, S-1-5-32-545, Deny)
    AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::RemoveRegistryAccessRoleAll
    AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount:AddToLocalAdministratorsGroup:
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Temporarily adding the AAD_f1abe19250a4 account to the local Administrators group...
    AzureActiveDirectorySyncEngine Verbose: 903 : The 'WinNT://REM2K/AAD_f1abe19250a4,user' has been added to the 'WinNT://SHEPARD/Administrateurs,group' successfully.
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Temporarily adding the AAD_f1abe19250a4 account to the local Administrators group. Duration: 0.002 sec.
    AzureActiveDirectorySyncEngine Verbose: 903 : CreateAndStartBootstrapService:
    AzureActiveDirectorySyncEngine Verbose: 903 : TryStopAndDeleteBootstrapService.
    AzureActiveDirectorySyncEngine Verbose: 903 : CreateAndStartBootstrapService: EventLog.CreateEventSource caught expected exception. Details System.ArgumentException: La source ADSyncBootstrap existe déjà sur l'ordinateur local.
       à System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData)
       à Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.CreateAndStartBootstrapService(SyncServiceAccount syncServiceAccount)
    AzureActiveDirectorySyncEngine Verbose: 903 : CreateAndStartBootstrapService: completed successfully.
    AzureActiveDirectorySyncEngine Error: 906 : DisableADSyncBootstrapLocalDBInstance: PS Cmdlet failed on ADSyncBootstrap service.  Details: System.Management.Automation.CmdletInvocationException: L'accès est refusé. ---> System.ServiceModel.Security.SecurityAccessDeniedException: L'accès est refusé.

    Server stack trace: 
       à System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
       à System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
       à System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       à System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       à System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]: 
       à System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       à System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       à Microsoft.Azure.ActiveDirectory.ADSyncBootstrap.Management.Contract.IADSyncBootstrapManagementService.DisableADSyncBootstrapLocalDBInstance()
       à Microsoft.Azure.ActiveDirectory.ADSyncBootstrap.PowerShell.DisableADSyncBootstrapLocalDBInstanceCmdlet.ProcessRecord()
       à System.Management.Automation.CommandProcessor.ProcessRecord()
       --- Fin de la trace de la pile d'exception interne ---
       à System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
       à System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
       à System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
       à System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       à System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       à System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
       à Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       à Microsoft.Online.Deployment.PowerShell.PowerShellHelper.InvokeAndThrow(IPowerShell powerShell, Command command, Boolean throwExceptionOnError)
       à Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.DisableADSyncBootstrapLocalDBInstance()
    AzureActiveDirectorySyncEngine Error: 906 : EnableADSyncBootstrapLocalDBInstance: PS Cmdlet exception on ADSyncBootstrap service.  Details: System.Management.Automation.CmdletInvocationException: L'accès est refusé. ---> System.ServiceModel.Security.SecurityAccessDeniedException: L'accès est refusé.

    Server stack trace: 
       à System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
       à System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
       à System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       à System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       à System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]: 
       à System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       à System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       à Microsoft.Azure.ActiveDirectory.ADSyncBootstrap.Management.Contract.IADSyncBootstrapManagementService.EnableADSyncBootstrapLocalDBInstance(String syncAdminsGroupName, String dbAdminUserAccount)
       à Microsoft.Azure.ActiveDirectory.ADSyncBootstrap.PowerShell.EnableADSyncBootstrapLocalDBInstanceCmdlet.ProcessRecord()
       à System.Management.Automation.CommandProcessor.ProcessRecord()
       --- Fin de la trace de la pile d'exception interne ---
       à System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
       à System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
       à System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
       à System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       à System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       à System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
       à Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       à Microsoft.Online.Deployment.PowerShell.PowerShellHelper.InvokeAndThrow(IPowerShell powerShell, Command command, Boolean throwExceptionOnError)
       à Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.EnableADSyncBootstrapLocalDBInstance(String syncAdminsGroupName, String currentUserAccount)
    AzureActiveDirectorySyncEngine Error: 906 : SynchronizationServiceSetupTask:EnableADSyncBootstrapLocalDBInstance operation failed
    AzureActiveDirectorySyncEngine Error: 906 : SynchronizationServiceSetupTask:Enable LocalDB Instance  - Caught unexpected exception. Details System.InvalidOperationException: L'opération powershell LocalDB a échoué sur le service ADSync Bootstrap : Enable-ADSyncBootstrapLocalDBInstance
       à Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.EnableADSyncBootstrapLocalDBInstance(String syncAdminsGroupName, String currentUserAccount)
       à Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
    AzureActiveDirectorySyncEngine Error: 906 : DisableADSyncBootstrapLocalDBInstance: PS Cmdlet failed on ADSyncBootstrap service.  Details: System.Management.Automation.CmdletInvocationException: L'accès est refusé. ---> System.ServiceModel.Security.SecurityAccessDeniedException: L'accès est refusé.

    Server stack trace: 
       à System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
       à System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
       à System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       à System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       à System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]: 
       à System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       à System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       à Microsoft.Azure.ActiveDirectory.ADSyncBootstrap.Management.Contract.IADSyncBootstrapManagementService.DisableADSyncBootstrapLocalDBInstance()
       à Microsoft.Azure.ActiveDirectory.ADSyncBootstrap.PowerShell.DisableADSyncBootstrapLocalDBInstanceCmdlet.ProcessRecord()
       à System.Management.Automation.CommandProcessor.ProcessRecord()
       --- Fin de la trace de la pile d'exception interne ---
       à System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
       à System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
       à System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
       à System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       à System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       à System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
       à Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       à Microsoft.Online.Deployment.PowerShell.PowerShellHelper.InvokeAndThrow(IPowerShell powerShell, Command command, Boolean throwExceptionOnError)
       à Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.DisableADSyncBootstrapLocalDBInstance()
    AzureActiveDirectorySyncEngine Verbose: 903 : StopAndDeleteBootstrapService.
    AzureActiveDirectorySyncEngine Verbose: 903 : StopAndDeleteBootstrapService completed successfully.
    AzureActiveDirectorySyncEngine Error: 906 : SynchronizationServiceSetupTask:InstallCore - Caught unexpected exception. Details System.InvalidOperationException: L'opération powershell LocalDB a échoué sur le service ADSync Bootstrap : Enable-ADSyncBootstrapLocalDBInstance
       à Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.EnableADSyncBootstrapLocalDBInstance(String syncAdminsGroupName, String currentUserAccount)
       à Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
    AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount:RemoveAccountRights
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Removing the SeImpersonatePrivilege from the AAD_f1abe19250a4...
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Removing the SeImpersonatePrivilege from the AAD_f1abe19250a4. Duration: 0.003 sec.
    AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount:RemoveFromLocalAdministratorsGroup:
    AzureActiveDirectorySyncEngine Information: 904 : Starting: Removing the Sync Service account from the local Administrators group...
    AzureActiveDirectorySyncEngine Verbose: 903 : The 'WinNT://REM2K/AAD_f1abe19250a4,user' has been removed from the 'WinNT://SHEPARD/Administrateurs,group' successfully.
    AzureActiveDirectorySyncEngine Information: 904 : Finished: Removing the Sync Service account from the local Administrators group. Duration: 0.007 sec.
    AzureActiveDirectorySyncEngine Error: 906 : L'opération powershell LocalDB a échoué sur le service ADSync Bootstrap : Enable-ADSyncBootstrapLocalDBInstance

    Thx for your help.


    • Edited by Remy Peres Tuesday, April 11, 2017 1:04 AM
    Tuesday, April 11, 2017 1:03 AM

All replies

  • I'm having the same problem when I installed the newest version of AD Connect. Going back to an older version ...
    Tuesday, April 11, 2017 2:25 AM
  • Hello , do you know where i can find the old versions?

    mabye the

    Azure ad connect 1.1.371.0 :)

    • Edited by Remy Peres Tuesday, April 11, 2017 7:57 AM
    Tuesday, April 11, 2017 6:51 AM
  • have the same problem. I installed now a older version, and made an upgrade to the newest version. this worked for me. I created a Microsoft Ticket and waiting for a response. but I think its a bug in the newest version 1.1.484.0
    • Marked as answer by Remy Peres Tuesday, April 11, 2017 8:40 AM
    • Unmarked as answer by Remy Peres Tuesday, April 11, 2017 8:40 AM
    Tuesday, April 11, 2017 8:26 AM
  • hello , do you have a link of your Azure Ad connect version ? It's impossible to find the older version.

    thx

    Tuesday, April 11, 2017 8:31 AM
  • Hi;

    same problem for me.

    Have you find a solution ? Have you find a old version ?

    Thx for your help

    Tuesday, April 11, 2017 9:56 AM
  • No , i can't find a old setup , someone can save us ?

    Thx guys !

    Peres Rémy

    Tuesday, April 11, 2017 11:31 AM
  • Hello, I cannot either find an older version, always point to v1.1.484.0. I've created a ticket with support, awaiting for its answer

    Ruben

    Tuesday, April 11, 2017 11:45 AM
  • please to give us the solution provided by support , i can t declare on my tenant

    Thks

    Tuesday, April 11, 2017 12:43 PM
  • This error occurred when your server cannot assign the permissions to logon as a service to the account that is necessary for AD Connect.

    You can try these steps:

    1. In you Domain Controller create a Service Account àunder OU Managed Service Account and add this account as member of Enterprise Admins.
    2. In you AD Connect Server go to:
      1. Local Security Policiesà Local Policies
      2. User Rights Assignment
      3. Look for the optionàLog on as a Service
      4. Add on this option the account that you created on the option 1
        1. If you cannot add here the account,because the option to add is gray, then you need tried to do this on the Domain Controller or check your group Policies that is blocking to you to add this account to log on as a service
      5. After you haver register this account as log on as a Service, I recommend you restart the server
      6. You need uninstall your previous installation of AD Connect, If you have special rules created in AD Connect/DirSync you need backup these rules also if you have any other filter configuration you need to have a backup of documentation of these filters, because when you uninstall the AD Connect you lost all the previous configuration. If you are using the default configuration, then is more simple because you can install the default configuration.
      7. After you uninstall AD Connect you need go to Program Files and rename the directory of Microsoft Azure AD Connect Directory * or Microsoft Azure AD Sync
      8. Run AzureADConnect.msi and select the option CUSTOMIZE
      9. On the next screen select the option  Use an existing Service Account”  and put the credentials of the service account that you created (1)
      10. Follow the steps of the wizard and when the setup ask for the credentials of the Domain controller you can use the same Service Account or your Administrator Account

    After this you can install the AD Connect 1.484

    Use this procedure under your own risk.

    • Proposed as answer by Jesussv Tuesday, April 11, 2017 6:58 PM
    Tuesday, April 11, 2017 2:31 PM
  • Jesussv, I've followed your indications creating a new service account, grant the right to log on as a service, restart, completely uninstall AD Connect, delete folders under program files and to the customize installation, but the error is the same 906:

    DisableADSyncBootstrapLocalDBInstance: PS Cmdlet failed on ADSyncBootstrap service.  Details: System.Management.Automation.CmdletInvocationException: access denied. ---> System.ServiceModel.Security.SecurityAccessDeniedException: access denied.

    I'm still waiting for Microsoft Support...

    Tuesday, April 11, 2017 2:54 PM
  • Just tried this version and it fails, went back to a previous version and it installed no problem, there is definately something wrong with this version.

    Tuesday, April 11, 2017 3:52 PM
  • I've received from support version 1.1.180.0 that installed smoothly and did a correct sync so definitely there's something wrong with 1.1.484.0
    Tuesday, April 11, 2017 4:45 PM
  • All,

    We need additional information to be able to troubleshoot the issue. Can you either email me (msftchun_hotmail.com) (replace _ with @) or open a Support ticket to provide the following info please:

    1. Installation/setup logs - Zip up the entire folder under %programdata%\AADConnect 
    2. Windows Event logs, including Application, Security, Setup and System (for the time window when installation starts till end)

    Thanks,

    Chun Yong

    Tuesday, April 11, 2017 4:46 PM
  • All,

    If you are running into this issue, can you confirm whether you are trying to install Azure AD Connect on a server which is a non-English Windows server please?

    If so, can you also confirm whether the built-in administrators group on the server has name "Administrators" or some other values (e.g., localized string) please?

    Thanks,

    Chun Yong

    Tuesday, April 11, 2017 9:54 PM
  • Hello Chun,

    I confirm my installation is on a Windows Server 2012 Standard in Spanish. The built-in local administrators group on the server where I installad Azure AD Connect is named "Administradores", also in Spanish and the members of that group are just the local administrator and several named accounts from the domain, but not the default group "domain admins", due to some security concerns of the customer's IT people.

    v1.1.180.0 did installed successfully and it's doing synchronization of local AD ok. Problem was just with v1.1.484.0

    Ruben

    Wednesday, April 12, 2017 7:02 AM
  • Chun, I just sent you an email with the logs

    Also yesterday I created a support ticket #617041194179230

    Ruben

    Wednesday, April 12, 2017 7:10 AM
  • Chun

    I've got the same problem. Server 2012R2 Standard German, the built-in administrative Group is named "Administratoren".

    Where can I find the older Version of AzureADConnect.msi to try? 

    The error remains after yout Solution.

    Christian

    Wednesday, April 12, 2017 9:56 AM
  • I got the same problem on a Windows 2016 Server in French (built-in administrator group: "Administrateurs"). I solved my problem by uninstalling the newest version of AD Connect, installing an older version I had in my backups, and then updating AD Connect with the newest version.
    Wednesday, April 12, 2017 10:53 AM
  • Thanks, Ruben, Christian!

    Ruben,

    Can you give this workaround a try to see if it unblocks you please? Create a local group on the Windows server named "Administrators" and then make the installing admin a member. Then run the setup again.

    Thanks,

    Chun Yong

    Wednesday, April 12, 2017 12:11 PM
  • Hi, I had the same issue. Solution for me was to start the msi in a command prompt with elevated rights. UAC issue.


    • Edited by MichelS76 Wednesday, April 12, 2017 12:58 PM
    Wednesday, April 12, 2017 12:57 PM
  • If this procedure is not working for you then you can uninstall AD Connect from this server and install in other server or use a previous version like 1.443
    Wednesday, April 12, 2017 2:27 PM
  • Starting the msi in an elevated command prompt was not the solution for me. The new administrators group didn't help either.

    Solution for me was a new 2012R2 standard server installed in english. Here the installation runs like a charm. 

    Thanks for the help

    Christian

    Thursday, April 13, 2017 8:59 AM
  • Hi, I've got this same issue.

    In my case same problem when starting in command prompt with elevated rights...

    I've open an MS case and support ingeneer send me the precedent version to test it...

    So don't install it at this moment. I'll tell you the results of investigations.

    Thursday, April 13, 2017 2:55 PM
  • i got the same issu, im using a german 2012...

    ist always about "enable-adsyncbootstraplocaldbinstance" / 906.

    Thursday, April 13, 2017 4:49 PM
  • To clarify what is actual issue is...

    In build 484, a new pre-req check was added to determine if the installing admin is part of the built-in administrators group. The pre-req check is invoked if you choose to use the LocalDB option instead of providing your own SQL. The intention of the pre-req check is to figure out if the installing admin can actually install LocalDB. Unfortunately, the pre-req check did not take into account that the name of the built-in administrators group isn't "administrators" on non-English versions of Windows server.

    Hope this clarifies.

    Thanks,

    Chun Yong

    • Proposed as answer by dRaW_FU Thursday, April 13, 2017 11:06 PM
    Thursday, April 13, 2017 5:01 PM
  • is there any Workaround until now? we Need to deliver a 365 account...

    EDIT: Or any possibility to get the v1.1.443.0?

    Best regards

    • Edited by dRaW_FU Thursday, April 13, 2017 9:16 PM
    Thursday, April 13, 2017 6:52 PM
  • can somebody provide an older Version / link?
    Thursday, April 13, 2017 9:57 PM
  • Hi,

    Can you send me an email at msftchun_hotmail.com (replace _ with @) please? I will share with you the bits. Alternatively, just open a Support ticket with Microsoft and request for an older build.

    Thanks,

    Chun Yong

    Thursday, April 13, 2017 10:05 PM
  • i already called the Support, but they Need to escalate the stuff to send a Setup...

    Thank you in advance! best regards

    • Proposed as answer by Jesussv Friday, April 14, 2017 8:20 PM
    • Unproposed as answer by Jesussv Friday, April 14, 2017 8:21 PM
    Thursday, April 13, 2017 11:06 PM
  • Hi,

    I have sent you email on how to get build 380.

    Thanks,

    Chun Yong

    Friday, April 14, 2017 12:10 AM
  • WE have a new version of AD Connect 1.486

    you can download from here:

    https://www.microsoft.com/en-us/download/details.aspx?id=47594

    • Proposed as answer by Jesussv Friday, April 14, 2017 8:21 PM
    Friday, April 14, 2017 8:21 PM
  • Try the new version of AD Connect 1.486

    you can download from here:

    https://www.microsoft.com/en-us/download/details.aspx?id=47594

    Friday, April 14, 2017 8:23 PM
  • try the new version of AD Connect 1.486

    you can download from here

    https://www.microsoft.com/en-us/download/details.aspx?id=47594

    Friday, April 14, 2017 8:24 PM
  • Hi Ruben

    Try the new version of AD Connect 1.486

    you can download from here

    https://www.microsoft.com/en-us/download/details.aspx?id=47594

    Friday, April 14, 2017 8:25 PM
  • Ruben is right. A new AADConnect build has been released (486) on Friday. You can download it from the regular download location for AADConnect.

    The release note for AADConnect has not been updated yet due to a doc process issue. You should see the update in about an hour from now. There is no additional change to 486 from 484 other than just the fix for this issue.

    Thanks,

    Chun Yong

    Monday, April 17, 2017 4:27 PM
  • Hi all,

    I still get event id 906 when i try to install release 486.

    Service fails to start on 2k12r2 standard (german). Any ideas?

    thanks

    Mabornma

    Wednesday, April 19, 2017 8:01 AM
  • Ok for me with a french version!

    Thank you all!

    Wednesday, April 19, 2017 8:16 AM
  • FYI:

    Support just told me, that release 486 is still faulty!

    Wednesday, April 19, 2017 1:15 PM
  • Hi, can you tell me what is the Support Request number please?

    Thanks,

    Chun Yong

    Wednesday, April 19, 2017 5:32 PM
  • Sure: SRX617041991074851ID
    Friday, April 21, 2017 5:57 AM
  • Hi, did you check my Support Request? Are there further problems with the german win server version?
    Tuesday, May 02, 2017 12:41 PM
  • Hi, did you check my Support Request? Are there known further problems with the german win server version?
    • Edited by Mabornma Tuesday, May 02, 2017 12:42 PM
    Tuesday, May 02, 2017 12:41 PM
  • Hi Mabornma,

    Sorry, I have been OOF. I have reached out to Office Support Team to get access to your case notes. Once I have it, I will take a look to see what is going on.

    Thanks,Chun Yong

    Wednesday, May 03, 2017 1:11 AM
  • hi,

    inplace upagre to 1.1.524.0 solved it!

    • Proposed as answer by Mabornma Tuesday, May 30, 2017 6:48 AM
    Tuesday, May 30, 2017 6:47 AM
  • Im using same version with you , I Have running configuration on 2008 R2 DC perfectly.

    But I want to migrate to 2012R2 New DC when I try to install I get that still same error.also I tryed to Export Current configuration settings from working 2008 R2 AD Connect tool , AzureADConnect.exe /Forceexport command doesnt work for me. Could some one help I need to migrate current configuration for new dc.

    Thanks in Advance.

    • Proposed as answer by Adam_Lawson Friday, August 04, 2017 5:36 PM
    • Unproposed as answer by Adam_Lawson Friday, August 04, 2017 5:36 PM
    Thursday, June 01, 2017 8:30 PM
  • Hey guys-

    I had the same issue with the latest build as well as a few versions old. The problem was that Group Policy was enabled and overwriting the local security policy and denying Log On as a Service and Log On as a Backup. 

    The fix here is to grant the local AAD account that gets created access to Log On as Service

    Resolution:

    Move the server to an OU that does not have a GPO applied to deny Log On as a Service.

    Otherwise,

    On the server where you are installing Azure AD Connect install AD Group Policy Management Tools. 

    Locate the AAD Local account in Computer Management > Local Accounts

    Copy the User name

    Open Group Policy Management and find the policy

    Under Log On as a Service and Log on as a Backup copy in the username of the local AAD Account.

    Run gpupdate /force and reboot the machine

    Re-run the install and it should work now.

    When you view the policy from another machine the local AAD account will be translated to a SID. You can safely ignore this as only the local server hosting that account knows it.

    Hope that helps!

    Friday, August 04, 2017 5:41 PM
  • See my latest reply to the original issue above.
    Friday, August 04, 2017 5:43 PM
  • Just had this same issue and was able to resolve it by going into the registry and disabling TLS 1.0 and rebooting

    http://www.bwya77.com/knowledge-base/error-installing-azure-ad-connect/

    Friday, August 11, 2017 3:52 AM