System Center 2012 Virtual Machine Manager Setup fails to create child objects for DKM
Unable to create or access the Active Directory container CN=VMMDKM,DC=Domain,DC=local. Access is denied. Specify the distinguished name for the container and verify that you have genericRead|CreateChild|WriteProperty rights on the container.
-The account with which you are installing VMM must be given Full Control permissions to the container in AD DS.
-The permissions must apply to This object and all descendant objects of the container.
- You must create a container in AD DS before installing VMM. You can create the container by using ADSI Edit.
- You must create the container in the same domain as the user account with which you are installing VMM.
- If you specify a domain account to be used by the System Center Virtual Machine Manager service, that account must also be in the same domain.
For example, if the installation account and the service account are both in the corp.contoso.com domain, you must create the container in that domain. So, if you want to create a container named VMMDKM, you would specify the container location as CN=VMMDKM,DC=corp,DC=contoso,DC=com.
For additional information on Configuring Distributed Key Management in VMM review the following: http://technet.microsoft.com/en-us/library/gg697604.aspx
Article ID: 2721457 - Last Review: 07/09/2012 22:16:00 - Revision: 3.0
- kbtshoot KB2721457