Attempting to install the BHOLD FIM Integration Module on a FIM Server with BHOLD Core being installed on a separate machine may fail with the following error dialog.
There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.
- Reviewed the Application Event Log and found the following
The message implies that the extended protection setting for IIS doesn't match that of what install expects. This setting is exposed in Authentication->Windows Authentication-Advanced Settings of the that node is selected on navigation bar on left:
In this particular issue, we found the default IIS node was set to 'Accept', which translates to 'WhenSupported' value. We enabled windows authentication, which had been disabled, then set this value to 'Off' in advanced settings, then disabled windows authentication and ran IISRESET and the next attempt at the install succeeded.
A very important hint came from the customer's applicationHost.config file:
*NOTE: The highlighted section shows a value other than 'Off' configured. It seems odd that it didn't just look at the FIM site, which is typically 'SharePoint – 80'. This site didn't have the above entry. This entry came from the root node. So apparently the install looks throughout the entire file.
<application name="Active Server Pages" groupId="ASP" />
<anonymousAuthentication enabled="true" userName="IUSR" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<windowsAuthentication enabled="false" useKernelMode="true">
<add value="Negotiate" />
<add value="NTLM" />
<extendedProtection tokenChecking="Allow" />
<add accessType="Allow" users="*" />