Azure AD Connect installation - System.Security.SecurityException: Requested registry access is not allowed

Question

I had to reinstall Azure AD Connect after server formatting and I get the following error, using Custom settings:

[ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Requested registry access is not allowed.
   at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
   at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
   at Microsoft.Identity.Health.Common.FileUploader.GetHealthAgentInstallPath()
   at Microsoft.Identity.Health.Common.FileUploader..ctor(UploadSourcePolicy agent, Action`1 logLine)
   at Microsoft.Online.Deployment.Types.Utility.AutoUpgradeEligibilityProvider..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.Activator.CreateInstance(Type type)
   at Microsoft.Online.Deployment.Framework.ProviderRegistry.CreateInstance[TProvider]()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteAutoUpgradeCheck()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize(Object obj)
   at System.Threading.Tasks.Task.Execute()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Requested registry access is not allowed.
   at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
   at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
   at Microsoft.Identity.Health.Common.FileUploader.GetHealthAgentInstallPath()
   at Microsoft.Identity.Health.Common.FileUploader..ctor(UploadSourcePolicy agent, Action`1 logLine)
   at Microsoft.Online.Deployment.Types.Utility.AutoUpgradeEligibilityProvider..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.Activator.CreateInstance(Type type)
   at Microsoft.Online.Deployment.Framework.ProviderRegistry.CreateInstance[TProvider]()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteAutoUpgradeCheck()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize(Object obj)
   at System.Threading.Tasks.Task.Execute()<---

Do you have any idea about the origin of the problem?

Thank you.

Bertrand

Answer 1

Found the answer here and here

That's about the registry key to give permission to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADHealthAgent\Sync

Answer 2

Make sure you are logged into the VM as the tenant cloud administrator and also ensure that you explicitly run Powershell as an administrator if you are installing through Powershell. Also, check that you are installing the latest version of AAD Connect.

The Admin account for the server needs to have registry access privileges. In your system settings on the VM make sure to add your account as an admin.

See also these troubleshooting steps for this error.