The error message in the UI was not really helpful so we started to verify the log file (you can find the path directly in the wizard window) and Bingo!
Upgrade failed with the following error:
GetProductName: Unexpected exception occurred. Details System.Security.SecurityException: Requested registry access is not allowed.
OK. It seems the application during the upgrade is trying to access some registry keys and it’s not able to.
We started again the upgrade, but this time we ran Sysinternals Process Monitor in parallel with the wizard to verify which one is the registry key (or keys..) affected.
Process Monitor was pretty clear: Access Denied on the following Registry key
We verified the key permissions and actually they were very suspicious: Inheritance was disabled and ALL APPLICATION PACKAGES has only Read Access.
To fix the error, we just enabled the inheritance in the Advanced Option on the Permission Tab.
Then we ran again the wizard and upgrade went smooth. Problem Solved!
Just as additional step (we just guessed what permissions where required by Azure AD Connect to work) we checked again the permission on that key and we found the inheritance disable but the correct permission applied: it seems that the upgrade overwrites and align the registry permission required. Perfect!
As additional tips please remember
- Always to run the AD Connect using an account with the right privileges. You can find the requirements here.
- Enable Auto-Upgrade is (most of the times) a good option. You can find information here.