Why? Simply because AD is a wonderful robust mechanism you already have so why not use it to store the required encryption keys for SCVMM? And many times later on it’s decided that SCVMM is way to critical to have it running on a single server. In situations like these it’s better to have those encryption keys stored in AD since it makes it far more easier to cluster SCVMM.
Even when the container is present and the required permissions properly configured as described by this TechNet article, it looks like the installer doesn’t work. Many times this error occurs because the entered Distinguished Name (DN) is incorrect.
ADSI Edit to the rescue
Simply use ADSI Edit (used to create the same container) to get the proper DN following these 4 steps:
- Start ADSIEDIT with proper permissions, connect to Default naming context and select the container where you want to store the SCVMM encryption keys;
- Right click the folder > Properties > tab Attribute Editor > double click distinguishedName
- Copy the value of it and paste it in the Installer of SCVMM
- Now you know you’ve got the correct DN value. So when the SCVMM returns an error again at least you know you’ve entered the correct value for the DN which makes troubleshooting (incorrect permissions on that container) far more easy .