Performing an In-Place Upgrade of FIM 2010 R2 to Microsoft Identity Manager 2016 - Service and Portal

Due to this being the First release of Microsoft Identity Manager i specifically wrote this with the current version highlighted.

Before you Begin

  1. Be sure to have Fresh backups of the FIMService Database ( See your SQL Administrator for assistance )
  2. If running a VM i would also do a snapshot ( Although this is not necessary it may be good to have in case of emergency break glass kind of thing )
  3. Verify that the Synchronization Service has already been Successfully upgraded.
  4. Verify local SQL Agent is running
  5. Verify SharePoint Administration Service is started
  6. Verify what Version of the FIM Service and Portal is running
  7. Stop Forefront Identity Manager Service service if it is running
  8. When you believe you are ready take a breath get a fresh cup of coffee and lets begin....

Additional Considerations:

  1. Although it is not necessary if your upgrading from a version of FIM 2010 R2 that the Portal was installed with SharePoint Foundations 2010 you may want to consider upgrading to SharePoint Foundations 2013 Sp1 this is only an option and in no way is it required but since your in the process of upgrading your stuff this could be a good opportunity to do just that. If you are considering this as an option you may want to read the following post on installing SharePoint Foundations 2013 sp1 .  SharePoint Foundations 2013 Configuration Script
  2. It is also recommended that if you are planning on upgrading to SharePoint Foundations 2013 that you install on a new server and install MIM on that server instead of upgrading the SPF 2010 or even removing SPF and installing SPF 2013 on the same server.
    1. Additional Reading SharePoint 2013 Upgrade Process

NOTE: With the First Release depending on the Hotfix level that your current FIM Environment has been patched to you may receive an error , the error seems to happen when you are upgrading from the latest hotfix, im still researching which hotfixes caused the issue but i saw an error when upgrading from version "4.1.3646.0". I was able to continue follow instructions below.

If you have upgraded FIM in the Past most of these steps will be familiar to you if not all of them.

  •  Navigate to the location of the Installation files for MIM 2016 Service and Portal

  • Click on the Service and Portal.msi file to begin installation.
    • You may need to run as an administrator ( I would just run as administrator which has permission to install products in the server ) Right Click on the "Setup.exe" file and run as admin, prompt with credentials if needed.
  • You will be presented with the Welcome Screen

  • It may take a second as for the Next option to be available.

  • Click on Next
  • You will be presented with the End User Agreement

  • Once you accept the terms in the License Agreement click on Next.
  • You will now be presented with the MIM Customer Experience Improvement Program

  • After you click on Join i mean why wouldn't you, you want to help make the product better right? Click on the option that is best for you but seriously consider joining if your company will allow it.
  • Click on Next
  • You will now be presented with the Custom Setup screen

  • Select all Features you wish to install
    • If this is an Upgrade i would suggest only installing (Upgrading Features that are currently installed) Once you have successfully upgraded your currently installed features you can than install any new features you wish to install.
      • This posting will document the FIM Service and Portal only, additional postings for the other features to come.
  • Click on Next
  • You will now be presented with the "Configure Common Services Screen"

  • If this was a new install you would select Create a new database but because this is an upgrade select the Re-use the existing database option.

  • Verify that Re-use the existing database is selected, if you forget the install will detect that a previous database named FIMService already exist.
  • Click on Next
  • You will now be presented with a Database Backup Warning

  • This warning is just informational and a suggestion to be sure you have a good backup of the FIMService.
  • Once you accept and acknowledge the warning click on Next.
  • You will now be presented with the Mail Server Configuration Screen

  • Enter the Mail server information that will be used by the FIMService account to send notification.
  • Click on Next

  • If you have a specific Certificate you wish to use, you can select it by clicking on select cert and browse to locate and attach the cert.
  • If you need you can Generate a new self-issued certificate
  • Make your selection which in most cases will be generate self-issued certificate and than click Next
  • The next screen is for you to add the correct Service account Information, since this is an upgrade you will most likely use the account that was used for the FIMService account.

  • After you enter information verify information to be correct.

  • Click on Next
  • You may be presented with the following warning

  • This warning states that the Service Account is not secure in its current configuration, ( See additional configuration guide)
  • Acknowledge and accept the warning by clicking on Next to continue
  • You now need to enter the Synchronization Server info

  • Click on Next
  • You now need to enter the MIM Service Information which unless you are using a new server to host the MIM Service you need to enter the server that was used to host the FIM Service.

  • Click on Next
  • You now need to enter the SharePoint site Collection URL, unless a new one has been set up you need to enter the one previously used for the FIM 2010 R2 Portal.

  • Click on Next
  • If a Registration Portal is already configured enter the information here, if not leave blank

  • Click on Next
  • The Next Page presents you with Firewall options

  • Click on the Check box next to "Open ports 5725 and 5726 in firewall"
  • Click on the Check box next to "Grant authenticated user access to the MIM Portal site"

  • Click on Next
  • You will now be presented with Password Registration and Reset portal information, at this time unless you are upgrading it skip do nothing here.

  • Click on Next
  • We will now begin the Installation (Upgrade)

  • Click on Install
  • Possible error SQL Agent is not running

  • On server the FIM Service is being installed start service.
  • Another possible error you may get, you may not see it as first but if it appears that the installation is not making progress look on your task bar, do you see a empty icon?

  • If you do click on it

  • Start the SharePoint 201o Administration Service and click on Retry.

  • After you verify that the Forefront Identity Manager Server Service has been stopped click on OK.
  • You may receive the following message

  • If you receive the above message its because it attempted to stopped the service but was unable to verify if it was stopped.
  • Click on OK to continue

  • Continue to wait and the following status message is normal.

  • If the Installation continues

  • Congratulations you have successfully upgraded the FIM 2010 Service and Portal to MIM 2016
  • Open up the MIM Portal and verify the Version installed.

  • Click on the About Forefront Identity Manager link on the right of the page under Help
  • Get the Version information

 

BUT If you weren't so lucky what version of FIM is currently installed.

  • The following error is related to the version of FIM 2010 R2 that is installed and is what i spoke about early in this post.

  • Click on Ok
  • The installation (Upgrade) will be rolled back
  • Once the roll back is complete you will get the following

  • Click on Finish
  • You may notice the the Forefront Identity Manager Service seems to be missing from the Services.msc don't panic
  • Restore the FIMService Database
    • If you try and run the installation again without running a restore you will get the following message

  • After a DB Restore you must set the "SQL Server Service Broker" to true on the FIMService DB in the options section, if you dont you will see the following message.

  • BEFORE YOU CONTINUE After Restoring the FIMService Database

NOTE: This workaround is only for these specific versions 4.1.3646.0 or 4.1.3634.0 or 4.1.3627.0.

    • If not already copy all installation files to a share or a local drive to the server, do not use a mounted drive
    • Locate the file "Microsoft.IdentityManagement.DatabaseUpgrade.exe.config "
      • **\Service and Portal\Program Files\Microsoft Forefront Identity Manager\2010\Service
    • Rename the file with -old at the end so it looks like
      • "Microsoft.IdentityManagement.DatabaseUpgrade.exe.config-old"
    • Download attached file in the blog
      • "Microsoft.IdentityManagement.DatabaseUpgrade.exe.config"
    • Place downloaded copy from this blog in the destination with the renamed one
  • Run through installation again and you will get the following message

  • This is expected, click on OK
  • The installation will continue

  • After a few moments the installation should complete

  • Click on Finish
  • Open up the FIM Portal

  • Click on the About Forefront Identity Manager link on the right of the page under Help
  • Get the Version information