New install or Upgrade to Microsoft Identity Manager 2016 SP1– Service and Portal


 

In this post we will walk through an upgrade / Install scenario of MIM 2016 to MIM 2016 SP1, note this is not an in place upgrade and it requires the current version to either be uninstalled first if installing on the same server that your current version of MIM 2016 is installed on or installing in a “side by side” scenario. In a “side by side” install scenario you would perform the install of Microsoft Identity Manager 2016 SP1 components on “new” servers but you would point to the existing Synchronization Service Database and FIMService Database.

Before you Begin

  1. Be sure to have Fresh backups of the FIMService Database ( See your SQL Administrator for assistance )
  2. If running a VM I would also do a snapshot ( Although this is not necessary it may be good to have in case of emergency break glass kind of thing )
  3. Verify that any current synchs have completed and stop and disable any Scheduled task for your synchronization Service
    • This will protect the FIMService Database if being reused.
  4. Verify that the Synchronization Service has already been Successfully upgraded.
  5. Verify local SQL Agent is running
  6. Verify SharePoint Administration Service is started
  7. Verify that all necessary updates have been applied to your server that the Install of MIM 2016 SP1 will be performed on.
  8. Verify you have all necessary Accounts / Passwords that will be needed to install MIM 2016 SP1 SP1.
  9. Stop Forefront Identity Manager Service service if it is running
  10. When you believe you are ready take a breath get a fresh cup of coffee and lets begin….

 

 

Navigate to the location of the Installation files for MIM 2016 SP1 Synchronization Service (Synchronization Service.msi)

Right click on Service and Portal.msi and click on Install.

image

 

If you receive the following error, then you are attempting to install the MIM 2016 SP1 Service and Portal on a server that has a previous version of the Service and Portal still installed.

image

 

Click on OK, uninstall the Service and Portal, if it has been previously uninstalled you may need to reboot the server before installing MIM 2016 SP1

If you don’t get the above error, you should be presented with the following welcome screen.

image

 

Click on Next

The next window is the End User License Agreement

image

 

If you accept click on the check box next to “I accept the terms in the License Agreement”

image

 

Click on Next

The next window is ab option that you can check that allows the program to collect information about the hardware and how you use Microsoft Identity Manager 2016.

image

 

If you wish to participate in the program click on “Join the Customer Experience Improvement Program”, if you do not wish to participate verify that “I don’t want to join the program at this time” is selected and select Next.

On the next Screen you will be presented with options of which features you wish to install.

image

 

Select all the feature you wish to install at this time, you may wish to install some features separately.

NOTE: In this Blog Post we are only selecting MIM Service and MIM Portal. Additional features will be added later in an additional post.

When ready click on Next

In the next window you need to enter the information on how to connect to the SQL Server.

image

 

Verify that you select the “Re-use the existing database” option if you are installing against an existing FIMService Database.

Click on Next

You will now be presented with a Database Backup Warning

image

 

This warning is just informational and a suggestion to be sure you have a good backup of the FIMService.

Once you accept and acknowledge the warning click on Next.

You will now be presented with the Mail Server Configuration Screen

image

 

Enter in the requested information

NOTE: Notice the new option for Exchange Online

After you verified that the information is correct click on Next

The next window lets you select a specific certificate or let the tool generate a new one for you.

image

 

If you have a specific Certificate you wish to use, you can select it by clicking on select cert and browse to locate and attach the cert.

Click on Next

This next window you will need to enter the Service account information that will be used for the MIMService , if you are installing this against a preexisting FIMService Database use the Service account used previously.

image

 

Verify the information and select Next.

You may be presented with the following warning

image

 

This warning states that the Service Account is not secure in its current configuration, ( See additional configuration guide)

Acknowledge and accept the warning by clicking on Next to continue

You now need to enter the Synchronization Server info including the name of the service account of the FIM / MIM MA

image

 

Click on Next,

If you receive the following Message

image

 

Verify that the Synchronization Server information is correct and the Synchronization Service is running.

Click on Back, you could click on Next but I recommend resolving this first before proceeding.

The next window you should see if the Synchronization Server was correct is the MIM Service and Portal configuration window.

image

 

Enter the name of the server where the MIMPortal will be installed.

image

 

Verify information and click on Next.

The next window you will need to enter the SharePoint site url to be used for the MIM Portal

image

 

The next window you need to enter the Registration Portal information, this window is presented regardless of you selecting the option the Password Registration features.

image

 

You can enter the information or skip until you are ready to install these features.

When ready click on Next

The next window is the Firewall Configuration window

image

 

Unless there is a reason not to select the options select both options and click on Next.

MIM Password Portals information

image

 

Enter the correct information, if you know it but in this post we will skip this step, we will post a follow-up Blog which includes Self Service Password Reset Features and PAM

Click on Next

image

 

Click on Install

If the following message appears, start the SQL Agent and click on OK.

image

 

After SQL Agent is running click on OK

The install will continue

when complete you will see the following

image

 

 

 

 

Questions? Comments? Love FIM so much you can’t even stand it?

EMAIL US!

>WE WANT TO HEAR FROM YOU<

## https://blogs.msdn.microsoft.com/connector_space##

Comments (2)

  1. Peter Geelen says:

    Anthony, you mention a side by side upgrade, with the new servers pointing to the existing database. Unless you copy the database over to a new SQL instance/server, this will not work for the MIM Sync database, AFAIK. Correct me if I’m wrong but when you attach a new server to an existing MIM (or FIM) sync database, that server becomes the primary server, due to the encryption key there can only be one primary server, the other server is demoted as secondary. This is actually the hot-standby scenario, but it’s not exactly parallel, because you can’t have 2 active servers on the same Sync database.

    1. I was assuming that the Reader would know this, but yes you are correct you would have to have a copy of the DB on a NEW SQL Environment or instance and point to that. I also do not mention that the server needs to be powered on there are some things that i expect our readers to just know. The information on this blog is provided FREE of charge and is written on what little free time i have so on occasion i may pull back on some of the details that i would expect a seasoned IT ADMIN to know. Additionally this post was in reference to the Service and portal “NOT” the Synchronization Service.

Skip to main content