FIM 2010 R2 SP1 - Installing CA Modules

Similar Messages

• How do I add my Custom Workflow Activity to FIM 2010 R2 SP1 installed on Windows 2012 server?

  Hellos.
  I have tried and failed to add my custom.dll into the Windows Server 2012  GAC.
  We have a version of FIM 2010 R2 Sp1 running on Windows Server 2008 R2 and that was no problem. There seemed to be a gacutil.exe present on the system which added my assembly.
  I cannot find gacutil.exe on the Windows 2012 Server.
  I have downloaded and installed Windows SDK for Windows 8. However, when I try the gacutil.exe /i <myCustom.dll> nothing seems to happen.
  Are there any guidelines how to add custom workflow activities to FIM when installed on a Windows Server 2012 system?
  TIA
  *HH

  Well yes. It is fine when FIM is hosted on Windows Server 2008 R2.My difficulty is that I am using FIM 2010 R2 Sp1 and Windows Server 2012. No GACutility executable.
  However, the problem has been resolved. Powershell can be used to modify the assemblies.
  I opened a RunAs Administrator PS session. My assembly is in folder c:\Temp
  Using Windows Explorer I browsed the folder c:\windows\assembly and noted the System.EnterpriseServices entries: version (2.0.0.0) and public key token (b03f5f7f11d50a3a)
  (My version is 2.0.0.0 because when installing FIM and SharePoint 2013 the instructions I used suggested setting .Net version to be 2.0)
  These powershell commands got me going...
  PS C:\temp> [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
  GAC    Version        Location
  True   v4.0.30319     C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50...
  PS C:\temp> $publish = New-Object System.EnterpriseServices.Internal.Publish
  PS C:\temp> $publish.GacInstall("c:\temp\RunPowershellLibrary.dll")
  PS C:\temp>
  PS C:\temp>
  PS C:\temp> iisreset
  Amazingly I can see the assembly RunPowershellLibrary in my Windows 2012 GAC. :-)
  Also, what is more cheering is that the custom activity actually works with FIM 2010 R2 Sp1.

• SharePoint Foundation 2013 SP1 for Microsoft Forefront Identity Manager (FIM) 2010 R2 SP1

  For subsequent installation FIM 2010
  R2 SP1, I must create a Web application
  with the classical method of authentication. According to
  Microsoft (http://technet.microsoft.com/en-us/library/jj863242(v=ws.10).aspx),
  it is created using PowerShell the following commands:
  $ AdminCredentials = Get-user domain
  \ contosoAdmin
  • $ adminManagedAccount = New-SPManagedAccount -Credential $ adminCredentials
  • New-SPWebApplication -Name "FIM SharePoint Web Application" -ApplicationPool "FIMAppPool" -AuthenticationMethod "Kerberos" -ApplicationPoolAccount $ adminManagedAccount -Port
  80 -URL http://www.contoso.com
  But these commands do not specify an account for
  Web services applications,
  and services of that applications will run under the account
  under which installed Sharepoint. As a result,
  the Administration Console Sharepoint error occurs:
  the application service account has
  local administrator rights. But it should not
  be.
    I ask for advice on how to solve this problem.

  Where I can found ULS Log and configuration details as well?
  I have errors:
  Accounts used by application pools or service identities are in the local machine Administrators group.
  One or more web applications are configured to use Windows Classic authentication.
  When I create a Web application through the
  web interface, and select
  the account for the application pool and application services
  (see. Screenshot). So I decided
  that the account application services
  become account under which installed
  Sharepoint, which has local administrator rights.
  And the application pool account to the
  administrators group is not included. Therefore,
  the question arises: what kind of account
  reports error :: 
  there is only one Web application (but
  before I create and delete the same):
  New-SpWebApplication
  DisplayName                    Url
  Sharepoint-FIM                
  http://www.contoso.com
  help to solve the error, please.

• FIM 2010 R2 SP1 with SCSM 2012

  I know that FIM 2010 R2 SP1 now claims support for SCSM 2012. FIM Reporting allows us to use a free copy of SCSM / DW for just the purpose of reporting services. Does this only apply to SCSM 2010 or does this include SCSM 2012 as well? I just want to make
  sure that we don't install SCSM 2012 assuming that it's free when in reality only SCSM 2010 is free. This issue came about because SCSM 2010 did not require a product key, but SCSM 2012 does.
  Thanks,
  Mark
  Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

  On Fri, 4 Jul 2014 08:27:39 +0000, diramoh wrote:
  on Microsoft TechNet link, we have the following Details:
  Reporting: Unique key constraint violation when running reporting synchronization jobs
  If you attempt to run reporting synchronization jobs on a default System Console System Manager SP1 (SCSM SP1) installation, you may receive the error “Violation of UNIQUE KEY constraint ‘idx_ManagedEntityManagedTypeId’.  Cannot insert duplicate key…”. 
  To address this issue, please make sure you have the following updates installed on your System Center Service Manager Management Server, Data Warehouse Server, and any machines that have the System Center Service Manager Console installed on them:
  1. KB2542118 <http://support.microsoft.com/kb/2542118>– System Center Service Manager Cumulative Update 2
  2. KB2542118 <http://www.microsoft.com/download/en/details.aspx?id=26631>– System Center Service Manager FIM 2010 R2 Hotfix
  Note:  *You must have the SCSM Cumulative Update 2 installed before installing KB2542118*
  Shim is asking about the product key. The above has nothing at all to do
  with his question.
  Paul Adare - FIM CM MVP
  What should I do ......the machine can't find the program
  iexplorer.exe...
  Breathe a sigh of relief. -- Arthur Hagen in no.www

• FIM 2010 R2 Sp1, Windows 2008 R2 SP1 and Recycle Bin issues

  Hi,
  We are running FIM 2010 R2 Sp1 (build 4.1.3613.0)
  Also running Windows 2008 R2 Forest and Domain functional level environment. (Windows Server 2008 R2 SP1 on all DCs). The previous Recycle Bin hotfix https://support.microsoft.com/en-us/kb/979214/ fails to install since we are already running WS08 R2 SP1
  on all the DCs.
  During deprovisioning, when a user is deleted from the source HR system, FIM deletes the object from AD, FIM Sync & Portal.
  FIM also manages a FIM Portal group, where membership is assigned manually. This membership is then updated in AD.
  When a user (who is part of this group) is deleted in HR, FIM deletes it from AD, FIM Sync, FIM Portal, FIM also removes user from FIM Portal group. The user is also removed from the AD group (by FIM group object membership attribute flow to AD)
  ...however, on the next AD Export, FIM fails to update the same group and complains about this very same user (CD Error) and lists the user as: CN=username\0ADEL:GUID, CN=Deleted Objects,DC=domain,DC=com
  It appears that there is a problem with FIM and the Recycle Bin again?
  Are there any new Recycle Bin/FIM hotfixes ?
  Thanks,
  SK

  May I suggest you review the following:
  Is the AD MA user account part of the Domain Admins group? If yes, please remove it from this Group
  Verify that the "CN=Deleted Objects" container has not somehow been included in the AD MA OU scope

• Upgrade FIM 2010 R2 Sp1 Databases from SQL 2008 R2 to SQL 2012

  Hi,
  I want to upgrade my SQL from 2008 R2 to SQL 2012.
  FIM Databases   
  1) FIMService Database 
  2) FIMSynchronizationService Database 
  Mentioned above are my FIM databases running on SQL server 2008 R2 . Now I was looking for some article which could tell me if SQL can be upgraded without affecting my existing databases of FIM or if i can move these databases to a new server having SQL
  2012
  Activity I want to perform :  Create a fresh  Server of SQL 2012 and move my FIM 2010 databases over it by restoring the backups. but as per the link below it seems not possible!
  http://social.technet.microsoft.com/wiki/contents/articles/5465.fimilm-how-to-move-the-backend-sql-server-synchronization-service-database.aspx

  Hi Shivam,
  Please take a look here: Release Notes for Forefront Identity Manager 2010 R2 SP1.
  In the table you have tasks to upgrade SQL for FIMService and FIMSych.
  FIM Service:
  Upgrade FIM Service servers to FIM 2010 R2 SP1
  Stop FIM Service on all servers
  Backup Database [in case rollback needed]
  Upgrade SQL to SQL Server 2012
  Start FIM Service on all servers
  FIM Synch:
  Upgrade FIM Sync to FIM 2010 R2 SP1
  Stop FIM Sync
  Backup Database [in case rollback needed]
  Upgrade SQL to SQL Server 2012
  Start FIM Sync
  If you are not making in-place upgrade, I would do something like here:
  Stop FIM Services
  Backup the databases at SQL 2008
  Restore backed up databases on SQL 2012
  Make sure SQL Agent Jobs are moved (FIMService)
  Make sure Broker is enabled on FIMService database
  On FIM machines create SQL alias using cliconfg utility. Alias should have the name of "old(sql2008) SQL" and point to new name/instance.
  Start FIM Services - they would use "old" name to connect, but it would be translated to new location. So they would start.
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• Supported platforms in FIM 2010 R2 Sp1

  I have FIM 2010 R2 Syncronization Server running on Windows 2008R2 OS. The available Galsync connectors that we have are Exchange 2003, 2007 and 2010. The FIM sync server runs on Exchange 2010 environment but in order to fulfill the requirements of establishing
  a connector with Exchange 2007 we followed the reference "http://social.technet.microsoft.com/wiki/contents/articles/3457.fim-how-to-export-to-an-exchange-2007-server-with-synchronization-server-in-an-exchange-2010-domain.aspx"
  to install Exchange 2007 EMC on the FIM Sync server. Now we have a new connector lined up to be added on our FIM server which is running on Exchange 2013 environment. I need to know how can we perform an upgrade from FIM 2010R2 to FIM 2010R2 SP1 without breaking
  the existing configuration especially with the connectors running legacy Exchange (2003 and 2007).
  Jimmy George

  Yes, you can upgrade to SP1 without impacting the legacy connections.
  Thanks, Brian

• FIM 2010 R2 SP1 Reporting ETL Process for SCSM 2012 R2?

  Hi,
  First question: is FIM 2012 R2 SP1 Reporting supported on System Centre 2012 R2 or only System Centre 2012? I have followed the MS FIM Reporting deployment guide, and everything seems to work, except the ETL process (2nd question below)
  Second question: if it is supported, than how do we get the ETL process defined here (http://technet.microsoft.com/en-us/library/jj133844%28v=ws.10%29.aspx)  to work with these versions? The powershell script provided doesn't work on SC 2012 R2.
  Third question: how do we force the whole process so we can view data in the FIM Reports? as at present there is no data in any of the reports even after I manually ran these SCDW jobs: Extract_dw_SCSMServer, transform.common, load.common
  Thank you,
  DW

  Although it could work, if not officially announced as supported - it is not "officially" supported, so you're deploying it on your own risk and MS won't help you if any problem occurs. Please be aware of that.
  Keep trying

• Exchange 2010- I have current setup of hosted Exchange 2010 without SP1 installed.

   I manually used AD to manipulate the hosted tenants security settings, so that databases cant see each other on the same box, I'm not sure if upgrading to Exchange 2010 sp1 will cause an issue with my current setup?
  Afraid to pull the trigger.......

  What if you run into any issue Exchange 2010 without any service pack? RTM version, SP1 and SP2 are not supported anymore so you need to go to at least SP3 to be on supported version...

• Installing FIM Reporting in FIM 2010 R2 with SP1

  I tried to install the Reporting component.  I have FIM 2010 R2 with SP1 and SCSM 2012.  I get a error saying I have to install the KB2561430. This is apparently a hotfix for SCSM 2010 SP1. I thought that FIM R2 with SP1 supports SCSM 2012 as written:
  FIM Reporting
  Support for Windows Server 2012 has been added.
  Support for SQL Server 2012 has been added.
  Support for SCSM 2012 has been added.
  http://technet.microsoft.com/en-us/library/jj863246(v=ws.10).aspx
  Is there anything I need to install in the SCSM side?
  I'm stuck here

  Hi,
  Even I am running into the same issue. And installing FIM 2010 R2 SP1 Reporting [SCSM 2012 successfully installed].
  Both Wizard and Command line failing.
  Command line captures below error: Did any one solved this issues? Kindly help
  Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.DoesWebsiteOrSolutionPackExist
  Property name = 'SHAREPOINT_URL', value = 'http://myurl.
  Property name = 'UILevel', value = '2'.
  CustomAction CheckFIMWebSiteorSolutionPackExisting returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
  Action ended 0:27:20: CheckFIMWebSiteorSolutionPackExisting. Return value 3.
  Action ended 0:27:20: INSTALL. Return value 3.
  Aswathy Raj

• Error Installing FIM Reporting in FIM 2010 R2 with SP1 - SCSM 2012 [CheckFIMWebSiteorSolutionPackExisting]

  I am running into the below issue. I am installing FIM 2010 R2 SP1 Reporting with SCSM 2012 [SCSM successfully installed].
  FIM R2 Reporting installation is failing with both Wizard and Command line.
  Command line captures below error: Can some one help on this?
  Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.DoesWebsiteOrSolutionPackExist
  Property name = 'SHAREPOINT_URL', value = 'http://myurl.
  Property name = 'UILevel', value = '2'.
  CustomAction CheckFIMWebSiteorSolutionPackExisting returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
  Action ended 0:27:20: CheckFIMWebSiteorSolutionPackExisting. Return value 3.
  Action ended 0:27:20: INSTALL. Return value 3.
  In below link, the above question is unanswered. Kindly help.
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/37b1af85-aef0-422b-9417-7364d51d0df4/installing-fim-reporting-in-fim-2010-r2-with-sp1?forum=systemcenterservicemanager

  Hi All,
  Though we use SCSM 2012, the FIM 2010 Reporting (R2 SP1) installation throws the alert to run
  KB2561430 hotfix (when run throght console) and above error (when run through commnad line).This is actually a bug and MS have fixed that in one of its FIM hotfix rollup. I could move out of the above error by applying the FIM hotfix mentioned
  in the below link.
  http://blogs.technet.com/b/steady/archive/2013/06/12/fim-2010-r2-sp1-reporting-failure-scsm-2012-sp1-you-must-apply-patch.aspx
  Aswathy Raj

• Unable to process your request in FIM 2010 R2.

  Hi,
  Unable to process your request in FIM 2010 R2 sp1 when we hit the URL https://Machinename/Identitymanagerment/default.aspx.
  This was working when we installed fresh FIM Synchronization service and FIM 2010 r2 sp1 Portal but now it is not working for me.i have uninstalled FIM 2010 Portal and delete FIMService database and again installed still gives the same message
  Unable to process your request .
  NOTE:I am implementing FIM 2010 R2 SSPR and gives all reuired cofiguration for this as per Microsoft documents.
  Regards
  Anil Kumar  

  I make the changes in the  web.config file at location
   C:\inetpub\wwwroot\wss\VirtualDirectories\80  on FIM server and added  the
  requireKerberos=”true”  as per the FIM installation
  document. Restarted the IIS and reboot the server. After that unable to login on the FIM Portal, However, SharePoint  URL is working fine.
  Please help me to resolve the issue.
  Anil

• FIM 2010 management agent support Oracle Identity directory OID 10.1.4.2.0

  Does FIM 2010 R2 SP1 support  OID version  10.1.4.2.0 ? If there is no support for OID then what is the alternative for making its connectivity?

  The error indicates that the password (or wallet) files oidpwdldap1 and oidpwdr<ORACLE_SID> do NOT exist under $ORACLE_HOME/ldap/admin or your $ORACLE_HOME and $PATH are set incorrectly (a bit unlikely).
  Assuming that the $ORACLE_HOME and $PATH are indeed set to correct values, if the 2 files mentioned above do not exist under $ORACLE_HOME/ldap/admin, then perform the below action plan:
  1. Set the ORACLE_HOME to INFRASTRUCTURE ORACLE_HOME
  2. set the PATH to $ORACLE_HOME/bin:$ORACLE_HOME/ldap/bin:$ORACLE_HOME/opmn/bin:$PATH
  3. Ensure that you are able to login to sqlplus as "ods" user.
  4. If you do NOT know the password of ods user, then reset the password.
  5. Run the below command and enter the ods password when prompted for it.
  oidpasswd create_wallet=true
  6. Voila! The Wallet files are created under $ORACLE_HOME/ldap/admin.
  HTH,
  Regards,
  Praveen
  Edited by: Praveen B K on Aug 28, 2009 3:20 AM

• FIM 2010 GAL Synchonization Error

  number one
  Forest
  exchange server 2013
  a server with active directory 2012
  a server running FIM 2010 R2 sp1
  number two Forest
  a server with Exchange 2010
  Active directory server 2008
  r2
  I'm setting up a global address list
  with FIM Server
  configure agents with default attributes
  Forest users number one, they
  are synchronized to the number two
  Forest
  Forest users number one, they
  are not transferred to the number two
  Forest.
  users see them as delete and
  are not added, attached the error.
  Forest groups the number one
  Forest synchronized to the number two
  my question is?
  that users are not synchronized and groups
  are synchronized if the forest
  both.
  is there any attribute to be removed
  for being Exchange 2010 and AD
  2008.
  that I take is when they are
  forest and exchange different
  version?

  Satpal,
  You could theoretically do this by exposing AD to the Internet, you would need to expose port 389 for remote domain publically so that FIM server could reach that without direct connection. You could use reverse proxy software such as TMG/UAG to publish
  this port safely, although I don't the exact implementation details for that. As far as the Exchange provisioning piece, that is already a trick to get to to work in some internalized scenarios so making that work publically is seemingly unlikely; you are
  better off disabling that and just running PS cmdlets on Exchange servers after exports to AD are completed. You could use script/automated process on Exchange server to launch this after export from FIM is finished.

• FIM 2010 CM and FIM CM 2010 R2 in the same Domain and connecting to the same PKI

  Hi,
  I have a requirement to upgrade my FIM CM setup from FIM 2010 to FIM 2010 R2 SP1. I am not looking for an in place upgrade, instead I would like to have a new parallel setup (new FIM 2010 R2 servers, new SQL 2012 servers), connecting to the same AD and PKI.
  Thank You.

  Hi JPM
  Yes, you can do a parallel setup, but keep the following things in mind:
  1) Do you plan to manage the existing certificates, if so, then you need to make a cut-off and migrate the FIMCM database to the new SQL server. If you keep two instances, you will have certs that cannot be managed in each.
  2) You will need to migrate the clmKRAgent, clmAgent, and clmEnrollagent certs to the new FIM CM server
  3) You should use the same SCP (to maintain permissions)
  4) I would migrate any changes in web.config to the new server
  I would not use the previous FIM CM setup after the migration is complete. Keep it for roll back during the upgrade. but do not allow connectivity afterwards
  Brian