Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2009-11-11) Installing The Update1 For FIM 2010 RC1

Posted by Jorge on 2009-11-11


As I mentioned a few days ago, Microsoft released an update (Update1) for FIM 2010 RC1. Read more about it here. The update basically consists of 4 components (Sync Engine, Service/Portal, Add-In Extension and Language Pack). If you install the update for the Sync Engine and you stop the FIM Synchronization Service, the update installs fine. Unfortunately the same is not true when installing the update for the FIM Service, especially in a certain scenario.

If you have chosen a self-issued certificate during the installation of the service/portal, the update installs OK.

If you have chosen to use a certificate assigned by some CA during the installation of the service/portal, then the installation of the update will fail! This can go both ways, meaning either Microsoft forgot to test the installation of the update when using a certificate assigned by some CA or Microsoft forgot to mention in the release notes the additional steps required to be able to successfully install the update for FM 2010 RC1.

The following scenarios are possible:

  1. You still have NOT installed the FIM Service/Portal
  2. You already have installed the FIM Service/Portal and you used a self-issued certificate during installation of the FIM Service/Portal and you want to keep it like that
  3. You already have installed the FIM Service/Portal and you used a self-issued certificate during installation of the FIM Service/Portal, but you still want to use a certificate assigned by some CA
  4. You already have installed the FIM Service/Portal and you used a certificate assigned by some CA during installation of the FIM Service/Portal

AD.1
You are lucky! Even if you intend to use a certificate assigned by some CA, make sure to use a self-issued certificate during the installation of the FIM Service/Portal. Then install the update for the FIM Service. After that, use the following procedure to start using the certificate assigned by some CA.

Extra Procedure

  1. From the certificate assigned by some CA get the value in the Thumbprint field. Remove all the spaces and replace lowercase letters with uppercase letters. The assumption here made is that the certificate assigned by some CA is already in the computer store
  2. Start REGEDIT
  3. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\FimService
  4. Find the data field called "CertificateThumbprint" (REG_SZ)
  5. Replace the data value of that data field with the value from bullet 1 above
  6. Restart the FIM Service

AD.2
There is nothing to here, except for just installing the update

AD.3
Just install the update and afterwards use the following procedure

Extra Procedure

  1. From the certificate assigned by some CA get the value in the Thumbprint field. Remove all the spaces and replace lowercase letters with uppercase letters. The assumption here made is that the certificate assigned by some CA is already in the computer store
  2. Start REGEDIT
  3. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\FimService
  4. Find the data field called "CertificateThumbprint" (REG_SZ)
  5. Replace the data value of that data field with the value from bullet 1 above
  6. Restart the FIM Service

AD.4
You are not lucky. More additional steps are needed. Use the following procedure to be able to install the update.

Extra Procedure

  1. Backup the FIMService DB using a FULL backup
  2. Start REGEDIT
  3. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\FimService
  4. Find the data field called "CertificateThumbprint" (REG_SZ)
  5. Save the data value of that data field for future use. If you for whatever reason loose this value you can retrieve the value from the certificate assigned by some CA by getting the value in the Thumbprint field. Remove all the spaces and replace lowercase letters with uppercase letters. The assumption here made is that the certificate assigned by some CA is already in the computer store
  6. Uninstall the FIM Service/Portal
  7. Install the FIM Service/Portal and use the option "Re-use the existing database" and later on use the option "Generate a new Self-Issued Certificate"
  8. Install Update1 for FIM 2010 RC1
  9. Follow the steps in AD.3

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

One Response to “(2009-11-11) Installing The Update1 For FIM 2010 RC1”

  1. […] the time of writing, Update1 and Update2 have been […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: