FIM Troubleshooting: Failure to install hotfix – VerifySharePoint2010ClaimsAuthenticationOff. Return value 3

Article
1/17/2024

Applies to

Windows 2008 R2, FIM Service and Portal

TOOLS

Diagnostics Tool, install logging

PROBLEM

Trying to install the hotfix 2832389 (build number 4.1.3441.0) but is unsuccessful

SYMPTOM

During the installation process, we receive the message: Forefront Identity Manager Service and Portal Setup Wizard ended prematurely

QUICK GUIDE RESOLUTION

Make sure the URL matches in the registry to the URL that is set up in the installation of Sharepoint.

IN-DEPTH STUDY

While trying to install the FIM service and portal so it could be on the same version as the synchronization service we receive this message:

https://microsoft.sharepoint.com/teams/iamsupport/iamblog/Lists/Photos/043013_1748_FIMTROUBLES1.png

After this message was found the install logging was the best approach to investigate along with the event logs. While investigating the logs this line was of particular interest:

WINDOWS INSTALLER LOG

MSI (s) (DC!D4) [04:16:51:663]: Closing MSIHANDLE (76) of type 790531 for thread 20948

CustomAction VerifySharePoint2010ClaimsAuthenticationOff returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

MSI (s) (DC:00) [04:16:53:207]: Closing MSIHANDLE (70) of type 790542 for thread 23652

Action ended 4:16:53: VerifySharePoint2010ClaimsAuthenticationOff. Return value 3.

(Information located in the install logs)

The line of interest was the error code 1603. This was also confirmed in the event logs:

"Product: Forefront Identity Manager Service and Portal - Update 'FIM Service & Portal Hotfix KB 2832389' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 "

A common symptom of this was due to the Sharepoint Alternate Access Mappings after the installation. In this particular case, the customer had set up a Sharepoint environment multiple times doing installs and reinstalls and configuring where the site was pointed to.

At this point, it was currently https://siteurl/. Not only does this have to be reconfigured in the Sharepoint changes, but the registry must also be changed to make sure the registry entry was pointing to the same HTTP URL.

The registry was located at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Portal\BaseSiteCollectionURL

In this case, this value was pointed to http://siteurl/, instead of https://siteurl/. Once this was done the hotfix install was able to finish and install successfully.

Share via