Unattended installation of FIM 2010 R2 Self-Service Password Reset

Unattended installation of FIM 2010 R2 Self-Service Password Reset

All components of the FIM 2010 R2 accept properties that allow unattended and silent installation. Those properties can either be set in a Windows Installer Transform (MST) file or specified at the command line during installation. The following section will provide information on how to do an unattended installation of the password reset and registration portals and the Add-ins and Extensions for clients.

The FIM 2010 R2 installation packages do not support advertisement (msiexec /j) or administrative (msiexec /a) installations.

There are several different ways to install FIM 2010 R2 SSPR silently (unattended). Two methods are described in this section: pass-in parameters in a command line and MST files. It is outside the scope of this document to describe unattended installations in general.

Pass-in parameters on the command line

This can be used with Microsoft System Center Configuration Manager 2007. To install silently, use the command msiexec with an option, followed by properties, for example:

Msiexec /q /i NameofMSI.msi /Option ADDLOCAL=MSIFeatureName Property=Value /l*v C:\mylogfile.txt

The possible values of MSIFeatureName and Property can be found in SSPR Features and properties later in this document. Note that all parameters are case sensitive. See the examples in Reset and Registration Portal Example and Add-ins and Extensions Example

Note

Windows Installer has a limit of 256 characters in the path when for installation of applications. Ensure that you do not place the root of the tree in a very deep structure, or the installation might fail.

Create an MST file

Another solution is to use an MST file. MST files can be created with tools such as Orca (shipped with the Windows Software Development Kit (SDK)), and they contain the same settings as are passed in on the command line.

Troubleshoot an installation

If an unattended installation fails, add the option /l*v NameOfLogFile.txt to the command line. This option creates a log file that you can use for troubleshooting. You can identify an error in a Windows Installer log file by looking for the text Return Value 3.

SSPR Features and properties

The tables in this section list the settings in the order that they appear during the user interface (UI) installation. Default values are in brackets. These only features and properties associated with Self-Service Password Reset and the Rich Client. For a full list of features and properties see the Forefront Identity Manager 2010 R2 Deployment Guide.

Table 1  Name of feature in Windows Installer file

The following table is listing the feature name in the UI and its feature name in the MSI. This can be used by the ADDLOCAL, REINSTALL, and REMOVE properties above.

Name of the feature in the UI	Windows Installer feature name
FIM Password and Authentication Extensions	PasswordClient
FIM Password Registration Portal	RegistrationPortal
FIM Password Reset Portal	ResetPortal

Table 2  SSPR properties

Property name	Description
REGISTRATION_ACCOUNT	Password Registration application pool account name in IIS. Must be in domain\username format.
REGISTRATION_ACCOUNT_PASSWORD	Password Registration application pool account password.
REGISTRATION_HOSTNAME	HostName for the IIS site for password registration portal.
REGISTRATION_PORT	Port number on which password registration portal IIS site is created.
REGISTRATION_FIREWALL_CONFIG	1 – open port, 0 – do not open port
REGISTRATION_SERVERNAME	This is the address the password registration portal will use to contact the FIM Service.
IS_REGISTRATION_EXTRANET {Extranet|None}	This value specifies if password registration site will be accessible by extranet users. Extranet: can be accessed by extranet users None: can be accessed only by internal users
RESET_ACCOUNT	Password Reset application pool account name in IIS. Must be in domain\username format.
RESET_ACCOUNT_PASSWORD	Password Reset application pool account password
RESET_HOSTNAME	HostName for the IIS site for password reset portal
RESET_PORT	Port number on which password reset portal IIS site is created.
RESET_FIREWALL_CONFIG	1 – open port, 0 – do not open port
RESET_SERVERNAME	This is the address the password reset portal will use to contact the FIM Service.
IS_RESET_EXTRANET {Extranet|None}	This value specifies if password reset site will be accessible by extranet users. Extranet: can be accessed by extranet users None: can be accessed only by internal users

Table 3  Add-ins and Extensions properties

Property name	Description
RMS_LOCATION	Address to the FIM Service. Used by Password Reset extensions
REGISTRATION_PORTAL_URL	The URL of the FIM 2010 R2 password registration portal that the rich client will navigate to by default. As part of the rich client password registration, the rich client will invoke the user's default browser to navigate to that URL if password registration be required.

Reset and Registration Portal Example

The following is an example of a command-line installation for the Password Reset and Registration Portal.

msiexec /q /i “D:\Service and Portal\Service and Portal.msi"  ADDLOCAL=RegistrationPortal,ResetPortal REGISTRATION_ACCOUNT=CORP\FIMPassword REGISTRATION_ACCOUNT_PASSWORD=Pass1word$ REGISTRATION_HOSTNAME=passwordregistration.corp.contoso.com REGISTRATION_PORT=80 REGISTRATION_FIREWALL_CONFIG=1 REGISTRATION_SERVERNAME=FIM1 IS_REGISTRATION_EXTRANET=Extranet RESET_ACCOUNT=CORP\FIMPassword RESET_ACCOUNT_PASSWORD=Pass1word$ RESET_HOSTNAME=passwordreset.corp.contoso.com RESET_PORT=81 RESET_FIREWALL_CONF=1  RESET_SERVERNAME=FIM1 IS_RESET_EXTRANET=Extranet /L*v C:\mylogfile.txt 

Add-ins and Extensions Example

The following is an example of a command-line installation for the Add-ins and Extensions.

msiexec /q /i “D:\Add-ins and extensions\x64\ Add-ins and extensions.msi"  ADDLOCAL=PasswordClient RMS_LOCATION=FIM1 REGISTRATION_PORTAL_URL=https://passwordregistration.corp.contoso.com /L*v C:\mylogfile.txt