Performing an In-Place Upgrade of FIM 2010 R2 to Microsoft Identity Manager 2016 - Service and Portal

Due to this being the First release of Microsoft Identity Manager i specifically wrote this with the current version highlighted.

Before you Begin

1. Be sure to have Fresh backups of the FIMService Database ( See your SQL Administrator for assistance )
2. If running a VM i would also do a snapshot ( Although this is not necessary it may be good to have in case of emergency break glass kind of thing )
3. Verify that the Synchronization Service has already been Successfully upgraded.
4. Verify local SQL Agent is running
5. Verify SharePoint Administration Service is started
6. Verify what Version of the FIM Service and Portal is running
7. Stop Forefront Identity Manager Service service if it is running
8. When you believe you are ready take a breath get a fresh cup of coffee and lets begin....

Additional Considerations:

1. Although it is not necessary if your upgrading from a version of FIM 2010 R2 that the Portal was installed with SharePoint Foundations 2010 you may want to consider upgrading to SharePoint Foundations 2013 Sp1 this is only an option and in no way is it required but since your in the process of upgrading your stuff this could be a good opportunity to do just that. If you are considering this as an option you may want to read the following post on installing SharePoint Foundations 2013 sp1 .  SharePoint Foundations 2013 Configuration Script
2. It is also recommended that if you are planning on upgrading to SharePoint Foundations 2013 that you install on a new server and install MIM on that server instead of upgrading the SPF 2010 or even removing SPF and installing SPF 2013 on the same server.
   1. Additional Reading SharePoint 2013 Upgrade Process

NOTE: With the First Release depending on the Hotfix level that your current FIM Environment has been patched to you may receive an error , the error seems to happen when you are upgrading from the latest hotfix, im still researching which hotfixes caused the issue but i saw an error when upgrading from version "4.1.3646.0". I was able to continue follow instructions below.

If you have upgraded FIM in the Past most of these steps will be familiar to you if not all of them.

•  Navigate to the location of the Installation files for MIM 2016 Service and Portal

• Click on the Service and Portal.msi file to begin installation.
  • You may need to run as an administrator ( I would just run as administrator which has permission to install products in the server ) Right Click on the "Setup.exe" file and run as admin, prompt with credentials if needed.
• You will be presented with the Welcome Screen

• It may take a second as for the Next option to be available.

• Click on Next
• You will be presented with the End User Agreement

• Once you accept the terms in the License Agreement click on Next.
• You will now be presented with the MIM Customer Experience Improvement Program

• After you click on Join i mean why wouldn't you, you want to help make the product better right? Click on the option that is best for you but seriously consider joining if your company will allow it.
• Click on Next
• You will now be presented with the Custom Setup screen

• Select all Features you wish to install
  • If this is an Upgrade i would suggest only installing (Upgrading Features that are currently installed) Once you have successfully upgraded your currently installed features you can than install any new features you wish to install.
    • This posting will document the FIM Service and Portal only, additional postings for the other features to come.
• Click on Next
• You will now be presented with the "Configure Common Services Screen"

• If this was a new install you would select Create a new database but because this is an upgrade select the Re-use the existing database option.

• Verify that Re-use the existing database is selected, if you forget the install will detect that a previous database named FIMService already exist.
• Click on Next
• You will now be presented with a Database Backup Warning

• This warning is just informational and a suggestion to be sure you have a good backup of the FIMService.
• Once you accept and acknowledge the warning click on Next.
• You will now be presented with the Mail Server Configuration Screen

• Enter the Mail server information that will be used by the FIMService account to send notification.
• Click on Next

• If you have a specific Certificate you wish to use, you can select it by clicking on select cert and browse to locate and attach the cert.
• If you need you can Generate a new self-issued certificate
• Make your selection which in most cases will be generate self-issued certificate and than click Next
• The next screen is for you to add the correct Service account Information, since this is an upgrade you will most likely use the account that was used for the FIMService account.

• After you enter information verify information to be correct.

• Click on Next
• You may be presented with the following warning

• This warning states that the Service Account is not secure in its current configuration, ( See additional configuration guide)
• Acknowledge and accept the warning by clicking on Next to continue
• You now need to enter the Synchronization Server info

• Click on Next
• You now need to enter the MIM Service Information which unless you are using a new server to host the MIM Service you need to enter the server that was used to host the FIM Service.

• Click on Next
• You now need to enter the SharePoint site Collection URL, unless a new one has been set up you need to enter the one previously used for the FIM 2010 R2 Portal.

• Click on Next
• If a Registration Portal is already configured enter the information here, if not leave blank

• Click on Next
• The Next Page presents you with Firewall options

• Click on the Check box next to "Open ports 5725 and 5726 in firewall"
• Click on the Check box next to "Grant authenticated user access to the MIM Portal site"

• Click on Next
• You will now be presented with Password Registration and Reset portal information, at this time unless you are upgrading it skip do nothing here.

• Click on Next
• We will now begin the Installation (Upgrade)

• Click on Install
• Possible error SQL Agent is not running

• On server the FIM Service is being installed start service.
• Another possible error you may get, you may not see it as first but if it appears that the installation is not making progress look on your task bar, do you see a empty icon?

• If you do click on it

• Start the SharePoint 201o Administration Service and click on Retry.

• After you verify that the Forefront Identity Manager Server Service has been stopped click on OK.
• You may receive the following message

• If you receive the above message its because it attempted to stopped the service but was unable to verify if it was stopped.
• Click on OK to continue

• Continue to wait and the following status message is normal.

• If the Installation continues

• Congratulations you have successfully upgraded the FIM 2010 Service and Portal to MIM 2016
• Open up the MIM Portal and verify the Version installed.

• Click on the About Forefront Identity Manager link on the right of the page under Help
• Get the Version information

• At this point you should log back on to the Synchronization Service and Refresh the FIMMA Schema because the update to MIM includes additional attributes.
  • The following post can assist in updating - Updating the FIMMA to include Custom Attributes in the FIM Portal.

 

BUT If you weren't so lucky what version of FIM is currently installed.

• The following error is related to the version of FIM 2010 R2 that is installed and is what i spoke about early in this post.

• Click on Ok
• The installation (Upgrade) will be rolled back
• Once the roll back is complete you will get the following

• Click on Finish
• You may notice the the Forefront Identity Manager Service seems to be missing from the Services.msc don't panic
• Restore the FIMService Database
  • If you try and run the installation again without running a restore you will get the following message

• After a DB Restore you must set the "SQL Server Service Broker" to true on the FIMService DB in the options section, if you dont you will see the following message.

• BEFORE YOU CONTINUE After Restoring the FIMService Database

NOTE: This workaround is only for these specific versions 4.1.3646.0 or 4.1.3634.0 or 4.1.3627.0.

• • If not already copy all installation files to a share or a local drive to the server, do not use a mounted drive
  • Locate the file "Microsoft.IdentityManagement.DatabaseUpgrade.exe.config "
    • **\Service and Portal\Program Files\Microsoft Forefront Identity Manager\2010\Service
  • Rename the file with -old at the end so it looks like
    • "Microsoft.IdentityManagement.DatabaseUpgrade.exe.config-old"
  • Download attached file in the blog
    • "Microsoft.IdentityManagement.DatabaseUpgrade.exe.config"
  • Place downloaded copy from this blog in the destination with the renamed one

• Run through installation again and you will get the following message

• This is expected, click on OK
• The installation will continue

• After a few moments the installation should complete

• Click on Finish
• Open up the FIM Portal

• Click on the About Forefront Identity Manager link on the right of the page under Help
• Get the Version information

• At this point you should log back on to the Synchronization Service and Refresh the FIMMA Schema because the update to MIM includes additional attributes.
  • The following post can assist in updating - Updating the FIMMA to include Custom Attributes in the FIM Portal.

Comments

• Anonymous
  August 06, 2015
  Maybe I'm reading too much into this blog intro ... but did MIM get officially released then?  I missed any announcement.

• Anonymous
  August 06, 2015
  Justin K. The Evaluation Version can be downloaded from www.microsoft.com/.../evaluate-microsoft-identity-manager-2016 or www.microsoft.com/.../details.aspx the full version can be located via a MSDN Subscription or a Volume License Agreement.

• Anonymous
  August 06, 2015
  @Justin K The official announcement for GA was today.   blogs.technet.com/.../microsoft-identity-manager-2016-is-now-ga.aspx It showed up on VL and MSDN on August 3rd. @Anthony Fantastic work!

• Anonymous
  August 12, 2015
  I got the correct version number in both the FIM Synchronization Engine and in the portal according to the guide. However in the portal the logo still says "Forefront Identity Manager" is this expected? The upgrade was without errors and the version number displays 4.3.0.0 in the portal (4.3.1935.0 in FIMSync). Using a MSDN version.

• Anonymous
  August 12, 2015
  The logo I'm reffering to is the one in the "About Forefront Identity Manager" link in the portal.

• Anonymous
  August 12, 2015
  Jaymanyes this is correct and expected, lets say this is an oversight at the least . I initially posted the additional screen shots to show  what was expected trying to avoid pointing out any "undocumented features" Additionally this post is also labeled to show version in case an updated version is released that resolves some of these nuances. I hope the post at least provided some value in the installation, please let me know if you have any additional comments or concerns.

• Anonymous
  August 12, 2015
  The comment has been removed

  • Anonymous
    October 21, 2016
    Did you ever get this fixed? We are experiencing the same thing after an upgrade.
    • Anonymous
      October 21, 2016
      Nevermind, I see your additional comments above. Thanks.

• Anonymous
  August 12, 2015
  Jayman, What kind of activity is the workflow performing?

• Anonymous
  August 12, 2015
  ktackett >> I get it on action workflows when trying to use them in any way.

• Anonymous
  August 12, 2015
  ktackett >> Example: I tried creating a new WF to set an attribute on a user which gave me the error described. The error applies to both old an newly created workflows in MIM regardless of what they are doing.

• Anonymous
  August 13, 2015
  Jayman, What is the activity type? For example, is this a function evaluator, update resource, PowerShell, etc.?

• Anonymous
  August 13, 2015
  ktackett & Anthony >> It seems like a repair installation was needed for the MIM workflows to work. I dont now why the dll was corrupted or if this was the issue but a repair installation did the trick anyway! Thanks for your help!

  • Anonymous
    October 21, 2016
    A repair of the installation worked for us also. Workflows are functioning again.

• Anonymous
  August 13, 2015
  Jayman, Is the workflow based off a custom workflow activity or was it based off a default workflow activity that comes with FIM / MIM ?

• Anonymous
  August 13, 2015
  Jayman, Great to hear that it is working

• Anonymous
  February 01, 2016
  Anthony, you are a life saver! I just want to say a big thank you to you for sharing this. Keep it up, you rock!

  • Anonymous
    March 03, 2016
    Hello,I'm facing the same issue not with inplace upgrade but with install on a new server and re-use the old FIM DB.But FIM was on Build 4.1.3671.0. Any ideas on how to solve that issue with this release of FIM ?
    • Anonymous
      March 04, 2016
      I just found out comparing your file and the orginal one, what you did.So I added an additional tag and modified the first "vNext" tag to reflect the DB version 1128 of the current hotfix 4.1.3671.This are my addings/modifications: This worked for me and I also get the message about the one object that could not be updated, it's an Administration MPR but when checking that MPR it seems to be in a proper state.
    • Anonymous
      March 04, 2016
      Are you having the issue on the Synchronization Service or the FIMServiceAre you getting a message on the DB Upgrade?Do you have a copy of the DB?Can you run an upgrade on the existing install and than copy the DB over.

• Anonymous
  May 06, 2016
  Hi,For MIM Sync perspective, don't we need to recompile our MA rule extensions with MIM Metadirectoryservices and MetadirectoryservicesEx dlls?in my environment, some of the MA extensions throwing error to upgrade the dll, and some of them are not. Also, i have some custom Worklfows and they didnt require recomplilation with Portal reference dlls.Thanks

  • Anonymous
    May 09, 2016
    Im not sure what your asking here, This blog post is for upgrading a Basic FIM environment to MIM which would probably include Sync Rules. These screen shots were actual screen shots taken during the Upgrade process and yes on some occasions you may need to recompile your source code depending on your environment but once again that's not what this post was for